How to securely pre-sell MP3's
August 14, 2006 5:49 PM   Subscribe

How to pre-sell MP3's and allow access to buyer via a password system?

I am wanting to sell an album of MP3's which I will have stored on my server.

I want the ability for the musician to be able to "sell" the album at live shows, whereby they give the buyer a postcard with the web address and an access code to download the music.

I want to be able to create a list of different access codes/passwords (for multiple buyers), and have each pasword/code expire after the first login to avoid multiple downloads.

Is there a way that I can do this?
posted by mule to Computers & Internet (9 answers total) 1 user marked this as a favorite
Here's one way:

Step 1) Generate access codes. In PHP you can md5() a random number to create an access code (use substr if you want one with fewer than 32 characters).

Step 2) Store the access code in a database, maybe in a table with columns "album_id, code, [boolean] downloaded".

Step 3) When the user logs in, seach the database for a matching code where 'downloaded' = false. Allow the user to download the matching album_id and set 'downloaded' to true.
posted by null terminated at 6:10 PM on August 14, 2006

If you are selling MP3's there is no reason to have the passwords expire after 1 login. It would piss customers off whose downloads didn't complete and if people want to priate your mp3's there's nothing you can do to stop them.

A very easy way to do this (without the passwords expiring after 1 login) would be to just password protect a directory and then delete the password file after like 1 month.
posted by bigmusic at 6:12 PM on August 14, 2006

Your answer while helpful, assumes I know something about PHP code, which I must admit I don't.

The login doesn't neccessarily have to expire after 1 login, however I just wanted a method of protecting the music if the "buyer" discards the card with the access code to prevent anyone just grabbing the files.

Thanks for the suggestions.
posted by mule at 6:48 PM on August 14, 2006

Are you unclear how to do this abstractly or wondering how to implement this in a specific system?
posted by null terminated at 7:14 PM on August 14, 2006

When the user enters the key you could have them enter their email address. If they want to get the MP3s again, have it send an email to their email address with the new key. Relatively non-invasive, & relatively secure. Also, relatively simple to program.
posted by devilsbrigade at 12:46 AM on August 15, 2006

These are both great solutions to my problem, however I have no programming skill/ability. I was hoping there was already something like this available that someone would be able to point me to.

devilsbrigade, I particularly liked your option.

If the code is as simple. I am willing to pay for it if the price is reasonable.
posted by mule at 2:43 AM on August 15, 2006

Do a little judicious googling for oscommerce and mp3. The first few hits come up with things like this and this. It also turns up this webstore selling mp3s just so you can see someone doing it.

Here's some discussion of the same thing with Zencart..

For your codes and things you should be able to just use coupons.
posted by phearlez at 9:17 AM on August 15, 2006

We went back and forth about this for a vinyl EP project we put out, basically wanting to offer mp3s for a couple bonus songs that wouldn't fit on the wax. In the end we decided it wasn't worth the trouble to try to program and maintain some dynamic password protection system. We just password protected our page and printed little inserts with that login info. We check our site statistics regularly to roughly see if our 'openness' is being abused. It never has been.

Basically we figured once you release digital music into the wild it is best to just let it go and be glad that people are hearing it. It's not like we're going to be sending out cease and desist letters anytime soon!

This is certainly not to be discouraging but I'd suggest testing a very very simple (and free!) solution to find out if your audience is willing to pay for an mp3 postcard at a live show; and if your audience is actually going to abuse your system.
posted by verysleeping at 10:09 AM on August 15, 2006

Check your email.
posted by devilsbrigade at 4:40 PM on August 16, 2006

« Older How can I batch-automate changes to PSD/PDF...   |   Safetly speed up my marathon running pace? Newer »
This thread is closed to new comments.