[ic] Downloadable softgoods - my solution
tech at khouse.org
Mon Jul 14 13:29:26 EDT 2003
> >Products DB has a field 'download_files' which has a space
> delimited list of
> >the files found in /download_dir/<SKU>/*
> Why require the product-admin to type in a big list of files? Presumably
> any file in the SKU/ directory is downloadable. In my implementation
> (which was an extra-interchange PERL script), anything, including
> subdirectories are allowed. My customer needed to deliver chapters of
> manuals, each with MPEGs an JPGs that were numerous enough that they
> needed to be in subdirectories to be manageable. Just be sure your
> implemenatation doesn't allow them to put in "../" in any applicable
> data fields :)
I don't want to allow open Indexes. This would compromise security on the
products. Do you have open indexes for this solution?
> That's a pretty good idea, though I wonder whether it is necessary.
> (Maybe it is for your implemenation and not mine?) In mine, since I'm
> going through the PERL script I simply pipe the files they want out to
> the browser prepended with "Content-type: < guess_media_type() >".. All
> control access to the file is through the script. The user never
> actually accesses the file directly. Besides, the documents aren't in
> the WWW nor <StoreName> directories so in theory they wouldn't be able
> to get access any other way (/Please/ correct me if I'm wrong in this
For my implementation, the person downloads the file directly via an HTTP
connection through Apache, which is due to the download server being
different than the IC server.
> I'm curious as to whether anyone has ideas for how to tell when a file
> has been successfully downloaded. e.g. What if they download it and
> their computer freezes up? How can the session let me know the download
> failed? Or more importantly, succeeded? That way I don't have to give
> them this open-ended window of infinite downloads for X amount of time.
That's why I give users a 7 day window. A few customers have emailed
because they couldn't get it in this amount of time, so all I have to do is
go in the user_downloads DB and de-select the "flag_key_created" tinyint
checkbox. Then when the user logs in again, the symlink is recreated and
they have 7 more days.
More information about the interchange-users