I sell video in my website. users must pay to have access to files (to download or stream them online)
problem: the video files are not on my main server! i store them on another server.(special server for download. i don't want to use the bandwidth of my main server) i don't want to provide the users with the direct link. (not to let them share the links with others...). how can i let them to download the files or stream the videos without giving them the direct links?
points:
- I can not have database(mysql) in my download server.
- i don't want to use the bandwidth of my main site. just checking payments and controlling user accounts.
- streaming is not so important. but i have to let them download the files.
- i have seen in woo commerce plugin(wordpress) which creates temporary download links even for remote server. i checked solutions for temp download link but all works for the same server not remote one....
The easiest way I think this could happen is:
The public server must be able to establish an SSH (preferably) connection to the other server with appropriate permissions.
Upon successful request, create a random symlink pointing to the original file.
Store the symlink filename in a database, and save the user's IP as well - or some other unique identifier (or md5'd IP + User Agent - it's up to you).
If the request is valid (matches the record in the database), let him download the file. Otherwise redirect him to an error page.
Set up a cron to delete symlinks older than X hours.
Related
I have a website on one server and lots of storage on another server.
When user access the page I show file names fetched from server with lots of storage.
Is it possible to somehow proxy a download so that when user want to get a file it will be send thru a server with website without downloading it to
the site with webpage?
What is best solution to this problem?
I have 2 servers for one site. First server have php and mysql but second server only have php (is download host).
My site is about selling videos and because the first server is restricted (Monthly traffic and space), I need to upload videos on second server. All videos must be have dynamic link and all links must be disposable.
Example:
User1 bought video abc, this user have below link to download: http://example.com/1enewk3hd (refers to
http://example.com/files/video_abc.mp4)
User2 bought video abc, this user have below link to download: http://example.com/sddfse445 (refers to
http://example.com/files/video_abc.mp4)
Users must be can't download video by real link http://example.com/files/video_abc.mp4
My Questions
Is able this scenario on 2 server (without mysql) by PHP and htaccess?
If yes, Please guide me what's the best way to authentication user on
second server then access to download file (without mysql)
On some sites, When user logged in on server 1, can download from
server 2. If logout from server 1, then can't access to server 2.
How do this? We can't use session from server 1 on server 2!
Let the first server do the authentication.
Create on the first server links, which are valid for x minutes. Protect that link for manipulations with a hash.
hash=sha256(validuntil+shared secret on both servers)
Sample:
https://server2/video_abc.mp4?validuntil=2017-08-07_160000&hash=ABC123EF5244
(in my sample i would also use mod_rewrite for a nice url)
Now redirect the client to the new server with the generated link.
A php script validates the query parameter "validuntil" and "hash" by using the shared secret. then check if validuntil is expired or not.
if not stream the file. do not place the streamed files into the webroot.
They are send by the php script with readfile or by your webserver if you are able to use x-sendfile header.
I am trying to build a service which allows to download music files. However after a user pays for a song, I want to be able to verify if the file was completely downloaded by the user or if the download failed in between. How can this be exercised? Thanks.
Theoretically you never know how many remaining packets the client will request. Therefore i see two options:
Dig deeeeep into your server code and come up with some hacky solution that somehow checks sent packets and tries to predict download completion
Write a native application that sends the progress back to the server (of course, then you will not have a web app any more)
As i understand user who pays for music have account on site. If he payed for music, add music to user's music list. And he will be able to download again in future. If download fail for any reason, user can re-download
I'm in the process of building a site that will help to organize my business. But I'm at a roadblock. Our site is coded in PHP and MySQL and as it currently stands, our contractors can upload images to our site, our site relabels the pictures and associates them with a work order (for ability to search later, if needed), then stores the images in our database.
However, what I want to do is have the images uploaded to their respective work order on our supplier's site. I have contacted our supplier and they will not allow us to access their server directly through the POST commands. So I'm curious if there is a way to still have our images uploaded from our site to our supplier's site. Their site is password protected. On their site, I find the work order associated to the work order and manually upload the images, but I'd like to find a way to do this automatically. The work order numbers between their site and ours are the same. Any ideas?
New Info
The comment I left below just states that I have to actually manually click the upload button, choose which photos to upload, then click "upload" to have the images uploaded. FTP is not allowed either.
If by "manually" you mean all by www after logging in, you can use CURL to simulate login session to their website (access login page to obtain session cookie, then post login data with that session cookie, and then with authorized session cookie you can GET/POST whatever you want from their website as authorized user). Use Firebug to track what requests are made and what data are passed from/to their website.
Since using CURL can be painfull (it's syntax is far from user friendly) you can try grab and extract Zend_Http from Zend Framework so you will have very easy syntax and it even work without CURL if you haven't it on your servers.
if they will grant you ftp access you can programatically transfer the images to them that way
or if they have some sort of api exposing methods to upload images
By "manually upload", you mean via FTP? You can do it with PHP. Here is the documentation.
For security reasons, I suggest you create an FTP user on your client's server which only has access to the images directory, and connect trough that account.
I would like to start a upload and download website for huge files (up to 1gb). I thought that it would be better to download the files using FTP (with PHP), because this protocol is especially used for these types of transfers.
The cliƫnt gets an email, including a download link to download the file (like yousendit.com). When they click on the link a download box appears. My problem is that I don't know how to show a download box using ftp and php. I have read that it isn't possible to immediately download a file by PHP, using FTP. Is this correct?
Do I have to create a temporary files on the server to let the client download the file? If yes, is this also a good solution for huge files?
What do you advice me to give the clients the possibility to download these huge files?
Thanks for your reply!
You can generate unique address based on session_id (create this folder on runtime and move huge file there) and redirect user to this link
For example, you have file huge.tgz
1. Send you client link http://***/user/john/file/huge.tgz
2. Ask user for auth in this page if they lost session
3. get session id
4. create on your server folder with name equals session id and move huge.tgz here
5. redirect user to unique ftp link ftp://***/17oe5kf8iYmpt66bjs89hcuo83/huge.tgz
You should disallow list files and directories on ftp server
Can't you send them an FTP link ? Why do you need PHP?
ftp://ftp12.freebsd.org/pub/FreeBSD/ls-lR.gz
You probably want to use PHP to handle everything but the file transfer. Once you have done all the checks you want you can redirect the browser to the file specifying the protocol as ftp. though you won't be able to have a progression bar in your site, the browser/ftp app will probably display one.