Solved

How do I control the number of downloads?

Posted on 2000-03-24
8
183 Views
Last Modified: 2010-04-21
Tell me if this belongs in another category......

Here's what I want to do:

I want to offer some material through a webpage, as .htm files, probably zipped with a bunch of gifs and an index included.  A person would pay a fee, then recieve a password by email which would allow them one download that must be done by a certain date.

I know how to set up an ftp download from a webpage. How do I set it up to take passwords?  How do I allow only one download per password?  How do I make the password "expire"?

I have a shell account.

castello
0
Comment
Question by:castello
  • 3
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:mcrider
Comment Utility
I would suggest doing this via CGI script.  That way, all the user would have to do is navigate their browser to your CGI.  It would generate a page asking for a password. If the password given is valid, it generates a page for them to download the item.

Since the page only exists when the CGI creates it, just knowing the URL will not get the file...

By the way, you posted this question twice... Unless you want to loose another 200 points, I would go and delete the other question...  That question is http://www.experts-exchange.com/jsp/qShow.jsp?ta=unix&qid=10317094  


Cheers!®©
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
You could use dynamically created directories, protected by .htaccess files, that contain the download data for that user. To be able to clean the data after the time period has elapsed you should use a directory name that includes date info. Then a cron script can tell when the dir should be deleted. The only problem with this approach is that the data isn't protected if the user accesses the site directly with an ftp client rather than a browser. All of the ftp access is actually through the anonymous ftp account.

A better method would be to create an encrypted download, using the password as the key. Again having date info in the file name would make cleaning of "expired downloads" easy from a cron script.
0
 

Author Comment

by:castello
Comment Utility
mcrider, that sounds like a good way to go.  But how can I insure that a person only downloads one copy?  It looks like I have to search a password file to determine whether the one given is valid?  Then I would simply delete the password once it's given by the visitor, that way they couldn't use it again?

I've actually set up a simple version of this using htpasswd.  And I had to do it via http, not ftp (htpasswd doesn't work for the ftp server at my ISP.  Is this normal?).  It works fine -- requires a password, but not if I go into my space via an ftp client.  Is there any way, jlevie, to prevent people from just going to my public html space and downloading the file for free?
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Not unless you use an ftp server that supports dynamically created users, probably outside of /etc/passwd, and that has the ability to restrict an ftp user to a specific dir. That's the reason I suggested using an "encrypted download". It won't stop the user from downloading the file more than once while it's on the system, but they do have to have the password to be able to decrypt the file and use the data. You can pack and encrypt the data with zip, using the password you assign to that user and the user will be prompted for the password when they unzip the file.

For what it's worth, I've used this method to distribute proprietary applications in the past.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:castello
Comment Utility
jlevie, this does sound really secure, but I think it's way beyond my knowledge and ability at this point, and I don't think my ISP has the capability.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Actually the only part of it that the ISP would have to have is the zip executable. There's a decent chance that it might already be there, or that they would consider installing it (you are paying for your service, after all). There would be alternatives if the download was known to be going to unix boxes, but I suspect that your targeted market is the PC world, That unfortunately restricts you to something like zip or pkzip format.
0
 
LVL 14

Accepted Solution

by:
mcrider earned 200 total points
Comment Utility
castello,

You said:

  >>But how can I insure that a person only downloads one copy?  It looks like I have to search a password file to determine whether the one given is valid?  Then I would simply delete the password once it's given by the visitor, that way they couldn't use it again?


Absolutely right! When the CGI receives a valid password, it transfers the file and then removes the password from the file or database you are keeping them in.  I would suggest that passwords be something like the phone number of the individual or email address...


Cheers!®©




0
 

Author Comment

by:castello
Comment Utility
I'm not going to take this approach now, because using htpasswd is less labor intensive.  If my "venture" is successful, I will certainly go for this more secure approach.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now