Downloads - Allow Guests To See But Not Download

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

As you know, I offer a hack to the Downloads module that allows you to protect/restrict certain files to registered users only. Well, what if you want to allow all visitors to see the downloads but only registered users to actually download them? Very simple! Find the function getit() in modules/Downloads/index.php. It looks like this

Code:

function getit($lid) {


    global $prefix, $dbi;


    sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);


    $result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid=$lid", $dbi);


    list($url) = sql_fetch_row($result, $dbi);


    Header("Location: $url");


}

Modify it to this

Code:

function getit($lid) {


    global $prefix, $dbi, $user, $admin;


    if (!is_admin($admin)&&!is_user($user)) {


        $pagetitle = "- "._ACCESSDENIED."";


        include("header.php");


        title("$sitename: "._ACCESSDENIED."");


        OpenTable();


        echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"


        .""._MODULEUSERS.""


        .""._GOBACK."";


        CloseTable();


        include("footer.php");


        die();


    }


    sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);


    $result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid=$lid", $dbi);


    list($url) = sql_fetch_row($result, $dbi);


    Header("Location: $url");


}

Worker Joined: Sep 09, 2003 Posts: 165

AWESOME

Client Joined: Jul 18, 2003 Posts: 977

Let me ask this... does this stop people from putting the link to a download in a forum on another site somewhere and the dl box from popping up when it is clicked on? I guess does this stop hotlinking? I may be chasing this question in several threads but I can't figure out if they are all the same question... thanks for your patience... Smile

Posted: Mon Oct 20, 2003 11:00 am

This allows members only to download, via nuke. If they are using the nuke system to access the downloads then this will stop them unless they are registered. This will not stop anyone from directly accessing the files, aka hotlinking. Try a search on google for 'stop hot linking php'. Several hits come back. Here is a good one [ Only registered users can see links on this board! Get registered or login! ] As I said in an earlier post, I think it can be more easily implemented by cross referencing the referer IP with your IP/domain name.

BTW, you can also use your cPanel. Towards the bottom is an icon labeled Hot Link Protection Wink

I haven't used it (yet) but you might want to play with it!

Posted: Tue Oct 21, 2003 7:35 am

small test. excuse please [ Only registered users can see links on this board! Get registered or login! ]

Posted: Tue Oct 21, 2003 7:40 am

Forbidden
You don't have permission to access /modules.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

--------------------------------------------------------------------------------

Apache/1.3.28 Server at [ Only registered users can see links on this board! Get registered or login! ] Port 80

Looks like it's working?

Posted: Tue Oct 21, 2003 7:43 am

yes. I had to add the extension php to the restricted list but yes it is working. Great! Thanks again, Raven. ravenwebhosting!! w00t!

Posted: Tue Oct 21, 2003 7:47 am

By adding php I can't reach your site at all now.

Posted: Tue Oct 21, 2003 9:03 am

duh...gosh sometimes I am so stupid Embarassed

what can I add then? to protect the dls?

Regular Joined: Nov 09, 2003 Posts: 73

i am using 7.0b1 and the code is a little different.. anyways i tried it and it didnt work...

Code:

 function getit($lid) {


   global $prefix, $dbi;


   $lid = intval($lid);


   $hits = intval($hits);


   sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);


   update_points(17);


   $result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid='$lid'", $dbi);


   list($url) = sql_fetch_row($result, $dbi);


   Header("Location: $url");


 }

but maybe it has do to with the other issues as there is a bug in 7.0b1
[ Only registered users can see links on this board! Get registered or login! ]

Posted: Sun Nov 09, 2003 6:49 pm

Should work exactly the same so if it doesn't then something else is wrong. Just change

Code:

global $prefix, $dbi;

to

Code:

    global $prefix, $dbi, $user, $admin; 


    if (!is_admin($admin)&&!is_user($user)) { 


        $pagetitle = "- "._ACCESSDENIED.""; 


        include("header.php"); 


        title("$sitename: "._ACCESSDENIED.""); 


        OpenTable(); 


        echo "<center><b>"._RESTRICTEDAREA."</b><br><br>" 


        .""._MODULEUSERS."" 


        .""._GOBACK.""; 


        CloseTable(); 


        include("footer.php"); 


        die(); 


    }

Posted: Sun Nov 09, 2003 10:56 pm

Open modules.php in a text editor (a1, a2, & b1) and find the following line:Code:

Code:

if ($view == 1 AND is_user($user) AND is_group($user, $name) OR is_admin($admin)) {

Change it to:Code:

Code:

if ($view == 1 AND (is_user($user) || is_group($user, $name) || is_admin($admin))) {

this is a fix that was causing the problem in 7.0 version as there is a bug with the REGISTERED MEMBERS part..

would this interfere in anyway??

New Member Joined: Dec 20, 2003 Posts: 6

Can you put the steps in here on how to create this file deny thing for visitors?

I read the readme that came with your download, changed the getit function and all.

But I don't understand what to do with the $lid stuff and where to alter codes.

I'm a noob and would appreciate a short tutorial on this Smile

I have made some custom pages and now I want to use this method on a couple of links.

Posted: Sat Dec 20, 2003 11:01 am

The way this works is as follows. When you add a download, it is assigned a counter/id and is referenced in the table as 'lid'. For example, when you mouse over the links in your download modules, you will see the lid=1 in the browser status bar. So, the first download you add has an 'lid' of 1. If you add a line like this to my code
$lidArray[] = 1;
then visitors will be able to view the download but must be registered to actually download it. You add more lines like that as you want to restrict more downloads. Does that clear it up?

Posted: Sat Dec 20, 2003 11:16 am

Ok then I do understand.

I only thought this wasn't limited to the downloads of nuke itself only.

Isn't it possible to use it on selfmade textlinks as well?

So when this link is clicked and the user is not registered, he can't download or go to the page that the link directs to.

Posted: Sat Dec 20, 2003 11:52 am

This code is specific to nuke but the methodology can certainly be extrapolated to other situations. But, it can only work where the user is not directly accessing the link, but only an id (like lid) to the link.

Posted: Wed Dec 24, 2003 11:45 am

Ok, thnx for your answer.

Im looking for this:

I have a link or a submit button.. When registered members click the link, they're taken to another page. When they click the submit button, they'll put info into a database.

Now when visitors click these same links/buttons, I want them to see the "create a new account" message. Is this possible?

Posted: Thu Apr 22, 2004 7:14 am

Raven, I noticed you have the fetching mod. So do I. How does this work with that? The lines of code are different. Thanks.

In the fetching mod the code is simply this

Code:




function getit($lid) {


    global $prefix, $dbi, $module_name;

Posted: Thu Apr 22, 2004 7:20 am

My code sits on top of the getit() function. So, regardless of which one you use you just put my code in the same place in both.

Posted: Thu Apr 22, 2004 7:31 am

Instead of posting direct download links post links for the details view. This might also encourage people to vote once in a while Mr. Green

But don't hold your breathe on that one. Then if you want to flash some ads at them or anything like that theres your chance.

Posted: Thu Apr 22, 2004 7:32 am

Raven, I got a parse error until I took out the last } then it worked allowing me to see the downloads but not download because I wasn't registered. the problem is now though the fetch mod does not kick in once I log-in... it seems I cannot have both with the way I have done it. Can oyu help please? Thank you.

Posted: Thu Apr 22, 2004 7:55 am

Looks like your code to change is split up into the fetch.php

Code:

<?php





include("mainfile.php");





if ($fetchid == "") {


        header("location: index.php");


}





if ($checkpass == $passcode) {


$url = base64_decode($fetchid);


        if (ereg ("http", $url, $location)) {


                /* Increase the counter for total downloads */


               [b] sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 where lid=$lid", $dbi);


                header("location: $url");


                exit;[/b]        }





        if (file_exists($url)) {


                /* Fetch the file if it exists */





                /* Increase the counter for total downloads */


                sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 where lid=$lid", $dbi);


                header("location: $url");


                exit;


        } else {


                cookiedecode($user);


                $username = $cookie[1];


                if ($username == "") {


                        $username = "Guest";


                }


                $date = date("M d, Y g:i:a");





                /* Flag it for being a broken link if it isn't found */


                sql_query("insert into ".$prefix."_downloads_modrequest values (NULL, $lid, 0, 0, '', '', '', 'Download Script<br>$date', 1, '$auth_name', '$email', '$filesize', '$version', '$homepage')", $dbi);





                include("header.php");





                OpenTable();


                echo "<center><font class=\"title\">File Not Found for $title</font></center>";


                CloseTable();


                echo "<br>";





                OpenTable();


                echo "<p>Sorry $username, The file for <b>\"$title\"</b> was not found. It


                could be because the person hosting the download may removed or renamed the


                file.</p>


                <p>This download has now been automatically flagged for review by the


                webmaster.</p>


                <center>[ <a href=\"downloads.html\">Back To Downloads</a> ]</center>";


                CloseTable();


                echo "<br>";





                OpenTable();


                echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1b<br>By:


                <a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";


                CloseTable();





                include("footer.php");


                return;


        }





} else {


        include("header.php");





        OpenTable();


        echo "<center><font class=\"title\">Password Error</font></center><br><br>


        <p>You have entered an invalid Password.</p>


        <input type=\"button\" value=\"&lt;&lt; Try Again\" onclick=\"history.go(-1)\">";


        CloseTable();


        echo "<br>";





        OpenTable();


        echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1b<br>By:


        <a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";


        CloseTable();





        include("footer.php");


        return;


}





?>

Posted: Thu Apr 22, 2004 8:10 am

No. Here is my getit() function. Now I do things that are usually most expedient for me

Code:

function getit($lid) {


 // Add a new line of code for each $lid to block for Registered Users only


     $lidArray[] = xx;


     $lidArray[] = yy;


     $lidArray[] = zz;


     $lid = intval($lid);


     $hits = intval($hits);


     global $prefix, $dbi, $user, $admin, $module_name;


     if (!is_user($user)&&in_array($lid,$lidArray)&&!is_admin($admin)) {


       $pagetitle = "- "._ACCESSDENIED."";


       include("header.php");


       title("$sitename: "._ACCESSDENIED."");


       OpenTable();


       echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"


           .""._MODULEUSERS.""


           .""._GOBACK."";


       CloseTable();


       include("footer.php");


       die();


    }





    function makePass() {


        global $module_name;


        $cons = "bBcCdDfFgGhHjJkKlLmMnNpPqQrRsStTvVwWxXyYzZ";


        $vocs = "AaEeIiOoUu";


        for ($x=0; $x < 6; $x++) {


            mt_srand ((double) microtime() * 1000000);


            $con[$x] = substr($cons, mt_rand(0, strlen($cons)-1), 1);


            $voc[$x] = substr($vocs, mt_rand(0, strlen($vocs)-1), 1);


        }


        $makepass = $con[0] . $voc[0] .$con[2] . $con[1] . $voc[1] . $con[3] . $voc[3] . $con[4];


        return($makepass);


    }





    $makepass = makepass();


    $code = $makepass;


    $result = sql_query("select lid, title, url from ".$prefix."_downloads_downloads where lid='$lid'", $dbi);


    list($lid, $title, $url) = sql_fetch_row($result, $dbi);


        $fetchid = base64_encode($url);


        $transfertitle = str_replace (" ", "_", $title);


        include("header.php");








    if (0/*extension_loaded("gd")*/) {


        $codepass = "<script type=\"text/javascript\">


<!--


function openwindow1(){


    window.open (\"modules/$module_name/sec_code.php?thepass=$makepass\",\"Password\",\"toolbar=no,location=no,directories=no,status=no,scrollbars=no,resizable=no,copyhistory=no,width=300,height=200\");


}


//-->


</SCRIPT>





<img src='downloads.html?d_op=gfx&random_num=$makepass' border='1' alt='Security Code : $makepass' width='77' height='20'>


        [ <a href=\"javascript:openwindow1()\">Help</a> ]";


    } else {


        $codepass = "<font color=\"#000000\"><b><span style=\"background-color:#AAFFFF\"><big>$makepass</big></span></b></font>";


    }











        OpenTable();


        echo "<center><font class=\"title\">Downloading $title</font></center>";


        CloseTable();


        echo "<br>\n";


        OpenTable();


        echo "<p>You have selected to download <b>$title</b></p><p><b>IMPORTANT:</b> Because my site is getting harvested by some other sites I have adopted this new system.</p>


        <p>I am sorry for the inconvenience, but it is a shame that I need to use such a system because


        of some users.</p>";


        CloseTable();


        echo "<br>\n";





        OpenTable();


        echo "<p><b>Directions:</b> To download the file &quot;<b>$title</b>&quot;,


you need to retype the displayed password (there are no numbers, only letters),


and click &quot;Fetch It&quot;. In a few moments you will receive


the download dialog or you will be directed to the appropriate site.<br /><br /><font style=\"color:red;font-weight:bold;\">In an effort to thwart bandwidth theft, I have implemented measures to ensure that the download requests are only processed from my site.  This mechanism is not compatible with all anti-virus software, download accelerators, and proxies.  If you make it through to the download request screen and then get a Forbidden message, the chances are it is a result of one of the three things just mentioned.  In that case, you will have to temporarily disable or tweak the settings for those applications to allow the download.</font></p>





<form action=\"fetch.php\" method=\"POST\">


    <input type=\"hidden\" name=\"lid\" value=\"$lid\">


    <input type=\"hidden\" name=\"checkpass\" value=\"$makepass\">


    <input type=\"hidden\" name=\"fetchid\" value=\"$fetchid\">


    <input type=\"hidden\" name=\"title\" value=\"$title\">


    <div align=\"center\"><center><table border=\"0\">


        <tr>


            <td><b>Password:</b></td>


            <td valign=\"middle\">$codepass</td>


        </tr>


        <tr>


            <td><b>Retype Password:</b></td>


            <td><input type=\"text\" size=\"20\" name=\"passcode\"></td>


        </tr>


    </table>


    </center></div><p align=\"center\">


    <input type=\"button\" value=\"&lt;&lt; Cancel\" onclick=\"history.go(-1)\">


    <input type=\"submit\" name=\"Fetch It\" value=\"Fetch It &gt;&gt;\">


    </p><p align=\"center\">


[ <a href=\"downloads.html?d_op=brokendownload&amp;lid=$lid\">"._REPORTBROKEN."</a>


| <a href=\"downloads.html?d_op=viewdownloaddetails&amp;lid=$lid&amp;ttitle=$transfertitle\">"._DETAILS."</a> ]


</p>


</form>";


        CloseTable();


        echo "<br>\n";





        OpenTable();


        echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1g<br>By:


        <a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";


        CloseTable();


        echo "<br>";


        include("footer.php");


//


// End Fetching Mod


//





}

Posted: Thu Apr 22, 2004 9:08 am

Raven I was showing you the code from the other fetch it mod and that the code you had said to replace was split up between the index.php file and the fetch.php file from it. I did not mean to offend... What would I have to do to use your code? IE what are the instructions to install it? Thanks!

Posted: Thu Apr 22, 2004 9:28 am

Offense? None at all. Just install it Smile

as shown.