Monday, November 29, 2010

PrestaShop TIPS - How download a ordered file without log in

At PrestaShop, if you ordered a downloadable product like a eBook,you will receive an mail with a link to download the file. But by default, when you click the link in the email, you will be redirected to authentication page to log in.

This is a normal and safe way, to protect store owner files. But some store owners think it is necessary to do so, because we already have a hashed key in the link something like below.

I also agree, because
  • It is very hard to figure out the link if you don't know the link. It is secure enough to protect your files.

  • If someone want to distribute file, he/she doesn't have to distribute the link, he/she could distribute the file itself.

  • So if you really want make it convenience for customer to download from link in email without logging in, you can make following changes to make this happen.

    comment out following two lines (line 55,56) in file get-file.php

    //if (!$cookie->isLogged())
    // Tools::redirect('authentication.php?back=get-file.php&key='.$key);

    No comments: