2. Home
  3. Forum
  4. MarvikShop
  5. General Support
  6. To prevent download stealing a small mod to /catal

To prevent download stealing a small mod to /catal

More
13 years 3 months ago #54 by Support Team
To prevent download stealing a small mod to /catal was created by Support Team
To prevent download stealing a small mod to /catalog/download.php is required

Replace
$downloads_query = tep_db_query("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd where o.customers_id = '" . $customer_id . "' and o.orders_id = '" . (int)$HTTP_GET_VARS . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int)$HTTP_GET_VARS . "' and opd.orders_products_filename != ''");

with
// mod to prevent download stealing
// $downloads_query = tep_db_query("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd where o.customers_id = '" . $customer_id . "' and o.orders_id = '" . (int)$HTTP_GET_VARS . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int)$HTTP_GET_VARS . "' and opd.orders_products_filename != ''");
$downloads_query = tep_db_query("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd where o.customers_id = '" . $customer_id . "' and o.orders_id = '" . (int)$HTTP_GET_VARS . "' and o.orders_status = '3' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int)$HTTP_GET_VARS . "' and opd.orders_products_filename != ''");
// end mod to prevent download stealing

This does an additional check that order status is 3 (or whatever you have set for payment received). If it does not match then the 'buyer' just sees a blank screen instead of getting access to the download. Instead of
and o.orders_status = '3'
I guess you could use >= '3' or use an or statement.

I can't remember where I found this suggestion but it worked for me.

Please Log in or Create an account to join the conversation.

Menu
Events Joomla
About
MarvikShop
Finnaly it's here:
 
No bridges, no look a likes!
This is the ultimate integration
between Oscommerce and Joomla!
Documentation
Site Showcase
Login
Follow us