[ic] Downloadable softgoods - my solution
Gabriel Cooper
gabriel.cooper at mediapulse.com
Mon Jul 14 13:54:26 EDT 2003
Russell Mann wrote:
>-----------------------------------------------------------------------
>Here's the flow of traffic for this solution.
>
>Download server has product files in /download_dir/<SKU>/*
>This can be any number of files per product.
>
>Products DB has a field 'download_files' which has a space delimited list of
>the files found in /download_dir/<SKU>/*
>
Why require the product-admin to type in a big list of files? Presumably
any file in the SKU/ directory is downloadable. In my implementation
(which was an extra-interchange PERL script), anything, including
subdirectories are allowed. My customer needed to deliver chapters of
manuals, each with MPEGs an JPGs that were numerous enough that they
needed to be in subdirectories to be manageable. Just be sure your
implemenatation doesn't allow them to put in "../" in any applicable
data fields :)
>When a person purchases one of these products, a record is created in a
>separate table "user_downloads", which includes a secret key.
>
>When a person goes to download the product, a symlink is made on the
>download server by passing the parameters of the secret key, and the product
>sku to a script which receives that information and makes a symlink from an
>http:// dir to the download_dir/SKU happen.
>
That's a pretty good idea, though I wonder whether it is necessary.
(Maybe it is for your implemenation and not mine?) In mine, since I'm
going through the PERL script I simply pipe the files they want out to
the browser prepended with "Content-type: < guess_media_type() >".. All
control access to the file is through the script. The user never
actually accesses the file directly. Besides, the documents aren't in
the WWW nor <StoreName> directories so in theory they wouldn't be able
to get access any other way (/Please/ correct me if I'm wrong in this
assumption!).
>
>User clicks on download link, which pops up a window which loop-lists the
>files in the 'download_files' field, creating links using the secret key.
>
>A cron on the download server cleans old symlinks out to give users a
>designated number of days (example uses 7) to download the product, then cut
>them off.
>
Currently I'm doing the same thing, with a global time-window. I'm also
marking the DB entries from "pending" to "shipped" when they download
their documents. This lets me at the very least know that the files were
downloaded. I'm essentially giving them the benefit of the doubt on this
one, where if they buy a document they have until the End of Time to
download it unless the transaction is no longer marked pending.
I'm curious as to whether anyone has ideas for how to tell when a file
has been successfully downloaded. e.g. What if they download it and
their computer freezes up? How can the session let me know the download
failed? Or more importantly, succeeded? That way I don't have to give
them this open-ended window of infinite downloads for X amount of time.
Gabriel.
More information about the interchange-users
mailing list