Community Support Forums

[guardian]

Hi!

I read all instructions and look at the videos...still not clear to me!

POSSIBLE SCENARIO

I have a post with 3 types of links:
level 0
level 1
level 2

With time there are more and more links to files piling up. I decide to sell that post as a standalone.
1) clone the page with the duplicate plug in (avoiding to create a post with all the links from scratch)
2) rename the post
3) add this cloned page to specific post protected
4) create a sale button for that specific post as a stand alone product

QUESTION

How the links would behave for the new buyer? Will all the links, whatever the level already embedded, would work?

Or should I use another way to do it?

Roger Pilon

[Cristián Lávaque]

OK, let me see if I understand: you want to use specific page restriction for the pages but level restriction for the downloads, and you want to know if you can combine those like that?

[guardian]

Yes sir!

Roger Pilon

[Cristián Lávaque]

Sure you can. You will need the users to be at the right level to access the files for that level, though, so you'll either add them manually or sell them the level somehow, separate from the specific pages you're talking about here.

Keep in mind that levels give incremental access, meaning that each will have access to everything at and below its level, so Level 2 will have access to 2, 1, 0 and public. If you want those to be separate (not incremental) you should use custom capabilities.

[guardian]

My question should ave been this one:

On a specific protected post/page, how do you protect the locations of the files? If you put files inside the /wp-content/plugins/s2member-files/, user will not be able to get the files as they are protected my the membership plugin!


Roger Pilon

[Cristián Lávaque]

Use the download key to protect the file but not require a level. WP Admin -> s2Member -> Download Options -> Advanced Download Restrictions

[guardian]

Thanks for the answer.

If I use a key:

Each Key it produces ( at the time it is produced ), will be valid for the current day, and only for a specific IP address and User-Agent string; as detected by s2Member

it will be valid for 24 hours. How can you override this? Possible?

Roger

[Cristián Lávaque]

You mean change the expiration time?

[guardian]

yes!

[Cristián Lávaque]

OK, I'll find out how that can be done, but why do you want to change it? Want to make it less or remove expiration?

[Jason Caldwell]

Thanks for the excellent question.
~ and thanks for the heads up Cristián.

Sorry, the options on this are somewhat limited in the current release. Download Keys are hard coded with an expiration of 24 hours, and are reset automatically each time a Key is generated. That being said, if you tell us exactly what you're trying to accomplish, we can probably get you there.

[guardian]

What I am going to do here, is to give you an extreme example.I am quite new with the plug-in so if I make some mistakes, please do not shoot at me.

Let's say for example, that with time I have 1000 files, spread over 10 different categories. Let's say also that on a Monday morning I decided to make a big sale and sell 100 files that belong to the specific category, whatever it is to the outside world (no members).

Scenario 1

I go to that specific category. Open the post and copy all the HTML that contains 100 links. Next, I create a new post and paste the HTML code. Third step, I protect this specific post with the plug-in.

Will it work? I don't think so, because the links to the files are link made exclusively for the membership. Not possible ! Mark

Scenario 2

I could append the key string. It means that I will have to add 100 different keys to the 100 links that I already have. Not very handy ! It goes without saying that they could use WordPad for example and use replace to edit all the links with the new ones. This is beyond the point I want to make here.

Scenario 3

Let's say that one way or another I appended the key to the 100 files links. So I go and make a PayPal button, and pick up protected for 3 days. Problem the post will be protected for three days but all the links inside would be predicted for 24 hours. There is a contradiction here!

Suggestions

You see the bottom line is this: with time files are going to pile up within the membership folder. One day or another, one week or another, one month or another, the owner will like to use these assets and sell them to the outside world. My question is this one. How could we find a way to transform, change all these links to specific files inside membership folder and make them in one go from a specific post or page to the outside world?

Some brainstorming

Why not offering somewhere an option that will override all links to files from within the protected folder. I don't know where you could put that string, that piece of code, name, or what ever, but in a few words using that snippet would mean that everything on that specific post will override all different members levels programming, but will still able to hide the location of the files.

Conclusion

Option to clone any links to any files making them available on any specific protected post overriding any restriction or protection

Thanks for your suport.

Roger

[Jason Caldwell]

Let's say that one way or another I appended the key to the 100 files links. So I go and make a PayPal button, and pick up protected for 3 days. Problem the post will be protected for three days but all the links inside would be predicted for 24 hours. There is a contradiction here!

Slight correction here. Whenever a Customer lands on this Post, the Keys are generated dynamically with the <?php s2member_download_key("file.zip"); ?>, and at that point ( i.e. when the Post loads up, each time it loads up ), the Key(s) that are generated, are good for 24 hours. So if I load the Post now, I have 24 hours from now. If I come back to the Post, to download 2 days later, I have another 24 hours ( each time the Post/Page is accessed ). Once access to the Post/Page is revoked, access to the Key re-generation is revoked as well, automatically.

Some brainstorming

Why not offering somewhere an option that will override all links to files from within the protected folder. I don't know where you could put that string, that piece of code, name, or what ever, but in a few words using that snippet would mean that everything on that specific post will override all different members levels programming, but will still able to hide the location of the files.

Gotchya. Well, one way or another, access to the files has to be authenticated. So if they are logged into your site as a Member, this is controlled by s2Member's "Basic Download Restrictions" in your Dashboard. If you need to grant access to these files, which are going to be given out to non-Members ( i.e. unauthenticated Users ), then the links must expire in a short time, otherwise there is a risk of someone sharing their download links with someone else.

One trick you can use though ( at your own risk ).
<?php echo s2member_download_key("file.zip", "forever"); ?>
The Key never expires, and is NOT tied to any specific User.

I'll see if we can add one more option here, that would make the Key last forever, but still be tied to a specific IP Address. That might be useful in some cases. Either way though, you'll have to generate a Key if your Customers are not going to be authenticated with a Username/Password on your site.

Please let me know if I've missed anything, or misunderstood. I'm also open to any ideas that you have regarding new mechanisms of authentication. But those methods have to ensure that nobody can share a Download Link with someone else.

[Cristián Lávaque]

Note: Jason posted his reply while I wrote mine, but I'm still posting it in case there's something helpful.

OK, Roger, I think I understand what your concern is now. I'll answer each scenario as best as I can, and let Jason give his own thoughts when he can:

1) True, if you protect at a certain level or custom capability, a person without them won't get to the file, unless you use download keys. You can also just copy the files to an unprotected directory.

2) What you'd add at the end of each URL is a code that will generate the key, not the key itself, so it self-updates, you don't need to edit it after you post the links to them.

3) The link expiration time of 24hs is for that particular key, but each time you load the page a new key gets generated for each file, so the 24hs start counting again.The worst that could happen in that example is that the user reloads the page right before it expires at the end of day 3, saves that page and has another 24 hours to access the files.

Why not offering somewhere an option that will override all links to files from within the protected folder. I don't know where you could put that string, that piece of code, name, or what ever, but in a few words using that snippet would mean that everything on that specific post will override all different members levels programming, but will still able to hide the location of the files.

You can probably do something like that using WP hooks in a custom script inside the /wp-content/mu-plugins/ (mu: must use) directory. A WP developer could create it for you if you need it.

I hope that helps.

[Cristián Lávaque]

One trick you can use though ( at your own risk ).
<?php echo s2member_download_key("file.zip", "forever"); ?>
The Key never expires, and is NOT tied to any specific User.

Couldn't that parameter be used to set a custom expiration time?

[Jason Caldwell]

Yes, that's a great idea. However, not in the current release.
@TODO: ip-forever directive ( done ), custom expiration directive ( remaining ).
This will make it into the next official release of s2Member 110526+.

Code: Select all

<?php echo s2member_download_key($file, "ip-forever"); ?>

[Cristián Lávaque]

Very cool.

[guardian]

Let me see If I get it right:

I have 100 files all inside the protected plugin folder, all of them spread over all kind of different levels

I want to offer this 100 files to the outside world - non members:

AS IT IS NOW

- I open the post in html
- do a find/replace with 2member_file_download_key=<?php echo s2member_file_download_key of all the files links
- paste this code in a brand new post
- create a Paypal button
- pick-up the time that post will be live - example 7 days
- keys will be generated during 7 days, once every 24 hours
- links to the file location hidden
- done

Did I miss something?

AS IT IS WITH THE NEW CODE

- I open the post in html
- do a find/replace with 2member_file_download_key=<?php echo s2member_download_key($file, "ip-forever"); ?> of the 100 files links
- paste this code in a brand new post
- create a Paypal button
- pick-up the time that post will be live - example 7 days
- keys will be generated forever attach to a specific IP
- links to the file location hidden
- done

AS IT COULD BE ONE DAY ...maybe!!!

- I open the post in html
- paste this code in a brand new post
- add ONE tiny piece of code somewhere - key here is ONCE
- have options for time, ip
- piece of code override the membership setting embedded in the html post
- create a Paypal button
- pick-up the time that post will be live - example 7 days
- links to the file location still hidden
- done

Do Am I on the right track?

[Cristián Lávaque]

Any text editor will let you search&replace to achieve what you need here. Or you can use a little more PHP and do something like:

Code: Select all

$files = array (
    'book.pdf',
    'audio.mp3',
    'video.flv',
);

foreach ($files as $file)
    $keys[$file] = s2member_file_download_key($file);
 

You can get more advanced and generate the full link to each file that way, saving you even more work.

About the location of the files, even if somene knew it, he wouldn't be able to download them unless he had the right access for s2Member to serve them.

The time the page is available (e.g. 7 days) is independent of the file downloads settings, that's controlled when you create the Specific Post/Page button to sell it.

The keys get generated every time the page with the key generating code is loaded, not daily on a schedule. If someone accesses the page 100 times in one day, unless he gets a cached copy of it, the key gets generated a hundred times, each valid for 24 hours.

I hope that helps.