Jump to content

server root path for digital products

Guest swamp

By Guest swamp
in Technical Help

 Share

Recommended Posts

Guest swamp

Guest swamp

Posted
Posted

Hi,

Swamp the technophobe here again, I would just like to analyse the server root path specified in the digital products section of the admin site.

/usr/local/vhosts/www.domain.com/downloads/download.exe

Above is the path suggested

Below is my layman's analysis:

/usr/local/vhosts/ - should this just be added as it is? Or is this a generic path example that needs me to supply my site specific info?

www.domain.com/ - This should be my domain name right?

/downloads - Should this be a folder I create myself in the server root?

/downloads.exe - should this be the file I want to offer for download (an MP3)? or is there something else I have to do here?

Any help would be greatly appreciated

Best regards,

Swamp

Link to comment
Share on other sites

Guest jaycarney

Guest jaycarney

Posted
Posted

Hey swamp. This is quite a sticky situation I myself ran into. The server root path on there is decieving....But let me give you my example because I myself have a mp3 website...

www.jaycarney.com

for me, this starts off at

/home/

because it's in my home directory...(btw i use cpanel for my webhosting and such)

then next after home is my username which i use to login to cpanel

/home/myusername

after that, the file i want is stored in the public directory, so it would be..

/home/myusername/public_html

from there its as simple as the folder your mp3 is in

/home/myusername/public_html/musicfolder

then of course the actual file

/home/myusername/public_html/musicfolder/mymusicfile.mp3

It is of upmost importance that this is right. If you do not do this and someone purchases a song, when some from a mac goes to the link, it will have them download a file called download.php....if someone on windows goes to the given link it will goto that page and have a bunch of funky php code giving you errors that no such place exists, while giving them basically where exactly your mp3 files are at. if you need any further help aim me at moviescreator

Link to comment
Share on other sites
  • 1 month later...
Guest

Guest

Posted
Posted

Hello,

I'm having the same problems - the download link is not working.

Once you have figured out what the correct directory is, how does the download link appear to the customer - is it emailed or is available on the the last order page?

Link to comment
Share on other sites
Guest scripts@uk2.net

Guest [email protected]

Posted
Posted

You guys are talking about the sever path to a public folder. The server path is to lead customers to the digital download via a generated url that has no public access because it is beneath the 'public' folder.

If your path is e.g.,

/home/myusername/public_html/musicfolder/mymusicfile.mp3

then it's open to the public. But if your path was,

/home/myusername/musicfolder/mymusicfile.mp3

and you had created your 'musicfolder' directly inside the 'myusername' folder instead of inside the 'public_htms then your mp3 files would be safe from snoopers.

Link to comment
Share on other sites
  • 2 weeks later...
Guest

Guest

Posted
Posted

You do NOT want the files you're selling in a publicly-accessible directory. You do this by putting your storage directory above or beside your server root directory.

On my server, I'm in /home/swscripts/www/ this is the directory that Apache pulls its files from to serve swscripts.com.

I do have /home/swscripts/www/downloads/ this directory is accessible at swscripts.com/downloads/ since it is beneath the server root.

I also have /home/swscripts/sale-files/ this directory cannot be reached from a web browser no matter what you do. It is above (technically beside) the web root so therefore is inaccessible.

But PHP can pull the file from anywhere on the server. So long as you tell CubeCart where the files are, you're fine.

One other word of caution. If you ever do put files in a publicly accessible directory, throw a dummy index.html in there that will just display blank page or tell people that they can't view what's in the directory. That way just because somebody may know one file that's in there, they won't necessarily be able to find any others by browsing the directory tree. You can see an example of what I mean here: http://www.swscripts.com/downloads/

Hope this helps you guys. :w00t:

Oh and remember that Unix/Linux is ALWAYS case sensitve. MySong.mp3 does NOT equal mysong.mp3.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Okaymy file/folder structure is like I postup earlier. I use Plesk as a control panel and that is how the files are setup.

/var/www/vhosts/mysite.com/httpdocs/

If I am reading correctly I would make a folder outside of the httpdocs folder but it will not let me. It says access denied.

If that is where I need to put it can I contact the hosting company and ask them to make the folder for me?

Link to comment
Share on other sites
markscarts Newbie

markscarts

Posted
Posted

@ Sir William, why do you files in both places?

I do have /home/swscripts/www/downloads/ this directory is accessible at swscripts.com/downloads/ since it is beneath the server root.

I also have /home/swscripts/sale-files/ this directory cannot be reached from a web browser no matter what you do. It is above (technically beside) the web root so therefore is inaccessible.

Even after all this excellent discussion, for some reason the issue is not entirely clear to me.

Would I be ok putting all my downloads in:

home/username/public_html/cc3/downloads/filename.zip

and adding an index file as you suggested, or should I do something more, or something different?

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

If i'm not mistaking, the goal is not to put the file in the public_html or www directory but in another at that level

so for markscarts instead of:

home/username/public_html/cc3/downloads/filename.zip

it would be:

home/username/cc3/downloads/filename.zip

or:

home/username/downloads/filename.zip

Link to comment
Share on other sites
Guest vrakas

Guest vrakas

Posted
Posted

Would I be ok putting all my downloads in:

home/username/public_html/cc3/downloads/filename.zip

From what i gathered it is NOT ok as this is accessible from any download manager.

Example i can "steal" from your site everything if it is accessible to me.

Before the public_html i cannot see it therefore i can not get it.

If i am wrong please let me know.

He may have 2 but only the one is reachable, correct?

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Right vrakas. For the files that I have for sale, I put them in the NON-accessible directory. This directory is where CubeCart pulls them from for users to download. But I have a publicly available download directory for files that I don't care for people to get.

A good example would be the PayPal IPN/PDT modded files that I made available for free download. Those are in the publicly available directory and anybody can get them.

I also post up files for download by a few of my dedicated testers. I'll put them in the public directory then delete them when they've downloaded them. But in case I forget, that's why I have the index file in that directory to prevent people from leeching the files out of it.

Hope this helps answer your questions. :(

Link to comment
Share on other sites
Guest vrakas

Guest vrakas

Posted
Posted

Thanks Sir William and rest of the guys,

this has been very educational for me. :(

Who needs teachers, books and tutorials when we have this forum. :)

Its seems that we learn as we go and i must admit, i didn't know this until now B)

Thanks again ;)

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

If you can't create a directory outside of your web-accessible area, then create a directory that in no way indicates what's really inside. Then be sure to put an index.html file in there that will prevent anybody from seeing the contents.

Examples?

/var/www/vhosts/mysite.com/httpdocs/fluffymycat/

/var/www/vhosts/mysite.com/httpdocs/corvette/

/var/www/vhosts/mysite.com/httpdocs/mydumbsister/

/var/www/vhosts/mysite.com/httpdocs/schoolhomework/

You do this so that for some reason somebody ever see a link to it, they won't automatically think it would be worthwhile to look through it.

Hope this helps you guys. :(

Link to comment
Share on other sites
kinetic Newbie

kinetic

Posted
Posted

why is it it so hard for people to understand your public site root folder?

why is it so hard to understand that you can have folders on the same level as your site folder and not be visible to the web?

if your downloads are in with your sitefiles but in seprate folders they can be snooped and stolen

if your downloads are ABOVE your sitefiles outside your ROOT they cannot be accessed directly but need php or something else to show a link to it or use a IP

Link to comment
Share on other sites
  • 2 weeks later...
Guest estelle

Guest estelle

Posted
Posted

And as jaycarney said... if you accidentally type an incorrect path name for one of your downloads, the folder where your downloads are located will be revealed! Then if you haven't created an index.html, people will be able to see a list of all the files in the directory. And even if you have created an index.html, people might still be able to download your files for free if they can guess the names of your files.

Link to comment
Share on other sites
  • 3 weeks later...
  • 2 months later...
Guest sound

Guest sound

Posted
Posted

I tryed this for the first time and logged in as a customer i did the payment through paypal and i got the email saying i made a payment but no download.. and i could access a download link in the store the lead me to a php file that reveals the path where the files are stored(which is on another server)

It appears i don't know what i'm doin in the case.

Maybe i'm missin the plot, i set up a paypal sandbox account to use that email for my store.

Was it ok for me to make the downloads available on another server/hosting account?

And i used the /home/username/downloads/myfile.mp3/

I think i'll start a fresh post.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Good luck on getting help for the email part. I have been trying for 2 months and cant get a reply as how to fix it.

I had to change carts to do what I needed to do. Im not happy about it what so ever. I ahve been usng Cube Cart for a long time and have always received support when I needed it but no one can seem to figure out why the email part isnt working for me at least.

Link to comment
Share on other sites
Guest sound

Guest sound

Posted
Posted

You know they are hell busy here lately with the work they're doin on the new releases.

I'd hafta say most problems i've had were answered and i'm not a customer yet.

Might of taken a while but i've allmost god the cart working how i'd like it.

But yea, maybe you need a faster service if you're in business or whatever, i'm not yet.

I'm not givin up that easy. Allthough i know it's aput off to some when your posts aren't answered for ages.

If i could help i would but i'm not that advanced with cms.

It's like been disabled sometimes and depending on professionals to help you out.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...