Well right now the customer data is stored in SQL (hashed with SHA1) and the script just grabs their transaction ID, email address and associates that with another table that contains the product(s) they purchased.
In order to download them, the transaction ID and email address (plus their name) has to all match a form submission which then redirects the customer to a 'download' page with their individual files.
The problem is, the files that they're purchasing have been stored on a domain (behind .htpsswd protection) that is over 10 years old, that, was honestly never even considered might be needed for this purpose, there's nothing on that domain except about 12,000 individual files, all with a unique ID.
I figured if i used a proxy to store a new username and password in the .htpsswd file, (there is no directory browsing possible) that would resolve my having to dynamically create an actual username and password for each customer when a purchase is made.
Am I overthinking things or would this be fine? There isn't really anything of 'value' per se in the protected directory that if it gets lost somehow I wouldn't be able to re-upload from a physical HD.
I'll be honest, coding out an actual user login system isn't something I feel like doing on a weekend, at least not until I have the user account creation stuff setup
