Unique codes give access to contents for download

Hi.

I am trying to restrict access to some content on my website. The idea is to create, let’s say 100, unique codes. Only the people with one of the 100 codes would have access to the contents. The way i imagine this is creating a sql database where I’d create 100 entries. there would be the 100 codes. on the web page people would introduce the code they had. if it matched any of the ones on the database they would be asked to introduce their e-mail and some more info. this info would go to the database… once they had submitted it they would have access to the content I am trying to protect. Can anyone tell me if this is possible this way and how i should do this?

Many thanks in advance!

Hi drooghen,

You can basically accomplish this by creating these files:

• index.html
• validate.php
• create_profile.php

index.html could be your main page; this is where you ask your visitor for the code. So your index.html should have a form that looks like this:

[code]
Enter Code:

[/code]

validate.php is where you validate the code provided by the user. If code is valid, users have to provide required information like name, email, etc…otherwise, redirect to the index.html or error page. validate.php should look like this:
[php]
session_start();
include(‘connect.php’); //your database connection
$code=$_POST[‘code’]; //fetch code provided by the user
//suppose content_codes is the name of your table
$result=mysql_query(“SELECT * FROM content_codes WHERE code=’$code’”);

if (mysql_num_rows($result) < 1){
//code is invalid…redirect to error or main page
}
else{
//display another form; let’s ask users to provide more info
echo ’

Congratulations guest, but before you can download the content please provide your info....

Name: Email: '; //lets assign the correct code provided by the users into a session variable so that users need not to reenter the code when registration completes.. $_SESSION['code'] = $code; } [/php]

Your create_profile.php is where you save the info provided by the user. This is also where download link becomes visible. create_profile.php should look like this:

[php]
session_start();
include(‘connect.php’); //your database connection
$name=$_POST[‘name’];
$email=$_POST[‘email’];
$code=$_SESSION[‘code’]; //fetch the code previously entered by the user

//let’s save the info provided by the user (suppose you have ‘profile’ table)
mysql_query(“INSERT INTO profile (name, email) VALUES (’$name’, ‘$email’)”) or die(mysql_error());

//now, let’s provide the download link. I assume you have column ‘file_URL’ in table ‘content_codes’.

$results=mysql_query(“SELECT file_URL from content_codes WHERE code=’$code’”) or die(mysql_error());
$row=mysql_fetch_assoc($results);

//echo the download link
echo ‘Download Here’;
[/php]
That’s it! Hope this helps.

Thankyou very much codeguru!

I think this is exactly what I was looking for. Will read more carefully and test it as soon as I can.

Again, thanks!

There is a problem on this. The final content for download is not protected. Meaning if someone with the code reached it they could copy the download link and anyone else would be able to access it.

Is there any way to do this?

Glad you raised this concern. To protect your content, let’s play around with hash.

The idea here is to create a hash (e.g. Time stamp) and assign it to our session variable and to our hidden control found in our form. Of course, create a hash of current timestamp if a valid code has been provided.

In our form (in validate.php file), let’s add hidden input control and session variable – both with initial value of current time’s hash.
[php]
$_SESSION[‘hash’]=hash(currentTime);
echo
’

Congratulations guest, but before you can download the content please provide your info. Name: Email: ' ; [/php]

The value assigned to session variable ‘hash’ is equal to the value assigned to our hidden input control. Both hash could look like “2eb5gw5pj8gj7np84hj3a” – let’s use this in our create_profile.php to protect our content.

In our create_profile.php, lets display download link only if hash is valid, otherwise, redirect to error page…like
[php]
if($_SESSION[‘hash’]==$_POST[‘hash’]){
//echo the download link
echo ‘Download Here’;
}
else{
//redirect to error page
}
[/php]

This may not be an optimal solution for your problem. But I hope I just gave you an idea how to get all these done.

Cheers.

That is actually something I had not thought about. The question I had raised was that anyone could access the donwload content, if they were given the URL. Let’s say someone entered their code correctly and was able to download the file. If they gave the file URL to someone else, they could reach it. Like, if the file URL was www.blabla.com/download/file.zip anyone with this could download it without going through the “enter your code” stage.

Thanks for your help. Cheers!

It would be better if you could come up with another php file where you process download request, instead of displaying direct file URL. Example:

[php]
download.php?file_id=134
[/php]

If valid code is entered, redirect to create_profile.php page…now, after creating profile, point visitor to download.php page where you can perform some kind of hash check…if hash is valid, retrieve file URL based on the file_id…

Hope you got my point right…happy coding…

Hi.

I am now getting back to this to put it in practise.
But there’s still one thing missing. The same code will give access to download for as many times as it’s entered. It should only work once. I thought this could be done having a column next to the code where it’d check if it’s empty (meaning that code hasn’t been used). If it’s empty, user can proceed to enter their info, if not, they can’t. Once they complete the form with their info and get access to download, something is entered in that field.

Maybe another way would be to have, in the same table, the codes and people’s info. one column for code, another for email, another for name… if email was blank, that’d mean the code hadn’t been used.

So all I’m missing is how to check if second column where code = the code user entered is blank.
Can I get some help on this?

Thanks in advance.