Downloadable Music Files

[mpalmer.nz]

Hi there,

I have installed Zen Cart as an addon via cPanel on an Australian Web Host. So far so good. This site is for my nephew in Perth who wishes to sell music (primarily in .mp3 format)

I have set up downloadable products and all went well until I came to clicking the Download button for a music file. There is no 'Save File As' dialog but instead the file opens up in the default music program and starts playing. Also, I have noticed that if I use a direct URL to the file I can access it - I want to secure this (download directoy) so this does not happen.

I have played with the .htaccess file in download directory to no avail. Any help would be much appreciated. Following is my current .htaccess file in downloads.
Thanks.

#
# @copyright Copyright 2003-2010 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $
#

AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
#Require valid-user

AddType application/octet-stream .mov
AddType application/octet-stream .avi
AddType application/octet-stream .mpg
AddType application/octet-stream .jpg
AddType application/octet-stream .mp3


###############################
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">
Order Allow,Deny
Deny from all
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch ".*\.(zip|ZIP|gzip|pdf|PDF|mp3|MP3|swf|SWF|wma|WMA)$">
Order Allow,Deny
Allow from all

# tell all downloads to automatically be treated as "save as" instead of launching in an application directly
# (just uncomment the next 2 lines by removing the '#'):
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI

[stevesh]

The only way I know to prevent the file from opening is to sell them as .zip files.

Check here for the second question:

https://www.zen-cart.com/tutorials/i...hp?article=292

[mpalmer.nz]

Cheers stevesh.

I did eventually find the solution to this. Zen Cart redirects downloads to the /pub directory. So altering the .htaccess file in this directory in the same manner as shown in my first post did the trick.

Securing the downloads directory so files cannot be accessed directly via a URL is still a mystery. Thankfully I am using Java so I can put a Listener on this to solve it.

[DrByte]

Securing the downloads directory so files cannot be accessed directly via a URL is still a mystery.

Have you perchance looked at the FAQs section for your questions?
https://www.zen-cart.com/tutorials/i...hp?article=121
https://www.zen-cart.com/tutorials/i...hp?article=292
https://www.zen-cart.com/tutorials/i...hp?article=280