airbourne Posted September 9, 2005 Posted September 9, 2005 I just added downloadable products and noticed that there is no security on it, all I have to do is type in catalog/download/ and i can get w/e i want without paying, how do i fix this?
Guest Posted September 9, 2005 Posted September 9, 2005 i have the same problem only people can enter a fake credit card number and still get the file without paying.... and another problem i have is that there is a limit on how big a download can be.... i have a file to be downloaded at over 2,000,000 bytes....2.0 mb....and when i go to download it i get a 550 internal error... credit cards should be checked....and the limit should be taking off
airbourne Posted September 10, 2005 Author Posted September 10, 2005 I dont seem to have problems with the file limit thing, and the cc thing doesnt matter because I'm doing it all through paypal. But is there a way to like password the download folder or something? I think thats just stupidity to have a downloadable products and all people have to do is go to that folder in their browser and get stuff for free. 755 on the download folder doesnt protect anything so why is it required
Guest Posted September 10, 2005 Posted September 10, 2005 put an index file in the download folder.....like and e404 page this would be a good use for me...but i cant always use paypal because most people dont have an account there....but some do...and for the ones that dont i need to be able to have a thing for credit cards....but i dont even think this cart charges them...so they can enter thier card number an the seller wont even get the money....how stupid is that.....and i dont understand why i have problems with the downloads at over 2,000,000 bytes but other people dont....and i dont mess with any of the files...i just upload them and thats it..but then i get the 500 error page when i try to download something big
airbourne Posted September 10, 2005 Author Posted September 10, 2005 didnt even think of that one :) thanks for the tip. My friend has been doing dummy stores with easyphp to try contribs for me. He said that he got a similar problem with one of the download dummy stores where he got errors with file size. He put the Download Controller on it and it fixed the size problem. I dont know enough about the osC code to tell you how to fix it without the contrib :huh: . You might also want to consider verisign or authorize.net that will check the credit cards on payment. Not sure if it will prevent unauthorized downloads but both are worth a shot I guess. man wheres Iggy when i need him :P , might want to give him pm if nothing else works.
Guest Posted September 10, 2005 Posted September 10, 2005 If access your hosting account using cpanel, there is an option in there to password protect any directory you need to. Also there is an option to disallow access to directory indexes as well.
Guest Posted September 10, 2005 Posted September 10, 2005 so what about the credit card thing? are people just gonna get away with putting in a fake credit car number and being able to download your stuff?
Guest Posted September 10, 2005 Posted September 10, 2005 check the code in this thread, should allow d/l only if the order is set to delivered state. By then you should have validate the cc. http://www.oscommerce.com/forums/index.php?showtopic=169678
airbourne Posted October 13, 2005 Author Posted October 13, 2005 check the code in this thread, should allow d/l only if the order is set to delivered state. By then you should have validate the cc. http://www.oscommerce.com/forums/index.php?showtopic=169678 That hack didn't seem to work :/ . I only use paypal without Credit Card Option for my store so cc's aren't a problem yet . Since its paypal accounts only, I guess the money is already transferred to their account before it is then sent to me. once I recieve it then order status is pending for the (x)-days download period then once thats over its over with. Thats from tests I've done and I havn't found a way around it conventionally. but if there is a fix for this permission issue, it would make it more secure.
Guest Posted October 13, 2005 Posted October 13, 2005 by default, osCommerce protects the download directory with an htaccess file, i also use the download controller contribution to protect files
rb1523uk31 Posted November 20, 2005 Posted November 20, 2005 put an index file in the download folder.....like and e404 page this would be a good use for me...but i cant always use paypal because most people dont have an account there....but some do...and for the ones that dont i need to be able to have a thing for credit cards....but i dont even think this cart charges them...so they can enter thier card number an the seller wont even get the money....how stupid is that.....and i dont understand why i have problems with the downloads at over 2,000,000 bytes but other people dont....and i dont mess with any of the files...i just upload them and thats it..but then i get the 500 error page when i try to download something big You dont need a paypal account to pay via credit card or debit card, it will allow you to pay without an account.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.