Password

Firstly some background.  

I have an existing eBook that I use as a gateway to a website.  So website content is displayed directly in the eBook.  

Request

I want to give access to a restricted section (folder) of the website using the eBook.  By this I mean the following:  I have a userid and password protected folder on the website.  I want only those customers who I send a compiled ebook to to have access to this folder.  In order to do so I want to be able to pass a userid and password to that folder (essentially log into the folder) from within the eBook.  I don't want any user interaction at all other than to click on a link.

Although advanced solutions using "AJAX", Javascript and WSH (Windows Scripting Host) can be used to design a security system whereby each customer has his own userID and password stored in his registry file. I'd like to suggest a much simpler solution.

If your customer has paid for your eBook, then he should be entitled to all information contained with the eBook (including web content). Therefore your eBooks only need one userID and password (set up as Activ Variables at compile time). For example: If your eBook is called "My Best Secrets" then a build in userID could be "mySecretID" and a password of "LETMEIN".

After a customer buys the eBook it would log onto your web site "secure folder" and use the userID of "mySecretID" and a password "LETMEIN" to access the secure information. All customers who bought the same eBook would use the same userID and password to access the same secure information.

The beauty of this system is that it can be used with a "Try before you Buy" demo eBook so that some information is free. Then, when a customers pays, your eBook can use the built in userID and password to access the restricted information.

Different versions or different eBooks could have different passwords and access different secure folders. And -- because the passwords are "built" into each eBook, they are hidden from the customer so they can't pass them to someone else or be used outside of the eBook itself.

Your gateway "AJAX" website connection code just needs to hand off these built in userID and passwords when it makes the initial connection.

Using such a system allows you to set up folder access with "global" userID and passwords. Then you don't need to bother with keeping track of users or maintaining a user information database with it's associated headaches.

Placing the userid and password details into the eBook will work fine, but the 'protected' pages on the website will show up in Internet Explorer's history listing.  This way a person can get access to these website pages without purchasing the eBook.  

So I guess I'm looking for a way to pass off these passwords to my website using: '"AJAX" website connection code'.  

How is this done?

I wasn't aware that site "visited" information was transferred from an Activ E-Book to Internet Explorer's history listing. That might be the case, but without first purchasing the eBook the customer wouldn't have access to the "folder" or the restricted information anyway. Then, after making his purchase, you could say he was eligible to view the information.

In any case, after the initial connection is closed by the eBook, wouldn't your folder security request a password before allowing anyone to access it's information?

The usual way that variables are passed using "AJAX" is with the "GET" method. The variables are sent with the connection URLhttp://mywebsite.com?userID=mySecretID&password=LETMEIN.However, this brings up the possibility of users snagging the variables from the address bar.

A more secure method probably could be devised whereby the "AJAX" handshake sends a "formula" driven variable along with the userID and password. The eBook could send the userID, password and an MD5 code number created by combining the eBook {user} number with the present time (minute or hour).

When the website receives the "Ajax" request it could use a predefined {user} number and the present time (minute or hour) to create a complementary MD5 code and compare the two. If the two MD5 numbers matched then the website code could apply the userID and password to display the restricted content. This procedure would unsure that only the eBook could access the restricted data.

Having dabbled with "AJAX" myself, I know such coding should be possible. As I said in my earlier post however - coding at this level, is very specialized and complicated and it's doubtful that anyone will have a complete solution. It will probably take many hours of effort, time and testing to design an automatic system such as this.

In the end, (depending on your own skill level) you might need to resort to an "online" log-in procedure.