Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Problem, Downloads can be gotten without paying


airbourne

Recommended Posts

Posted

I just added downloadable products and noticed that there is no security on it, all I have to do is type in catalog/download/ and i can get w/e i want without paying, how do i fix this?

Posted

i have the same problem only people can enter a fake credit card number and still get the file without paying....

 

and another problem i have is that there is a limit on how big a download can be....

 

i have a file to be downloaded at over 2,000,000 bytes....2.0 mb....and when i go to download it i get a 550 internal error...

 

credit cards should be checked....and the limit should be taking off

Posted

I dont seem to have problems with the file limit thing, and the cc thing doesnt matter because I'm doing it all through paypal. But is there a way to like password the download folder or something? I think thats just stupidity to have a downloadable products and all people have to do is go to that folder in their browser and get stuff for free. 755 on the download folder doesnt protect anything so why is it required

Posted

put an index file in the download folder.....like and e404 page

 

this would be a good use for me...but i cant always use paypal because most people dont have an account there....but some do...and for the ones that dont i need to be able to have a thing for credit cards....but i dont even think this cart charges them...so they can enter thier card number an the seller wont even get the money....how stupid is that.....and i dont understand why i have problems with the downloads at over 2,000,000 bytes but other people dont....and i dont mess with any of the files...i just upload them and thats it..but then i get the 500 error page when i try to download something big

Posted

didnt even think of that one :) thanks for the tip.

 

My friend has been doing dummy stores with easyphp to try contribs for me. He said that he got a similar problem with one of the download dummy stores where he got errors with file size. He put the Download Controller on it and it fixed the size problem. I dont know enough about the osC code to tell you how to fix it without the contrib :huh: . You might also want to consider verisign or authorize.net that will check the credit cards on payment. Not sure if it will prevent unauthorized downloads but both are worth a shot I guess.

 

man wheres Iggy when i need him :P , might want to give him pm if nothing else works.

Posted

If access your hosting account using cpanel, there is an option in there to password protect any directory you need to. Also there is an option to disallow access to directory indexes as well.

Posted

so what about the credit card thing? are people just gonna get away with putting in a fake credit car number and being able to download your stuff?

  • 1 month later...
Posted
check the code in this thread, should allow d/l only if the order is set to delivered state. By then you should have validate the cc.

 

http://www.oscommerce.com/forums/index.php?showtopic=169678

 

That hack didn't seem to work :/ . I only use paypal without Credit Card Option for my store so cc's aren't a problem yet . Since its paypal accounts only, I guess the money is already transferred to their account before it is then sent to me. once I recieve it then order status is pending for the (x)-days download period then once thats over its over with. Thats from tests I've done and I havn't found a way around it conventionally. but if there is a fix for this permission issue, it would make it more secure.

Posted

by default, osCommerce protects the download directory with an htaccess file, i also use the download controller contribution to protect files

  • 1 month later...
Posted
put an index file in the download folder.....like and e404 page

 

this would be a good use for me...but i cant always use paypal because most people dont have an account there....but some do...and for the ones that dont i need to be able to have a thing for credit cards....but i dont even think this cart charges them...so they can enter thier card number an the seller wont even get the money....how stupid is that.....and i dont understand why i have problems with the downloads at over 2,000,000 bytes but other people dont....and i dont mess with any of the files...i just upload them and thats it..but then i get the 500 error page when i try to download something big

 

You dont need a paypal account to pay via credit card or debit card, it will allow you to pay without an account.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...