MusicStore mp3 sample - access to files

  • Posts: 45
  • Thank you received: 3
5 years 2 months ago #310908

-- HikaShop version -- : HikaShop Business: 4.2.1
-- Joomla version -- : 3.9.11

Hello

we are building a music store that will have mp3 samples.
I was able to program everything in an override. Only, the upload / safe folder is protected with a .htaccess.

How can I access the mp3 in this folder and have it displayed in the audio. I don't want to switch of the .htaccess
Unfortunately, I do not find the download area, otherwise I could have looked there ...

Very grateful for every tip.
Maya

<?php // bK Hörprobe    
        echo "<div class='hikaMP3sample'>"; 
        echo "<strong>".JText::_( 'HIKA_MP3_SAMPLE' )."</strong>"; 
        $songExtension = substr(strrchr($this->element->files[0]->file_path, "."), 1);
        $songPath = '/media/com_hikashop/upload/safe/'.$this->element->files[0]->file_path;
        //echo $songPath;
        if ($songExtension=="mp3"):
            echo ' <audio controls>';
                echo '<source src="'.$songPath.'" type="audio/mpeg">';
            echo '</audio>' ;
        endif;
        echo "</div>";
    ?>

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13375
  • MODERATOR
5 years 2 months ago #310938

Hi,

If you want to keep the htaccess so that the files of the upload/safe folder cannot be accessed directly, then you need to move your sample files outside of the upload/safe folder.
For example, move them in the upload folder directly, and then change the line:

$songPath = '/media/com_hikashop/upload/safe/'.$this->element->files[0]->file_path;
to:
$songPath = '/media/com_hikashop/upload/'.$this->element->files[0]->file_path;

Please Log in or Create an account to join the conversation.

  • Posts: 45
  • Thank you received: 3
5 years 2 months ago #310958

Thank you - but it is imporant that the folder is safe - so therefore it is ok that the files are there. Otherwise an advanced user could grab the files without paying for them.

in the file users>download.php the user is able to download the file somehow - how did you do this?
how was the script allowed to access the files?

Is it not possible to play the song per script, without chaniging the .htaccess?
or do you maybe know if it is possible to "say to the" .htaccess that the script is alow the play the songs, but else it's denied?

still searching for an answer...

Kind regards,
Maya

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13375
  • MODERATOR
5 years 2 months ago #310961

Hi,

1. It is indeed important that you don't remove the htaccess from the upload/safe/ folder so that the files you sell cannot be accessed directly. And that's why I was proposing that you don't remove it, but instead that you move the sample files outside of that folder. I suppose that it's not a problem that people could potentially download the sample files.

2. To be able to allow the download of files in the upload/safe folder only for people who purchased the files, what we do is we have a PHP script which checks that the current user has the right to download the file. And we change the link to the file so that it goes to this script with the id of the file and the id of the order in the URL so that the PHP script can do its checks. Then, once it's validated, it reads the file in the memory of the server and sends the data itself. That way, the PHP scripts circumvents the htaccess as it doesn't go through apache to read the file but directly reads it on the filesystem of the server.

3. You could potentially do something similar as what I explained in point 2. However here is a simpler approach:
- have all your sample files start or end with a specific text
- use the filesmatch system in your htaccess to deny access to the files not starting/ending with that specific text:
www.opentechguides.com/how-to/article/ap...le-dir-security.html
That way, you wouldn't have to change your custom code and move the sample files. You could just adapt the htaccess.
Note however that the htaccess will be overwritten when you update HikaShop unless you change its permissions so that it can't be overwritten. So if you can't change its permissions, I would recommend to stick with the solution I proposed in my previous message (and point 1 ).

The following user(s) said Thank You: bytekultur

Please Log in or Create an account to join the conversation.

  • Posts: 45
  • Thank you received: 3
5 years 2 months ago #310994

Thank you! I will have a look at the different solutions.

At the moment the audition is the whole file and not only a sample (my mistake that I did not say this explicitly)...
maybe we will write a script that cuts the file automaticly and put them in a new folder... I will see!

Thanks a lot for your help!

Please Log in or Create an account to join the conversation.

  • Posts: 45
  • Thank you received: 3
5 years 1 month ago #311333

Hello
I have now tried various ways - unfortunately nothing really worked.
At the moment we cut the songs manually and load them back to the server - which is not a solution in the long run.

I took a closer look at the COde of the download.

With the call in the audio player with such a URL I can play a file
hikashop_completeLink ('order & task = download & file_id ='. $ downloadFile-> file_id. '& order_id ='. $ order_id. file_pos $. $ url_itemid)
/ Qflk / kita songs / downloads / order / download / file_id-169 / order_id-74

Now my question - how can I generate such a link myself, which, however, has nothing to do with the download. Is there a documentation in this direction in which direction I could do research?

To really appreciate every tip!

Best regards

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13375
  • MODERATOR
5 years 1 month ago #311336

Hi,

The download controller requires a file entry in the hikashop_file table and based on how the file is configured, it requires an order id of an order with the corresponding product purchased.
So supposing that you add the sample fiel as a "free download" file in the product backend edition interface, you'll get the URL you need to use on the frontend product page.
Supposing that you're editing a view file of the product page via the Display>Views menu, in the variable $this->element->files you have an array of all the free download files of the product.
So you can output the links like that:

foreach($this->element->files as $file) {
 echo $file->download_link;
}
And if you want to generate that download link elsewhere, you can do it like that:
hikashop_completeLink('product&task=download&file_id=' . $file->file_id.$url_itemid);

Please Log in or Create an account to join the conversation.

Time to create page: 0.065 seconds
Powered by Kunena Forum