Solved

How do I control the number of downloads?

Posted on 2000-03-24
8
184 Views
Last Modified: 2010-04-21
Tell me if this belongs in another category......

Here's what I want to do:

I want to offer some material through a webpage, as .htm files, probably zipped with a bunch of gifs and an index included.  A person would pay a fee, then recieve a password by email which would allow them one download that must be done by a certain date.

I know how to set up an ftp download from a webpage. How do I set it up to take passwords?  How do I allow only one download per password?  How do I make the password "expire"?

I have a shell account.

castello
0
Comment
Question by:castello
  • 3
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:mcrider
ID: 2655105
I would suggest doing this via CGI script.  That way, all the user would have to do is navigate their browser to your CGI.  It would generate a page asking for a password. If the password given is valid, it generates a page for them to download the item.

Since the page only exists when the CGI creates it, just knowing the URL will not get the file...

By the way, you posted this question twice... Unless you want to loose another 200 points, I would go and delete the other question...  That question is http://www.experts-exchange.com/jsp/qShow.jsp?ta=unix&qid=10317094 


Cheers!®©
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2656101
You could use dynamically created directories, protected by .htaccess files, that contain the download data for that user. To be able to clean the data after the time period has elapsed you should use a directory name that includes date info. Then a cron script can tell when the dir should be deleted. The only problem with this approach is that the data isn't protected if the user accesses the site directly with an ftp client rather than a browser. All of the ftp access is actually through the anonymous ftp account.

A better method would be to create an encrypted download, using the password as the key. Again having date info in the file name would make cleaning of "expired downloads" easy from a cron script.
0
 

Author Comment

by:castello
ID: 2657408
mcrider, that sounds like a good way to go.  But how can I insure that a person only downloads one copy?  It looks like I have to search a password file to determine whether the one given is valid?  Then I would simply delete the password once it's given by the visitor, that way they couldn't use it again?

I've actually set up a simple version of this using htpasswd.  And I had to do it via http, not ftp (htpasswd doesn't work for the ftp server at my ISP.  Is this normal?).  It works fine -- requires a password, but not if I go into my space via an ftp client.  Is there any way, jlevie, to prevent people from just going to my public html space and downloading the file for free?
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 40

Expert Comment

by:jlevie
ID: 2657464
Not unless you use an ftp server that supports dynamically created users, probably outside of /etc/passwd, and that has the ability to restrict an ftp user to a specific dir. That's the reason I suggested using an "encrypted download". It won't stop the user from downloading the file more than once while it's on the system, but they do have to have the password to be able to decrypt the file and use the data. You can pack and encrypt the data with zip, using the password you assign to that user and the user will be prompted for the password when they unzip the file.

For what it's worth, I've used this method to distribute proprietary applications in the past.
0
 

Author Comment

by:castello
ID: 2657478
jlevie, this does sound really secure, but I think it's way beyond my knowledge and ability at this point, and I don't think my ISP has the capability.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2657571
Actually the only part of it that the ISP would have to have is the zip executable. There's a decent chance that it might already be there, or that they would consider installing it (you are paying for your service, after all). There would be alternatives if the download was known to be going to unix boxes, but I suspect that your targeted market is the PC world, That unfortunately restricts you to something like zip or pkzip format.
0
 
LVL 14

Accepted Solution

by:
mcrider earned 200 total points
ID: 2657670
castello,

You said:

  >>But how can I insure that a person only downloads one copy?  It looks like I have to search a password file to determine whether the one given is valid?  Then I would simply delete the password once it's given by the visitor, that way they couldn't use it again?


Absolutely right! When the CGI receives a valid password, it transfers the file and then removes the password from the file or database you are keeping them in.  I would suggest that passwords be something like the phone number of the individual or email address...


Cheers!®©




0
 

Author Comment

by:castello
ID: 2667109
I'm not going to take this approach now, because using htpasswd is less labor intensive.  If my "venture" is successful, I will certainly go for this more secure approach.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
llcommand 6 90
what is a good general partitioning scheme for RHEL? 23 128
How to clone solaris 10 machine 33 129
Log File Creation with Header and Footer 17 92
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now