In general, once the purchase is confirmed, the server runs a system-level command to copy the installer from a location outside the web server directory space to the inside.

The server then (optionally) sets up an access rule for the web server to restrict access to this temporary file to your IP address.

A timer can be set to delete the temporary file on expiration or upon download.

Pretty much any scripting language can be used for this, as they all can access the server system on this level.
posted by Rothko at 1:56 PM on July 13, 2005

If you're asking for the technical how-to, I have no idea. Here's a post about a service that does just this, there are probably others as well.
posted by prostyle at 2:02 PM on July 13, 2005

This is easy to do with Paypal's IPN feature. You have to write some code, but basically when a purchase is done, Paypal will load a URL on your server. In that URL, you can run any sort of code you want.

I use it personally to enable new users on MetaFilter. After the $5 is tallied at Paypal, Paypal hits a script that updates the database with that user. It could just as easily have sent me and the user an email, and could have offered a special download script URL that is tied to their payment.
posted by mathowie at 2:27 PM on July 13, 2005

There 's another technique, called URL mangling. The server simply inserts an arbitrary code in the URL sent to you after you paid. This code may contain anything, for instance a combination of the operation id, the user id, the payment status, the allowed interval for download, etc. So the URL you receive does not actually exists, it points to a script in the server that retrieve the "hidden" information and redirects you to the appropriate url (that may be the file you purchase or an error page stating your download interval has elapsed etc). Many systems use this technique for section tracking (instead of cookies).
posted by nkyad at 2:45 PM on July 13, 2005

I wouldn't advise making your script (mentioned by nkyad) redirect the user to the file because it means that if the headers are logged, then they'll easily find out the location of it.

Instead, get your script to pass the correct content-type header, read the binary data from the file and write it byte by byte to the user. That way, they get the content but are given no indication on where it resides on your server.
posted by ralawrence at 3:06 PM on July 13, 2005

I generate a long, random string and write it to a database (or to an array, which I serialize and save in a file). Then the user i sent to example.com/filedownload.php?id=[random string]. If the string exists in the listing, then the file is opened from the script, HTTP headers are sent to define the file type and the filename, and the file is shuffled on down to the user.
posted by waldo at 4:24 PM on July 13, 2005

I like to hash the session ID and a secret to do this sort of thing. Then take the download request's session ID, the secret, and see if the hashes match. If they do, perform the operation.
posted by majick at 8:43 PM on July 13, 2005

Linklok for Paypal IPN.
posted by freudianslipper at 8:45 PM on July 13, 2005

i use this.
http://www.vibralogix.com/linklokipn/

worth the price as it was easy to setup/use (asked joey)
posted by jdg at 8:46 PM on July 13, 2005

This thread is closed to new comments.