Hi Deian,
2. It`s ok, the paypal separation was an idea and I can live with one account.
1. Let me reply in general, so every reader understands it:
Whenever a file is placed within the public folder of your webspace,
commonly a root folder starting with /www/ or /html/
lets say in your /html/joomla/ installation, it becomes visible and accessible
for the internet, which means in potential for everybody else who is online.
You can protect direct linking with .htaccess, which is what you are doing,
but you cannot protect the file against direct access.
One kind of direct access is ftp for instance, but this is not the only one.
This is why there are so many efforts and tricks
to secure a file within this public root folder when needed,
but as long as the file resides there,
it remains visible and accessible for everybody who knows how to do it.
When a file on your webspace resides outside that public /www/ or /html/ folder,
you don`t need to do anything, because it is neither visible nor accessible.
I.e. my current shop sends purchased files from a "files" folder
outside the public /www/ or /html/ space.
The individual selling items are directed to this folder via absolute path.
This is the point where it makes sense to protect the direct linking.
You basically protect the linking adress not to be shown to the buyer,
so nobody knows where your non public "files" folder is.
So, .htaccess direct linking proection makes sense
when files are outside the public folder,
when you don`t want to showcase the file`s webspace adress
and you don`t allow direct access.
But your .htaccess direct linking proection is only a partial solution
when a file is within a public folder,
because it is already visible and accessible per se.
It is like trying to hide the adress to the buyer,
but everybody else can see and access it.
There are people with proper search tools
who are doing nothing else but scanning this public folders
and grab whatever it`s there.
If they don`t get what they want online,
they simply mirror the entire public folder and all its content on the hard drive.
Now, even if only some profis can bypass all the known tricks,
the problem is, once your files has been leeched,
they are going for free into the public sharing networks.
That means not only one successful leecher is not going to pay for it,
but millions who are connected to those sharing networks and you are doomed.
Just to mention it, the .htaccess file or your selling itms
can be manipulated in whatever direction once the folder is accessed.
I am sorry for the long reading, but I think this issue
has not been taken seriously enough
and most people are even not aware of it.
This is the only backdraw I see on your product
and I`ll have to think about it.
Otherwise, it is well designed and matches everything else.
