Require Login For Digital Products

I run a digital marketplace and I am planning to move to CS Cart, but one thing that is making me rethink about this move is that any user can share a link from a product that they bought.

In other ecommerce plataforms we have an option to require that the user trying to download a file to login and if the user is not the same that bought the product he will not be allowed to download. In CS Cart this seems not to be possible.

Require that the user login is a way to protect the digital files from unauthorized download.

It is possible. Looks like you mixed up attachments with downloadable products

Please check the following articles:

https://docs.cs-cart.com/latest/user_guide/addons/attachments/attach_files.html

https://docs.cs-cart.com/latest/user_guide/manage_products/products/downloadable.html

Hi!

I apologize, I had not seen your message :)

I checked both links and maybe I explained it wrong.

When a customer buy a downloadable product, he receive a link where he can download the file. The issue is that any user with this link can download the file even those who didn't buy it. This doesnt make too much sense.

The most similar way of trying to prevent this is to put a expiration time on the link, but it is still a bad method, as this makes unfeasible marketplaces where the customer can download the file several times like due to updates.

But how can customer who did not buy a product find download URL ?

But how can customer who did not buy a product find download URL ?

One user that bought the product can share his link to other users.

Okay, nothing prevent the client upload the bought file in a directory, but one thing is when the customer does this outside your site, another is when your own site already allows it.

This is a strange thing from CS Cart, all the other tools I worked with at least had a setting to force users to log in to download the file. As this is my first time with CS Cart, I am not sure if this can be easily customized.

One user that bought the product can share his link to other users.

In this case he can download the file and share it with others. Isn't it?

In this case he can download the file and share it with others. Isn't it?

Yes, as I said nothing prevent the client to upload the bought file in a free open directory to everyone download, but one thing is when they do this is another website, other is when your own website can be used by this. I think the authors of the themeforest would not be happy if anyone could download the files directly from the site, even though there are a lot of sites where you can download the themes :)

The easiest way to make authorization required is to open the following file

app/controllers/frontend/orders.php

and replace

if (empty($ekey_info)) {

with

if (empty($ekey_info) || empty($auth['user_id'])) {

Thanks! I will test later.

Is there any way I can make a donation for help?

Thanks! I will test later.

Is there any way I can make a donation for help?

It's not necessary. Thanks