when clicking on a link, it says the file.mp3 not found on this server.

is there a way to find out where exactly i set the path to my protected folder?

i see it on the server, but i don't know if password protect 2.8 is aware . . .

i've been using long enough to have upgraded twice. this is the first time i have tried this feature.

if i have to reset somehow, will i lose other infos?

thanks.

The file is not found on your server because the script doesn't know the correct path to your hidden files. If you are unsure about the path to your files you can alsways ask your web hosting company.

You don't have to do any database changes for this to work, just update settings.php with the correct path so all your database data will remain the same.

haha. the hosting company.

no, i know my folder and can locate it and fill it and delete from is and rename it if i want to. no problem there.

i just get that stupid "can't find my way home" error screen when trying to use the links to files i have in the folder. capice?

maybe it's not formatted correctly in the settings.php folder.

Q. is it supposed to be a full URL to the folder with no forward slash at the end?

cos' i tried that and it didn't work.

Q. what format for that string?

thanks bylla

also, the error page - what the program is trying to open, is:

http://mysite.com/index.php?action=file&p=[encrypt string]

why is it going for my index.php file? i ask, because i don't even use the index.php file. that file on the server is just the default that you sent with the program. my index is html and the rest of the site is protected.

this matter?

I'm sure you know where you uploaded your files, but you have entered an incorrect path to your files. That's why the script can't locate them.

The path should be something like /home/username/public_html/hidden/files/directory and is not an URL.

You must have index.php protected so I suggest that you move all protected files to a separate folder or at least the files where you're going to use the file protection function.

the path, got that. answered with precision. so, check.

ok. i'm sorry if i sound thick, but the location of the password files . . .

i have every php file that is protected in the main folder. this is a bad thing? you're saying that i should have them hidden in another file?

the settings, admin, and other xavier files still stay in the main folder, though?

how insecure have my pages been up to this point because i have been doing it wrong?

thanks bylla

The downloadable files (.mp3 or whatever format you're selling access to) should be in a diffrent folder then your main folder. I would recommend you to move the files outside your public_html directory (or whatever the directory is called on your server where you have your HTML files). If it's not possible to move the files outside public_html I suggest you make up a name for the file directory to be something like hiddenfiles73839992. It's important that you never link to any files directly at the hidden directory so you make it as hard as possible to for all your visitors to guess the location of your files.

It's not a bad idea to have all your script files in the main directory, but I suggest you place them in a separete directory called for example members or something like that. The members directory can be directly in your public_html directory without any problems at all (because you're not storing any of your downloadable files in it). This way you can have index.php protected so that the file protection will work as it's meant to work.
I can say for sure that you have had low security on your .mp3 files, but the members area has not been insecure at all (depenting on the admin password you have setup the script with).

great. i am moving the hidden directory and when i update the look of the site, the password protect pages are being moved to a "members" folder. thanks for the advice.

two other questions for you:

1. with 2.8, we can password protect the hidden folder. now, does anyone from any group have access to the folder linked to, or can you make links available to specific groups only?

2. i forgot teh second one. it'll come to me.

To get that functionallity I suggest you setup one page for each group and restric access to that page for only that group.

/Andreas

cool. a followup:

Q. the link has to be in a password protected page? i couldn't send a link in an e-mail that will prompt for a login then just open the file?

i'm hoping so.

i also remembered the question that i spaced before:

2. when you set the link to the document in the hidden folder to expire in five minutes, when does the five minutes start from? from upload, or from clicky.

thanks andreasnotbylla :)

Yes


No, but maybe I will include it in a future release


The time starts from when the page is loaded (the page with the links to your protected files).

first of all, dad gum, andreas. you better not be holding out on us. i'd love to do some testing for you. how about a beta version for some of us faithful :)

now jump back a few posts to you saying:

[quote=andreas]The path should be something like /home/username/public_html/hidden/files/directory and is not an URL. [/quote]

i tried to do that and it didn't work. i took the hidden directory out of the root folder.

i had it:
/home/username/mysite/Music/hiddenfolder

and changed it to
/home/username/newfile/hiddenfolder

now, when i try to access from it, it tells me that "song.mp3 not found on this server"

i pull the hidden folder back in the root directory (the website directory) and it will work again. why wouldn't it work outside the root like you had suggested?

thanks.

I will have to get back to you. I can tell you for sure that there will be no development work at all before the end of this year (Christmas is comming up soon and I'm currently only doing support).
That may be because of the server settings. I guesss you will have to use a really hard to guess directory name like KmemDJudje7 or something.

If you're on Unix/Linux then you can put a file called .htaccess in your hidden directory with the following content:
If someone try to access the hidden directory directly they will be redirected to the page sorry_you_don't_have_access.html where you can tell them that they have to pay for access.

This should work on most unix/linux servers

/Andreas