Random links

KingOfTheSouth · 09-02-2009, 03:48 AM

I am having a problem, I am trying to setup a random id generator with php and mysql. I want it so that when people purchase the product it gives them a download link but I do not want them to have the link for ever. I want the link to last like 30 minutes. So what I want to do is make it do is when the product is purchased it last 30 minutes but then it cancels out and it gives the file a new ID. Can anyone help me? I am lost so far. Here is what I got so far.

PHP Code:


			
<?php



  $id = $_GET['id'];



  $links = array(



    "download" => "http://www.domains.com/path/to/file.zip"



    );



 



  header("Location:".$links[$id]);



  exit;



?>

JaoudeStudios · 09-02-2009, 04:43 AM

I would create a unique id using php's unique id function and save this in the database with a time stamp.

When the user clicks on the link check the unique id in the database - that it exists & and that it has not expired yet.

KingOfTheSouth · 09-02-2009, 04:57 AM

I do not really know how to do the unique ID to be honest this is my firs time doing anything like this and do not even know how to even set it up

JaoudeStudios · 09-02-2009, 06:13 AM

Its not hard at all...http://us3.php.net/manual/en/function.uniqid.php

TheOnly92 · 09-02-2009, 07:12 AM

Perhaps when an order comes, you can generate a random id by using something like this:

PHP Code:


			
$id = md5(time());
$sql = "INSERT INTO access (`down_id`,`down_created`) VALUES ('{$id}',".time().")";

Or more complicated if you like, then at the download side:

PHP Code:


			
// Check of expired download links
$expire = time() - 30 * 60 * 60; // Links created 30 minutes ago are expired
$sql = "DELETE FROM access WHERE down_created < {$expired}";
mysql_query($sql);
// Now process the download
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$sql = "SELECT * FROM access WHERE down_id='{$id}'";
$rs = mysql_query($sql);
if (mysql_num_rows != 1) {
    die('Unauthorized access!');
} else {
    // Allow download of file
}

It's best you also rather use echo $file; than redirect to the link of the file in case some of your customers leak them.

Village Idiot · 09-02-2009, 03:19 PM

You could always try XKCD's method

sketchMedia · 09-02-2009, 03:31 PM

Quote:

Originally Posted by Village Idiot

You could always try XKCD's method

Hahah, gotta love XKCD, one of my favorites:

KingOfTheSouth · 09-02-2009, 06:10 PM

Quote:

// Check of expired download links
$expire = time() - 30 * 60 * 60; // Links created 30 minutes ago are expired
$sql = "DELETE FROM access WHERE down_created < {$expired}";
mysql_query($sql);
// Now process the download
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$sql = "SELECT * FROM access WHERE down_id='{$id}'";
$rs = mysql_query($sql);
if (mysql_num_rows != 1) {
die('Unauthorized access!');
} else {
// Allow download of file
}

I understand that more than any of the others my problem is actually knowing how to set it up correctly on a page and working.

TheOnly92 · 09-03-2009, 08:42 AM

So what's not working now?