Secure Web Download Token System

[Blaze]

Yeah, it is farrrrrrrr too easy to make really bad code in PHP.

There are a lot of bad tutorials around which are also vulnerable to these sort of things, which does not help new programmers.  People do not treat security as an important part of the learning process, it's more of a "what you'll learn later when you get good!", which leads to bad, bad things happening.

[Armin]

So I need to get a system like this finalized. There's too much money we've been missing out on by not having a way to sell downloads directly from our website, without using a middle man.

Someone pointed me in the direction of the PEAR code repository. I did a couple searches, but perhaps it was just my search terms that fell short. Any suggestions?

Overall, I plan on having a guest and login shopping cart system + the token system for downloads.

[Sidoh]

PEAR is pretty pitiful when compared to most modern extension repositories (ruby gems, for example). If you're okay with investing a bit of time learning how to use it, something like CakePHP might be worth a try. Its user-supported content is probably a little more modern:

http://plugins.cakephp.org/

[while1]

As much as I like to reinvent the wheel myself, I think you would be better off spending some time exploring some of the free open source e-commerce solutions out there already.  A quick Google search found me this and this.

I'd do some research on what's already out there that overlaps with your needs and determine how extensible it is (does it offer a custom module system?).  Hell, there may even exist a custom module to do what you want for whatever e-commerce/shopping cart solution you end up choosing.

I think in the long run you're going to save yourself time, frustration, and potentially loss of profits if you go with an existing, established e-commerce solution than attempt to roll out your own.  You're going to find that a lot of the popular open source e-commerce solutions have administrative and content management features which you won't have to write from scratch yourself.

[Armin]

I think in the long run you're going to save yourself time, frustration, and potentially loss of profits if you go with an existing, established e-commerce solution than attempt to roll out your own.  You're going to find that a lot of the popular open source e-commerce solutions have administrative and content management features which you won't have to write from scratch yourself.

Yeah, this is why I started looking into code repositories, just didn't know exactly what I was looking for. But thanks to yours and Sidoh's suggestions, I have somewhere to start. Thanks guys!