Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Oct 07, 2003 11:18 am Reply with quote

As you know, I offer a hack to the Downloads module that allows you to protect/restrict certain files to registered users only. Well, what if you want to allow all visitors to see the downloads but only registered users to actually download them? Very simple! Find the function getit() in modules/Downloads/index.php. It looks like this
Code:
function getit($lid) {

    global $prefix, $dbi;
    sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);
    $result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid=$lid", $dbi);
    list($url) = sql_fetch_row($result, $dbi);
    Header("Location: $url");
}
Modify it to this
Code:
function getit($lid) {

    global $prefix, $dbi, $user, $admin;
    if (!is_admin($admin)&&!is_user($user)) {
        $pagetitle = "- "._ACCESSDENIED."";
        include("header.php");
        title("$sitename: "._ACCESSDENIED."");
        OpenTable();
        echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
        .""._MODULEUSERS.""
        .""._GOBACK."";
        CloseTable();
        include("footer.php");
        die();
    }
    sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);
    $result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid=$lid", $dbi);
    list($url) = sql_fetch_row($result, $dbi);
    Header("Location: $url");
}
 
View user's profile Send private message
fury
Worker
Worker


Joined: Sep 09, 2003
Posts: 165

PostPosted: Tue Oct 07, 2003 12:05 pm Reply with quote

AWESOME
 
View user's profile Send private message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Mon Oct 20, 2003 10:45 am Reply with quote

Let me ask this... does this stop people from putting the link to a download in a forum on another site somewhere and the dl box from popping up when it is clicked on? I guess does this stop hotlinking? I may be chasing this question in several threads but I can't figure out if they are all the same question... thanks for your patience... Smile
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Mon Oct 20, 2003 11:00 am Reply with quote

This allows members only to download, via nuke. If they are using the nuke system to access the downloads then this will stop them unless they are registered. This will not stop anyone from directly accessing the files, aka hotlinking. Try a search on google for 'stop hot linking php'. Several hits come back. Here is a good one Only registered users can see links on this board! Get registered or login! As I said in an earlier post, I think it can be more easily implemented by cross referencing the referer IP with your IP/domain name.

BTW, you can also use your cPanel. Towards the bottom is an icon labeled Hot Link Protection Wink I haven't used it (yet) but you might want to play with it!
 
blith
PostPosted: Tue Oct 21, 2003 7:35 am Reply with quote

small test. excuse please Only registered users can see links on this board! Get registered or login!


Last edited by blith on Tue Oct 21, 2003 11:42 am; edited 1 time in total 
Raven
PostPosted: Tue Oct 21, 2003 7:40 am Reply with quote

Forbidden
You don't have permission to access /modules.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


--------------------------------------------------------------------------------

Apache/1.3.28 Server at Only registered users can see links on this board! Get registered or login! Port 80

Looks like it's working?
 
blith
PostPosted: Tue Oct 21, 2003 7:43 am Reply with quote

yes. I had to add the extension php to the restricted list but yes it is working. Great! Thanks again, Raven. ravenwebhosting!! w00t!
 
Raven
PostPosted: Tue Oct 21, 2003 7:47 am Reply with quote

By adding php I can't reach your site at all now.
 
blith
PostPosted: Tue Oct 21, 2003 9:03 am Reply with quote

duh...gosh sometimes I am so stupid Embarassed
what can I add then? to protect the dls?
 
dirtbag
Regular
Regular


Joined: Nov 09, 2003
Posts: 73

PostPosted: Sun Nov 09, 2003 6:45 pm Reply with quote

i am using 7.0b1 and the code is a little different.. anyways i tried it and it didnt work...

Code:
 function getit($lid) {

   global $prefix, $dbi;
   $lid = intval($lid);
   $hits = intval($hits);
   sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);
   update_points(17);
   $result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid='$lid'", $dbi);
   list($url) = sql_fetch_row($result, $dbi);
   Header("Location: $url");
 }


but maybe it has do to with the other issues as there is a bug in 7.0b1
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Raven
PostPosted: Sun Nov 09, 2003 6:49 pm Reply with quote

Should work exactly the same so if it doesn't then something else is wrong. Just change
Code:
global $prefix, $dbi;
to
Code:
    global $prefix, $dbi, $user, $admin; 

    if (!is_admin($admin)&&!is_user($user)) {
        $pagetitle = "- "._ACCESSDENIED."";
        include("header.php");
        title("$sitename: "._ACCESSDENIED."");
        OpenTable();
        echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
        .""._MODULEUSERS.""
        .""._GOBACK."";
        CloseTable();
        include("footer.php");
        die();
    }
 
dirtbag
PostPosted: Sun Nov 09, 2003 10:56 pm Reply with quote

Open modules.php in a text editor (a1, a2, & b1) and find the following line:Code:

Code:
if ($view == 1 AND is_user($user) AND is_group($user, $name) OR is_admin($admin)) { 



Change it to:Code:

Code:
if ($view == 1 AND (is_user($user) || is_group($user, $name) || is_admin($admin))) { 


this is a fix that was causing the problem in 7.0 version as there is a bug with the REGISTERED MEMBERS part..

would this interfere in anyway??
 
Tjendol
New Member
New Member


Joined: Dec 20, 2003
Posts: 6

PostPosted: Sat Dec 20, 2003 10:21 am Reply with quote

Can you put the steps in here on how to create this file deny thing for visitors?

I read the readme that came with your download, changed the getit function and all.

But I don't understand what to do with the $lid stuff and where to alter codes.

I'm a noob and would appreciate a short tutorial on this Smile

I have made some custom pages and now I want to use this method on a couple of links.
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Sat Dec 20, 2003 11:01 am Reply with quote

The way this works is as follows. When you add a download, it is assigned a counter/id and is referenced in the table as 'lid'. For example, when you mouse over the links in your download modules, you will see the lid=1 in the browser status bar. So, the first download you add has an 'lid' of 1. If you add a line like this to my code
$lidArray[] = 1;
then visitors will be able to view the download but must be registered to actually download it. You add more lines like that as you want to restrict more downloads. Does that clear it up?
 
Tjendol
PostPosted: Sat Dec 20, 2003 11:16 am Reply with quote

Ok then I do understand.

I only thought this wasn't limited to the downloads of nuke itself only.

Isn't it possible to use it on selfmade textlinks as well?

So when this link is clicked and the user is not registered, he can't download or go to the page that the link directs to.
 
Raven
PostPosted: Sat Dec 20, 2003 11:52 am Reply with quote

This code is specific to nuke but the methodology can certainly be extrapolated to other situations. But, it can only work where the user is not directly accessing the link, but only an id (like lid) to the link.


Last edited by Raven on Wed Dec 24, 2003 1:39 pm; edited 1 time in total 
Tjendol
PostPosted: Wed Dec 24, 2003 11:45 am Reply with quote

Ok, thnx for your answer.

Im looking for this:

I have a link or a submit button.. When registered members click the link, they're taken to another page. When they click the submit button, they'll put info into a database.

Now when visitors click these same links/buttons, I want them to see the "create a new account" message. Is this possible?
 
blith
PostPosted: Thu Apr 22, 2004 7:14 am Reply with quote

Raven, I noticed you have the fetching mod. So do I. How does this work with that? The lines of code are different. Thanks.

In the fetching mod the code is simply this
Code:


function getit($lid) {
    global $prefix, $dbi, $module_name;
 
Raven
PostPosted: Thu Apr 22, 2004 7:20 am Reply with quote

My code sits on top of the getit() function. So, regardless of which one you use you just put my code in the same place in both.
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Apr 22, 2004 7:31 am Reply with quote

Instead of posting direct download links post links for the details view. This might also encourage people to vote once in a while Mr. Green But don't hold your breathe on that one. Then if you want to flash some ads at them or anything like that theres your chance.
 
View user's profile Send private message
blith
PostPosted: Thu Apr 22, 2004 7:32 am Reply with quote

Raven, I got a parse error until I took out the last } then it worked allowing me to see the downloads but not download because I wasn't registered. the problem is now though the fetch mod does not kick in once I log-in... it seems I cannot have both with the way I have done it. Can oyu help please? Thank you.
 
blith
PostPosted: Thu Apr 22, 2004 7:55 am Reply with quote

Looks like your code to change is split up into the fetch.php

Code:
<?php


include("mainfile.php");

if ($fetchid == "") {
        header("location: index.php");
}

if ($checkpass == $passcode) {
$url = base64_decode($fetchid);
        if (ereg ("http", $url, $location)) {
                /* Increase the counter for total downloads */
               [b] sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 where lid=$lid", $dbi);
                header("location: $url");
                exit;[/b]        }

        if (file_exists($url)) {
                /* Fetch the file if it exists */

                /* Increase the counter for total downloads */
                sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 where lid=$lid", $dbi);
                header("location: $url");
                exit;
        } else {
                cookiedecode($user);
                $username = $cookie[1];
                if ($username == "") {
                        $username = "Guest";
                }
                $date = date("M d, Y g:i:a");

                /* Flag it for being a broken link if it isn't found */
                sql_query("insert into ".$prefix."_downloads_modrequest values (NULL, $lid, 0, 0, '', '', '', 'Download Script<br>$date', 1, '$auth_name', '$email', '$filesize', '$version', '$homepage')", $dbi);

                include("header.php");

                OpenTable();
                echo "<center><font class=\"title\">File Not Found for $title</font></center>";
                CloseTable();
                echo "<br>";

                OpenTable();
                echo "<p>Sorry $username, The file for <b>\"$title\"</b> was not found. It
                could be because the person hosting the download may removed or renamed the
                file.</p>
                <p>This download has now been automatically flagged for review by the
                webmaster.</p>
                <center>[ <a href=\"downloads.html\">Back To Downloads</a> ]</center>";
                CloseTable();
                echo "<br>";

                OpenTable();
                echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1b<br>By:
                <a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";
                CloseTable();

                include("footer.php");
                return;
        }

} else {
        include("header.php");

        OpenTable();
        echo "<center><font class=\"title\">Password Error</font></center><br><br>
        <p>You have entered an invalid Password.</p>
        <input type=\"button\" value=\"&lt;&lt; Try Again\" onclick=\"history.go(-1)\">";
        CloseTable();
        echo "<br>";

        OpenTable();
        echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1b<br>By:
        <a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";
        CloseTable();

        include("footer.php");
        return;
}

?>
 
Raven
PostPosted: Thu Apr 22, 2004 8:10 am Reply with quote

No. Here is my getit() function. Now I do things that are usually most expedient for me
Code:
function getit($lid) {

 // Add a new line of code for each $lid to block for Registered Users only
     $lidArray[] = xx;
     $lidArray[] = yy;
     $lidArray[] = zz;
     $lid = intval($lid);
     $hits = intval($hits);
     global $prefix, $dbi, $user, $admin, $module_name;
     if (!is_user($user)&&in_array($lid,$lidArray)&&!is_admin($admin)) {
       $pagetitle = "- "._ACCESSDENIED."";
       include("header.php");
       title("$sitename: "._ACCESSDENIED."");
       OpenTable();
       echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
           .""._MODULEUSERS.""
           .""._GOBACK."";
       CloseTable();
       include("footer.php");
       die();
    }

    function makePass() {
        global $module_name;
        $cons = "bBcCdDfFgGhHjJkKlLmMnNpPqQrRsStTvVwWxXyYzZ";
        $vocs = "AaEeIiOoUu";
        for ($x=0; $x < 6; $x++) {
            mt_srand ((double) microtime() * 1000000);
            $con[$x] = substr($cons, mt_rand(0, strlen($cons)-1), 1);
            $voc[$x] = substr($vocs, mt_rand(0, strlen($vocs)-1), 1);
        }
        $makepass = $con[0] . $voc[0] .$con[2] . $con[1] . $voc[1] . $con[3] . $voc[3] . $con[4];
        return($makepass);
    }

    $makepass = makepass();
    $code = $makepass;
    $result = sql_query("select lid, title, url from ".$prefix."_downloads_downloads where lid='$lid'", $dbi);
    list($lid, $title, $url) = sql_fetch_row($result, $dbi);
        $fetchid = base64_encode($url);
        $transfertitle = str_replace (" ", "_", $title);
        include("header.php");


    if (0/*extension_loaded("gd")*/) {
        $codepass = "<script type=\"text/javascript\">
<!--
function openwindow1(){
    window.open (\"modules/$module_name/sec_code.php?thepass=$makepass\",\"Password\",\"toolbar=no,location=no,directories=no,status=no,scrollbars=no,resizable=no,copyhistory=no,width=300,height=200\");
}
//-->
</SCRIPT>

<img src='downloads.html?d_op=gfx&random_num=$makepass' border='1' alt='Security Code : $makepass' width='77' height='20'>
        [ <a href=\"javascript:openwindow1()\">Help</a> ]";
    } else {
        $codepass = "<font color=\"#000000\"><b><span style=\"background-color:#AAFFFF\"><big>$makepass</big></span></b></font>";
    }



        OpenTable();
        echo "<center><font class=\"title\">Downloading $title</font></center>";
        CloseTable();
        echo "<br>\n";
        OpenTable();
        echo "<p>You have selected to download <b>$title</b></p><p><b>IMPORTANT:</b> Because my site is getting harvested by some other sites I have adopted this new system.</p>
        <p>I am sorry for the inconvenience, but it is a shame that I need to use such a system because
        of some users.</p>";
        CloseTable();
        echo "<br>\n";

        OpenTable();
        echo "<p><b>Directions:</b> To download the file &quot;<b>$title</b>&quot;,
you need to retype the displayed password (there are no numbers, only letters),
and click &quot;Fetch It&quot;. In a few moments you will receive
the download dialog or you will be directed to the appropriate site.<br /><br /><font style=\"color:red;font-weight:bold;\">In an effort to thwart bandwidth theft, I have implemented measures to ensure that the download requests are only processed from my site.  This mechanism is not compatible with all anti-virus software, download accelerators, and proxies.  If you make it through to the download request screen and then get a Forbidden message, the chances are it is a result of one of the three things just mentioned.  In that case, you will have to temporarily disable or tweak the settings for those applications to allow the download.</font></p>

<form action=\"fetch.php\" method=\"POST\">
    <input type=\"hidden\" name=\"lid\" value=\"$lid\">
    <input type=\"hidden\" name=\"checkpass\" value=\"$makepass\">
    <input type=\"hidden\" name=\"fetchid\" value=\"$fetchid\">
    <input type=\"hidden\" name=\"title\" value=\"$title\">
    <div align=\"center\"><center><table border=\"0\">
        <tr>
            <td><b>Password:</b></td>
            <td valign=\"middle\">$codepass</td>
        </tr>
        <tr>
            <td><b>Retype Password:</b></td>
            <td><input type=\"text\" size=\"20\" name=\"passcode\"></td>
        </tr>
    </table>
    </center></div><p align=\"center\">
    <input type=\"button\" value=\"&lt;&lt; Cancel\" onclick=\"history.go(-1)\">
    <input type=\"submit\" name=\"Fetch It\" value=\"Fetch It &gt;&gt;\">
    </p><p align=\"center\">
[ <a href=\"downloads.html?d_op=brokendownload&amp;lid=$lid\">"._REPORTBROKEN."</a>
| <a href=\"downloads.html?d_op=viewdownloaddetails&amp;lid=$lid&amp;ttitle=$transfertitle\">"._DETAILS."</a> ]
</p>
</form>";
        CloseTable();
        echo "<br>\n";

        OpenTable();
        echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1g<br>By:
        <a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";
        CloseTable();
        echo "<br>";
        include("footer.php");
//
// End Fetching Mod
//

}
 
blith
PostPosted: Thu Apr 22, 2004 9:08 am Reply with quote

Raven I was showing you the code from the other fetch it mod and that the code you had said to replace was split up between the index.php file and the fetch.php file from it. I did not mean to offend... What would I have to do to use your code? IE what are the instructions to install it? Thanks!
 
Raven
PostPosted: Thu Apr 22, 2004 9:28 am Reply with quote

Offense? None at all. Just install it Smile as shown.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©