|Need page viewable only after payment|
I hope this is the right spot for this question. Here is what I am looking to do. I have it set up right now, so that once a visitor pays for their products through paypal,it takes them to a specific page with links for downloads of my clients' album. What I am wanting to do though is only make this page available when they pay and download their items and that is it. I do not want them to be able to just copy and paste the page url for later or save it in their favorites, so that they can come back anytime and download again. Is their an easy way to prohibit this? Is it possible to make a page not viewable after a certain period of time maybe? Thanks!
Well, we are talking about security issues and money transactions, so what I would recommend is to manual email people when the paypal transaction has been confirmed.
another thing you can do if the product you are sellnig is some software, then you can use a service like emetrix to handle transactions and send a customer a speciffic code, then make a login database and when the customer logs in to their account they can download. does this sound confusing? :-)
hmmm, yes the manual emailing is an option. Thank you for the reply!
Paypal offers a redirect page option in its code, why not use that?
Yes, Well that is what I did with the paypal button, but it still brings the customer to a page that if they really wanted to, they could copy the page and go back to it anytime or let someone else know the address. I'm thinking that there isn't much of a way around it. Thanks.
If you use PHP or ASP, you could always pass a date variable from PayPal (if this is possible), and then look for it on the page.
For example, they pay on 10-10-2007, make the PayPal variable 10102007, and then on your landing page look for it (the comparison date on the landing would be set to "today's date"). If it is present, show the page, if not, redirect to home page.
This way the page would only be visible for the day they made the purchase on.
The only problem with this approach is if they buy too close to the end of the day they might not be able to see the page, but you could always make so it matches either today's or tomorrow's date.
Bottom line is that you can't stop a screen shot - so you cannot achieve the security you want.
One "right" way to do this . . . . or at least how I've done it . . . requires a little server side programming. It would make a great programming starter project in any language, but it's a little more technical than creating a web page.
Here is the crux of your problem: you need to protect the download files,[/url] not the page it's on. Let them bookmark it. Invite them to, no worries.
The short story: If you want to automate the process, you need to send a unique id to the payment processor, then on a successful response store the id somewhere (database, text file, whatever.) Then redirect or print a page to the browser that reads in where you've stored the unique code, and if a matching ID is found, it opens the download file from a hidden location and prints it to the browser, forcing the download. The URL of this response should use ONLY the unique ID:
or if you can use mod_rewrite,
After 24 hours or a period of your choosing, you manually or with a cron job remove the codes from the text or regular database. Poof. The script that does the downloading can't find the ID, it can't produce the download.
The beauty of this approach is no one ever knows the "secret location" of the downloaded files, and you can control the access period.
For a non-automated solution, you can alter the logic to suit how you work. If you manually receive payments, you can just upload a list of codes, then email each of the customers the url in the format yourdomain.com/payment_complete.cgi?item_id=anything-you-want.
This boils it down to a small script that accepts tx_id, looks for a matching value in the "database," if found, produces the download, if not, produces a page, "invalid id."