Does anyone have any ideas on how I can prevent users from visiting a direct download token URL if they haven't loaded the normal page ?
Maybe I could look at the ips downloading a token in the download_tracker table, then check if those ips have visited the normal url from the webserver access log.. ? i guess
Seems like it would just be better if the script itself had a way of verifying or an option to turn on
Maybe I could look at the ips downloading a token in the download_tracker table, then check if those ips have visited the normal url from the webserver access log.. ? i guess
Seems like it would just be better if the script itself had a way of verifying or an option to turn on