Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How do I keep people from accessing my files?


joemurray

Recommended Posts

Posted

Could anyone let me know how to make my oscommerce files unaccessible to others but still have the site be functional? I'm particularly interested in the "download" folder. I'll be selling downloads and I want to make it so the user can't just get into the directory and download at will. Thanks.

Posted

Try setting the downloads folder outside your webroot in the config.

 

Iggy

Everything's funny but nothing's a joke...

Posted
Try setting the downloads folder outside your webroot in the config.

 

Iggy

 

Thanks for the reply. I'm not quite sure what you mean by "outside your webroot in the config". Could you break it down a little more? I'm not very tech literate.

Posted

Well, for your website when you ftp files to it you should have to put them in www or html or htdocs or public_html. Your host can name that dir anything.

 

That dir is (where you put your html or php files) is your webroot. One directory up from that is usually where you would end up when you connect via FTP initially.

 

In the catalog config file at includes/configure.php there's an entry for where your downloads should be.

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/your/catalog/path/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

With some monkeying of the path you "should" be able to get that dir outside of your webroot.

 

I'll have to try it myself and see but it "should" work :)

 

Iggy

Everything's funny but nothing's a joke...

Posted
Well, for your website when you ftp files to it you should have to put them in www or html or htdocs or public_html. Your host can name that dir anything.

 

That dir is (where you put your html or php files) is your webroot. One directory up from that is usually where you would end up when you connect via FTP initially.

 

In the catalog config file at includes/configure.php there's an entry for where your downloads should be.

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/your/catalog/path/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

With some monkeying of the path you "should" be able to get that dir outside of your webroot.

 

I'll have to try it myself and see but it "should" work :)

 

Iggy

 

Thanks for helping out. Its just that one folder that I'm most concerned about. I just don't want people checking the source and then finding their way to the downloads folder with all of the files. If you figure anything out then let me know.

Posted

Copy the following into a file named .htaccess and upload that file into the downloads directory. No one will be able to get in then.

AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
Require valid-user

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted
Copy the following into a file named .htaccess and upload that file into the downloads directory. No one will be able to get in then.
AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
Require valid-user

 

Jack

 

Thanks for the advice but my host does not allow me to upload a .htaccess file anywhere on my site. Even when I tried installing osCommerce I got tons of errors so I had to upload one file at a time in some cases.

 

I do have the ability to password protect any directory. If I were to password protect the download directory would I be able to configure osCommerce to still have access to it?

Posted

Maybe. The method I gave you is password protecting it and will work but if your host only allows a certain method, I can't speak to that. It won't hurt to try it. If it doesn't work, just remove the change you made.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted
Well, for your website when you ftp files to it you should have to put them in www or html or htdocs or public_html. Your host can name that dir anything.

 

That dir is (where you put your html or php files) is your webroot. One directory up from that is usually where you would end up when you connect via FTP initially.

 

In the catalog config file at includes/configure.php there's an entry for where your downloads should be.

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/your/catalog/path/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

With some monkeying of the path you "should" be able to get that dir outside of your webroot.

 

I'll have to try it myself and see but it "should" work :)

 

Iggy

 

OK, got a chance to ding this around a bit. Here's how you can change your config to set the download folder outside your web root.

 

See the original settings in the quote above. Modify it using your local paths to this

 

  define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/some/dir/html/catalog/');
 define('DIR_FS_DOWNLOAD', '/some/dir/download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

The only line you have to mess with is the DIR_FS_DOWNLOAD. You'll either have to move your downloads folder or create one. Should be all there is to it and works for me.

 

HTH,

Iggy

Everything's funny but nothing's a joke...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...