catalano Posted March 9, 2007 Share Posted March 9, 2007 I asked this question in the installation forum, but thought it might be more appropriate here. I have a working installation of oscommerce. I'd like to be able to move the download folder to another server (due to bandwidth and space limitations). I can't see a proper way to do this, but I'm sure it must be possible. Can anyone suggest the best way to do it? There was a suggestion in the other thread where the writer made all of the downloadable files html documents that linked to the actual files on another server. It's interesting but as far as I can tell it wouldn't prevent the html file from being shared and allow anyone with the html file to access the download. Thanks, Chris Link to comment Share on other sites More sharing options...
Velveeta Posted March 9, 2007 Share Posted March 9, 2007 I asked this question in the installation forum, but thought it might be more appropriate here. I have a working installation of oscommerce. I'd like to be able to move the download folder to another server (due to bandwidth and space limitations). I can't see a proper way to do this, but I'm sure it must be possible. Can anyone suggest the best way to do it? There was a suggestion in the other thread where the writer made all of the downloadable files html documents that linked to the actual files on another server. It's interesting but as far as I can tell it wouldn't prevent the html file from being shared and allow anyone with the html file to access the download. Thanks, Chris You could probably rewrite the download code to just point to a different server rather than the downloads folder, and do a redirect to that server w/ the filename pulled from the query when it goes to see what file they're downloading... That way they would still get a download link that referenced your store, but when they clicked it, it would lookup the filename, point to the other server, tack that filename onto the end of the url, and redirect them to that address, where the download will happen... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
catalano Posted March 9, 2007 Author Share Posted March 9, 2007 Hi Richard, Thanks for replying. I think I understand what you're saying. Any suggestions on where to start with that? I'm not a programmer by design, but hopefully I can take a shot at modifying stuff thats already there. Thanks, Chris You could probably rewrite the download code to just point to a different server rather than the downloads folder, and do a redirect to that server w/ the filename pulled from the query when it goes to see what file they're downloading... That way they would still get a download link that referenced your store, but when they clicked it, it would lookup the filename, point to the other server, tack that filename onto the end of the url, and redirect them to that address, where the download will happen... Richard. Link to comment Share on other sites More sharing options...
Velveeta Posted March 9, 2007 Share Posted March 9, 2007 Hi Richard, Thanks for replying. I think I understand what you're saying. Any suggestions on where to start with that? I'm not a programmer by design, but hopefully I can take a shot at modifying stuff thats already there. Thanks, Chris Well, you'll find this at the end of your download.php file: // Now send the file with header() magic header("Expires: Mon, 26 Nov 1962 00:00:00 GMT"); header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: Application/octet-stream"); header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']); if (DOWNLOAD_BY_REDIRECT == 'true') { // This will work only on Unix/Linux hosts tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); $tempdir = tep_random_name(); umask(0000); mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777); symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); } else { // This will work on all systems, but will need considerable resources // We could also loop with fread($fp, 4096) to save memory readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); } You may be able to accomplish what you want to do by making just a few changes, like this: // Now send the file with header() magic header("Expires: Mon, 26 Nov 1962 00:00:00 GMT"); header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: Application/octet-stream"); header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']); if (DOWNLOAD_BY_REDIRECT == 'true') { // This will work only on Unix/Linux hosts /* Comment out this section tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); $tempdir = tep_random_name(); umask(0000); mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777); symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); */ // Change the line below this: // tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); // To this: tep_redirect(HTTP_DOWNLOAD_SERVER . $downloads['orders_products_filename']); } else { // This will work on all systems, but will need considerable resources // We could also loop with fread($fp, 4096) to save memory readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); } And then in your includes/configure.php file, add an entry like this: define('HTTP_DOWNLOAD_SERVER', 'http://www.yourdownloadserveraddress.com/'); And that shouuuuuuuuld do it, I think... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
catalano Posted March 9, 2007 Author Share Posted March 9, 2007 Wow, thanks for the extremely detailed help and quick response. I'm going to give it a shot on my testing server and see how it flies. But it seems to make sense. Thanks, Chris Well, you'll find this at the end of your download.php file: // Now send the file with header() magic header("Expires: Mon, 26 Nov 1962 00:00:00 GMT"); header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: Application/octet-stream"); header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']); if (DOWNLOAD_BY_REDIRECT == 'true') { // This will work only on Unix/Linux hosts tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); $tempdir = tep_random_name(); umask(0000); mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777); symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); } else { // This will work on all systems, but will need considerable resources // We could also loop with fread($fp, 4096) to save memory readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); } You may be able to accomplish what you want to do by making just a few changes, like this: // Now send the file with header() magic header("Expires: Mon, 26 Nov 1962 00:00:00 GMT"); header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: Application/octet-stream"); header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']); if (DOWNLOAD_BY_REDIRECT == 'true') { // This will work only on Unix/Linux hosts /* Comment out this section tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); $tempdir = tep_random_name(); umask(0000); mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777); symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); */ // Change the line below this: // tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); // To this: tep_redirect(HTTP_DOWNLOAD_SERVER . $downloads['orders_products_filename']); } else { // This will work on all systems, but will need considerable resources // We could also loop with fread($fp, 4096) to save memory readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); } And then in your includes/configure.php file, add an entry like this: define('HTTP_DOWNLOAD_SERVER', 'http://www.yourdownloadserveraddress.com/'); And that shouuuuuuuuld do it, I think... Richard. Link to comment Share on other sites More sharing options...
Velveeta Posted March 9, 2007 Share Posted March 9, 2007 Wow, thanks for the extremely detailed help and quick response. I'm going to give it a shot on my testing server and see how it flies. But it seems to make sense. Thanks, Chris Oh yeah, make sure in the admin console, in the configuration section, you set downloads to download by redirect, otherwise, that portion of the code won't even execute... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
catalano Posted March 10, 2007 Author Share Posted March 10, 2007 Hi Richard, I got a chance to try out the fix, but unfortunately it didn't work. I believe I followed everything as you explained. Here's what I did in the download.php file: // Now send the file with header() magic header("Expires: Mon, 26 Nov 1962 00:00:00 GMT"); header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: Application/octet-stream"); header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']); if (DOWNLOAD_BY_REDIRECT == 'true') { // This will work only on Unix/Linux hosts /* tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); $tempdir = tep_random_name(); umask(0000); mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777); symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); */ /* tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); */ tep_redirect(HTTP_DOWNLOAD_SERVER . $downloads['orders_products_filename']); } else { // This will work on all systems, but will need considerable resources // We could also loop with fread($fp, 4096) to save memory readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); } ?> And here's what I added to the includes/config.php file: define('HTTP_DOWNLOAD_SERVER','http://media.ltbn.com/store/'); And I did turn on the 'download by redirect' option in the admin panel. Actually it was always on. Does anything seem out of whack to you? Thanks, Chris Oh yeah, make sure in the admin console, in the configuration section, you set downloads to download by redirect, otherwise, that portion of the code won't even execute... Richard. Link to comment Share on other sites More sharing options...
Velveeta Posted March 10, 2007 Share Posted March 10, 2007 Did you put the actual file to be downloaded up on that server? I just went to that address and only saw 1 file in that directory, dvdlogo.tif... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
catalano Posted March 11, 2007 Author Share Posted March 11, 2007 Hi Richard, Yes, that's the file I'm using for testing. Here's an interesting bit of info, I've been trying various things and I was able to get it to work with a .txt file as the download. That's the only type of file that has worked so far. I've tried the .tif that you saw as well as .jpg, .mov and .zip files. There's never any error message in the order process and I always get the confirmation that says I have 5 downloads remaining. And just to be clear, when I say it doesn't work I mean that the product name in the 'download links' section of the confirmation screen isn't a link. It's just plain text. Very strange.... Any thoughts? Thanks, Chris Did you put the actual file to be downloaded up on that server? I just went to that address and only saw 1 file in that directory, dvdlogo.tif... Richard. Link to comment Share on other sites More sharing options...
catalano Posted March 11, 2007 Author Share Posted March 11, 2007 A follow up question- If I can get this to work properly will the files on the download server be protected in any way? In the normal download folder oscommerce uses the .htaccess file to protect the contents. Just wondering what would happen in this case. Thanks Again, Chris Link to comment Share on other sites More sharing options...
Velveeta Posted March 11, 2007 Share Posted March 11, 2007 A follow up question- If I can get this to work properly will the files on the download server be protected in any way? In the normal download folder oscommerce uses the .htaccess file to protect the contents. Just wondering what would happen in this case. Thanks Again, Chris I'm still trying to figure out the reason for your last question, which is why I haven't responded to it just yet... But as for this one, they wouldn't be protected in any way, however, the redirect in the background should keep users from knowing where the file is coming from altogether, so they'll never know your server address, unless they use a packet sniffer to see where the traffic is coming from, or use some other method to see where their traffic is coming from... I'm not positive that it won't display in the status bar at the bottom of the browser when it says something like "Waiting for www.whatever.com..." though... A way around this would be move those files into another subdirectory of that server, protect *that* directory with an htaccess file, and setup a script in the /store folder to receive these incoming requests, which would then pull that file and shove it down to the user... In the url string to that script, you could put some kind of authentication token to make sure users aren't arbitrarily sending it requests, something like: tep_redirect(HTTP_FTP_SERVER . 'catch_download_request.php', 'filename=' . $downloads['orders_products_filename'] . '&AuthToken=sdf728n287n287n827n28n728728v827v'); Then, in the script on the other end, verify the AuthToken value, and if it's a match, pull the file contained in the filename variable and send it down, and otherwise, throw an error page, like a 404 page... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
catalano Posted March 15, 2007 Author Share Posted March 15, 2007 Hi Richard, I appreciate you sticking with me here. I'm hopeful that this can work for files other than .txt. As for security, the other place where the server does get revealed is in the 'Save As' dialog box on Windows when the actual file is being received/downloaded. If someone pays attention they'll see that the server name is in the 'From:' field of that screen. I'm not sure if the authentication method you suggested would prevent that. I'm going to try to implement something like you suggested, but it may be beyond my abilities. Thanks, Chris I'm still trying to figure out the reason for your last question, which is why I haven't responded to it just yet... But as for this one, they wouldn't be protected in any way, however, the redirect in the background should keep users from knowing where the file is coming from altogether, so they'll never know your server address, unless they use a packet sniffer to see where the traffic is coming from, or use some other method to see where their traffic is coming from... I'm not positive that it won't display in the status bar at the bottom of the browser when it says something like "Waiting for www.whatever.com..." though... A way around this would be move those files into another subdirectory of that server, protect *that* directory with an htaccess file, and setup a script in the /store folder to receive these incoming requests, which would then pull that file and shove it down to the user... In the url string to that script, you could put some kind of authentication token to make sure users aren't arbitrarily sending it requests, something like: tep_redirect(HTTP_FTP_SERVER . 'catch_download_request.php', 'filename=' . $downloads['orders_products_filename'] . '&AuthToken=sdf728n287n287n827n28n728728v827v'); Then, in the script on the other end, verify the AuthToken value, and if it's a match, pull the file contained in the filename variable and send it down, and otherwise, throw an error page, like a 404 page... Richard. Link to comment Share on other sites More sharing options...
Velveeta Posted March 16, 2007 Share Posted March 16, 2007 Hi Richard, I appreciate you sticking with me here. I'm hopeful that this can work for files other than .txt. As for security, the other place where the server does get revealed is in the 'Save As' dialog box on Windows when the actual file is being received/downloaded. If someone pays attention they'll see that the server name is in the 'From:' field of that screen. I'm not sure if the authentication method you suggested would prevent that. I'm going to try to implement something like you suggested, but it may be beyond my abilities. Thanks, Chris I actually had a thought about this the other day... The reason it may not be working for files other than txt is that those download headers are being sent before the redirect... Possibly, if you redirect first, and then use the catcher-script to output those headers and then read in that file from there, it may work... Does it show the entire url in the "From:" field, or does it just show the server name? If it just shows the server name, you should still be able to send that variable in the url string to let it authenticate... Otherwise, we'll have to think up some other method... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
catalano Posted March 16, 2007 Author Share Posted March 16, 2007 Hi Richard, I had a question about your previous post. You suggested putting a script in the store/ folder, you meant on the fileserver and not somewhere within the oscommerce directory, right? If so, what type of script do you mean? A cgi or another php file in the new download directory? The line of code you gave seemed like it should be in one of the oscommerce files. I'll check on what shows up in the "From:" field a little later. I'm not on my Windows machine right now. Thanks Again, Chris I actually had a thought about this the other day... The reason it may not be working for files other than txt is that those download headers are being sent before the redirect... Possibly, if you redirect first, and then use the catcher-script to output those headers and then read in that file from there, it may work... Does it show the entire url in the "From:" field, or does it just show the server name? If it just shows the server name, you should still be able to send that variable in the url string to let it authenticate... Otherwise, we'll have to think up some other method... Richard. Link to comment Share on other sites More sharing options...
Velveeta Posted March 16, 2007 Share Posted March 16, 2007 Hi Richard, I had a question about your previous post. You suggested putting a script in the store/ folder, you meant on the fileserver and not somewhere within the oscommerce directory, right? If so, what type of script do you mean? A cgi or another php file in the new download directory? The line of code you gave seemed like it should be in one of the oscommerce files. I'll check on what shows up in the "From:" field a little later. I'm not on my Windows machine right now. Thanks Again, Chris I meant on the other fileserver... basically you'd make a script like download_catcher.php or something like that, which would take the filename as an argument, and any authentication token you want to use... Then it would verify the token and load up that file to push down to the client like the script in osc does... Richard. Richard Lindsey Link to comment Share on other sites More sharing options...
Pret Posted September 12, 2007 Share Posted September 12, 2007 I meant on the other fileserver... basically you'd make a script like download_catcher.php or something like that, which would take the filename as an argument, and any authentication token you want to use... Then it would verify the token and load up that file to push down to the client like the script in osc does... Richard. Hello, I have the same problem as discribed above. But i'm not on a Unix/Linux server. Is there any other way to make downloads on another server possible from a windows server? Greets Taco Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.