Restricting downloads to registered users or subscribers.

Worker Joined: Jun 07, 2006 Posts: 114

i have never used the php-nuke downloads module before, but think i need to do so with my new website which is running on Raven's RavenNuke76 v2.02.02 Distro.

I have just activated the module and had a play with it to see the functionality.

i want the flexibility to make some downloads restricted and accessible only by registered users or subscribed users, but i do not see this option when you add a new download.

the only way i see this is possible, is to restrict the downloads module to registered users or subscribed users, but by doing this it means that unregistered users (or Guests), cannot see the module at all or what is available if they were to register or subscribe.

I have seen this is possible on websites such as http://montegoscripts.com/downloads.html so i am wondering what i am doing wrong.

please help.

Posted: Wed Jun 28, 2006 11:22 am

Montego is using the NSN GR Downloads Module, which replaces the standard Nuke Downloads module.

I'm at work at the moment, but when I get home I will check as I think you will need this to do what you want to do.

By the time I get home though I suspect someone else will have probably have answered the question. Wink

Posted: Wed Jun 28, 2006 11:50 am

hey thanks jakec.

is this why i cannot find any functionality to change my current settings on the standard module i have with my Raven's RavenNuke76 v2.02.02 Distro? if so, I am surprsied why the Raven's RavenNuke76 v2.02.02 Distro does not come with this 'better' option.

Posted: Wed Jun 28, 2006 12:01 pm

It doesn't come with a 'Kill FB' button either ROTFL

Yes Montego is using a slightly tweaked version of NSN GR Downloads I believe (the twaek hides the download file path to stop direct linking).

Posted: Wed Jun 28, 2006 12:19 pm

aha........i think you have just answered one of my next questions Guardian2003 Rolling Eyes

i refer to your coment, '...(the twaek hides the download file path to stop direct linking)....'

one thing i want to do on my new website is to post daily downloads (audio and video files). in order to keep track of these myself, i wanted to name the files by date. the problem i forsee is that once a subscribed user to such a service has gained access to the files, they could then 'predict' what the name of future files will be.

this would be a problem if a person decides to no longer subscribe, but wants to hijack future published files.

eg.....a file published today (june 28 2006) would be named 6282006.mpg so the whole url would probably be www.mywebsite.com/medialibrary/6282006.mpg

after subscribed for a while, a user could realise the format i use for naming files and so if they stopped subscribing forthwith, later on they may decide to check the url for tomorrows published download, which would be 6292006.mpg and would therefore have the full url ww.mywebsite.com/medialibrary/6292006.mpg

so because they would have discovered my filing system and the way i name/id my files, a user could guess the url and access the file without subscribing.

other than using random names/id's for such files, I wanted to know of a way to stopping the users possibly guessing the files urls, so is this what you mean by your comment?....will montegos module resolve this and prevent such hijacking or hotlinking?....or does the module only HIDE the url and not prevent it being accessed by an unregistered or unsubscribed user if they guess the URL?

Posted: Wed Jun 28, 2006 3:27 pm

From what I understand of the principle, it prevents hotlinking, in other words, the files cannot be accessed but typing what they think is the correct url into a browser.
So even if they thought they knew the url it shouldnt work as the d/l will only work from the 'download now button'.

registered · Posted: Thu Jun 29, 2006 7:08 am

This is what I did:

http://www.ravenphpscripts.com/postp60755.html#60755

However, I have never come back and figured out how to fix the problems in the Admin area that this causes.... but a little minor inconvenience in the admin area for me was much better than allowing this guy (and others) from leaching my downloads directly. I don't mind folks downloading my stuff, but "play nice" is all I ask...