Create a personalized download link
If I have items stored in a database that users can download after purchasing them, how can I provide a link that is different for each user?
I thought it would be more correct: give them a link that is hashed in some way based on their user id, eg. Then, when I process the link I gave them, I just change the hash function to get the original link. Is this the correct way to do something?
If this is the wrong approach, can someone point me in the right direction?
source to share
Hash functions should not be overridden. I would suggest reading up about the lighttpd mod_secdownload
implementation
It gives you a secure link valid for a specific amount of time. Since the hash cannot be reversed, you need to pass the hash of your information along with clear text information (if possible) in the link. Example:
http://somesite.com/download.php?hash=<md5($secretkey.$userId.$documentId)>&usrId=<$userId>&documentId=<$documentId>
When you receive a download request, process has, compare it to the data, if it is, then you consider it confirmed.
source to share
You have to store something like "download tokens" in your database. When a user wants to download something, you create a new token (for example, a random number), and if there are multiple things to download, you can bind them to them with their ID, for example.
In the url, just send the token as a GET variable. Once the user uploads the content, remove the token from the database.
source to share