REALLY need Help RE: Members Only Download Section
Hi.
I have been scouring the web searching for a solution--
I have a website that has some relatively large downloads (in the 10-30MB range)... All was well until a week or so ago when someone started to abuse the download section, making me meet my daily bandwidth limit (2GB) within hours of it being reset. As soon as the large files were deleted, the site hasn't gone down since.
Which brings me to my dillema:
I want to have these files back on my website, but I need a way to control the way they are downloaded. What I am looking for is a sort of membership system. I want to be able to have people sign up for the downloads section, and have everything be automated. But if the need arises, I need to be able to delete that download account and ban that IP from creating a new account... I have tried a couple of PHP scripts:
PHPAutomembersArea and PUMA. These scripts seem to do exactly everything I need them to do EXCEPT password-protect certain TYPES of files... It seems like between them, I can protect PHP/HTML/Image files, but not the files I need to protect (*.WMV)..
So I was wondering if anyone knew of any solution to my problem, preferably a free PHP script or some sort of system I can have in place.
Any ideas?
Thanks alot.
Suzanne posted this at 04:18 — 31st March 2004.
She has: 5,507 posts
Joined: Feb 2000
paypal allows each person to have a special code key, so does bitpass.
RandomFan posted this at 19:16 — 31st March 2004.
They have: 5 posts
Joined: Mar 2004
Thanks for your reply -- the thing is, I am not charging for content... Everything on my site is free, but I just need a way to regulate the downloads so that they won't get abused.
I forgot to mention that I figured an easy solution would be to set a certain discussion group in my message board to members only, then have the URL's in posts there. However, this and some other password protection things I've seen on the web do little to protect the file itself. So that means that if somebody gave somebody else the URL, they could access the file without any sort of username attached to them (Which I am trying to avoid...)
Thanks alot.
Suzanne posted this at 19:35 — 31st March 2004.
She has: 5,507 posts
Joined: Feb 2000
Any file in a protected directory is protected -- what control panel do you have?
The downside is you'll have to set the username/password for each person.
RandomFan posted this at 20:01 — 31st March 2004.
They have: 5 posts
Joined: Mar 2004
My site is hosted w/ Globat and the control panel they use is called The Globat Command Console. It looks like there is a "Web protect" option that can password protect directories...
I'm not sure this would work, though -- first off, I would have to set up a registration form that would be emailed to me, then manually add the account through the Command Console, then respond to each email telling them that their account is live. This could be quite time-consuming, as I am expecting that initially, I could have hundreds of accounts being activated...
Also, I wouldn't be able to match usernames to downloads, so preventing abuse would be impossible (As I would have no idea who's account to delete, it could literally be ANY ONE of the accounts)...
I read on the PUMA site (one of the scripts that I had tried) that they were working on file support... Surely SOME script has already accomplished what I am trying to do without limitation on file types? I really can't wait for a script to be updated to include what I'm trying to do... The files are an essential part of my site and have already been down for a week or so.
Thank you for all your help!
Suzanne posted this at 20:10 — 31st March 2004.
She has: 5,507 posts
Joined: Feb 2000
I wish I could help you further, however protecting the directory and reading your logs would be the best interim solution, though clearly time consuming. I'm wondering what you offer for download that would be so popular and yet you wouldn't charge for it.
Greg K posted this at 23:05 — 31st March 2004.
He has: 2,145 posts
Joined: Nov 2003
You could still do this, and then set it up so that the file will only be displayed if the user came from a link within your forum. I had soemthing similar on a client's art site. I had teh following in the .htaccess file for the directory housing all the art images:
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainname.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ <a href="http://www.domainname.com/bad_access.gif" class="bb-url">http://www.domainname.com/bad_access.gif</a> [R,L]
This was a FreeBSD server running apache. So you could on the 4th line change it to match something for your messageboard ie:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums.domainname.com/.*$ [NC]'or
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainname.com/forums/.*$ [NC]'(Basically find a patern that would match all URLs from your message board)Then in the 4th line, you modify the list of extentions to protect and specify what file to give out if they are not calling it from the correct location, ie:
RewriteRule \.(gif|jpg|wma|wav|mp3)$ <a href="http://www.domainname.com/bad_access.gif" class="bb-url">http://www.domainname.com/bad_access.gif</a> [R,L]'RandomFan posted this at 02:02 — 1st April 2004.
They have: 5 posts
Joined: Mar 2004
Thanks alot, this just might do the trick -- I have never created an .htaccess file before...
Do I just put that stuff in a *.TXT file, rename is .htacess, and FTP it do the directory holding the stuff I want to protect?
Thanks!
eniety posted this at 15:07 — 1st April 2004.
They have: 4 posts
Joined: Apr 2004
Here are some scripts: http://php.resourceindex.com/Complete_Scripts/File_Management/File_Downloading/
If you went the htaccess route -- yes, you can create a text file with those rules in it and then rename it to .htaccess and upload it to the correct directory. Make sure that you do not have a .txt extension on it though!
http://www.rx8media.com/ - World's Largest Mazda RX-8 Picture Archive
Greg K posted this at 17:04 — 1st April 2004.
He has: 2,145 posts
Joined: Nov 2003
One thing I forgot to mention before:
Don't forget that people who use the default installation for the latest norton antivirus/internet security will NOT be able to access the files due to norton by default blocking the referring page information to "protect your privacy".
If you go this route, you may want a note on the site to let people know if they have norton they may have difficulties, and how to go into the settings to disable this "feature".
-Greg
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.