Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: incrediBILL
another thing you can do if the product you are sellnig is some software, then you can use a service like emetrix to handle transactions and send a customer a speciffic code, then make a login database and when the customer logs in to their account they can download. does this sound confusing? :-)
For example, they pay on 10-10-2007, make the PayPal variable 10102007, and then on your landing page look for it (the comparison date on the landing would be set to "today's date"). If it is present, show the page, if not, redirect to home page.
This way the page would only be visible for the day they made the purchase on.
The only problem with this approach is if they buy too close to the end of the day they might not be able to see the page, but you could always make so it matches either today's or tomorrow's date.
Here is the crux of your problem: you need to protect the download files,[/url] not the page it's on. Let them bookmark it. Invite them to, no worries.
The short story: If you want to automate the process, you need to send a unique id to the payment processor, then on a successful response store the id somewhere (database, text file, whatever.) Then redirect or print a page to the browser that reads in where you've stored the unique code, and if a matching ID is found, it opens the download file from a hidden location and prints it to the browser, forcing the download. The URL of this response should use ONLY the unique ID:
or if you can use mod_rewrite,
After 24 hours or a period of your choosing, you manually or with a cron job remove the codes from the text or regular database. Poof. The script that does the downloading can't find the ID, it can't produce the download.
The beauty of this approach is no one ever knows the "secret location" of the downloaded files, and you can control the access period.
For a non-automated solution, you can alter the logic to suit how you work. If you manually receive payments, you can just upload a list of codes, then email each of the customers the url in the format yourdomain.com/payment_complete.cgi?item_id=anything-you-want.
This boils it down to a small script that accepts tx_id, looks for a matching value in the "database," if found, produces the download, if not, produces a page, "invalid id."