The simplest method I can think of would be to password protect the URL using htaccess.

You can then create a login on purchase and delete it after the 24 hour window without having to worry about moving directories, etc.

For implementation, I'd start with HTTPD::UserAdmin as it let's you add meta info to htpasswd files really easily...

$auth->add($username, $password, { 'expired_after' => time + 86_400 })

# ... and then later using cron or something ...

my $meta = $auth->fetch($username, 'expired_after');
$auth->delete($username) if $meta->{'expired_after'} < time;
[download]