[Resolved] Digital Download of Content Directory

[CoderJim]

Hi, back again with another site, this one is basic and using the normal foundation skin. This site publishes a monthly magazine, each month is in its own directory by date (1015 for instance), a few months/dirs are freely available and then they roll into an archive where they are then sold as a PPV. Sorry the long description... Here's my problem, I think, when trying to assign a dir as a Digital Download (DD) in the admin, it does not seem to work as a dir but rather wants the content files and then only one. Is there a way to offer a month/dir as a DD? I do see a custom (I assume full relative) path option, will that work with a dir?

Thanks

[bsmither]

CubeCart is not coded to assign anything but a full path to the product - whether from the File Picker window or from the Custom Filepath text entry field.

If the Custom Filepath entry looks like a complete web address (starting with http), CubeCart will tell the browser to make a page request specifically for that file. For example,

Custom Path: http://www.my_store.com/free_files/2015_mar/issue17.pdf

When CubeCart sends the email with the digital download link for the file associated with a purchased product, and the customer makes a page request using that link, the above will be 302'd to the browser and the browser will then make another page request directly for that file.

An interesting experiment will be -- if this is entered:

Custom Path: http://www.my_store.com/free_files/2015_mar/

Will CubeCart's admin accept it? If so, when a customer clicks the link to the digital download in the email, will CubeCart 302 this location to the browser? If so, is your web server set up to permit the viewing of directory contents? (Can be declared in the .htaccess file.) If so, I think the browser will show the directory contents and thus display links to access any file in that directory.

[CoderJim]

I will try to find out when I get this fixed, I put in a custom path to the dir for a product/digital. Added the product to the basket, tried to view the basket, get nothing, nada, same with checkout? Any thoughts? At 'basket' its trying to go to this... (history=store)

https://mysite.com/history/index.php?_a=basket

PayPal mod is active

Thanks

[bsmither]

/history/ is in the path???

And, so, you get a completely blank screen. I would think that would be the case if /history/ is in the path - and you don't have a /history/ folder.

[bsmither]

I just now did exactly as I described above (I had to comment out the IndexIgnore directive in .htaccess). I bought a digital item where that item has a URL that resolves to a directory for the Custom Path, got the email with the link, Clicked on the link, got the 302 redirect, and I am now looking at the Index of the /docs/ folder. Luckily, it's parent has an index.php, or I would see the contents of that folder.

So, I guess my lesson is to learn how to make only certain directories viewable when asked for the index of that directory.

[CoderJim]

Okay, a couple of comments and of course, as always, I appreciate all your help. In the first instance, 'history' is/was a dir but the client didn't care for that name so it is now 'store', a dir with a shiny new CC in it and its up and running, however even the included test product (foundation skin) when added to the basket does not show on click, blank screen. (I might add that this installation is a upgrade from a 3.0.17 install, if that matters, though the other was as well and its working beautifully.)

To your second comment, of course that is my intention to do as you did and thanks for that, I would ask though, do you think/know the same would happen with a file named index.html? I'd rather not have to convert 1000+ files to .php If we can solve the first problem, we can work on the second and probably more as well.

Thanks

[bsmither]

For a completely blank screen received by the browser, that suggests a fault with a template. In admin, Error Log, System Error Log tab, you may see an indication of the problem. Or, if not, then very probably in PHP's error_log file (not the web server error log).

If, in the .htaccess file, or the web server's httpd.conf file, there is:

DirectoryIndex index.php index.htm index.html default.cgi

then, the web server will serve the first file found in the list: index.php if present, index.htm if present, index.html if present, default.cgi if present, then, if allowed to show the folder contents, the folder contents, if not, probably the web server sends a 404 message.

[CoderJim]

On the blank screen for the basket and checkout.

I looked and no mention in any log for the missing basket. I tried a new skin, Minimaliser and it errored due to this when I tried to load the basket...

 File does not exist: /.../store/skins/minimaliser/css/cubecart.purple.css

Which is interesting because in fact the file does not exist anywhere, yet it is a common skin and so far as I know built correctly via the admin/plugins yet the system looks for it. So far this is all 'out of the box', I have not even started to customize. Any thoughts?

[bsmither]

Is this a typo?
/.../store/

Usually, a path does not start with a slash, and a path with three periods is a big mistake.

I've looked at Minimalizer and I'm of the opinion the skin has an incorrect schema of folder content and filename syntax.

[CoderJim]

Sorry for the confusion, I was trying to maintain client privacy, the path was legal and could be written as...

/home/foo/public_html/store/skins/minimaliser/css/cubecart.purple.css

I agree with you that there is a problem with that skin, but it also occurs in the standard Foundation Skin though I can't confirm the error code/reason, nothing in any logs anyway.

This was a latest 6.0.8 build on top of a older version as noted in my earlier post 11 hours ago. It seems a CC error, how can I be the only one? Any thoughts would be appreciated.

Thanks

[bsmither]

Ah! The mysterious and often misunderstood ellipsis!

Search these forums for ini-custom.inc.php that has code to enable the PHP error logging to a local file. A blank screen is 99% caused by something that PHP will report on.

The other 1% is a programming logic error that simply ends the script not caused by an error.

[CoderJim]

Still working on the no display basket problem. Okay, did the ini-custom.inc.php, thanks, and it produced an error log in the main store dir...

 PHP Fatal error:  Call to undefined function fetchDbConfig() in /home/foo/public_html/store/modules/shipping/Free_Shipping/calc.php on line 30

calc.php at line 30...

// free shipping
$module = fetchDbConfig("Free_Shipping");

Ideas? Thanks

**Foundation skin

[bsmither]

fetchDbConfig() is a function call used in CubeCart 3/4.

Please examine the folders within /modules/shipping/ to make sure all of them are for CubeCart 5/6.

 

Actually, make sure all folders within /gateway/, /plugins/, /social/, etc, are for CC5/6.

[CoderJim]

I suspect that there are remnants of the previous older CC version lurking about so I just did a fresh install 6.0.8, shiny new DB and all and low and behold, it works, got issues as expected, but at least I can start to work.

Thanks for all your help, I'll be back with more questions I'm sure.

Have a great weekend!

[CoderJim]

Okay, the basket/checkout works, nuff said about that for now.

Back to the digital downloads and I was able to get it to work, sort of, I did comment out this in the main .htaccess file in the new CC dir (archives)

#### Apache directory listing rules ####
# DirectoryIndex index.php index.htm index.html
# IndexIgnore *

0101 is the target... linked from order email

http://www.foo.com/archives/index.php?_a=download&accesskey=6ec88ec20d5be95f120a885d26e5f3e3

and I get a 403 error so not sure why I don't have permission. I did try with only IndexIgnore * commented out, same result. The 'files' and the '0101' dirs are both 755

Foundation skin

Thanks

[bsmither]

In CubeCart's folder /files/ you will find an .htaccess file with directives that generally denies from all except two specific file names.

Please look in the /0101/ folder for a similarly coded .htaccess file.

Do not comment out the DirectoryIndex directive in the main folder's .htaccess file.

[CoderJim]

In the /0101/ folder created by CC there was no .htaccess created, though I put in a index.html so there would be something to see.

DirectoryIndex un-commented.

This is the path written into the CC admin for this file

https://foo.com/archives/files/0101/

I put another test order through, 403 & 404, so I restarted the CC admin/store, cleared the cache, re-tried, same result. Using the error log created yesterday returned this today.

PHP Warning:  Invalid argument supplied for foreach() in /home/foo/public_html/archives/classes/ajax.class.php on line 137

Not sure if that has anything to do with this current problem.

The 404/403 returned

File does not exist: /home/foo/public_html/403.shtml, referer: https://foo.com/archives/index.php?_a=downloads

and
client denied by server configuration: /home/foo/public_html/archives/files/0101/, referer: https://foo.com/archives/index.php?_a=downloads

I am at a loss, could use your help, thanks.

Foundation Skin

[bsmither]

I think the ajax message is not related.

The "Client Denied by Server Configuration" is the key clue. Somewhere there is a "deny from all" in a .htaccess file or httpd.conf (the main web server configuration file) in the /archives/ folder, the /files/ folder, and/or the /0101/ folder.

Put an index.html in each of these folders. Then try to access each in turn:

foo.com/archives/index.html
foo.com/archives/files/index.html
for.com/archives/files/0101/index.html

One of those might trigger the 403.

[CoderJim]

Good test, okay, here is how it went..

foo.com/archives/index.html <-pass

foo.com/archives/files/index.html <- 403, 404 Client Denied by Server Config, it contains what I assume is the standard CC .htaccess,    (The files dir. is 755)

here is the .htaccess at foo.com/archives/files/

# Digital downloads default to here. We need to prevent
# direct download.

# Admin order prints are also stored here
# need public (administrator) access.

# The hash files are used by the CubeCart Marketplace
# to verify the store. They contain zero

deny from all
<Files print.*.php>
  allow from all
</Files>
<Files hash.*.php>
  allow from all
</Files>

Obviously we don't want folks to download for free so it seems to me that if we can get /files/ to work then perhaps an .htaccess within the /0101/ might take care of that.

Thoughts?

Thanks

[bsmither]

I assume, then, that /archives/files/ will contain certain files that are not going to be open for public download. In that case, any product that has these certain files associated with it will need to be assigned via the File Picker.

Let's review what types of files are being stored in /archives/, /files/, and finally /0101/. Freely available? Locked down to purchased orders only, or what?

[CoderJim]

That is correct, /archives/files/ is basically the repository of past issues, each issue is a self contained unit/folder comprised of both html and photos (avg. 20-30 items per dir). Each of these past issues, around 150 dirs in all, are for purchase only.

This was done via admin/downloads.

Using the filemanager (file picker?) I 'uploaded' an index.htm to the /archives/files/0101/ folder

Using the filemanager (file picker?) I 'uploaded' an index.htm to /archives/files/ then using the edit 'Details' feature, assigned it to 0101 which put it into the 0101 folder

A 'purchase' was made for both ways and both 403, same Server Config... error as has been happening

Doing it via product/0101/digital, clicking the checkbox for index.htm and specifying the absolute path

https://foo.com/archives/files/0101/index.htm

403, same error, of course appropriate saves were made for both ways.

Thoughts?

[bsmither]

I think this is the wrong approach. CubeCart wants to deliver the digital file associated with the product - not simply tell the browser where it's at (the approach we have been experimenting with).

Maybe in the .htaccess file, a directive can be constructed that permits access only if the referrer is your site. I don't know enough about .htaccess directives to figure that one out.

[CoderJim]

So what you're saying is that CC sends this file to the buyer via email? Perhaps you could clarify 'Deliver' for me please and it might also be helpful to explain briefly what the normal process for digital products involves?

If the .htaccess includes the directive 'Require local' or 'Require host foo.com' then conceivably it would serve the top file document, though I too don't know enough about Apache directives to actually do this. I think that while it might work for the first file, subsequent requests would be denied since they would be 'referred' by the user's IP as when she clicks a link in an html.

Thoughts?

Thanks

[bsmither]

In filemanager.class.php, the deliverDownload() function:

determines the legitimacy of the file request - if the customer is entitled to the file, CubeCart:

sends a series of headers that tells the browser the following is a binary file and needs to be saved
opens the target file for reading
reads 8K of the file contents
'echoes' that content (to the browser)
repeats until the last of the file is read
closes the file

 

[CoderJim]

Okay, now this makes perfect sense and works as you described using a .pdf, now all I have to do it to create 150+ pdf's.

I'll get back to you with design issues later, probably much later. Thank you so much for all your help.