Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Single-use password for download

Tags:

security

php

passwords

What is the best approach for implementing a single-use password to download a file? Initially I thought about using PHP, assigning a password to a user and, upon them logging in removing the account. I would keep the account in a file as I don't expect to ever have more than a handful of valid users at any given time. Do I need to track sessions or is there a simple way to accomplish this with a single site?

Oh, I cannot use an external site as the data is sensitive and must be kept locally nor can I download any new software and thus am limited to HTML, JavaScript and PHP (I believe).

like image 481
WildBill Avatar asked Dec 02 '25 12:12

WildBill

2 Answers

Pretty much just a combination of Ilmari Karonen's and martinstoeckli's answers, but with more detail.

Using this sort of database table:

temp_passes

uuid  | createTime | expireTime | filename
------------------------------------------
123-4 | 1326735047 | 1327735047 | myDisk.iso

Somehow, you generate a UUID for the user, and insert it into the database. Then, when giving a download link, you use the UUID like so:

http://example.com/download.php?id=123-4

or alternatively, have a password field where the user has to enter in their ID, and submit it to download.php. Either way:

  1. Validate the ID against the database, ensuring it exists and hasn't expired.
  2. Delete the ID from the database, so it cannot be used again.
  3. Let PHP generate the download, likely using readFile().

You can choose to delete the ID either before or after the download has finished, that's up to you. However, if it's a large file, you'll likely want to do it first so that other people cannot use the same "password" to have multiple simultaneous downloads.

like image 162
Tarka Avatar answered Dec 04 '25 08:12

Tarka

You could just write a simple PHP script that checks the password against a hash stored on the server (either in a file or in a database) and, if it matches, delivers the file using readfile(). Once you've successfully sent the file, remove the password from the list or mark it as disabled somehow.

(Yes, I realize that this answer is very vague and generic, but then, so is your question too. If you can clarify what it is that you're unsure about, I might be able to give a better answer.)

like image 45
Ilmari Karonen Avatar answered Dec 04 '25 08:12

Ilmari Karonen
Sign in to Comment

Related questions

Stripe Checkout - PHP
Yii2 - Wrong homeUrl when setting baseUrl in urlManager
What is the proper way to call class functions using Symfony's router and http-foundation components?
install zend sketelon for very very newbie
Slim Framework 404 css issue
Upload file in laravel
MySQL: Find all the leaf nodes of a subtree
Scope of setlocale function?
Exclude category from single product description( woocommerce) and make it not linkable
Smart location form field
How do I save a manipulated image?
How to handle differences between server time and users local time?
Print WYSIWYG content with PHP as HTML
yii accessRules by IP address
Validate user when email and password are in seperate tables cakephp
Cache table values globally in laravel
How to make HTML dropdown list with values from database
How can I pass data from jQuery to php for saving into a database?
Ajax reports back a '1' for IE

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!