The simplest method I can think of would be to password protect the URL using htaccess.
You can then create a login on purchase and delete it after the 24 hour window without having to worry about moving directories, etc.
For implementation, I'd start with HTTPD::UserAdmin as it let's you add meta info to htpasswd files really easily...
$auth->add($username, $password, { 'expired_after' => time + 86_400 })
# ... and then later using cron or something ...
my $meta = $auth->fetch($username, 'expired_after');
$auth->delete($username) if $meta->{'expired_after'} < time;