Link to my digital product

[Guest downloadcul]

Hi,

I am testing CubeCart to deliver a URL to my digital product that is supposed to expire and can only be downloaded 3 times. The link I get is to a file called "download.php" which is NOT the file corresponding to my digital product. After opening "download.php" with wordpad or notepad, it contains the message below. How am I supposed to fix this so that a link to my digital product is delivered instead of the following message:

<br />

<b>Warning</b>: filesize(): open_basedir restriction in effect. File(/home/httpd/vhosts/mysite.com/cubecart/3.txt) is not within the allowed path(s): (/home/httpd/vhosts/mysite.com/httpdocs:/tmp) in <b>/home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php</b> on line <b>64</b><br />

<br />

<b>Warning</b>: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php:64) in <b>/home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php</b> on line <b>64</b><br />

<br />

<b>Warning</b>: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php:64) in <b>/home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php</b> on line <b>67</b><br />

<br />

<b>Warning</b>: readfile(): open_basedir restriction in effect. File(/home/httpd/vhosts/mysite.com/cubecart/3.txt) is not within the allowed path(s): (/home/httpd/vhosts/mysite.com/httpdocs:/tmp) in <b>/home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php</b> on line <b>68</b><br />

<br />

<b>Warning</b>: readfile(/home/httpd/vhosts/mysite.com/cubecart/3.txt): failed to open stream: Operation not permitted in <b>/home/httpd/vhosts/mysite.com/httpdocs/cubecart/download.php</b> on line <b>68</b><br />

[Guest]

Have you set the digital path up correctly?

Sounds stupid I know but have youupload digital product?

and to correct folder?

[Guest downloadcul]

Hi, Thanks for helping me

I have uploaded my digital products to this folder : /home/httpd/vhosts/mysite.com/cubecart/

My digital products are text files with extension .txt (1.txt, 2.txt, 3.txt and 4.txt are the actual files) Please help me find out what is wrong.

[Guest estelle]

It sounds like your server has Safe Mode enabled? (CubeCart Admin -> Server Info)

[Guest downloadcul]

I just checked under Configuration - PHP core and I have the following server settings :

safe_mode Off Off

safe_mode_exec_dir no value no value

safe_mode_gid Off Off

safe_mode_include_dir no value no value

I really don't know much about this stuff but it looks to me like it is off so the problem might be something else.

[Guest estelle]

Okay, well i just had a look at the documentation, and although it is kind of related to safe mode, your open_basedir setting will apply regardless of whether safe mode is on or off.

open_basedir  string

    Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

    When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.

It looks like your open_basedir is setup such that it is restricting the normal operation of CubeCart. I guess you're going to have to either see if your webhosting provider can change this security setting, or put your digital files somewhere within httpdocs (and follow the instructions given in the other thread to increase security of your digital files as best as you can).

[Guest downloadcul]

Thanks for your help.

What's open_basedir ??? I don't know much about this stuff. Is it the directory where I have my digital products?? So, what do you think I should request from my server manager??

[Guest estelle]

Don't worry about it too much. The debug tells you what you have to do:

allowed path(s): (/home/httpd/vhosts/mysite.com/httpdocs:/tmp)

So just move your digital files under your httpdocs directory, and it should work fine. And follow the precautions in the other thread to make sure that customers can't steal your digital files if you accidentally enter an incorrect filename.

[Guest jacqui00]

heres a followup question from an ubber noob.

I understand that what yo guys are talkin about is in refernce to the line next to product type when adding a new item, however are you supposed to do the same when setting up the settings of the store in

general settings : directories and folders?

does any of that stuff have to be filled in or is it an option?

[Guest jacqui00]

heres a followup question from an ubber noob.

I understand that what yo guys are talkin about is in refernce to the line next to product type when adding a new item, however are you supposed to do the same when setting up the settings of the store in

general settings : directories and folders?

does any of that stuff have to be filled in or is it an option?

bump.

please?

anyone?

[Guest robert8450]

....

open_basedir  string

    Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

    When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.

It looks like your open_basedir is setup such that it is restricting the normal operation of CubeCart. I guess you're going to have to either see if your webhosting provider can change this security setting, or put your digital files somewhere within httpdocs (and follow the instructions given in the other thread to increase security of your digital files as best as you can).

Yes - you're right, and I have the exact same problem... I am determined to make this work in the outside the public_html document root... I looked at the php.ini file and I see that the open_basedir statement is remarked out...

I don't know what i need to put in there to make it work without breaking the server - any thoughts? my path to the digital items are: "/var/www/vhosts/domain-name.com/private/"

Thanks for your help.

What's open_basedir ??? I don't know much about this stuff. Is it the directory where I have my digital products?? So, what do you think I should request from my server manager??

open_basedir is a statement in your php.ini file (located on the server afecting all shared hosting accounts). it is a php configuration file and statement that disallows accesses to unathorized directories. for example, there is normally no reason a browser or script should have access to anything on the server except the document root (where the web pages are)... unless of course you're trying to hide your digital products up one level from the document root and then in that case, it its disallowed (such as our case) your shoping cart script will not be able to grab the file.

I am totally against putting downloadable files in the public_html (document root) because anyone can use a crawler or spider program and find all of your files, no matter if there is a blank index page in there or not - period. if your public folder is not password protected, the file are available to anyone. the only people you are keeping from downloading your files are the honest people who probably wouldn't know how to get at them in the first place. I strongly recommend you have your server people adjust your server to allow access to level above httpdocs / public_html level (such as what I am trying to do

This brings me to another question... lets say we do put the digital goods in a "secret" public folder and try to hide them the best we can... (to which I've just explained - you cannot)... but lets say we put them there... is there anyway to give the customer a temporary user name and password and then use an .htaccess file to lock the directory?

I'm guessing that this is something we would have to email them and then perodically change every so often? ... is there any other less-annoying way to password protect a public directory for the customer to retreive their files on payment?

heres a followup question from an ubber noob.

I understand that what yo guys are talkin about is in refernce to the line next to product type when adding a new item, however are you supposed to do the same when setting up the settings of the store in

general settings : directories and folders?

does any of that stuff have to be filled in or is it an option?

I'm not sure I understand your question fully, but if I do understand... then you're answer is no - this thread and what people are talking about is in reference to hiding their digital / downloadable products. - normally you would not have to do any of this if you're seling "normal items"

hope that helps... and if anyone has a solution to what I have posted. i would like to hear it - thanks.

[Guest Pete_bolton]

Ill try and help as all i sell are digital products.

You have to put your files you want to download outside the public_html folder. Some hosts do not allow you to do this.

Heres an example of what i see on my ftp program

ftp.mydomain.com

.autorespond

.cpanel-datastore

.fantasticodate

.htpasswds

.spamassin

.trash

.downloads (I created this folder for my downloads)

.etc

.ftp.al

.mail

.public_ftp

.public_html (All my websites are within this directory)

.www

So if you cannot see something like this you may not have access to the "Root" of your server, I would recommend moving if you want to sell digital products as i have no problems what so ever.

My link to my product is..

/home/myusername/downloads/filefordownload.zip

Hope this helps

[Guest robert8450]

....You have to put your files you want to download outside the public_html folder. Some hosts do not allow you to do this.

/home/myusername/downloads/filefordownload.zip

Hope this helps

correct, and I agree - the problem is that apache and php are set on my server to disallow access to anything except the document root. with the help of my support person, I have fixed my problem and here is what we had to do to allow access.

First of all, I noticed that open_basedir was remarked out in the php.ini file like this:

;open_basedir

But then I realized that this was not exactly my problem... and I read some more articles...

http://php.net/features.safe-mode (explination of open_basedir)

http://www.hardened-php.net/advisory_082006.132.html (interesting article about enabling it and other ways to harden your system if open_basedir is in use)

http://secunia.com/advisories/16971/ (another confirming the potential risk)

http://secunia.com/advisories/22235/ (talks about disabling symlink if open_basedir is in use)

And then I read where httpd.conf (the apache configuration file) can be configured to turn open_basedir on or off, http://help.godaddy.com/article.php?articl...=1616&&

except I could not find where httpd.conf was located and then I was told by my support person that Plesk (my control panel) has an individual configuration file for each individual vhost (domain account)

I then discovered (by looking at that indivual configuration file that sure enough, the open_basedir statement was only allowing access to the httpdocs (document root) and a "tmp" directory. I discovered this by looking at the phpinfo.php file on the domain account. The support person created a separate config file (as specified by the main apache config file) to include the special directory that I wanted to use for my digital items (which is in fact up one level from teh doc root)..

I hope all this rambling is able to help the next guy also figure out how to allow access to the directory structure (up one level from document root)..

good luck.

[markscarts]

Wow, it's cool you guys are providing very helpful info to the forum.

Note, though, questions are being answered that were posed in October 2005, over a year ago. No problem with that, I'm just pointing it out so you don't expect a response from the folk who posted the questions.

Also, would like to point out that there is a tutorial about adding digital downloads in the CC3 free mods forum at www.cubecart.org

It is helpful answers like you guys are providing that makes this forum great :P

[Guest robert8450]

yep, i understood that this was an old thread before i posted in it yesterday, but i did read that tutorial and it said nothing about fixing the open_basedir problem which has been now been fully addressed for a LAMP (Linux, Apache, Mysql, PHP) / Plesk configuration.

I am personally all set now, I just wanted to post what I found to help the next guy :)

[Guest Pete_bolton]

Also, would like to point out that there is a tutorial about adding digital downloads in the CC3 free mods forum at www.cubecart.org

How do you think i got mine workin in the first place? I of course read that tutorial. But i have expanded on that to make it a little easy to undestand for people that are very new to this stuff and whos sever might not be up to scratch.

yep, i understood that this was an old thread before i posted in it yesterday, but i did read that tutorial and it said nothing about fixing the open_basedir problem which has been now been fully addressed for a LAMP (Linux, Apache, Mysql, PHP) / Plesk configuration.

I am personally all set now, I just wanted to post what I found to help the next guy

Same for me :-)

[Guest]

I am busy setting up digital downloads and need to check with host if they can be outwith /html/ folder. I've tried and it works fine.