Hi everyone! Hope you are all doing well :). I just noticed a strange issue with My Downloader, a free script I have been using for a few years now, that allowed visitors to download various types of files from one of my sites. It looks like someone visited the admin page, and put in information for blank files -- with this script, the admin page can be accessed without a password and information can be filled in and the submit button clicked without a password as well...which I think is what happened...because there are more than 30 listings of blank files above and inbetween my actual files. And the number continued to grow as if someone kept clicking submit, which is why I finally pulled the page.

I have removed the download page temporarily, and am looking for a replacement script. I would like it to be free preferably, and have the admin area set behind a password login. I am also interested in a script that would allow me to list some files as free downloads and some with a price (with a limited number of downloads).

Any ideas and suggestions would be greatly appreciated!

Thanks so much for reading! :).

No suggestions, hmmm?? :(

Sorry, I just don't use a script like this on any of my sites, so I have no experience to share on this topic.

Have you tried searching any of the script directories, like HotScripts.com or CGIResources ?

Thanks Sheila,

I've tried those...so far I have not found anything easy to implement. Do you offer files to download? If so, how do you offer them?

nvm again...

I've tried those...so far I have not found anything easy to implement. Do you offer files to download? If so, how do you offer them?
I do offer files for download. I just offer them as a link. I'm not trying to restrict or control the downloads in any way. Anyone who wants the files I put on my site is welcome to them.

If you want a download manager, our own DanK offers such a script that he wrote himself:
D-man (http://abledesign.com/programs/d-man/)
It's not free, and I have no personal experience with it, but he has mentioned it in these forums in several places and as he describes it, it is a good download manager program. I'm pretty sure he uses it himself.

Thanks much Sheila :). I have never worked with a database before... hmmm...

It looks like someone visited the admin page, and put in information for blank files -- with this script, the admin page can be accessed without a password and information can be filled in and the submit button clicked without a password as well...which I think is what happened

If I am understanding correctly, then yes, this seems likely. This script enables someone to upload a file to your account without a password?!? What is to prevent someone from uploading a PHP script that could then be used for all kinds of nefarious purposes? If there is no protection against this, then I would do everything I could to verify that your account has not been compromised.

Regarding your initial question, I think the simplest solution is to lock the admin page down by moving it to a password-protected directory. If the admin page requires access to any other files, just create a symlink to the external file(s) within the protected directory. This is the way I would have configured it to begin with.

-Matt

Hey Matt,

If I remember correctly, I was able to upload file information without a password...this script didn't enable me to upload files -- it basically just linked to the place on the server where I had put the file, and allowed visitors to download that file. But since information can be put in without my permission, I will not be putting this script back online anytime soon.
As soon as I get a chance to, I will check out Sheila's suggestion to see if it works for me :).

Thanks again!