tbreslow

great! i consider i have vicariously made a contribution :)

Sorry, I missed this part of your post. That answers my "temporary" question. So it seems the actual link sent by the redirect is valid until the next virtual sale is made, at which point the temp dir is cleaned up. I was confused about this. That could be worse, and is probably acceptable, but it's not great. I will proceed with my buffer tests to see how it comes out. I realize these comments are not related to your mods specifically, they are on the stock code, but I thought this was as good a place as any to discuss, as I am using your mod (which I think is great) and clearly you have an interest in the way virtual sales are handled. I like osC is great, can't wait to see the new OOP version, looking to make a nice contribution as some point.

I think just reading the file and looping with a buffer, even a small one, might do the trick. What was big a couple of years ago is small today. :) The stock code says read the whole file and send it, which definately could be a huge resource hog and is a bad idea. I am going to run some performance tests with different sized buffers and see what the results look like. (Probably won't be till Sunday or Monday). My files are pretty big, 20M or so, and this will be a good indication. The http server itself has to do this (read a buffer and loop) so I don't think adding php on top of it will be a big hit. It's something anyone can do, nothing special on the php side required. The code suggests it, I wonder why it wasn't implemented. I will report back.

The download link itself requires the user be logged in, etc, but the link that the user is redirected to is just a straight http URL to the symlinked deliverable. Something like http://store.com/pub/.kjhkjhkjhkjh/thefile.pdf. When I download a PDF or mp3 by clicking the download link, the URL it is redirected to is what (properly) is shown in my browser's address bar. Couldn't I just send that to anyone and they can get the file? Here is the essence. The link with the random temporary subfolder is visible/obtainable and will work for anyone. How temporary is the subfolder? I don't see anywhere that it is destroyed. The user has no chance to know where on the filesystem the real assets are, but they can know a URL that will link directly to it (via a symlink). I have control over the server so looping over a decent-sized buffer is possible. As far as I can see it is a definite improvement over the redirect way because there is never a URL that points to the deliverable. I don't yet understand how the random directory is temporary. Is it? Thanks!

hi again, 1) i am trying to understand the logic behind the "redirect" way of downloading the deliverable. i think i'm missing something, because the URL is plainly visible, couldn't the user just copy the redirected url and send it to whomever they wanted and the file could be downloaded? it does not seem very secure. 2) i am thinking to try the non-redirect way, but loop over a decent-sized buffer. isn't this much better? i am curious for your input, because it seems everyone uses "redirect" method. thanks, todd

cool!

Hi Alex, This is a great contribution, worked great first time and just what I needed. Just curious, but did you consider generalizing the approach so that EVERY download is part of a file group, and if it's a single file it just means that the file group only has one file in it? See what I mean? I have scripts to populate the tables and it seems like a general approach would be an improvement? My wish list, if you feel like it, it to make it so that the quantity is not shown for 'virtual' items. I see there is another contribution that does that, but I think it belongs as part of yours as well! Many thanks, Todd