Hide url of link after paypal transaction redirect so not to copied for further use

I’ve a wordpress website having ebooks for sales. i’ve made two different pages for sale i.e one page where items are displayed alongwith the paypal buy now button and other where the actul links are added for download.

when the transaction is made via paypal then it is redirected to the downloads page.
the problem is the url in the browser window. if it is copied then than page is directly opened and can be shared. So what should i do(any better solution).
or how should i hide the url in the browser so it can’t be used further. May be it is something like masking the Link.

Read More

Suggest some solutions if possible.

Related posts

Leave a Reply

2 comments

  1. I would do the following:

    • Send the order ID to PayPal in the custom field
    • On order success page, generate a download link that only works once, and marks the order as “delivered”. This renders the link unusable.
    • When the PayPal payment is confirmed (in your IPN listener), also send an email with the e-book(s) ordered.

    This has the following advantages:

    • The user can download the books after returning from PayPal
    • The download link cannot be accessed by others once it’s been downloaded.
    • The user will have access to the books even if he lost the pdf.

    Also, I recommend saving the books outside the web root, and make the download links php files that have code similar to:

     $book = '...'; // get book
     /** check if the book has already been downloaded */
     $content = file_get_contents($book->getFile());
     header("Content-Type: application/pdf");
     header("Content-Disposition: attachment;filename={$book->getTitle()}");
     echo $content;
    

    This way you have full control over who downloads the files.

  2. You can send any Flag or session id from the page,where you are redirecting to pay pal and after that get that session id or flag on success page and perform matching.

    Something like this :

    $url=http://exampl.com/$_SESSION['id'];
    
    and on success page :
    if($URL_id==$_SESSION['id']){
    //proceed
    }
    else
    {
    redirect("http:example.com");
    }