FREE downloads if you notice the links

Author	« Topic »
Terry Paulhus Ecommerce Template Expert Canada 573 Posts	Posted - 03/24/2024 : 12:46:35 I have just noticed that on my site, I can download at will, digital products if you know the link. So I am using the "a" automatic feature in the download field. After receiving the email for the downloads, when I click on the latedownloads link it takes me to the page. Simply rolling the pointer over the links given, you can see the path and filename. So my concern is a simple copy of that link can be shared to anyone. In fact, with products that I have, using the ID, it's simple to just change the link and receive the files without logging in, etc. Is there any way that I can lock this up to stop this from happening? Terry (Redsei)
Phil ECT Moderator United Kingdom 7708 Posts	Posted - 03/25/2024 : 02:20:00 Hi Terry, quote: So my concern is a simple copy of that link can be shared to anyone. Would it not be easier for the person to either forward the email with the download link or even send the file to their friends as an attachment if they want to share the download? I'd suggest it's impossible to stop them sharing it if that's what they want to do. If your download directory is outside root they wouldn't be able to directly download the files even if they knew the path and file name. *Contact Us* *Buy The PHP Capture Card Plugin* Rate Our Services/View Our Feedback
Terry Paulhus Ecommerce Template Expert Canada 573 Posts	Posted - 03/26/2024 : 05:07:29 Thanks Phil, I tried this. Obviously I mistyped or missed something here. So I created a folder in the public_html folder. Made changes to the includes file $digidownloads=TRUE; $digidownloadpattern="public_html\ssdownloads\%pid%.zip"; $digidownloadsecret="fe2ls287UyT52PAWBF234ksdf"; $digidownloadwarn=TRUE; $digidownloadmethod="filesystem"; With the warning on I get an error stating "Warning: Undefined array key "PATH_TRANSLATED" in /home/XXXXX/public_html/XXXXX/vsadmin/dodownload.php on line 105" Am I typing the digidownloadpattern location wrong? DO I need to move it out public_html and go even further back? Do I need to change the permissions on the folder differently? Terry (Redsei)
Phil ECT Moderator United Kingdom 7708 Posts	Posted - 03/26/2024 : 07:39:36 Hi Terry, quote: So I created a folder in the public_html folder. It needs to be outside the public_html directory so even if you know the exact path and file name it'll be impossible to browse to. What you need to do is create a file with your text editor called t.php with the following contents <html><body><?php echo getcwd(); ?></body></html> Upload it to your public_html directory and then just browse to it - http://www.your-domain.com/t.php This will give you the full path to the public_html directory, so using that path you can work out the location of your download directory which needs to be outside the public_html directory So you may see the full path something like this:/home/somedirectoryname/public_html So your include lines may look something like this: $digidownloads=TRUE; $digidownloadmethod="filesystem"; $digidownloadpattern="/home/somedirectoryname/your-download-directory/%pid%.zip"; $digidownloadsecret="fe2ls2pl2jyuuflldddosskkdfd"; $digidownloadwarn=TRUE; $digidownloademail="Your products can be downloaded for one more day by <a href='https://www.yourdomain.com/latedownload.php?ordid=%orderid%&pass=%password%'>Clicking Here</a>%nl%Or alternatively,%nl%<a href='https://www.yourdomain.com/latedownload.php'>Click Here</a>%nl%'. . . and enter the order ID %orderid% and password %password%%nl%%nl%"; $digidownloaddays=1; *Contact Us* *Buy The PHP Capture Card Plugin* Rate Our Services/View Our Feedback
Terry Paulhus Ecommerce Template Expert Canada 573 Posts	Posted - 03/26/2024 : 08:06:08 Phil thanks for your patience. That worked perfectly. The links look better now as well. Terry (Redsei)
Phil ECT Moderator United Kingdom 7708 Posts	Posted - 03/26/2024 : 08:11:13 Glad you got it sorted *Contact Us* *Buy The PHP Capture Card Plugin* Rate Our Services/View Our Feedback
dbdave ECT Moderator USA 10455 Posts	Posted - 03/26/2024 : 08:57:02 quote: What you need to do is create a file with your text editor called t.php with the following contents <html><body><?php echo getcwd(); ?></body></html> Upload it to your public_html directory and then just browse to it - http://www.your-domain.com/t.php This will give you the full path to the public_html directory, so using that path you can work out the location of your download directory which needs to be outside the public_html directory FYI - You can also view this quickly in the admin>main settings under under "Image File Uploads" - your root path should be showing there, even if you are not using that feature.
	« Topic »