WordPress.org

Support

Support » Plugins and Hacks » Easy Digital Downloads » [Resolved] [Plugin: Easy Digital Downloads] How to prevent direct downloads?

[Resolved] [Plugin: Easy Digital Downloads] How to prevent direct downloads?

  • Hi!

    For example: Every month I put a podcast file, which is named logically by months:
    podcast_2012-01.mp3
    podcast_2012-02.mp3
    podcast_2012-03.mp3
    and so on
    So, it’s easy to decode, that in July you can get my mp3 without logging, just entering http://mydomain.com/wp-content/uploads/edd/podcast_2012-07.mp3 in a browser address bar!

    I’ve tried some .htaccess tricks, but all of them break EDD PHP downloads.

    Any ideas how to allow EDD and prevent direct links?

    http://wordpress.org/extend/plugins/easy-digital-downloads/

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author Pippin Williamson

    @mordauk

    It’s something we’re working on. Currently all files are accessed via direct URLs, but we’re going to be moving to retrieving the downloads via absolute server paths, which will make them much harder to locate.

    I see.
    Good luck!

    Hi Pippin, I need this as well. For now I’ll code something myself based on this:

    PHP: Hide the Real File URL and Provide Download via a PHP Script

    Maybe you can use the same tecnique.

    Place files outside webroot
    use php script to serve files via readfile() and control access dynamically.

    Plugin Author Pippin Williamson

    @mordauk

    Placing files outside of the webroot and then specifying the absolute file path is already possible in EDD.

    EDD will detect that you have entered a file path and will serve the file appropriately.

    OK, that sounds good.

    EDD doesnt detect if i give an absolute path to a file outside webroot for a download and serve it. instead it just redirects it to the page where download process was started by adding the file to a basket.

    Plugin Author Pippin Williamson

    @mordauk

    It redirects when you try to download?

    Scratch that – it was because of directoryindexes – index.html was being served by apache before index.php, and therefore when your plugin did a request to domain.com/?download…… the request was naturally sent to domain.com/index.html?download…..

    and since there was a html redirection set up in that index.html page, it was redirecting to another page.

    This was a server specific issue. but other users may get affected by the same thing since hosts may leave the default file for directoryindex as index.html

    maybe you should process download clicks not from domain.com/?download…. but instead submit the request to a custom page you create through the plugin – like the download pages etc it creates.

    anyway good evening. im out.

    Plugin Author Pippin Williamson

    @mordauk

    That makes sense and thanks for the feedback.

    This topic marked as resolved, but how? is this possible retrieve the downloads via absolute server paths?
    I placed my files in one of my servers and access theme through DNS Record form my domain. Now how can I use them? for example when I add something like “http://dl.domain.com/file.zip” as file url to my product, after purchase, the links aren’t protected.

    Plugin Author Pippin Williamson

    @mordauk

    Yes you can use absolute file paths, just make sure you place them outside of the web root.

    Using absolute file paths to files outside of the webroot is the only way to have absolute file protection.

    @pippin can you show me an example of how to protect files? you mean storing file outside the public-html?

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘[Resolved] [Plugin: Easy Digital Downloads] How to prevent direct downloads?’ is closed to new replies.
Skip to toolbar