Released new version of risal-download version 1.3, yesterday. I put browsing ability to the programme where it will automatically load value of file’s name and it’s path after desired file inside server been selected/clicked. Ease job in file recording. Kindly get it from here http://wordpress.org/extend/plugins/wp-risal-download/ .
Hello Mr. Affendie!
I have installed your plugin, because it is the best for that cause i have found so far. There is one problem left i worked on for 3 hours now:
If i add a Risal-Link in my blog it opens a popup with java. The java-popup leads to a link like this:
http://xxx/wp-content/plugins/wp-risal-download/downfile.php?filename=1
If anyone copies this link now, he can post it in any forum and so my files get leeched anyway
You know what i mean?
If your plugin would work like this, it would be perfect:
The “click to download”-button should appear directly in my blog-article without pop-up. Do you think you can work that out, or did i just miss something?
Please answer!
Thank you in advance,
Lars
Hi Lars,
Thanks for your comments and suggestion.
First of all, I like to clarify what is ‘Livetime’ for this plugin. It is a gap time between user clicked the link and start push download button at pop-up window. So, better for you to set an ideal period of time, enough for someone waiting the popup to appear and then click the button(to download). Someone may copy the url but it will always depend on encrypted session mix with ip, livetime etc and unable to download it especially when the time session exceed ‘Livetime’. This is the only solution for now.
I will think the way how to improve it by prepare unique url for every session for download link.
Thanks again,
Risal Affendie.
Hi Risal,
i modified your plugin for my needs if thats ok?
In your version everybody could take the link which the java-popup uses and post it to a forum. Everybody can click it and download the file without seeing my page.
Following thing is changed / added:
1. I produce an md5-scrambled value out of date(‘Y-m-d H:i’) and the downfile.php gets this value by “GET”. The value is the time my page with the download link has been load.
2. Now the downfile.php also produces an own md5-scrambled value out of date(‘Y-m-d H:i’) and makes one variable for now, one for now+60 seconds, one for now+120 seconds and one for now+180 seconds.
3. The downfile.php checks, if any of the self-produced variables matches the GET-token from the risal-download.php. If there is no match the downfile.php says “Bad token” and we (you and me) know, the link (value) was too old. If anybody copies the link now and posts it anywhere, it does only work for 4 minutes including the current minute. If anybody uses the link without the variable from risal-download.php, it says “Bad token”, too, because there is no match again. Now it´s perfect!!!
I hope you understand my bad english. What do you think about it?
If you like, i send it to you?
Thank you in advance,
Lars
Hi Lars,
Nice. Does this involved with database and how it support multiple internet users (whom visit your site)? Yes, please send the copy to me, so I can see the whole idea. (linuxuserjp@yahoo.com)
Yes, you can modified it, it’s GPLv2 Compatible anyway.