- there is a binary file whose address will be sent to users' email who register their addresses.
- if someone doesnt want to give his email address then he should not be allowed to download the file.
- after downloading the file the sent address for the file should be useless.
What i already did :
I am sending a hash value as a parameter, and i am inserting same value with the email address of the user.
A download page checks the parameter from db and updates its value (ISUSED) to TRUE
Then redirect the user to the file's original address.
What i havent accomlished yet :
If someone guesses my correct path for the file ( the one the file is originally stored) then he can download the file as much as he wants.
If I am advised to put the file in a protected directory, then my redirection wont work either....
I assume you understand my problem,
Thank you for reading....
dethron out.