joemurray Posted September 2, 2006 Posted September 2, 2006 Could anyone let me know how to make my oscommerce files unaccessible to others but still have the site be functional? I'm particularly interested in the "download" folder. I'll be selling downloads and I want to make it so the user can't just get into the directory and download at will. Thanks.
Andrew Yuen Posted September 2, 2006 Posted September 2, 2006 I suggest reading http://www.oscommerce.info/kb/osCommerce/A...nfiguration/162 Andrew Yuen osCommerce, Community Team
joemurray Posted September 2, 2006 Author Posted September 2, 2006 I've read it a million times now. I have my permissions set already. However I can still type the address (http://www.mydomain.com/catalog/download/my.mp3) and get the file. I don't want people to be able to do that. Do I need to set certain permissions to my catalog folder to stop this from being possible?
Iggy Posted September 2, 2006 Posted September 2, 2006 Try setting the downloads folder outside your webroot in the config. Iggy Everything's funny but nothing's a joke...
joemurray Posted September 2, 2006 Author Posted September 2, 2006 Try setting the downloads folder outside your webroot in the config. Iggy Thanks for the reply. I'm not quite sure what you mean by "outside your webroot in the config". Could you break it down a little more? I'm not very tech literate.
Iggy Posted September 2, 2006 Posted September 2, 2006 Well, for your website when you ftp files to it you should have to put them in www or html or htdocs or public_html. Your host can name that dir anything. That dir is (where you put your html or php files) is your webroot. One directory up from that is usually where you would end up when you connect via FTP initially. In the catalog config file at includes/configure.php there's an entry for where your downloads should be. define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/your/catalog/path/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); With some monkeying of the path you "should" be able to get that dir outside of your webroot. I'll have to try it myself and see but it "should" work :) Iggy Everything's funny but nothing's a joke...
joemurray Posted September 2, 2006 Author Posted September 2, 2006 Well, for your website when you ftp files to it you should have to put them in www or html or htdocs or public_html. Your host can name that dir anything. That dir is (where you put your html or php files) is your webroot. One directory up from that is usually where you would end up when you connect via FTP initially. In the catalog config file at includes/configure.php there's an entry for where your downloads should be. define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/your/catalog/path/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); With some monkeying of the path you "should" be able to get that dir outside of your webroot. I'll have to try it myself and see but it "should" work :) Iggy Thanks for helping out. Its just that one folder that I'm most concerned about. I just don't want people checking the source and then finding their way to the downloads folder with all of the files. If you figure anything out then let me know.
Jack_mcs Posted September 2, 2006 Posted September 2, 2006 Copy the following into a file named .htaccess and upload that file into the downloads directory. No one will be able to get in then. AuthType Basic AuthName "No access" AuthUserFile .htnopasswd AuthGroupFile /dev/null Require valid-user Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
joemurray Posted September 4, 2006 Author Posted September 4, 2006 Copy the following into a file named .htaccess and upload that file into the downloads directory. No one will be able to get in then.AuthType Basic AuthName "No access" AuthUserFile .htnopasswd AuthGroupFile /dev/null Require valid-user Jack Thanks for the advice but my host does not allow me to upload a .htaccess file anywhere on my site. Even when I tried installing osCommerce I got tons of errors so I had to upload one file at a time in some cases. I do have the ability to password protect any directory. If I were to password protect the download directory would I be able to configure osCommerce to still have access to it?
Jack_mcs Posted September 4, 2006 Posted September 4, 2006 Maybe. The method I gave you is password protecting it and will work but if your host only allows a certain method, I can't speak to that. It won't hurt to try it. If it doesn't work, just remove the change you made. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Iggy Posted September 5, 2006 Posted September 5, 2006 Well, for your website when you ftp files to it you should have to put them in www or html or htdocs or public_html. Your host can name that dir anything. That dir is (where you put your html or php files) is your webroot. One directory up from that is usually where you would end up when you connect via FTP initially. In the catalog config file at includes/configure.php there's an entry for where your downloads should be. define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/your/catalog/path/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); With some monkeying of the path you "should" be able to get that dir outside of your webroot. I'll have to try it myself and see but it "should" work :) Iggy OK, got a chance to ding this around a bit. Here's how you can change your config to set the download folder outside your web root. See the original settings in the quote above. Modify it using your local paths to this define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/some/dir/html/catalog/'); define('DIR_FS_DOWNLOAD', '/some/dir/download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); The only line you have to mess with is the DIR_FS_DOWNLOAD. You'll either have to move your downloads folder or create one. Should be all there is to it and works for me. HTH, Iggy Everything's funny but nothing's a joke...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.