Samir wrote:
Where would the best place to do? Can you give me some
pointers and hints?
OK, if I understand your problem correctly, you need an
application with four major functions:
1. Authorization
A user must provide valid credentials (login name and
password) before using the service. User data (login
name, hash of password, e-mail address and any other
information you require at sign-up) should be stored
in a database table. If you plan to have different
download quotas for different users, this should also
be reflected in this table.
2. File storage
Files should be stored in a directory protected from
direct access via HTTP (either located outside of document
root or blocked with a "deny from all" directive in
an .htacces file). Basic information about files
(name, size, and perhaps MIME type) shoule be stored
in another database table.
3. Accounting and delivery
Downloads should be implemented via PHP script. Let's
say a properly authorized used requests file whose
ID number is 234. A query executed on the file
storage data table returns that file number 234 is
named 'somesong.mp3', is 1,234,567 bytes long, and
has a MIME type 'application/mp3'. Then, you can
implement the download like this:
header('Content-Type: application/mp3');
header('Content-Disposition: attachment; filename=somesong.mp3');
header('Content-Length: 1234567');
readfile('files/somesomg.mp3');
Direct downloads from file storage directory should not
be allowed. Every attempted download via script should
be recorded in a third database table listing user ID,
time of download, and the ID of file being downloaded.
Prior to the commencement of the download, a check should
be run on whether the user has exceeded his/her download
quota.
4. Administration
The project administrator (meaning, you) should have
a Web interface for file uploads, managing users, etc.
Scared yet? :)
Cheers,
NC
