Community Support Forums

[PerryM]

Got single page downloads working just fine - user clicks PayPal button, goes to PayPal and pays, then comes back to my download page.

Problem is I can't use the protected download link for non-members and thus they get to spread the download link around the internet!

Also, here is part of the eMail sent to the buyer:

Your order can be retrieved here:
%%access_url%%
( link expires after 72 hours )

Don't know where is figures out where the download is to be located. (Unless this is a link to the page which then would have a download link)

Need something here.

Thanks,

[Jason Caldwell]

Hi Perry. Change %%access_url%% to:
%%sp_access_url%%

The Single-Page Access URL is generated by s2Member, and will be automatically filled in, in place of %%sp_access_url%%. This is a special URL that is self-expiring, based on the configuration of the Button Code that you generated with s2Member.

[PerryM]

Hi Perry. Change %%access_url%% to:
%%sp_access_url%%

The Single-Page Access URL is generated by s2Member, and will be automatically filled in, in place of %%sp_access_url%%. This is a special URL that is self-expiring, based on the configuration of the Button Code that you generated with s2Member.

Thanks.

Also, still have the problem, with a single page download, of the user coming back from PayPal to the landing page and that protected single page not allowing them access the link when they click it - I do not have that page protected for members only.

[Jason Caldwell]

I can't be sure, but it sounds like you have the Single-Page Access working. What you're trying to do is provide a link to another page, that is also protected by Single-Page Access.

If that is the case, it won't work. s2Member grants them access to a "Single Page" ( the one they purchased access to ), and NOT to any other Page. So if they're landing on the Single-Page, and then clicking a link to another Single-Page that you've protected in some way, that won't work. Whatever you're selling, should go on the Single-Page they've purchased, and not require access to another Page.

Please let me know if I mis-understood you. ~Thanks.

[PerryM]

I can't be sure, but it sounds like you have the Single-Page Access working. What you're trying to do is provide a link to another page, that is also protected by Single-Page Access.

If that is the case, it won't work. s2Member grants them access to a "Single Page" ( the one they purchased access to ), and NOT to any other Page. So if they're landing on the Single-Page, and then clicking a link to another Single-Page that you've protected in some way, that won't work. Whatever you're selling, should go on the Single-Page they've purchased, and not require access to another Page.

Please let me know if I mis-understood you. ~Thanks.

Let's give a concrete example:
I am selling an eBook.

I've set up 2 pages:
1) A sales page with a PayPal button
2) Download page which has a download link to my eBook

I know how to protect the single page download page and generate the PayPal button.

I need to protect that download link or the buyer will simply copy the link and spread it around the internet and folks get my latest version of the eBook.

How do I protect that link? The whole exercise of protecting the download page means nothing if the link, to the actual location on my website, is easy to copy and post on other websites.

I was trying to protect that download link with your link protection but that requires folks to be logged in - which is NOT what I want to do.

Sounds like you guys left out a key component for downloading eCommerce products.

I've been searching for 2 days now to find a solution and the closest thing is dlGuard which costs a fortune and thus I must find another solution to membership plug-in for WP; your plug-in falls short in this area.

[PerryM]

I settled on eShop as a great way to sell eCommerce products within s2Member.

The raw address of my eCommerce products is never exposed and customers get 3 downloads per purchase -all that I need to sell memberships and products.

I'm sure, at some point, the folks at s2Member will address this problem of exposed links but in the mean time I'm finally up and running and now can spend time marketing my new membership site - hope I get some traffic.

[Jason Caldwell]

s2Member v3.0+ addresses concerns over Link Sharing ( and/or Username Sharing ). s2Member now comes with a built-in security suite ( very powerful ), which includes IP Restrictions that are configurable. You can read the full Changelog here: viewtopic.php?f=4&t=97

IP Access Restrictions. As with any membership system, it is possible for one Member to signup, and then share their Username or Access Links with someone else. s2Member now provides protection against this. See: `s2Member -> General Options -> IP Access Restrictions` for full details and configuration options.

[PerryM]

s2Member v3.0+ addresses concerns over Link Sharing ( and/or Username Sharing ). s2Member now comes with a built-in security suite ( very powerful ), which includes IP Restrictions that are configurable. You can read the full Changelog here: viewtopic.php?f=4&t=97

IP Access Restrictions. As with any membership system, it is possible for one Member to signup, and then share their Username or Access Links with someone else. s2Member now provides protection against this. See: `s2Member -> General Options -> IP Access Restrictions` for full details and configuration options.

The additions are great and open new opportunities for me.

However, I still have to have a naked link on the protected post/page and that link has no protection.

I'm still going to have to use eShop until the eCommerce links can be protected by hiding them.

I look forward to that upgrade.

[Jason Caldwell]

Hi Perry. I see what you're saying now. You're referring to Download Links that you've made available freely. s2Member protects the files inside "s2member-files/", based on your configuration under: s2Member -> Download Options.

If you're adding ?s2member_free_file_download_key - this opens them up for public access, otherwise, they are protected; and can only be downloaded by Members who are logged in.

All of that being said, I think what you're wanting ( and someone else requested this as well ), is to generate a Specific Download Access Link, similar to the Specific Post/Page Links. In other words, giving a specific Customer access to a protected file, without requiring them to login, or even be a member.

I'll see what we can do in the next release.

[PerryM]

Hi Perry. I see what you're saying now. You're referring to Download Links that you've made available freely. s2Member protects the files inside "s2member-files/", based on your configuration under: s2Member -> Download Options.

If you're adding ?s2member_free_file_download_key - this opens them up for public access, otherwise, they are protected; and can only be downloaded by Members who are logged in.

All of that being said, I think what you're wanting ( and someone else requested this as well ), is to generate a Specific Download Access Link, similar to the Specific Post/Page Links. In other words, giving a specific Customer access to a protected file, without requiring them to login, or even be a member.

I'll see what we can do in the next release.

Thanks, until then I'll have to use eShop.

[Jason Caldwell]

s2Member v3.0.6+ introduces a new improved way of handling Downloads. s2Member now supports more sophisticated Download "Keys", that are NOT the same, providing much better security, and a lot more flexibility. I'll be doing a video on these soon, because this is a really powerful feature, that can even protect files that are NOT part of your WordPress installation. Look for the new videos to appear @ http://www.s2member.com/ ~Thanks for all your input on this topic.

[PerryM]

s2Member v3.0.6+ introduces a new improved way of handling Downloads. s2Member now supports more sophisticated Download "Keys", that are NOT the same, providing much better security, and a lot more flexibility. I'll be doing a video on these soon, because this is a really powerful feature, that can even protect files that are NOT part of your WordPress installation. Look for the new videos to appear @ http://www.s2member.com/ ~Thanks for all your input on this topic.

Sorry it took so long to get back to this post.

I guess I'm not making myself clear - Protecting a page for 3 days is worthless if the links on that page can simply be copied and posted to websites.

Really, I don't know how to make it any clearer.

I use your plug-in for membership sales and it works fine but then I must use an eCommerce plug-in to handle links that only download 3 times and the actual link to the file on the website is hidden from the user. The link they get can be passed around but after 3 downloads it goes dead.

Hopefully your plug-in will have a way to handle the huge eCommerce market where what we sell is simply a download and the actual link to the file is hidden and protected.

P.S.

The eCommerce is sold separately from memberships and I don't want the buyer to have to become any kind of a member.

[drbyte]

Jason, I think a secure token, that expires when the download it completed, will work just fine. This way if they copy the link it will be a bad one once it's been downloaded. Is that possible! I'm sure cause you are the man

Sam

[Jason Caldwell]

Hopefully your plug-in will have a way to handle the huge eCommerce market where what we sell is simply a download and the actual link to the file is hidden and protected.

P.S.

The eCommerce is sold separately from memberships and I don't want the buyer to have to become any kind of a member.

Please read back over the updated documentation for "Download Keys" in s2Member v3.1.2+.
See: s2Member -> Download Options -> Advanced Download Restrictions
~Thanks. I think we have what you need in s2Member 3.1.2+
Please let me know if you have any questions, or if we are still not there yet.

[drbyte]

Hey Jason

It works like a charm. I tested it against so many download and leech programs and your name all over it You should have something like (This file been protected by s2Member) on the Pop Box

Thank you

[Jason Caldwell]

Awesome. Thanks for the followup Sam. Much appreciated!
~ and thanks for the suggestion also.

[PerryM]

Hopefully your plug-in will have a way to handle the huge eCommerce market where what we sell is simply a download and the actual link to the file is hidden and protected.

P.S.

The eCommerce is sold separately from memberships and I don't want the buyer to have to become any kind of a member.

Please read back over the updated documentation for "Download Keys" in s2Member v3.1.2+.
See: s2Member -> Download Options -> Advanced Download Restrictions
~Thanks. I think we have what you need in s2Member 3.1.2+
Please let me know if you have any questions, or if we are still not there yet.

I've read about the keys but can't follow it - maybe a concrete example might help.

I just can't get it going.

Where do I put this protected file? And how does the key work?

I really want to have a page describing an eBook and a button to click to buy it and return to a download page that is only good for so many days or so many downloads and sharing that link won't work for others.

I just don't understand the Key thing and how it works. I don't see how a PayPal button links to a download page after payment.

All I get are 404 errors:
404: Sorry, file download not found. Please contact Support for assistance.

Sorry, if I'm dense on this topic - I just need a real world example to help me.

[Jason Caldwell]

Hi Perry. Absolutely.
There are no dense questions here.
~ It's all good.

So let's say you have eBook.pdf
You upload that file here:
/wp-content/plugins/s2member-files/eBook.pdf

Ok, so now the file is protected by s2Member.

So now, from your WP Dashboard, go to:
s2Member -> Download Options -> Inline Extensions
and type "pdf" into the Inline Extensions field.

You now have two choices in how you provide access to this file.

1. You can let s2Member's configuration take care of everything. You configure Download Restrictions in your WP Dashboard, by navigating to: s2Member -> Download Options -> Protected File Downloads. You can configure which Levels have access, and how many files they're allowed to download in any given period of time. In this case, you would just link to the file on your site, anywhere, without concern for link sharing, because a Member has to be logged in to gain access.

Code: Select all

http://www.yoursite.com/?s2member_file_download=eBook.pdf

s2member_file_download = location of the file, relative to the /s2member-files/ directory.
In other words, just the file name itself, and that's it.

2. You can use Advanced Download Keys.
In this case, you need to have the Exec-PHP plugin installed, or have access to your WP theme files. One or the other; because you need to use a PHP tag in order to generate the encrypted ( time sensitive ) Download Key that is unique to each and every Internet User. In this example, we're using the s2Member API function, called "s2member_file_download_key()".

Code: Select all

http://www.yoursite.com/?s2member_file_download=eBook.pdf&s2member_file_download_key=<?php echo s2member_file_download_key("eBook.pdf"); ?>

So, in your case; a real world example, might be the following.

You sell Specific Post/Page Access to Post ID# 121, titled: "My Special eBook".
You install the Exec-PHP plugin, and in the content for this protected Post ( Post ID #121 ), you add a link that reads "Download My eBook", and it looks like this in the HTML tab of your WordPress Editor.

Code: Select all

<a href="http://www.yoursite.com/?s2member_file_download=eBook.pdf&s2member_file_download_key=<?php echo s2member_file_download_key("eBook.pdf"); ?>">Download My eBook</a>

To summarize:
The only way a visitor can gain access to this Download Link with a Key in it, is if they purchased Access to Post ID #121. Once a visitor gains access to this protected Post, a special Download Link is automatically generated specifically for them, and it cannot be shared. The download link is also time-sensitive.

How come the link can't be shared?
Because s2member_file_download_key ("eBook.pdf") = an installation-specific hash of s2member_xencrypt(date("Y-m-d") . $_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . $file)

There are many other ways in which Download Key's could be used/generated, but this is one example that I think best applies to your situation. Let me know if anything is unclear. ~Thanks.

[mrsshopper]

I have followed all the steps:
- created a sales page for downloadable product
- created a download page (protected)
- set up paypal button on sales page
- downloaded Exec-PHP and activated it
- added the above code (<a href="http://www.yoursite.com/?s2member_file_download=eBook.pdf&s2member_file_download_key=<?php echo s2member_file_download_key("eBook.pdf"); ?>">Download My eBook</a>) to the download page (I changed all the custom names to my site, changed "download my ebook" to "welcome"etc)
- uploaded product (.flv) to my server (/plugins/s2member-files/)

When I go that page, I see the Paypal button and the link that reads "Welcome" but when I click on the link, it goes nowhere. What have I missed?

Thank you!

[Jason Caldwell]

When I go that page, I see the Paypal button and the link that reads "Welcome" but when I click on the link, it goes nowhere. What have I missed?

It sounds like you might have placed the Download Link on your Membership Options Page. The Download Link needs to be inserted into the protected Post/Page that a Customer is purchasing access to.

*OK....* I was able to reproduce this bug just now. I'm opening a ticket on this issue. It appears there is an issue with this in the latest release of s2Member. I'll report back shortly.

Sorry, false alarm. This has been tested with the latest release again ( v3.1.4+ ); and all is working OK. The only oddity is that you have to make sure that you've configured a Membership Options Page before s2Member's File Download Protections are enabled; even for links with a Download Key.

In v3.1.5+, this behavior will be modified, so that a Membership Options Page will NOT have to be configured for protection on files with a Download Key. Download Key protection should be completely independent from Membership Level Access; so this will be changed for conformity.

Other that minor issue, everything appears to be in good working order. Please try this again when s2Member v3.1.5+ becomes available later this evening. If you continue to have problems, please let me know. Or better yet, send us a demo URL so I can see this problem in action. That will help greatly in a diagnosis.

[mrsshopper]

Ok, so I've got Paypal to work and the links work as well. Thanks!

I received the email with the URL to the page, clicked on it, and received access. To test it, though, I forwarded that email to another email on another computer. I opened that email, clicked on the link and I could access it as well. Does this mean someone can purchase my product (download), and then forward to others and they can access the page as well?

I read your post on the keys and not sure I get that either, especially the part that reads the key will allow access for the day only - what if I wanted the access to be 3 days?

Thanks in advance for your help, much appreciated.

[mrsshopper]

Follow up to my previous post, I've sent the email to other computers at other locations, and could access the page with no problem, so this defeats the purpose of protecting the file if the link can just be shared.

The only way a visitor can gain access to this Download Link with a Key in it, is if they purchased Access to Post ID #121. Once a visitor gains access to this protected Post, a special Download Link is automatically generated specifically for them, and it cannot be shared. The download link is also time-sensitive.

How come the link can't be shared?
Because s2member_file_download_key ("eBook.pdf") = an installation-specific hash of s2member_xencrypt(date("Y-m-d") . $_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . $file)

What step am I missing? Specifically, I don't understand this part:

Because s2member_file_download_key ("eBook.pdf") = an installation-specific hash of s2member_xencrypt(date("Y-m-d") . $_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . $file)

[/quote]

[Jason Caldwell]

Thanks for the great questions.

~ I've put together a video tutorial covering this very topic.
http://www.s2member.com/file-download-options-video/

Please let me know if you have any questions after having watched the video.

[mrsshopper]

Hi Jason, thanks for the video link. I just watched it and am still stuck with the same issue. I have the pass key and Exec-PHP plug in activated, and but the link (a tiny.url link) is still being able to be accessed from various computers at different locations. I can send you the link and hash code if you like to take a look and see if you can help. Thanks!

[Jason Caldwell]

Hi there.. thanks for reporting back.
Where is the tinyURL coming from exactly?