Show Bid Request
ASP shopping cart add-ons
Bid Request Id: 28263
|
|
|
|
Posted by: |
strfle (2 ratings)
(Software buyer rating 10 )
|
|
Posted: |
Sep 21, 2002
8:31:39 PM EDT
|
|
Bidding Closes: |
Sep 28, 2002
10:13:13 PM EDT
|
|
Viewed (by coders): |
303 times
|
|
Deadline: |
10/4/2002
TIME EXPIRED
|
|
|
|
|
Description:
#1 Problem: We want to use the candypress shopping cart on our website. By default, the shopping cart can support electronic payloads (downloads.)The shopping cart has a download script(sysDownload.asp) which does not reveal the true location of a file download and does not allow the product to be downloaded unless it has been payed for. The sysDownload.asp outputs a random link to a file located in a downloads folder(included on the program). The problem is that the download folder is not secure, anyone could index(find all of the pages) our site and find out/steal all of the files in the download folder. We could rename the downloads folder to an indescreate name but this still poses a security hazard.
1) What we need is for the download folder to be password protected somehow and the sysDownload.asp script to electronically type that password in when it needs to access a program from the download folder. This would prevent anyone from trying to access the download folder directly from the web without paying.
#2 Problem: There is also another problem in the script that we need to address. Once a paid order has been processed the sysDownload.asp gives the customer the ability to download the file. The only problem is the link can be shared with anyone who has not logged in.
2) What we need is for the link to only become active and downloadable once a user logs into the shopping cart, once they log out it becomes inactive. This would prevent a customer from telling another customer the download link.
Note To Bidder: In the zip I have included the email I recieved from sales explaining exactcally what I want and the candypress store front 1.8 free version. Information from me is in the NoteToBidder.doc. Please read the EmailFromTech.doc it contains important information.
Please give me comments if you know there is anything I can do to improve my request.
Thank you...
Deliverables:
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Installation package that will install the software (in ready-to-run condition) on the platform(s) specified in this bid request.
3) Complete ownership and distribution copyrights to all work purchased.
4) The alterations to the sysDownload.asp may not affect the original function of the script.
As in the original manufacture features, the time of day download, random link creation, the limit of downloads, and ip logging etc., still needs to work with the back-end (features in the email from technical support.)
5) Completed program must be in Asp work with the candypress shopping cart.
Platform:
Asp
Windows
All web browsers
Must work with candypress shopping cart.
Must be 100% finished and received by buyer on:
Oct 4, 2002 EDT
Deadline legal notes: All times are expressed in the time zone of the site EDT (UT - 5). If the buyer omitted a time, then the deadline is 11:59:59 PM EDT on the indicated date.
Additional Files:
This bid request includes IMPORTANT additional attached files. Please download and read fully before bidding.
Remember that contacting the other party outside of the site (by email, phone, etc.) on all business projects < $500 (before the buyer's money is escrowed) is a violation of both the software buyer and seller agreements.
We monitor all site activity for such violations and can instantly expel transgressers on the spot, so we thank you in advance for your cooperation.
If you notice a violation, you can report it to: abuse@rentacoder.com.
|
|
|
Bidding/Comments:
|
All monetary amounts on the site are in United States dollars.
Rent a Coder is a closed auction, so coders can only see their own bids and comments. Buyers can view every posting made on their bid requests. |
See all rejected bids (and all comments)
| Name |
Bid Amount
|
Date |
Coder Rating |
|
|
|
|
$35 (USD)
|
Sep 23, 2002
12:20:30 PM EDT
|
9.71
(Excellent)
|
|
|
I have installed and tested the CandyPress software. It is not very well done but simple for the way it looks. The unique key generation is not really required. This is done probaly to identify duplicate order of the same product or for some other reason which I can not fugure out because the final thing that sysDownload.asp is doing is redirecting to already predifined download page (in admin section/utilities->download page relative to scripts folder). So basically no protection for any files on server side. Client loging is also not on security level (it is only used to identify custumer/order and status). So basically I would just add one more page that will require user to be loged in before downloading this file which will sit in Download folder which must be a folder set for scripting access and not folder for read access. Since everyting in this application is not scripting access you can safaly set the partent folder as folder for scripting access. Please note that doing this will disable Upload feature, whcih will not be usable any way if you decide to have user level access to this folder.
So it is doable this way, but I would go for CGI (exectuable program) that will manage downloads (send pages or files to web browser) or creating external solution (a separate web application to validate user name and password).
I will try to do the simplest thing to do (as you have requested) and that is to ask user to supply login credentials any time download is requested. So that would be most suitable. Expect later on today some fix from me, no matter if you select or reject my bid
Best regards,
|
|
|
|
|
|
|
N/A
|
Sep 23, 2002
3:15:51 PM EDT
|
9.71
(Excellent)
|
|
|
As promised earlier today. I have done log-in request before downloading the file. Please make backup of sysDownload.asp file in scripts directory and make sure you put the one in atachment.
Please let me know if this one is working for you. It worked on my local server.
Best regards |
|
|
Attached File
|
|
|
|
|
|
maxxsoft