一次下载链接在PHP?

I am trying to create a one time download link in php as my client would like to sell bus trip tickets on their website. I am a begginer/ never really wrote my own php and I am trying to create a one time download link for the tickets. The issue is that the vouchers ae created dynamically by php too and a variable is stored in the link, otherwise I could just use the builtin function of my cms. However, I want to create one time link to a page redirecting people to the page with the redirect.

If someone could outline the process of creating one time links that would be greatly apreciated, and if some could provide some example code that would be great.

Thank you, Thomas

The outline is like:

  • Generate a unique ID - uniqid can be used
  • Insert that into your database
  • Send a link to the user that uses that ID in some way, like /download/{id}
  • When the user goes to the link, register in your database that it has been used

And then make sure that your download script checks whether the id has been used before.

You would need to store some kind of identifier in a database and the delete it once it has been accessed. So it would work like this:

  • Person buys product and your script creates a new table in the database
  • Person downloads products and your script deletes the row

Without knowing your environment in detail, here's an idea of the process generally with some example ideas for the data tier.

Your table structure for your tickets would have to look something like this:

  • id - Primary key
  • transaction_id - Should be a numeric id to another table where you can store the transaction info for the purchase, which can be joined on in another query
  • uniq_key - This can be a string for the url for ticket retrival, constructed using uniqid or hashing something with md5. There are a lot of good approaches you can find on SO for generating GUIDs.
  • used - A boolean for if the ticket has been downloaded or not. When purchased, this will default to 0 (false) and be updated to 1 (true) after the download.
  • timestamp - a timestamp you can set to update on retrieval

For an app like this some devs would rather just delete the row than have that boolean, but that depends on whether archiving this data is relevant or not to your business logic. Generally you can air on the side of safety and keep the data and just invalidate it will a bool.

At purchase, you can insert into your transaction and ticket tables, making new rows for purchaser data and at the same time inserting a new ticket. You're going to need to setup some way of retrieving the ticket as well, either using url routing with the $_GET superglobal that's sent via email or some such approach.

The endpoint the outputs the download for the ticket is going to have to first query for the unique id where the boolean is false, and there is a row returned, allow the download and then run another UPDATE query that then sets the used boolean to true. If no rows are returned (an invalid id or the ticket has been retrieved already) the download is refused.

You can output downloads direct to the browser by using the header() function to set a mimetype and a Content-Disposition header. Ideally all this logic can be in one output endpoint.

If you're not already using some framework, I'd suggest looking into something to at least setup url routing for you to make life much easier. Kohana, CodeIgniter and CakePHP are all well suited to this problem domain.

Also consider the needs of the business logic - is it really necessary to only allow one download? If the tickets have some unique identifier like a serial number or uniqid(), is it really necessary to restrict downloads like this when the tickets can be validated at redemption? I don't know your requirements, but I know I'd be pretty PO'ed if ticketmaster didn't let me download my ticket again if I forgot it in the clutch :)

Good luck.