Author Topic: Secure Web Download Token System  (Read 11983 times)

0 Members and 1 Guest are viewing this topic.

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Secure Web Download Token System
« Reply #15 on: February 02, 2012, 10:50:54 am »
Yeah, it is farrrrrrrr too easy to make really bad code in PHP.

There are a lot of bad tutorials around which are also vulnerable to these sort of things, which does not help new programmers.  People do not treat security as an important part of the learning process, it's more of a "what you'll learn later when you get good!", which leads to bad, bad things happening.
And like a fool I believed myself, and thought I was somebody else...

Offline Armin

  • Honorary Leader
  • x86
  • Hero Member
  • *****
  • Posts: 2480
    • View Profile
Re: Secure Web Download Token System
« Reply #16 on: January 13, 2013, 02:09:51 pm »
So I need to get a system like this finalized. There's too much money we've been missing out on by not having a way to sell downloads directly from our website, without using a middle man.

Someone pointed me in the direction of the PEAR code repository. I did a couple searches, but perhaps it was just my search terms that fell short. Any suggestions?

Overall, I plan on having a guest and login shopping cart system + the token system for downloads.
« Last Edit: January 13, 2013, 02:53:25 pm by Armin »
Hitmen: art is gay

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Secure Web Download Token System
« Reply #17 on: January 13, 2013, 06:08:36 pm »
PEAR is pretty pitiful when compared to most modern extension repositories (ruby gems, for example). If you're okay with investing a bit of time learning how to use it, something like CakePHP might be worth a try. Its user-supported content is probably a little more modern:

http://plugins.cakephp.org/

Offline while1

  • x86
  • Hero Member
  • *****
  • Posts: 1013
    • View Profile
Re: Secure Web Download Token System
« Reply #18 on: January 13, 2013, 08:34:25 pm »
As much as I like to reinvent the wheel myself, I think you would be better off spending some time exploring some of the free open source e-commerce solutions out there already.  A quick Google search found me this and this.

I'd do some research on what's already out there that overlaps with your needs and determine how extensible it is (does it offer a custom module system?).  Hell, there may even exist a custom module to do what you want for whatever e-commerce/shopping cart solution you end up choosing.

I think in the long run you're going to save yourself time, frustration, and potentially loss of profits if you go with an existing, established e-commerce solution than attempt to roll out your own.  You're going to find that a lot of the popular open source e-commerce solutions have administrative and content management features which you won't have to write from scratch yourself.
« Last Edit: January 13, 2013, 08:46:25 pm by while1 »
I tend to edit my topics and replies frequently.

http://www.operationsmile.org

Offline Armin

  • Honorary Leader
  • x86
  • Hero Member
  • *****
  • Posts: 2480
    • View Profile
Re: Secure Web Download Token System
« Reply #19 on: January 14, 2013, 03:13:00 am »
I think in the long run you're going to save yourself time, frustration, and potentially loss of profits if you go with an existing, established e-commerce solution than attempt to roll out your own.  You're going to find that a lot of the popular open source e-commerce solutions have administrative and content management features which you won't have to write from scratch yourself.
Yeah, this is why I started looking into code repositories, just didn't know exactly what I was looking for. But thanks to yours and Sidoh's suggestions, I have somewhere to start. Thanks guys!
Hitmen: art is gay