Here’s an idea…

You could set up a small database that would contain their email address and a hashed (MD5 or SHA-1) string made up of some key plus their email address.

When they purchase the book, send them a link with the hashed string and their email address in the URL parameters. The program would look up their record from the parameters supplied, re-hash the email address, and then provide the file download if everything checks out.

For extra security, you could also get their IP address or set a cookie, and only serve up the eBook if those credentials match too.

Hope this helps…

There is a similar technique posted on Signal vs. Noise called “URL or Username and Password?”, posted 30 Aug 2005. (Your comment form won’t let me post the link.)

Hey Mark - I recently made a similar post in the 9rules Site Suggestions forum. The guys had some good advice.

I’m in the same boat and stepping through the process. Basically, I am trying to direct users to a secure pdf download. Paypal returns to our site, and a page process the download. I started with the following code:

$dir="yourdir/";

$file=$dir."filename.psd";
header("Content-type: application/force-download");
header("Content-Transfer-Encoding: Binary");
header("Content-length: “.filesize($file));
header("Content-disposition: attachment; filename=\"haha.psd\"");
readfile("$file");

This works pretty well because you can hide the path and filename from the user, so the only way to access the file is some good guessing. It is not 100% safe though, so I am in the process of trying to implement what they suggested - keeping the file outside of the web file structure.

Anyways, once my setup is finished I will let you know. You are more than welcome to use my code. The only difference with mine is that we have a database with username/passwords so it is easy to verify. In yours, some type of hash code will need to be stored just as Ryan suggested.

Just thought I’d put a little disclaimer on my comment above… I haven’t tried it yet, so I don’t know if it would actually work. It’s probably one of a zillion ways to do this.

I’d be really interested to hear what you end up doing.

Sounds good - we should be doing testing shortly, and then I’ll have some more concrete stuff to give you.

I use LinkLok for Payapl IPN to handle the secure download of the content I sell on my site. The developer is very responsive and I’m very pleased with the product.

You could ask Dave how they do it. I bought a PDF book from them and they emailed me a special unique url to download it after it was prepared. Prepared seemed to be customizing the PDF with a “ Prepared exclusively for Michael D Zornek” at the footer of each page. Other than that though no DRM (which is important for me).

Adam also sells PDFs online and might be able to give some advice.

Good luck!

Just found this scriptwhich looks like it could be helpful in facilitating pdf sales over paypal. Requires a bit of setup but cheaper than buying a pre-made solution.

Also, these guys offer a service similar: http://payloadz.com/

(Here’s the <a href="http://www.hotscripts.com/Detailed/46734.html">Link</a> for the script.)

Mark, I did a similar thing with an ASP solution a year or so ago.  Found some code that would read through a binary file and “feed” it to the web browser (ASP called it a file stream).  So the user thought they were downloading thefile.asp, but it returned a content type of application/pdf and then the binary for the PDF file they requested through the query string.  It worked well.  And yes, you will want to store the PDF outside the web folder structure.