Downloads - Allow Guests To See But Not Download

Raven · Posted: Tue Oct 07, 2003 11:18 am

As you know, I offer a hack to the Downloads module that allows you to protect/restrict certain files to registered users only. Well, what if you want to allow all visitors to see the downloads but only registered users to actually download them? Very simple! Find the function getit() in modules/Downloads/index.php. It looks like this

Code:

function getit($lid) {
global $prefix, $dbi;
sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);
$result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid=$lid", $dbi);
list($url) = sql_fetch_row($result, $dbi);
Header("Location: $url");
}

Modify it to this

Code:

function getit($lid) {
global $prefix, $dbi, $user, $admin;
if (!is_admin($admin)&&!is_user($user)) {
$pagetitle = "- "._ACCESSDENIED."";
include("header.php");
title("$sitename: "._ACCESSDENIED."");
OpenTable();
echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
.""._MODULEUSERS.""
.""._GOBACK."";
CloseTable();
include("footer.php");
die();
}
sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);
$result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid=$lid", $dbi);
list($url) = sql_fetch_row($result, $dbi);
Header("Location: $url");
}

fury · Worker Joined: Sep 09, 2003 Posts: 165

AWESOME

blith · Client Joined: Jul 18, 2003 Posts: 977

Let me ask this... does this stop people from putting the link to a download in a forum on another site somewhere and the dl box from popping up when it is clicked on? I guess does this stop hotlinking? I may be chasing this question in several threads but I can't figure out if they are all the same question... thanks for your patience... Smile

Raven · Posted: Mon Oct 20, 2003 11:00 am

This allows members only to download, via nuke. If they are using the nuke system to access the downloads then this will stop them unless they are registered. This will not stop anyone from directly accessing the files, aka hotlinking. Try a search on google for 'stop hot linking php'. Several hits come back. Here is a good one

Only registered users can see links on this board!
Get registered or login to the forums!

As I said in an earlier post, I think it can be more easily implemented by cross referencing the referer IP with your IP/domain name.

BTW, you can also use your cPanel. Towards the bottom is an icon labeled Hot Link Protection Wink

I haven't used it (yet) but you might want to play with it!

blith · Client Joined: Jul 18, 2003 Posts: 977

small test. excuse please

Only registered users can see links on this board!
Get registered or login to the forums!

Raven · Posted: Tue Oct 21, 2003 7:40 am

Forbidden
You don't have permission to access /modules.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

--------------------------------------------------------------------------------

Apache/1.3.28 Server at

Only registered users can see links on this board!
Get registered or login to the forums!

Port 80

Looks like it's working?

blith · Client Joined: Jul 18, 2003 Posts: 977

yes. I had to add the extension php to the restricted list but yes it is working. Great! Thanks again, Raven. ravenwebhosting!! w00t!

Raven · Posted: Tue Oct 21, 2003 7:47 am

By adding php I can't reach your site at all now.

blith · Client Joined: Jul 18, 2003 Posts: 977

duh...gosh sometimes I am so stupid Embarassed

what can I add then? to protect the dls?

dirtbag · Regular Joined: Nov 09, 2003 Posts: 73

i am using 7.0b1 and the code is a little different.. anyways i tried it and it didnt work...

Code:

function getit($lid) {
global $prefix, $dbi;
$lid = intval($lid);
$hits = intval($hits);
sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 WHERE lid=$lid", $dbi);
update_points(17);
$result = sql_query("SELECT url FROM ".$prefix."_downloads_downloads WHERE lid='$lid'", $dbi);
list($url) = sql_fetch_row($result, $dbi);
Header("Location: $url");
}

but maybe it has do to with the other issues as there is a bug in 7.0b1

Only registered users can see links on this board!
Get registered or login to the forums!

Raven · Posted: Sun Nov 09, 2003 6:49 pm

Should work exactly the same so if it doesn't then something else is wrong. Just change

Code:

global $prefix, $dbi;

to

Code:

global $prefix, $dbi, $user, $admin;
if (!is_admin($admin)&&!is_user($user)) {
$pagetitle = "- "._ACCESSDENIED."";
include("header.php");
title("$sitename: "._ACCESSDENIED."");
OpenTable();
echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
.""._MODULEUSERS.""
.""._GOBACK."";
CloseTable();
include("footer.php");
die();
}

dirtbag · Regular Joined: Nov 09, 2003 Posts: 73

Open modules.php in a text editor (a1, a2, & b1) and find the following line:Code:

Code:

if ($view == 1 AND is_user($user) AND is_group($user, $name) OR is_admin($admin)) {

Change it to:Code:

Code:

if ($view == 1 AND (is_user($user) || is_group($user, $name) || is_admin($admin))) {

this is a fix that was causing the problem in 7.0 version as there is a bug with the REGISTERED MEMBERS part..

would this interfere in anyway??

Tjendol · New Member Joined: Dec 20, 2003 Posts: 6

Can you put the steps in here on how to create this file deny thing for visitors?

I read the readme that came with your download, changed the getit function and all.

But I don't understand what to do with the $lid stuff and where to alter codes.

I'm a noob and would appreciate a short tutorial on this Smile

I have made some custom pages and now I want to use this method on a couple of links.

Raven · Posted: Sat Dec 20, 2003 11:01 am

The way this works is as follows. When you add a download, it is assigned a counter/id and is referenced in the table as 'lid'. For example, when you mouse over the links in your download modules, you will see the lid=1 in the browser status bar. So, the first download you add has an 'lid' of 1. If you add a line like this to my code
$lidArray[] = 1;
then visitors will be able to view the download but must be registered to actually download it. You add more lines like that as you want to restrict more downloads. Does that clear it up?

Tjendol · New Member Joined: Dec 20, 2003 Posts: 6

Ok then I do understand.

I only thought this wasn't limited to the downloads of nuke itself only.

Isn't it possible to use it on selfmade textlinks as well?

So when this link is clicked and the user is not registered, he can't download or go to the page that the link directs to.

Raven · Posted: Sat Dec 20, 2003 11:52 am

This code is specific to nuke but the methodology can certainly be extrapolated to other situations. But, it can only work where the user is not directly accessing the link, but only an id (like lid) to the link.

Tjendol · New Member Joined: Dec 20, 2003 Posts: 6

Ok, thnx for your answer.

Im looking for this:

I have a link or a submit button.. When registered members click the link, they're taken to another page. When they click the submit button, they'll put info into a database.

Now when visitors click these same links/buttons, I want them to see the "create a new account" message. Is this possible?

blith · Client Joined: Jul 18, 2003 Posts: 977

Raven, I noticed you have the fetching mod. So do I. How does this work with that? The lines of code are different. Thanks.

In the fetching mod the code is simply this

Code:

function getit($lid) {
global $prefix, $dbi, $module_name;

Raven · Posted: Thu Apr 22, 2004 7:20 am

My code sits on top of the getit() function. So, regardless of which one you use you just put my code in the same place in both.

sixonetonoffun · Posted: Thu Apr 22, 2004 7:31 am

Instead of posting direct download links post links for the details view. This might also encourage people to vote once in a while Mr. Green

But don't hold your breathe on that one. Then if you want to flash some ads at them or anything like that theres your chance.

blith · Client Joined: Jul 18, 2003 Posts: 977

Raven, I got a parse error until I took out the last } then it worked allowing me to see the downloads but not download because I wasn't registered. the problem is now though the fetch mod does not kick in once I log-in... it seems I cannot have both with the way I have done it. Can oyu help please? Thank you.

blith · Client Joined: Jul 18, 2003 Posts: 977

Looks like your code to change is split up into the fetch.php

Code:

<?php

include("mainfile.php");

if ($fetchid == "") {
header("location: index.php");
}

if ($checkpass == $passcode) {
$url = base64_decode($fetchid);
if (ereg ("http", $url, $location)) {
/* Increase the counter for total downloads */
[b] sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 where lid=$lid", $dbi);
header("location: $url");
exit;[/b] }

if (file_exists($url)) {
/* Fetch the file if it exists */

/* Increase the counter for total downloads */
sql_query("update ".$prefix."_downloads_downloads set hits=hits+1 where lid=$lid", $dbi);
header("location: $url");
exit;
} else {
cookiedecode($user);
$username = $cookie[1];
if ($username == "") {
$username = "Guest";
}
$date = date("M d, Y g:i:a");

/* Flag it for being a broken link if it isn't found */
sql_query("insert into ".$prefix."_downloads_modrequest values (NULL, $lid, 0, 0, '', '', '', 'Download Script<br>$date', 1, '$auth_name', '$email', '$filesize', '$version', '$homepage')", $dbi);

include("header.php");

OpenTable();
echo "<center><font class=\"title\">File Not Found for $title</font></center>";
CloseTable();
echo "<br>";

OpenTable();
echo "<p>Sorry $username, The file for <b>\"$title\"</b> was not found. It
could be because the person hosting the download may removed or renamed the
file.</p>
<p>This download has now been automatically flagged for review by the
webmaster.</p>
<center>[ <a href=\"downloads.html\">Back To Downloads</a> ]</center>";
CloseTable();
echo "<br>";

OpenTable();
echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1b<br>By:
<a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";
CloseTable();

include("footer.php");
return;
}

} else {
include("header.php");

OpenTable();
echo "<center><font class=\"title\">Password Error</font></center><br><br>
<p>You have entered an invalid Password.</p>
<input type=\"button\" value=\"<< Try Again\" onclick=\"history.go(-1)\">";
CloseTable();
echo "<br>";

OpenTable();
echo "<div align=\"right\"><font class=\"tiny\">Fetching Mod V.1b<br>By:
<a href=\"http://www.2thextreme.org\">MGCJerry</a></div>";
CloseTable();

include("footer.php");
return;
}

?>

Raven · Posted: Thu Apr 22, 2004 8:10 am

No. Here is my getit() function. Now I do things that are usually most expedient for me

Code:

blith · Client Joined: Jul 18, 2003 Posts: 977

Raven I was showing you the code from the other fetch it mod and that the code you had said to replace was split up between the index.php file and the fetch.php file from it. I did not mean to offend... What would I have to do to use your code? IE what are the instructions to install it? Thanks!

Raven · Posted: Thu Apr 22, 2004 9:28 am

Offense? None at all. Just install it Smile

as shown.