Skip to main content
G
GwenH
Inspiring
December 18, 2007
Resuelto

Can All But One IP Address be Blocked?

  • December 18, 2007
  • 2 respuestas
  • 654 visualizaciones
I have a website where customers will be paying for purchases with a credit card via PayPal. After they complete their payment at PayPal, they are returned to a specific page on my website. On this page are Word files available for download. Is there a way to keep anyone from viewing this page except users who have returned to the site from PayPal? I am trying to prevent unauthorized downloads of the Word files by non-paying customers. Even hiding part of the code on the page unless the user comes from PayPal would work. I am assuming this can be done with an Application.cfc file, but perhaps I'm wrong. If I'm right, I haven't been able to figure out how.

Thanks in advance for your help.
Gwen H
CF Noob
    Este tema ha sido cerrado para respuestas.
    Mejor respuesta de Newsgroup_User
    > <cfif cgi.http_referer contains "paypal">
    > display this content
    > <cfelse>
    > display an error message
    > </cfelse>
    >

    Not all that secure as http_referer and any other header i.e cgi content
    is rather easily spoofed. I.E. it would not be hard for me to use my
    Firefox plugins to add 'paypal' to the referer and I'm in like Flint.

    What type of paypal account do you have?

    When we had a membership section of our site, I had the type where
    paypal posted a response to my site from there. The action page on my
    site that received the post processed the results and took appropiate
    action. If the transaction is correct and proper the user record in our
    database was updated allowing that user access to the member content.

    2 respuestas

    C
    c_wigginton
    Participating Frequently
    December 18, 2007
    Move the files outside of a web accessible directory. Then use cfcontent to deliver the file. This will secure your content. You'll have to build the authentication/authorization framework. You could even limit how long the person would have access.

    On the return trip, perform any authentication necessary and then retrieve the content. The code attached is a simple example. Note the getMimeType UDF. You can find the UDF on cflib.org
    G
    GwenHAutor
    Inspiring
    December 20, 2007
    Thanks so much for responding. Unfortunately, as a CF noob/idiot, this is all Greek to me. Sorry I'm so CF stupid!

    Gwen H
    T
    TSB
    Inspiring
    December 18, 2007
    cgi.http_referer is the document that directed the user to your site so it should be the last paypal page they were on.
    N
    Newsgroup_UserRespuesta
    Inspiring
    December 20, 2007
    > <cfif cgi.http_referer contains "paypal">
    > display this content
    > <cfelse>
    > display an error message
    > </cfelse>
    >

    Not all that secure as http_referer and any other header i.e cgi content
    is rather easily spoofed. I.E. it would not be hard for me to use my
    Firefox plugins to add 'paypal' to the referer and I'm in like Flint.

    What type of paypal account do you have?

    When we had a membership section of our site, I had the type where
    paypal posted a response to my site from there. The action page on my
    site that received the post processed the results and took appropiate
    action. If the transaction is correct and proper the user record in our
    database was updated allowing that user access to the member content.

    Términos y condicionesAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices