harmor19
10-19-2006, 10:57 AM
When someone is on a page where they can download files I like to prevent them from viewing the path the the files so they can't download the files without paying.
Someone is on a product page about to download software they've purchased.
They hit the submit button and the page grabs the download without refreshing.
It works a lot like Jelsoft's download system for vBulletin in the members' area.
How protected is the software the code is trying to protect?
if($_REQUEST['do'] == "download")
{
////check if user is in usergroup for vHosting Customer
if(!is_member_of($vbulletin->userinfo, "16"))
{
print_no_permission();
}
$getversions = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "vhosting_versions");
while($vhosting = $db->fetch_array($getversions))
{
eval('$options .= "' . fetch_template('vhosting_select') . '";');
}
$navbits = array();
// change the line below to contain whatever you want to show in the navbar (title of your custom page)
$navbits[$parent] = 'Download vHosting';
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('vhosting_download') . '");');
}
if($_REQUEST['do'] == "do_download")
{
//check if user is in usergroup for vHosting Customer
if(!is_member_of($vbulletin->userinfo, "16"))
{
print_no_permission();
}
$vbulletin->input->clean_array_gpc('p', array(
'dl_vhosting' => TYPE_STR,
'agree' => TYPE_INT
));
if(($db->escape_string($vbulletin->GPC['agree'])) != "1")
{
print_no_permission();
}
// $file = "./downloads/vHosting".$db->escape_string($vbulletin->GPC['dl_vhosting']).".zip";
$dir = "fuwqenb37rt2hg3fnuwe3qhtr58923htng9qw3eht9832h/";
$file = $dir."vHosting".$db->escape_string($vbulletin->GPC['dl_vhosting']).".zip";
if (file_exists($file) )
{
header('Pragma: anytextexeptno-cache', true);
header('Content-type: application/force-download');
header('Content-Transfer-Encoding: Binary');
header('Content-length: '.filesize($file));
header('Content-disposition: attachment;
filename='.basename($file));
readfile($file);
}
else
{
echo 'No file with this name for download.';
}
$db->query_write("
UPDATE " . TABLE_PREFIX . "user
SET vhosting_agree = '1'
WHERE userid = '".$vbulletin->userinfo['userid']."'
");
}
Someone is on a product page about to download software they've purchased.
They hit the submit button and the page grabs the download without refreshing.
It works a lot like Jelsoft's download system for vBulletin in the members' area.
How protected is the software the code is trying to protect?
if($_REQUEST['do'] == "download")
{
////check if user is in usergroup for vHosting Customer
if(!is_member_of($vbulletin->userinfo, "16"))
{
print_no_permission();
}
$getversions = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "vhosting_versions");
while($vhosting = $db->fetch_array($getversions))
{
eval('$options .= "' . fetch_template('vhosting_select') . '";');
}
$navbits = array();
// change the line below to contain whatever you want to show in the navbar (title of your custom page)
$navbits[$parent] = 'Download vHosting';
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('vhosting_download') . '");');
}
if($_REQUEST['do'] == "do_download")
{
//check if user is in usergroup for vHosting Customer
if(!is_member_of($vbulletin->userinfo, "16"))
{
print_no_permission();
}
$vbulletin->input->clean_array_gpc('p', array(
'dl_vhosting' => TYPE_STR,
'agree' => TYPE_INT
));
if(($db->escape_string($vbulletin->GPC['agree'])) != "1")
{
print_no_permission();
}
// $file = "./downloads/vHosting".$db->escape_string($vbulletin->GPC['dl_vhosting']).".zip";
$dir = "fuwqenb37rt2hg3fnuwe3qhtr58923htng9qw3eht9832h/";
$file = $dir."vHosting".$db->escape_string($vbulletin->GPC['dl_vhosting']).".zip";
if (file_exists($file) )
{
header('Pragma: anytextexeptno-cache', true);
header('Content-type: application/force-download');
header('Content-Transfer-Encoding: Binary');
header('Content-length: '.filesize($file));
header('Content-disposition: attachment;
filename='.basename($file));
readfile($file);
}
else
{
echo 'No file with this name for download.';
}
$db->query_write("
UPDATE " . TABLE_PREFIX . "user
SET vhosting_agree = '1'
WHERE userid = '".$vbulletin->userinfo['userid']."'
");
}