(donating) simple download protection script

I thought it might be useful to people who are selling info products on DP. PHP 5 is required as it is. Want me to make it better? Let me know

The script uses flat files to store single-use download keys in a directory, and protects that directory with .htaccess.

Usage notes

• Required setup
  Edit the define()s at the top. They define the filename of the protected download, a contact link, and also an admin password. Keep your password private!!
• Create a download link that will allow a single access to the download
  If I saved this script as /niceproduct/download.php on my host www.products.com, and my ADMIN_PASSWORD is 'b6e49d', I would create one download key by entering http://www.products.com/niceproduct/download.php?b6e49d into my browser's address bar and pressing enter. The resulting page provides a complete download link for me to copy. After one use the download link won't work again.

<?php
	define('CUSTOMER_SERVICE_CONTACT','mailto:customerservice@yourcompany.com');
	define('PROTECTED_DOWNLOAD','protectedfolder/product.zip');
	define('SUGGESTED_FILENAME','product.zip');
	define('CONTENT_TYPE','application/zip');
	define('ADMIN_PASSWORD','b6e49d');

	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

	$key = trim($_SERVER['QUERY_STRING']);

	if($key == ADMIN_PASSWORD)
	{
		$new = uniqid('key',TRUE);

		if(!is_dir('keys'))
		{
			mkdir('keys');
			$file = fopen('keys/.htaccess','w');
			fwrite($file,"Order allow,deny\nDeny from all");
			fclose($file);
		}
		$file = fopen('keys/keys','a');
		fwrite($file,"{$new}\n");
		fclose($file);

?>

<html>
	<head>
		<title>Download key created</title>
		<style>
			h1, p {
				margin: 8px;
				padding: 32px 4px 4px 4px;
				color: rgb(64,64,64);
				background: rgb(200,240,200);
			}
			h1 { border:2px outset rgb(200,240,200); }
			p { border:2px inset rgb(200,240,200); }
			nl { font-family: monospace }
		</style>
	</head>
	<body>
		<h1>Download key created</h1>
		<p>Your new single-use download link: &nbsp; <nl><?php print "http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}?{$new}</nl>"; ?></p>
	</body>
</html>

<?php

		exit;
	}
	else
	{
		$keys = file('keys/keys');
		$match = 0;
		foreach($keys as &$one)
			if(rtrim($one)==$key)
			{
				$match = 1;
				$one = '';
			}
		file_put_contents('keys/keys',$keys);
		if($match)
		{
			$contenttype = CONTENT_TYPE;
			$filename = SUGGESTED_FILENAME;
			header("Content-type: {$contenttype}");
			header("Content-Disposition: attachment; filename=\"{$filename}\"");
			readfile(PROTECTED_DOWNLOAD);

			exit;
		}	
		else
		{

?>

<html>
	<head>
		<title>Download key expired</title>
		<style>
			h1, p {
				margin: 8px;
				padding: 32px 4px 4px 4px;
				color: rgb(128,128,128);
				background: rgb(240,240,240);
			}
			h1 { border:2px outset rgb(240,240,240); }
			p { border:2px inset rgb(240,240,240); }
			a { color: rgb(64,64,64); }
		</style>
	</head>
	<body>
		<h1>Download key expired</h1>
		<p>Please <a href="<?php print CUSTOMER_SERVICE_CONTACT; ?>">contact customer service</a> to request a new download key.</p>
	</body>
</html>

<?php
		}
	}
?>

Code (markup):

 

I've not looked over your code yet but a couple of points which may help.

• Downloads sometimes go wrong - it might be better to limit downloads to 3 for example
• Accessing a webpage and copying and pasting isn't exactly an automated process. It would be better if the script was a function/class which could be called when sending an email or displaying a page once payment has been received.