Specific Post/Page with file protection

hi, I’ve read as much as I can find on the subject but I’m thrown by the inline doc ‘ A Specific Post/Page that is protected by s2Member, might contain a download link for your eBook, access to file & music downloads, access to additional support services, and the list goes on and on.’

So how is the file path secured?

At present I’ve uploaded my desired pdf to /plugins/s2member-files/merryandbright/merry_ebook.pdf

I cant see how I create the capability or secure download key based on the Specific Post/Page Buy Now Button.

Am I just to add additional shortcode script to the existing auto button generated code? Or am I going about this the wrong way?

Thank you.

*small update after reading more docs @ Advanced Download Restrictions.
Is this correct?
step1. user checkout access to Specific Post/Page
step2. is return url direct to Specific Post/Page?
step3. download with key implemented within url for security

I’ve implemented the key function as described and now my download link produces eg. /?s2member_file_download=merryandbright/merry_ebook.pdf&s2member_file_download_key=27d85c5004014b57716eae278e420a43 ( so I presume this is working correctly )

as admin on click I get error: 503 ( Invalid Key ): Sorry, your access to this file has expired. Please contact Support for assistance.

I’m probably missing something very obvious but I’m presuming whatever is passed in the url in step2 is generating a valid key for purchaser? Please will you confirm this process for me.

• This topic was modified 4 years ago by  David Hunt.
• This topic was modified 4 years ago by  David Hunt.
• This topic was modified 4 years ago by  David Hunt.

Hi David.

Right, using the download key is the right approach.

Are you using that key you posted, or are you generating one on each page view? (Should be the latter.) [hilite path]Dashboard -› s2Member® -› Download Options -› Advanced Download Restrictions[/hilite]

Do you have the basic download restrictions configured? Just checking. [hilite path]Dashboard -› s2Member® -› Download Options -› Basic Download Restrictions[/hilite]

Hi Cristian,
Yes I have basic restrictions set. If I set up a user with cap ‘merryandbright’ (name of directory) they get access to downlaod with popup limit warning, so I’m sure all is well.

Yes, I’m generating the key in page using php.

echo s2member_file_download_key("merry_ebook.pdf"); ?>

When I mouse over the download I see a dynamic url is produced.

Please let me know what I should check next.
Thank you. David

*I’ve sent you access just in case it helps.

• This reply was modified 4 years ago by  David Hunt.

Yes, I’m generating the key in page using php.

The code you posted is incomplete. Is that the way you have it or did it get altered when you posted it? Make sure you post it inside HTML code tags so it comes out correctly, please.

*I’ve sent you access just in case it helps.

I didn’t receive it. Could you re-send it, please? Thanks. :)

Code Snippets
Edit Snippet ID: 1
Shortcode: [php function=1]
all snippets automatically start with

<?php
echo s2member_file_download_key("merry_ebook.pdf"); ?>

yields: http://deliciously-raw.co.uk/merry-ebook/
http://deliciously-raw.co.uk/?s2member_file_download=merryandbright/merry_ebook.pdf&s2member_file_download_key=ea0d11a41fad1318a09cd636c401755d

BUT, if I refresh page should I get the same key? eg. s2member_file_download=merryandbright/merry_ebook.pdf&s2member_file_download_key=ea0d11a41fad1318a09cd636c401755d

user details:
cristian cristian+testing@xxxxxxxx.com Administrator

can I mail password if you haven’t received the invite?

• This reply was modified 4 years ago by  David Hunt.
• This reply was modified 4 years ago by  David Hunt.

Hi David,

It looks like the problem is that you’re putting files into subdirectories in s2member-files, and you didn’t put the subdomain into your call to s2member_file_download_key();.

Try this instead:

<?php
echo s2member_file_download_key('merryandbright/merry_ebook.pdf'); ?>

ah, that is so obvious to me now, apologies! Thanks for your help Cristian and Bruce.
ps. after looking at many other solutions, I think this is a really great way to serve up buy now – secure download pdf’s. Great job! d

The only thing I’m still a little unsure of how to utilise the restriction in this scenario. How does the buy now option play with the restriction control? If a purchaser gets the link eg http://tinyurl.com/dynamiclink are they then also impinged by the download restriction for level 0 user? eg.

File Downloads ( Level #0 Or Higher ): 1 every 30 day(s).
Only this many unique downloads will be permitted every X day(s), at Level #0 or higher.
* To allow UNLIMITED downloads, use: 999999999 ( i.e. 999999999 = unlimited ). ETC.

Is their key allowing 1 X level 0 access + (

s2member_file_download_key("example-file.zip") = a site-specific hash of: date("Y-m-d").$_SERVER["REMOTE_ADDR"].$_SERVER["HTTP_USER_AGENT"].$file

), so as soon as they download 1 pdf they’re restricted from any further downloads?

The main thing is that I would like to understand is how I’d use this simultaneously with a member level branch that might allow a specified number of downloadable treats based on the subscription model.

• This reply was modified 4 years ago by  David Hunt.
• This reply was modified 4 years ago by  David Hunt.

If you use the download key in the URL, it’ll override the restrictions, that’s why you can use it with non-logged in users. The same file, without the download key, will be protected with the restriction you put in place.

I hope that helps understand it better.

ah, that is so obvious to me now, apologies! Thanks for your help Cristian and Bruce.
ps. after looking at many other solutions, I think this is a really great way to serve up buy now – secure download pdf’s. Great job! d

You’re welcome! And thanks for the kudos! :)

Hi all,
I’d also like to provide a secure Pdf download for subscribers to an S2 Buy Now BBPress Forum.

http://rockstarraw.com/forums/topic/welcome/

From what I can see I can’t execute php from within the reply.

The forum is being protected via S2’s restrict url/buy now options.

How would yopu recommend providing subscribers with a secure Pdf download in this scenario?

Thank you.

There appears to be a flaw in the BBPress permalink structure when trying to protect a Forum with uri based restriction.

If I set up url based restriction to ‘forum-name’
domain.com/forums/forum-name/

as soon as a user is aware of a thread eg. domain.com/forums/topic/thread-name
the url restriction set in ‘forum-name’ is bypassed.

There’s no way to use url restriction to set a top level protection and have all threads protected within the forum-name structure.

It’s also conflicting with the logic of the breadcrumb path which shows the correct structure.
Home › Forums › Forum Name › Topic
which would allow the uri restriction to be effective.

Am I missing something?

Thank you.

If I set up url based restriction to ‘forum-name’
domain.com/forums/forum-name/

as soon as a user is aware of a thread eg. domain.com/forums/topic/thread-name
the url restriction set in ‘forum-name’ is bypassed.

There’s no way to use url restriction to set a top level protection and have all threads protected within the forum-name structure.

It’s also conflicting with the logic of the breadcrumb path which shows the correct structure.
Home › Forums › Forum Name › Topic
which would allow the uri restriction to be effective.

This seems to be the default bbPress permalink structure. I found some info online about changing these permalinks: http://wp.smashingmagazine.com/2011/11/15/getting-started-with-bbpress/

That should work, but if it does not, you will need to alter the template for bbPress topics to check which forum the topic is in, and redirect based on that, which will require custom code outside of s2Member.

Hi Bruce,
This BBPress permalink issue appears to be acknowledged but unresolved at this point. I think the best work around for now is using a uri restriction in all the topic titles eg. http://domain.com/forums/topic/restore-2013-welcome/

using restore-2013 as the S2 uri restriction

Also, did you see my note about the S2 download key not being executed in BBPress reply? This might be out of the scope of S2 support but I’d be interested to know, as you do promote the use of BBPress, if you’ve come up against this issue and whether you can recommend a work around.

Hi,
A last bit of feedback before the close of 2012!

I can access the download if I’m a paid up member here http://presspresse.com/activity/
( http://presspresse.com/members/oksoadmini/activity/favorites/ )

However, if I try and access the download via Forum post @ http://rockstarraw.com/forums/topic/welcome/
( http://rockstarraw.com/?s2member_file_download=restore/restore.pdf&s2member_file_download_key=allowphp%20function=1 )

I get 503 ( Invalid Key ): Sorry, your access to this file has expired. Please contact Support for assistance.

So, as far as a multisite setup is concerned, with activity streams and RSS, the protection is not making sense to me.

Thanks for all your help in 2012!

Hi David,

This looks like the error is being caused by your PHP Execution plugin, because of where you’re putting the code to fill the file download key. The s2Member function is returning allowphp function=1 instead of the correct key format. You’re going to need to either change your configuration to allow this to work correctly.