AlexStudio Posted March 1, 2007 Author Share Posted March 1, 2007 Downloads Controller Order Status ValueDownloads Controller Order Status Value - Default=10 My set is 14 What should I add when my setting in orders_status_id is 11 Download Now Available 12 Updated 10 :rolleyes: Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
core Posted March 1, 2007 Share Posted March 1, 2007 10 :rolleyes: duh.. It's work! Thank you so much.. :thumbsup: :thumbsup: :thumbsup: Quote Link to comment Share on other sites More sharing options...
Dennis_gull Posted March 1, 2007 Share Posted March 1, 2007 By the way, I tried to install SEO again and still had the same problem with the downloads showing up but like I said before it doesnt really matter because the affiliate system didnt work either. Anyways I tried to install SEO 2.0 and that version worked fine (for everything). Quote Link to comment Share on other sites More sharing options...
tbreslow Posted March 2, 2007 Share Posted March 2, 2007 hi again, 1) i am trying to understand the logic behind the "redirect" way of downloading the deliverable. i think i'm missing something, because the URL is plainly visible, couldn't the user just copy the redirected url and send it to whomever they wanted and the file could be downloaded? it does not seem very secure. 2) i am thinking to try the non-redirect way, but loop over a decent-sized buffer. isn't this much better? i am curious for your input, because it seems everyone uses "redirect" method. thanks, todd Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 2, 2007 Author Share Posted March 2, 2007 1) i am trying to understand the logic behind the "redirect" way of downloading the deliverable. i think i'm missing something, because the URL is plainly visible, couldn't the user just copy the redirected url and send it to whomever they wanted and the file could be downloaded? it does not seem very secure. The download link requires the user to login before running the link, and also checks the order id, max download days, max download counts....etc, no matter by redirect or not. If your customer wants to share his account info and the file purchased, there is no way to stop him, but the download expiry and counts can help to limit the risk. It's the way osCommerce was developed, and I don't see any other 'easy' way to improve it. When working with file groups, the file descriptions are shown with the links, not the filenames. For security reason, don't use filename for the file description. 2) i am thinking to try the non-redirect way, but loop over a decent-sized buffer. isn't this much better?i am curious for your input, because it seems everyone uses "redirect" method. Download by redirect is a much safer way. It creates a random temporary subfolder and establishes a symlink via that subfolder. Users have no chance to find out where you store the download file exactly. To loop over a decent-sized buffer is only possible when you have the control of your server. It sure can improve the non-redirect downloads, but not the security you're concerning about. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
tbreslow Posted March 2, 2007 Share Posted March 2, 2007 The download link requires the user to login before running the link, and also checks the order id, max download days, max download counts....etc, no matter by redirect or not. If your customer wants to share his account info and the file purchased, there is no way to stop him, but the download expiry and counts can help to limit the risk. It's the way osCommerce was developed, and I don't see any other 'easy' way to improve it. The download link itself requires the user be logged in, etc, but the link that the user is redirected to is just a straight http URL to the symlinked deliverable. Something like http://store.com/pub/.kjhkjhkjhkjh/thefile.pdf. When I download a PDF or mp3 by clicking the download link, the URL it is redirected to is what (properly) is shown in my browser's address bar. Couldn't I just send that to anyone and they can get the file? Download by redirect is a much safer way. It creates a random temporary subfolder and establishes a symlink via that subfolder. Users have no chance to find out where you store the download file exactly. Here is the essence. The link with the random temporary subfolder is visible/obtainable and will work for anyone. How temporary is the subfolder? I don't see anywhere that it is destroyed. The user has no chance to know where on the filesystem the real assets are, but they can know a URL that will link directly to it (via a symlink). To loop over a decent-sized buffer is only possible when you have the control of your server. It sure can improve the non-redirect downloads, but not the security you're concerning about. I have control over the server so looping over a decent-sized buffer is possible. As far as I can see it is a definite improvement over the redirect way because there is never a URL that points to the deliverable. I don't yet understand how the random directory is temporary. Is it? Thanks! Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 2, 2007 Author Share Posted March 2, 2007 The download link itself requires the user be logged in, etc, but the link that the user is redirected to is just a straight http URL to the symlinked deliverable. Something like http://store.com/pub/.kjhkjhkjhkjh/thefile.pdf. When I download a PDF or mp3 by clicking the download link, the URL it is redirected to is what (properly) is shown in my browser's address bar. Couldn't I just send that to anyone and they can get the file?I don't know how you get that direct link to the file in the temporary folder. The download link shown to the customer is pointed to catalog/download.php?order=xxx&id=yyy..., and went clicking on the link, a popup window shown asking what to do with the file (open it or save it to HDD), no direct link shown to the customer. I tried with IE6/IE7/FF2 all the same. The download by redirect code is the stock feature, not modified by my work. It seems to me that your server setting is not working correctly with the header magic. Here is the essence. The link with the random temporary subfolder is visible/obtainable and will work for anyone. How temporary is the subfolder? I don't see anywhere that it is destroyed. The user has no chance to know where on the filesystem the real assets are, but they can know a URL that will link directly to it (via a symlink).The temporary folder is destroyed every time when the download by redirct is called. The code tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); will remove temporary folders created previously. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
AlexStudio Posted March 2, 2007 Author Share Posted March 2, 2007 Sorry, I get your point now. When the download file type is something can be opened in Internet browsers, e.g. mp3, pdf, jpg...etc, the file will be opened and the link will be shown in the url line. I need to dig into this and see what I can do. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
tbreslow Posted March 3, 2007 Share Posted March 3, 2007 Sorry, I get your point now. When the download file type is something can be opened in Internet browsers, e.g. mp3, pdf, jpg...etc, the file will be opened and the link will be shown in the url line. I need to dig into this and see what I can do. I think just reading the file and looping with a buffer, even a small one, might do the trick. What was big a couple of years ago is small today. :) The stock code says read the whole file and send it, which definately could be a huge resource hog and is a bad idea. I am going to run some performance tests with different sized buffers and see what the results look like. (Probably won't be till Sunday or Monday). My files are pretty big, 20M or so, and this will be a good indication. The http server itself has to do this (read a buffer and loop) so I don't think adding php on top of it will be a big hit. It's something anyone can do, nothing special on the php side required. The code suggests it, I wonder why it wasn't implemented. I will report back. Quote Link to comment Share on other sites More sharing options...
tbreslow Posted March 3, 2007 Share Posted March 3, 2007 The temporary folder is destroyed every time when the download by redirct is called. The code tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); Sorry, I missed this part of your post. That answers my "temporary" question. So it seems the actual link sent by the redirect is valid until the next virtual sale is made, at which point the temp dir is cleaned up. I was confused about this. That could be worse, and is probably acceptable, but it's not great. I will proceed with my buffer tests to see how it comes out. I realize these comments are not related to your mods specifically, they are on the stock code, but I thought this was as good a place as any to discuss, as I am using your mod (which I think is great) and clearly you have an interest in the way virtual sales are handled. I like osC is great, can't wait to see the new OOP version, looking to make a nice contribution as some point. Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 3, 2007 Author Share Posted March 3, 2007 Download by redirect works fine if you packed your file as .zip or .rar, the 'save as' dialog always shows up and the actually link is not shown. I have a buffered non-redirect download ready. Here is the code: in catalog/download.php around line 123: readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); Change it to: // BOF Super Download Shop v1.1 mod set_time_limit(0); // Prevent the script from timing out for large files readfile_chunked(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); // EOF Super Download Shop v1.1 mod And then add a new function in the same file at around line 92 or 93: // Buffered readfile, for non-redirect downloads to handle a large file // With this function, downloads will not be limited by the server resource. // However, it still suffers from the maximum script execution time. function readfile_chunked($filename) { $chunksize = 1*(1024*1024); // how many bytes per chunk $buffer = ''; // $handle = fopen($filename, 'rb'); $handle = fopen($filename, 'rb'); if ($handle === false) { return false; } while (!feof($handle)) { $buffer = fread($handle, $chunksize); echo $buffer; flush(); } $status = fclose($handle); return $status; } I will include this in the next update. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
tbreslow Posted March 3, 2007 Share Posted March 3, 2007 I will include this in the next update. great! i consider i have vicariously made a contribution :) Quote Link to comment Share on other sites More sharing options...
core Posted March 3, 2007 Share Posted March 3, 2007 And then add a new function in the same file at around line 92 or 93: // Buffered readfile, for non-redirect downloads to handle a large file.... Thanks for update code. but can you give (some hint code)what is the [i]top[/i] OR [i]bottom[/i] of the code. This is cause my download.php having some many code added last time. Thank you in advance. Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 3, 2007 Author Share Posted March 3, 2007 I will clean up the code a bit and make some additional notes in the install instruction. The v1.1 update package will be out soon. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
viking22 Posted March 3, 2007 Share Posted March 3, 2007 excellent idea, thank you. been looking for something like it. i tried to install but was stopped already when running the group_file_for_download.sql sql script via phpMyAdmin. ALTER TABLE `products_attributes_download` ADD `products_attributes_filegroup_id` INT( 11 ) NULL AFTER `products_attributes_filename` ; #1060 - Duplicate column name 'products_attributes_filegroup_id' would be very grateful for any idea. thank you. Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 3, 2007 Author Share Posted March 3, 2007 i tried to install but was stopped already when running the group_file_for_download.sql sql script via phpMyAdmin. ALTER TABLE `products_attributes_download` ADD `products_attributes_filegroup_id` INT( 11 ) NULL AFTER `products_attributes_filename` ; #1060 - Duplicate column name 'products_attributes_filegroup_id' You probably ran the script twice by accident. Please check your databse table products_attributes_download and see if products_attributes_filegroup_id is already there. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
JasonMask Posted March 4, 2007 Share Posted March 4, 2007 hi alex i just found out that the filenames in the products_attributes_download_groups_to_files only refer to products_attributes_download_groups_files.download_groups_file_id but not to the .download_group_id. so this causes a problem for different descriptions with the same download_groups_file_id. you would just have to add a field in the products_attributes_download_groups_to_files for the group... maybe you could build that in your 1.1 release... cu jason Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 4, 2007 Author Share Posted March 4, 2007 hi alex i just found out that the filenames in the products_attributes_download_groups_to_files only refer to products_attributes_download_groups_files.download_groups_file_id but not to the .download_group_id. so this causes a problem for different descriptions with the same download_groups_file_id. you would just have to add a field in the products_attributes_download_groups_to_files for the group... maybe you could build that in your 1.1 release... cu jason No. You can assign a file to many different groups, there for the products_attributes_download_groups_to_files doesn't refer to download_group_id. File description goes with download_groups_file_id, you can't assign different descriptions to the same file, otherwise it won't work. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
JasonMask Posted March 4, 2007 Share Posted March 4, 2007 File description goes with download_groups_file_id, you can't assign different descriptions to the same file, otherwise it won't work. but thats what i want to do ^^ i´ve got some files that are used in different context so i need different desciptions for it. i´ll try to change that for me. if not i´ll have to set hardlinks within my system or have the file multiple anyhow we´ll call it a feature :) cu jason Quote Link to comment Share on other sites More sharing options...
JasonMask Posted March 4, 2007 Share Posted March 4, 2007 Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 5, 2007 Author Share Posted March 5, 2007 Super Download Shop v1.1 update released. Please report bugs/problems/issues in this support thread. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
syrimo Posted March 5, 2007 Share Posted March 5, 2007 Super Download Shop v1.1 update released. Please report bugs/problems/issues in this support thread. :thumbsup: Hi Alex. Great Contribution - superb!! i have installed SDS 1.1. everthing ok... ;) untill testing stage. hehe... sorry to trouble you.. (newbie) - I got no problem with single item download using SDS 1.1 & PayPal IPN. the download link (with nice button) appears right after the payment process completed. - But when i try to download group file, after completed the payment process (Paypal IPN), theres no download link accept the filename (product name), link expires & download remaining info. >_< - So i make another test, using 'check/money order'. after completed the process, i change the status from pending to 'download now available'. Walla! all the downloads under the group now available! :blink: can u please help me out? Thanks Alex. Quote Link to comment Share on other sites More sharing options...
AlexStudio Posted March 5, 2007 Author Share Posted March 5, 2007 can u please help me out? The osCommerce PayPal IPN module bypasses checkout_process.php, there for the modification needs to be manually coded into this payment module. Below is the modification for osCommerce PayPal IPN module v2.2: Find in catalog/includes/modules/payment/paypal_ipn.php line 249-257: if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) { $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']); tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array); } Replace with: if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) { // BOF Super Download Shop v1.0 mod if (DOWNLOADS_CONTROLLER_FILEGROUP_STATUS != 'Yes' || !strstr($attributes_values['products_attributes_filename'], 'Group_Files-')) { $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']); tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array); } else { $filegroup_array = explode('Group_Files-', $attributes_values['products_attributes_filename']); $filegroup_id = $filegroup_array[1]; $groupfiles_query = tep_db_query("select download_group_filename from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD_GROUPS_FILES . " where download_group_id = '" . (int)$filegroup_id . "'"); while ($groupfile_array = tep_db_fetch_array($groupfiles_query)) { $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $groupfile_array['download_group_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']); tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array); } } // EOF Super Download Shop v1.0 mod } Find in the same file line 169: 'date_purchased' => 'now()', Add before: 'last_modified' => 'now()', Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored. Link to comment Share on other sites More sharing options...
syrimo Posted March 5, 2007 Share Posted March 5, 2007 Wow!... thanks Alex! Superb! :thumbsup: :thumbsup: :thumbsup: Quote Link to comment Share on other sites More sharing options...
rodbro Posted March 6, 2007 Share Posted March 6, 2007 When I try to add a file in "Files In Group " is say "The file unzip doesn't exist.". But i did upload it to download/ catalog... please help.. Regards Kenneth Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.