1) in includes/sessions.php find:$user_info = $site_sess->return_user_info();
insert below:if (!isset($allowdownload) || empty($allowdownload))
{
$site_sess->set_session_var("allowdownload", "");
}
2) in includes/functions.php find: $allow_download = 1;
Insert below: $site_sess->set_session_var("allowdownload", time());
3) in download.php find:$main_template = 0;
Insert below:$allowdownload = 1;
Then find: if (!check_permission("auth_download", $image_row['cat_id']) || !$image_row) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
Replace it with: if (!$image_row || !check_permission("auth_viewcat", $image_row['cat_id']) || !check_permission("auth_viewimage", $image_row['cat_id'])) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
else
{
$allowdownload = $site_sess->get_session_var("allowdownload");
// if (!check_permission("auth_download", $image_row['cat_id']) || (time() - $site_sess->get_session_var("allowdownload") > 60*5))
if (!check_permission("auth_download", $image_row['cat_id']) || !$site_sess->get_session_var("allowdownload"))
{
header("Location: ".$site_sess->url(ROOT_PATH."details.php?image_id=".$image_id, "&"));
exit;
}
}
(note, this step also fixes a bug in 4images which allow people download images that they were not allowed to view!)
In step 3 I've added 5 minutes timeout, meaning visitor must click on download button in within 5 minutes after opening details page, otherwise it will simply refresh the page with another 5 minutes timeout. To enable this feature, use the commented out condition line.
P.S. all this not tested