Home/ Questions/Q 7075927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T06:14:12+00:00

What is the best approach for implementing a single-use password to download a file?

  • 0

What is the best approach for implementing a single-use password to download a file? Initially I thought about using PHP, assigning a password to a user and, upon them logging in removing the account. I would keep the account in a file as I don’t expect to ever have more than a handful of valid users at any given time. Do I need to track sessions or is there a simple way to accomplish this with a single site?

Oh, I cannot use an external site as the data is sensitive and must be kept locally nor can I download any new software and thus am limited to HTML, JavaScript and PHP (I believe).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Pretty much just a combination of Ilmari Karonen’s and martinstoeckli’s answers, but with more detail.

    Using this sort of database table:

    temp_passes

uuid  | createTime | expireTime | filename
------------------------------------------
123-4 | 1326735047 | 1327735047 | myDisk.iso

    Somehow, you generate a UUID for the user, and insert it into the database. Then, when giving a download link, you use the UUID like so:

    http://example.com/download.php?id=123-4

    or alternatively, have a password field where the user has to enter in their ID, and submit it to download.php. Either way:

    1. Validate the ID against the database, ensuring it exists and hasn’t expired.
    2. Delete the ID from the database, so it cannot be used again.
    3. Let PHP generate the download, likely using readFile().

    You can choose to delete the ID either before or after the download has finished, that’s up to you. However, if it’s a large file, you’ll likely want to do it first so that other people cannot use the same “password” to have multiple simultaneous downloads.

    • 0