Check the eStore’s link shortener feature before going through the download validation script location customization instruction (a lot of users find that the link shortener feature is all that they need):
WP eStore’s Encrypted Link Shortener Feature
WP eStore has an automatic link shortener feature which can shorten all the encrypted download links before giving it to the customer. This will make the encrypted links look short and more manageable.
Go to WP eStore settings and check the “Shorten Encrypted Download Links” option to enable the auto encrypted link shortener feature.
Customize the Validation Script Location
This customization is NOT needed for any functionality. The instruction exists merely for anyone who is interested to do this. So I recommend that you use the default value.
This customization involves a little bit of code modification so before you attempt this you must test the plugin with the default settings and make sure everything is working as expected. It is also not a good idea to try this if you are not a developer.
Since this customization involves custom code modification, we have no way of troubleshooting any issue that may arise from this change. If encrypted download stops working after this customization then you need to undo your changes. The following instruction will help with that:
The download validation script validates a download request from a client and fetches the appropriate file for download after verification so the client never knows the real location of the file.
1) There is a file called “custom_download.php” in the “view” directory of the plugin. Copy this file to the target location.
2) Rename the “custom_download.php” file to “download.php”.
3) Now update the value of the “Download Validation Script Location” field from the settings menu to the target directory (include trailing slashes). For example,
If your WordPress is installed in the root of your site then you are done.
If you have installed WordPress in a sub-folder on your site (example: www.yoursite.com/blog) then you need to do one extra step.
4) Open the file your just copied and renamed and edit the value of the “$wp_home_dir” variable to the name of the subdirectory that contains WordPress.
In this example, the line should look like:
A big thank you to The Assurer for getting this new method sorted out.
Note: We provide technical support for our premium plugins via our customer only support forum
Thank you for this post, you help me.
nevermind….this post here (http://www.tipsandtricks-hq.com/forum/topic/receiving-download-but-but-link-doesnt-work-404-not-found) contains the solution!
I’m testing out the eStore plugin in sandbox mode and have some issues with the download link that I receive in the purchase email.
Everytime I click on the link I get redirected back to my site and it says:
Sorry, no posts matched your criteria”
I didn’t change the “download validation script location” so I’m sure that’s not the issue.
Under “add/edit products” the paths for each of the mp3 files I have for sale start in “wp-content/uploads/etc/mp3filename.mp3”
So my questions are:
Is there an issue having eStore pull the files from WordPress uploads folder?
Do I have to use .zip files instead of mp3?
Do I have to move my mp3 files to another location on my server? (Which I’ve already tried and tested with no success).
Please can someone help me out! 🙂
@MD, yes you are correct.
Just to clarify, I don’t even have to worry about customizing the download url or anything related to the download validation script. I should just leave that “Settings option” as is. Is that correct?
Obviously I will fill in my download url under “Add products” but I don’t have to worry about the above right?
Hi Munch, This appears to be a server issue. It looks like you are using more memory then your hosting allows you to. You may want to check with them and see if there is a limit on the size that a download can be or how much memory you have for downloads per month.
The eStore does not limit the size of a download or the memory that is used on your site.
i’m getting this error message. not sure if it’s related to these files but think so:
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 23331883 bytes) in SERVERPATH/ETC/wp-content/plugins/wp-cart-for-digital-products/download.php on line 114
“serverpath/etc/” is me replacing the actual paths.
Hi Mike, the first question is do you really need to modify anything at all.. because you can place your downloadable files anywhere you like without any script modification. The following URL will explain it in details:
It is best not to modify the script as it will make it hard for you to upgrade the plugin. So have a read through the above post and let me know if you really want to do this customization and I will give you some more pointers.
I am understanding the overall concept in theory. However, I am lost when it comes to the practicality of changing the code.
For example, right now the files I am testing are in the default directory:
However, I might want them to be in the following directory:
Now, when editing the download.php and eclasses.php files, what will I actually be changing? If I am understanding the overall concept, the system will appear to be pulling the digital files from the downloads folder, however the change in the download.php script tells the files to be pulled from my directory of choice, correct? I am just confused on how what exactly I need to type out when editing the script so that the system can find the actual directory path of where the real files are located.
Also, what changes do I need to make to the estore_classes as well? One more thing. Do I need to modify the wp-load.php file as well?
Also, this may very important to know. This website is not the main root domain of my website. It is an addon domain I added via the Control Panel on my hosted server plan.
Thanks again everbody!
Hi Mike, the following URL should explain it more:
If I change the directory for my downloadable files, will this make the overall process more encrypted, or does this just limit the amount of directories and make the entire process a matter of convenience to the administrator to not have the files located deep within the wp-content/plugins/wp-cart-for-digital-products directory?
Personally, it does not matter to me where I locate my files. However, I certainly don’t wish to have the overall encryption and security compromised.
Can you please give me some more insight into this, as well as other ways which go hand in hand with this plugin to help my site become more secure?
Ok Last post, I solved my own problem, and I’m gonna explain the problem and the solution all here in case anyone else runs into this. There were two main problems:
1.) I was generating links and the box would come up blank.
2.) if I got a link, i would get “Requested File…” error
Well i thought these problems were being caused by the same thing, but alas, they were not.
Issue one, was a digital product with ‘digital product variation’. And if you use the generate link command with it, its not going to give you a link, so maybe this could be fixed in a future release of this software?
Issue two, my download location I included a ‘ / ‘ at the beginning of the download location, which is incorrect procedure, so my links were returning file not found.
oh more information that would probably help, I have the Download.php file in
so where do i need to put the actual digital files so that i can have the link work. As of right now when i try to generate a link for some it comes up blank, and for others it give me the file not found…. bleh, everything works fine when i have the default location enable for the download validation script however, so i’m assuming its a problem with my relative URLs for the digital product delivery?
Just did this, followed everything exactly. I’m using /downloads/ as the directory and now everytime i generate a link i get “Requested File Could Not Be Found” halp?
@Ken, No, the file needs to be in a place where the browser can access it.
can the downloads directory be in the “root” directory, rather than the public_html directory?
Ah okay. I didn’t pull apart your script. So you can really place the files wherever you want then which is really good to know.
It’s just the scripts which need to reside in a particular directory. If I had known that, I would’ve just left them in their default location…
Hi HDResource, You may be confusing the Location of the “Download Validation Script” with the downloads directory.
Please note that the following is the link to the script that validates a download request from a client and fetches the appropriate file (this is not the location where the file is stored):
The actual downloadable file can be anywhere on the web. You can put it under the downloads directory but you don’t have to. The file can even come from a 3rd party storage site. For example the above request could fetch a file from the following URL:
How are you suppose to guess that file location? Only the pugin knows where the actual file is and it will fetch the correct one when someone clicks on the link that gets sent out to their email after a purchase. Let me know if this explanation helps.
Two more things that might be helpful to people. You may want to add:
to your .htaccess file found usually in the root directory of your website. I usually use a ftp program (filezilla) to pull it down. Edit the file with notepad and add the line above. Then reupload it overwriting the original.
This line prevents people from directly seeing what exists within directories.
I avoid Hotlink protection because I think it can mess with search engine rankings on some sites for which you want engines to find files.
I should add that I’m also assigning a randomly generated number to the end of each of my file names – that way any ‘logical’ or ‘predictable’ structure in my naming convention for multiple files is interrupted in the case of the above example.
I’m using this site to generate my random number strings for now:
Is there a way to even further mask the download directory name from the user?
1) Let’s say USER purchases a product – the actual product name would be ‘hamburger.zip’
2) Download link is sent. It reads:
3) It asks them to save ‘hamburger.zip’ and they save. Now they know the name.
4) But the problem is, can’t they just use:
from now on??? Can they share that direct link with other people? How is that prevented?
5) Is there any way to obscure the ‘/downloads/’ directory name above as well?