vb.org Archive - hiding the path to a file

When someone is on a page where they can download files I like to prevent them from viewing the path the the files so they can't download the files without paying.

Someone is on a product page about to download software they've purchased.
They hit the submit button and the page grabs the download without refreshing.
It works a lot like Jelsoft's download system for vBulletin in the members' area.

How protected is the software the code is trying to protect?

PHP Code:


		
			
if($_REQUEST['do'] == "download")

{

    ////check if user is in usergroup for vHosting Customer

    if(!is_member_of($vbulletin->userinfo, "16"))

    {

        print_no_permission();

    }

    

    $getversions = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "vhosting_versions");

    while($vhosting = $db->fetch_array($getversions))

    {

     

        eval('$options .= "' . fetch_template('vhosting_select') . '";');

    }

    

    $navbits = array(); 

    // change the line below to contain whatever you want to show in the navbar (title of your custom page)

    $navbits[$parent] = 'Download vHosting';

    

    

    $navbits = construct_navbits($navbits);

    eval('$navbar = "' . fetch_template('navbar') . '";');

    

    eval('print_output("' . fetch_template('vhosting_download') . '");');

    

    

}



if($_REQUEST['do'] == "do_download")

{

    //check if user is in usergroup for vHosting Customer

    if(!is_member_of($vbulletin->userinfo, "16"))

    {

        print_no_permission();

    }

    

    $vbulletin->input->clean_array_gpc('p', array(

    'dl_vhosting' => TYPE_STR,

    'agree' => TYPE_INT

    ));

    

    if(($db->escape_string($vbulletin->GPC['agree'])) != "1")

    {

        print_no_permission();

    }

    

   // $file = "./downloads/vHosting".$db->escape_string($vbulletin->GPC['dl_vhosting']).".zip";

    

    $dir = "fuwqenb37rt2hg3fnuwe3qhtr58923htng9qw3eht9832h/";

    $file = $dir."vHosting".$db->escape_string($vbulletin->GPC['dl_vhosting']).".zip";



    if (file_exists($file) ) 

    {

       header('Pragma: anytextexeptno-cache', true);

       header('Content-type: application/force-download');

       header('Content-Transfer-Encoding: Binary');

       header('Content-length: '.filesize($file));

       header('Content-disposition: attachment;

       filename='.basename($file));

       readfile($file);

    } 

    else 

    {

       echo 'No file with this name for download.';

    }

    

    $db->query_write("

                UPDATE " . TABLE_PREFIX . "user

                SET vhosting_agree =  '1'

                    WHERE userid = '".$vbulletin->userinfo['userid']."'  

                   ");

}

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01084 seconds Memory Usage 1,739KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (3)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: