i am confused in how to allows download the file.zip after the payment.If i redirect them to a download page where is file is placed in sever they can download the file again easily or they can pass that link to anyone.
Any suggestions please!
Don't use a direct link to the file - use a PHP file that serves the file up as a download, but only if a certain session var is found (created in the confirmation of the payment process)
Just like @SmokeyPHP mentioned, just output the file through PHP instead of linking to it directly.
<?php
$file = 'monkey.gif';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
?>
http://php.net/manual/en/function.readfile.php
This way you have a full control over who downloads what. Of course depending on the file size, you may wish to split the file into smaller chunks. You don't want to be buffering 40 MB files in your server memory every 5s. With bigger files, you can use something like this:
<?php
$file = fopen("file.dat", "r");
while (!feof($file)) {
echo fgets($file);
}
fclose($file);
?>