Tom Muck

Alpha Dog Blues Band
Home page
All articles
All Extensions | Extension News | Extension FAQs | Customer Login
Books authored or co-authored by Tom Muck
Extensions, books, and other products | Customer Login
Your current cart contents
Tom-Muck.com Blog | CMXTraneous Blog | Flash Remoting Blog
About the site

Digital Downloads

Building a Digital Downloads store:

This is a post I made a while back on the Cartweaver ColdFusion support newsgroup about the steps necessary to create a digital downloads page (for Cartweaver ColdFusion):

"I have set up a similar system, which may or may not suit your needs,
because I used a zip script to allow the files to be zipped up before the
user downloads. I can tell you how I did it using Cartweaver, though.

First, make sure that the user is logged in before they get to a download
page. In other words, they should not be able to view the download page
unless they are logged in. That should be simple to set up and depends on
your authentication scheme.

Second, I have the actual files stored in a directory that is unknown to the
web application (like C:\myfiles or something like that). This way, files
are not downloadable at all.

Third, I modified the tbl_skus table and added a filename field. Every
product that is downloadable has a filename field filled in (just
filename -- no path info).

Fourth, when the user logs in, I show him a list of his files that he can
download along with a submit button to download. The way I did this in
Cartweaver is to simply display all orders that coincide with a specific
user. I do this in a simple repeat region. Inside the repeat region, I
include a checkbox field that has as it's value the filename of the sku
(just the name -- not the location on my hard drive). This way, when the
user checks the box to download the item, a comma-separated list of
filenames is passed in the form.

When the user clicks submit, I loop through the list in the checkbox form
field (#form.checkbox#), add directory information to each item (such as
c:\myfiles\#listitem#).

Next, I add the files to a zip file that I create at the web root in a temp
directory. The zip file is created with a name that is the current tick
count (milliseconds) with code like this:
<cfset tfm_zipfilename = "tfm_#gettickcount()#.zip">
This way, another user cannot guess the name of a download. There is a zip
script at www.cflib.org, but I use one that I found at www.communitymx.com.

Lastly, I use a cfcontent to deliver the download, using some code like
this:

<cfheader name="Content-Disposition" value="inline;
filename=#tfm_zipfilename#">
<cfcontent type="application/unknown"
file="#getDirectoryFromPath(getTemplatePath())#temp\#tfm_zipfilename#">

It's not 100% secure, because conceivably someone could guess the filename
if he knew my technique and was willing to write a script to loop through
tens of thousands of possible filenames, but I think the solution is about
99.99999% secure. I also have a short script that deletes files after they
are about an hour old (a big file should not take more than a few minutes to
download.)"

For more information, and some ColdFusion code to accomplish something like this, check the article at Community MX File Downloads for an E-Store-- ColdFusion article how to use an e-store to manage file downloads. It is free for members and a small fee for non-members.

Back to Cartweaver PHP FAQ, code changes, and samples

Pay me securely with your Visa, MasterCard, Discover, or American Express card through PayPal!
Pay me securely with your Visa, MasterCard, Discover, or American Express card through PayPal!
About | Privacy Policy | Contact | License Agreement | ©2002-2025 Tom Muck | Dreamweaver Extensions