Hi guys,
I'm working on a little project and need some help.

What I'm looking to do is:

1. have user fill out a form to obtain information
2. based on the information, the system will decided while file should be provided
3. system will automatically send an email to the user with TEMPORARY link to the download location
4. link should expire within 1day
5. files should be protected and not accessible any other way.

I've got number 1, 2 and 3 done, but i'm not sure where to start with creating unique temporary links to the download the file. This is similar to, for example, a trial software download. You provide your email, they send you link to your email which is valid for 30 days. After 30 days, the link doesn't work anymore.

How can I do this? where do I start?

You have not specified as to what backend your using. I'm assuming your using PHP (this is the PHP forum) and the data which the user is entering is being stored in a mySQL DB (or any other). There is a simple way to do this if this is the case.

1. When a user is filling up a form, his information is being populated in a table with probably his e-mail address as the primary key (This key can also be an auto gen number). At the same time enter a timestamp mktime() to get the from date i.e., the date one which the link will be acive.

2. Create a token. This token can be created with an md5 hash, maybe of the mktime() function or of the e-mail address $str=md5(mktime()) and store this in the DB as well in the same record as the user.

3. The link which you would then send to the user would be a link with his e-mail address (primary key in table) and the token generated in step 2. http://mydownloadaddress.com?id=<email>&tok=<tok> 4. When the user clicks on the link it would take him to a download page which would validate the token and the e-mail address combination and present him the link to download. This would be similar to a login form validation except that the username and password are got from the url using $_GET['id'] & $_GET['tok'] .

5. To prevent a manual download from the site with the direct link, use a .htaccess file with mod_rewrite and the following code

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydownloadaddress\.com [NC]
RewriteRule .*\.(pdf|doc)$ - [F]

Replace the mydownloadaddress.com with your site. This would prevent any downloads by directly entering the url into the address bar. It is done by checking the referer and only allows requests coming from within the site.

I hope this helps. Good Luck!