Download folder and files - making them secure

[pros99]

Hi,

I have a couple of questions and for this i'll use an example.

Let's say I have a membership area which is located in folder:

http://www.website.com/blog/members/

In this members folder this is where i put all the .zip files.
Customers need to log in to the above link to access the member's area which is in the "members" folder

1) The problem i am having is that the pages in the "members" folder is secure but the download links are not. I know this as i was able to access the .zip files even when not logged in.
I try using DLG links such as: http://www.website.com/blog/members/getfile.php?f=file.zip

This does not work. What could be wrong? Note that i have set the download page already in the DLG admin panel to be http://www.website.com/blog/members/

2) Can you protect the entire folder with DLGuard cos i have a subfolder that i need to protect that has many files? Can this be done in stead of physically put the PHP code at the top of each page?

3) Let's say i have a another folder that exists inside the membership area called: http://www.website.com/blog/members/videos/video.html

I want to protect the sub folder "videos" because they contain training videos only available to paid members.

Please let me know how this can be done considering that this folder sits in a subfolder.

Kind regards

VT

[pros99]

Further to my earlier message, i just tried to make a copy of the "gefile.php" which came with the installation package. I copied this into the
http://www.website.com/blog/members

When i click on the download zip file in the member's area I get this message:

This time the error i get is:
Warning: main(dlgmembers.php) [function.main]: failed to open stream: No such file or directory in /home/................./members/getfile.php on line 5

HOpe this helps to find out the problem.

[espradley]

Here are some solutions to protecting your .zip files.

1. You put the zip files in another directory... maybe members/downloads/. Password protect this directory using cpanel. DLG will still be able to access the files, but when users go to it, they will be prompted for a password.

2. Put the files in a directory lower than your public_html folder and then point the files to be downloaded from there.

As far as your memebers area, you can protect whichever pages you want to protect, you just have to adjust the DLG code based on where the protect page is.
_________________
Eddie Spradley - DLGuard Moderator and PHP Developer
www.dlgadvance.com - DLGuard Help and Customizations
http://dlgadvance.com/products/dlguard-wordpress-membership-plugin/ - DLGuard Wordpress Membership

[pros99]

Thanks for your reply. Just some clarification.

1) In relation to putting a password protection on the folder
in cpanel, would this therefore defeat the whole purpose of using
DLGuard in the first place? Because if customers can only access the downloads using a password that is non DLGuard, this method defeats the whole purpose of customers assigned a unique username and password?

2) With the second option you proposed, i would like to give that a try.

My directory which i put the .zip files is
/home/user/folderfordownloadhere

instead of

/home/user/public_html/folderfordownloadhere

But then when it comes to providing a clickable link for the customers to download the products from the above folder, how would i reference something like that using A href tags?


KInd regards

VT

[espradley]

Replies...


1. No purpose defeated here. Since DLGuards working directory is /dlg/ it litterally sucks the download into this directory and makes it downloadable through the link...so you will never see that password unless you try to directly access the files.. Since DLGuard exsists on yoru domain it has access behind the scenes to all of your files even if the directory is passworded. Does that make sense?

2. You want DLGuard to handle the link. In your single product items you will enter the directory as if you were coming from then use the raw sales link that DLGuard proivdes to you and your done!

I hope I have helped here. Let me know if you have any more questions.
_________________
Eddie Spradley - DLGuard Moderator and PHP Developer
www.dlgadvance.com - DLGuard Help and Customizations
http://dlgadvance.com/products/dlguard-wordpress-membership-plugin/ - DLGuard Wordpress Membership

[espradley]

Hey,

I looked up this forum where Sam and I helped someone with this same issue not long ago. Maybe it will help:

http://dlguard.com/forum/viewtopic.php?p=13138#13138
_________________
Eddie Spradley - DLGuard Moderator and PHP Developer
www.dlgadvance.com - DLGuard Help and Customizations
http://dlgadvance.com/products/dlguard-wordpress-membership-plugin/ - DLGuard Wordpress Membership

[pros99]

Thanks so much for getting back to me and providing the links to the previous threads/posts.

With the two options for download page, this is what i have done:

1) option 1 - I have managed to get the password protect for the directory.
For some reason even though the
http://www.website.com/blog/members area is protected by DLG
it still asked for password authentication when i try to download files from
http://www.website.com/blog/members/download while still logged in

Any ideas what happened?

2) with option 2 (putting files in non public-html folder).
I'll outline the steps of what i did. Step c) below is where i get stuck.
a) put zip files in a folder sitting outside public-html called "download123"
b) went into the DLG admin area to "edit membership option" In here I entered "../../download123/" for the field "folder where extra dwonload files are kept"

c) in the member's area i provide a link to the customer so that when they click on it, the file is accessed. The raw links given to the customer are
?????? This is what i don't understand. I am not sure of the "raw sales link" you were mentioning about?

Hope you can help.

Kind regards

VT

[admin]

Hi VT,

As Eddie said, I'd just recommend putting the files into a randomly named folder such as:

http://www.website.com/blog/members/fsdh94h4t/

No one will ever guess that location, and DLGuard will never display it.

If you're worried, though, you can put a password on the folder. This will stop people from accessing the folder, but DLGuard will still be able to. Your customers don't need that password - just keep it to yourself. They will never know it's password protected.

For advances users, you can even keep your files outside of the public_html folder if you wish.


Does the above make sense?

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[espradley]

Hello,

Hmmm, I am not sure why you are getting prompted for the password. I know I have done it a few times.

As far as the raw sales link, I do not mean a direct link to the product.

I would setup the files each in DLGuard and then click the "Get Code" button to get the "Raw Sales Link". This will look something like www.yourdomain.com/dlg/download.php?p=something or something like the. Then when they click on this, DLGuard knows where your file is. So essentially the download.php file pulls the download and then presents it to the user.

Alternatively, in your membership setup you will find a few boxes that talk about bonus downloads.

Also, if you do what Sam has suggested and put the files in a random folder, than I would put a blank index.html file in there so it doesn't pull up a list of .zip files. So in order for them to download, they would have to predict the folder name and the file name.

Anyways, Hope this helps....
_________________
Eddie Spradley - DLGuard Moderator and PHP Developer
www.dlgadvance.com - DLGuard Help and Customizations
http://dlgadvance.com/products/dlguard-wordpress-membership-plugin/ - DLGuard Wordpress Membership

[admin]

Hi VT,

If you're still having troubles, if you can open a support ticket and send me your DLGuard login URL and details, as well as temporary FTP login details, I'll login and check it all out for you!

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[AllanWM]

Sam,

In this case, how do we keep the search engines away from this randomly named folder? Thanks.

Take care,
Allan

[admin]

Hi Allan,

Search engines can only see webpages that are directly linked to. They have to follow "paths", and if there's no path, they can't go there.

Since DLGuard NEVER links to that location, search engines will never see it, and never know it exists.

Does that make sense?

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard

[AllanWM]

Sam,

Thanks for the answer and yes that does make sense. So if I have no links to my download page the search spiders can not find it; simple enough.

Now if I already have a download page setup can I just have DLGuard direct a customer to that page after payment or do I have to use the DLGuard encrypted links to each product?

Take care,
Allan

[admin]

Hi Allan,

You'll need to use a DLGuard donwload page that has DLGuard download links on it.

The reason for this is because of the linking - DLGuard doesn't link to file directly, but your current unprotected download page will.

So for security, you'll need to use DLGuad's page.

You can customize the look of it, if you wish like this:

http://dlguard.com/help/?View=entry&EntryID=28

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard