The download script we'll create in this article lets you perform the following tasks:
Download Script Flow Chart
Below is the download script flow chart that implements the above desired functionality:
First the user visits the download page. The PHP will set the session key for the user. When the user clicks the download link, it will be handled by the PHP download script.
The first thing the script will do is authenticate the user downloading the content. This is done by checking the session key and the referring page. Checking by referrer alone is not effective, as it can be spoofed. Although nothing is 100% secure, layered security (a combination of both methods) and use of HTTPS to encrypt sessions is recommended.
Once the user is authenticated, PHP will get the user IP address and compare it to the existing records in the MySQL database. If the user is a fresh downloader, the script will allow the user to download the content, and then record the user IP in the database.
If the user already has some records in the database, the script will check to see if the user has downloaded not more than three times (which is the number of downloads limit used in this tutorial). If there are less than three download records, the script will allow the user to download the content, and then update its records in the MySQL database.
Finally, if the user has downloaded the content three times already, the script will deny the download and redirect back to the original page.
Create MySQL database for storing user IP addresses
You need to use a database to store users' IP addresses. The following is the information you need to create the database table:
You can use phpMyAdmin to create the database table. The above screen shot shows that:
Database table name: downloads
Database table field 1: ipaddress which is using varchar(15) type
Database table field 2: downloadtimes which is using int(1) type
It is important to take note of the following database information, which you will need in your PHP script:
The Download Material, Folder and Download link
Below is the important preparation you need to do:
1. Create a folder in your web server that contains the content to be downloaded (e.g ebookdownloads).
2. Change the file permission of the directory to 755.
3. Upload the content for downloading to that folder (e.g. ebook.pdf).
4. This folder will not be publicly visible during the downloading process, so your user will not have an obvious idea as to where the files are saved. Even if they managed to learn the path, any direct downloading will be denied by the server (details below).
5. Upload .htaccess inside this protected folder containing the content for downloading. The htaccess should force downloading of the content type (for example, if it is a PDF file) as well as prevent direct file downloading and any forms of hot linking. Below is the content of the .htaccess:
6. The recommended file permission for .htaccess and the file for downloading is 644.
7. On the page where you need to present the download link, you can use this code below:
<a rel="nofollow" href="http://www.yourdomain.com/download.php">Download this Content</a>
Let's name our download script "download.php." It needs to be uploaded to the root directory of your website. Aside from using the anchor text "Download this content," you can also use a download button/image link to make it look attractive and prominent to the user.
8. On the download page where you are presenting the download link to the user, you need to place the session key script at the top most part of the page. The page where you will need to show the download link should execute a PHP script or have a .php extension.
Since this is a PHP script, the download page should support PHP and not be a pure HTML page.
blog comments powered by Disqus