Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Downloading after payment


koconnor00

Recommended Posts

Hi all,

 

I have been following a great post here which shows you how to set up your products for downloading.

 

I have one problem though and thats with the download folder where the customer goes to to download their ebook.

 

It is not a secure folder and anyone could just go in and take the ebook.

 

Creating another folder will still allow the hacker the same option, so how to do I go about making the file protected so that only a customer can download the product?

 

Thanks all!

 

Kevin

Link to comment
Share on other sites

Hi all,

 

I have been following a great post here which shows you how to set up your products for downloading.

 

I have one problem though and thats with the download folder where the customer goes to to download their ebook.

 

It is not a secure folder and anyone could just go in and take the ebook.

 

Creating another folder will still allow the hacker the same option, so how to do I go about making the file protected so that only a customer can download the product?

 

Thanks all!

 

Kevin

 

 

I also provide some of my products via download, so I read your post with <ahem> some concern about my own site. Just to see what would happen, I tried to access a ) my download directory and b ) one of the specific files in my download directory through my browser but without going through my osCommerce website. I got a user id/password box both times. I could only get to the files if I gave my host service password. I don't have anonymous FTP turned on, which is probably why my directories demand the password.

 

My site isn't live yet, so if customers would have trouble downloading their products I don't know it yet. I just asked a friend to test it for me. If they don't have trouble, then it's possible that my hosting service' normal 'you must log in to access your files' action is enough to prevent freeloaders from nabbing my product files.

 

Is there something else I should worry about? Some URL trick people can use to get past the login requirement or something like that?

 

Thanks,

Stephanie

Link to comment
Share on other sites

This is whats in the .htaccess in my download folder. Which i guess is defaut.

AuthType Basic

AuthName "No access"

AuthUserFile .htnopasswd

AuthGroupFile /dev/null

Require valid-user

 

I can't get into the folder at all which is good. You need to make sure that your download folder is not accessible from the web.

 

Oscommerce sets it up for you. Your customers access there downloads through the download.php script. It only lets people download files that are theirs. I am sure there is a way to exploit it but it would be hard.

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...