Mar. 28th, 2005 @ 10:42 pm
I've got a client who wants to sell prepared legal forms online in PDF format. I have a site model in PHP, an extremely simple shopping cart through PayPal, and Acrobat 5 professional. I've never done it before, and I'd really not like to go into this blind. Google hasn't pulled up anything in the way of specific tutorials. There are only three relatively small files that need to be sold.
It'd be easy enough to, say, redirect the user upon payment or e-mail the link to a document, but this also necessitates changing the link to the document with every download so it doesn't get shared. I know PHP has PDF generation and temp file capacities, but I've never worked with them. We were also looking into PDF security, but I also have no experience with this.
Anyway, I'd like any tips you might have on the matter.
Current Music: Incubus - Echo
|Date:||March 29th, 2005 03:38 am (UTC)|| |
I didn't know PHP did that - I've always used a component called ActivePDF to generate PDF files dynamically. Good to know, thanks!
Changing the link shouldn't be a big deal... I'm not sure what you're asking?
Changing the link for every download, possibly multiple times a day, and making sure that every buyer upon payment either gets the download with a new filename automatically in the site or in the email, is more complicated.
|Date:||March 29th, 2005 04:17 am (UTC)|| |
Are they generated dynamically? Just change the file name when you generate them and create the link dynamically. If they are static forms, that might cause a bit of a problem. Also, even if you do change the name, if it's still sitting on the server, then it can be downloaded again using the same link, whether there is an apparent link or not.
I would say - create them dynamically even if they are the same, delete them after each time they are created and downloaded, and change the name each time. It's a hassle, and probably not the most efficient way of doing it, but it would work.
Either that - or rather than allowing them to download them at all, email them instead.
Another option might be to activate a username and password that can only be used once to download the file. If they need to use it again they can contact you and you could reset the status so they could do it again.
|Date:||March 29th, 2005 04:41 am (UTC)|| |
I would recommend something like this as well, but what I'd have it do is all customers have a username and password, similar to places like Amazon.com. Once a customer buys one of the documents, set a timestamp on their account and then once a certain amount of time has elapsed (say, ninty minutes or so depending on the size of the file(s)) they can no longer download that file.
The way you'd serve the PDF is have the file outside of the normal Apache/server directory (or just instruct the server not to allow anyone to download it using normal means using .htaccess) and when a customer askes for it, the script (I'm going to assume PHP) can then check their permissions and if they have permission do this:
// We'll be outputting a PDF
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
(Example code taken directly from PHP.net's header() function documentation
. They include two notes concerning IE 4.01 and 5.5 not working correctly)
well, i'm not sure the specific code, but you can use php to read the binary contents of the file and then output them to the page dynamically. that way, you can be sure the user is authorized before they can download it.
If you need more help, I'm sure I can look it up.
|Date:||March 29th, 2005 02:59 pm (UTC)|| |
In addition to the "you should create username/password" to get the stuff, I would suggest using apache's authentication for storing the files. That is, protect the pdf's with a .htaccess and all that jazz. Even if you specify the parameters of blocking everyone from viewing it, php can access it and serve it up via a custom user/pass system (instead of using apache auth user/pass system, which I've found to be annoying with php).
|Date:||March 29th, 2005 03:10 pm (UTC)|| |
Another option you can use is use PHP to determine which pdf was bought. Then have it sent in an email to the buyer. This can all be automatically done by PHP code, so that the code is invisible to the use and they can't see how it's done.
|Top of Page
||Powered by LiveJournal.com|