I bought an info product the other day on eBay. I happened to go almost immediately to my email and my e-mail confirmation from the seller was already there. I clicked on the "Download from here" link and had the product in a few seconds.
How does this work? I presume it is some sort of automation software that does it all while the seller is sleeping or off on vacation, but I haven't seen this in cruising around. Any reason why I shouldn't look into this as a method to sell ebooks?
this technique is known as your "passback parameters". It allows you to pass a customer back to a specified page once their order has gone through. You said you bought the book off of ebay, which means that ebay probably has some type of tool built into their system to allow you to bring your customers to a specific page once they have ordered your product. Or it may send the purchaser and email, in which cas you could just put a download link in the email.
The process for automating the download for paypal is like this - On your order page you have to put the button that you can generate by loggin into paypal account and selecting the "Buy Now" buttons under Merchant Tools. When you will generate the button it will ask for the target page that is the page where the user will be redirected after the completion of payment Order Page ---> Paypal Processor --->Download Page Thats it. You can check the Paypal stuff on my sitewww.webamplayer.com.
I sell info products on ebay but do not use any automated system, however once someone buy's my item and had paid via paypal, on receipt of paypal confirmation email to me i forward the download link to my website where the buyer can download the purchased item.
But there are some sellers on ebay they use outlook express to forward download links automatically, the problem with using this method is that when someone purchases your item and only wrong amount for the item, then the outlook express will still send the download instructions, outlook express has no way of knowing it how much someone has paid.
On the other hand there are professional service sites like the one suggested by storyman, and also there is a script which you can use if you know your way around configuring website scripts which will allow the seller to configure there info products sales via auction sites and forward the download links all this is interlocked with the payment merchant site.
PS: Ebay or any other auction site to my knowledge do not offer any methods of linking your info product downloads after payment, i might be wrong please correct me if someone know how to.
I can secure a paypal link using paypal IPN. The person who is buying will never be able to trace the actual location of the file in your server but will get the download link as a random numeric link (php session id).
The session ids prevent leeching of your product. Because the buyer will never get the physical location of the product on the server, he wont be able to access your server location in the future or pass the same to his friend to bypass your payment processor...however this does not stop the piracy of your ebook itself as he can just pass the ebook to his friends or associates.
The reason I ask is that PHP has known vulnerabilities and was curious about the security of session ids. I just Googled "hijack session ids" and a slew of articles appeared. Here is one from Site Point.
I wonder if you guys are talking about the same session IDs
PHP has a feature where it can identify the browser session, and it calls this a session ID. If a new person opens the browser at the same URL, or the same person returns later, they get a different session ID.
Maybe I'm misunderstanding, but aritrim seems to be talking about some sort of customer ID, rather than PHP's built-in session ID feature?
When it comes to PHP it pays to double check since different versions have different vulnerabilities. If we are talking about PHP 5 that is an entirely different animal that PHP 4.3 or even PHP 4.0. A lot depends on which version is loaded on the server and how the ini file is configured.
One thing that is worth mentioning in regards to Aritrim's earlier comment about ebook sharing. With Activ's 1,000 possible registration numbers it really isn't a factor if someone shares their ebook with others since there is a 0.1% chance of the registration number working on any two computers.
I'm not sure how this would be implemented with Ebay buyers since once the ebook is downloaded they still need to activate. Maybe Aritrim's approach could be integrated with Activ's system so the keycode would correlate with a table of registration codes.
The advantage would be if the buyer did attempt to share the ebook the second level user would see the preview version instead of the entire ebook. In addition the friend would be able to purchase the ebook by using something like Microcreation's APS (Automatic Payment System). The trick is sharing the Ebay buyer's key code with a MySQL table that provides the registration number, is secure, and can only be used by that one person from just one machine.
I'm not a PHP guru by any means and we could very well be talking about different things. Some time ago I recall reading about what you describe, "PHP has a feature where it can identify the browser session, and it calls this a session ID. If a new person opens the browser at the same URL, or the same person returns later, they get a different session ID" as a security risk for versions earlier than PHP 5.0.
If we are talking about different PHP session ids, hopefully Aritrim we clear up the matter. Since he used the term "PHP session ids" I took it to mean just that. It would be interesting if he's creating a customer id with an unique url that cannot be used by anyone else. They only way that comes to mind is by verifying the IP address. The security flaw in that comes from spoofing of IP addresses, which spammers have been known to do--so it is possible.
I wish I could recall the details but remember enough to be cautious about securing session ids used to identify a user. If Aritrim has knowledge about this matter and can provide links regarding the security that would be most helpful. It's a big subject and I'm still learning.
Hi Storyman and Sunil, Actually I am neither a PHP guru as well. When I launched my product I found that I was having leeched downloads from my server everyday and I needed to stop that. At the begining my download page was quite simple like after completion of payment you were taken to a Thank You page where you find a link "Click here to download" you could also get the *actual physical* location by viewing the source of the said page. So later you can just tell your friend ok Harry you can download this from here - http://www.onedomain.com/download/stuff.exe
So I had to implement something to stop it. Now when you complete your payment you wont get any physical address of the location of the file on the server. Instead you get a random URL based on your session id (generated through MD5 hashing) and after you download the product you will never be able to download it clicking the same link again... The following is just a fragment of code I am using...
Storyman, Can you please elaborate the requirement. Generally to generate a activation key a decrypting algorithm is used. For example if you use the session id as a registration key ... you pick up leftmost 10 characters of the session id ... reverse string it ... do some more manipulations and generate an unique registration code. Correspondingly that registration code when keyed in to your software/ebook registration module it should be able to validate it. But this will involve some hassle I think. However I can think of a better solution. It will be like generating a unique key after the user completes his payment but NOT using the session id rather using your own encryption algorithm. The key will be random. On the software/ebook the corresponding validation module will be attached to validate this key and ensure access to user. For software it wont be a problem. But for ebooks a custom built exe wrapper may be necessary.
One of the benefits of Activ is that a 1,000 passwords can be generated, each of which correspond to an unique registration code.
The key code is derived from the serial number of the hard drive. The end user provides the key code and a table supplies the corresponding registration code.
What I'm thinking is when a purchse is made on Ebay they are sent a link. The link is to download the ebook. Once the ebook is opened they click on a link that will direct them to a secure location that supplies the corresponding registration code.
The problem is you don't want the link to work for anyone else. Otherwise it could be used by others to retrieve the registration code. I'm thinking that there must be a way to create a session id that will allow access to an unique url either once or for a twenty-four hour period.
This problem seques into another idea that I think could benefit ebook producers. That is the ability for someone to buy an ebook as a gift for someone else. It is the same type of problem. The buyer makes the purchase and an email is sent to the receipient, who then clicks on a link to retrieve the ebook. Once opened the ebook then retrieves the corresponding registration code based on the key code derived from the hard drive serial number.
I've thought about the gift ebooks for awhile, but haven't come up with anything that is practical. Maybe you can think of something.
Ok now we need a database. And it will be MySQL obviously. So we create a table "customers" with 3 basic fields. Later we can extend it to however a few more. Field1 - Regcode Field2 - Password Field3 - Count we will have a front interface with 1 text box on the webpage Your Registration Code:
The user after purchasing now gets his registration code and he will be redirected to this webpage. Correspondingly he gets the password. But for each fetch we increase the counter by 1 in the database. A Regcode is locked if the counter reaches 2 or 3 or 5 or whatever you decide. So after a regcode is locked it is basically deactivated unless you reset it to 0 again in database.
You can add another important option here - the payment transaction number...which will not be accepted ever as a duplicate...which means payment transaction number + registration number jointly if valid will produce a password. If the payment transaction number already exists in the database...the user will be informed that he has already got his pass, incase he has lost it he will have to contact the seller personally. Let me know if this helps.
Let's say someone purchases a gift ebook. They are given a link that contains information to the transaction number and url to download the ebook.
Once the ebook is downloaded (keep in mind that they initially download a preview version that is complete, but has locked pages that they cannot see.)
The gift receiver clicks on the link within the ebook. The are asked for the "gift number", which goes to table #1 and retrieves a transaction id number.
The transaction number is then married to the key code id number (that has been supplied by the ebook) and stored in table #2.
Of course table #3 has id number, key code, and registration number.
As you said this approach would track a user's access to the registration number. It would also lock in the key code/registration number so it wouldn't matter if anyone else accessed it because they would be given only the corresponding registration code to the real user's key code.
As you mentioned adding a counter to table #2 would allow the user to change the key code/registration number combo when reset to zero.
This approach seems doable and provides the security needed with one caveat--that the transaction numbers are randomly generated alpha/numeric characters.
In the matter of Ebay the only thing that is changed is the transaction number. Do you know if there is an Ebay (or better yet PayPal) hack that will pull the transaction number from successful transactions?
Are you interested in doing the 'same' thing? Most affiliate software programs will allow the same process to take place, if you're buying an ebook outside eBay. For example, you could be purchasing through Clickbank or Paypal and the software would process the entire transaction from start to download. I can make suggestions or you can see how this works on my site with a free download. Regards.
isuccess, Not Sure what you are trying to say. "For example, you could be purchasing through Clickbank or Paypal and the software would process the entire transaction from start to download. " -> Yes, however our discussion here relates to hiding/cloaking/expiring/securing of download links to prevent leeched downloads which unfortunately is NOT provided by your mentioned payment processors. There are a few scripts out there which needs to be purchased and some among them are good while others arent. We are trying to discuss a feasible solution and then perhaps test it practically.
The advantage with both of these systems is that the user can download the ebook before purchase to evaluate the ebook. The benefit is two-fold. First, the user has an evaluation copy on their system, which translates in fewer refunds because: a) they know it works on their system. b) they know exactly what they are getting for their money.
Second, when the user decides to make the purchase they are given the required registration code at the conclusion of the purchase that unlocks the entire ebook. Even if the ebook is accidently deleted from the drive simply downloading the ebook will give the user full access to the ebook once again.
An added benefit is that the same copy of the ebook can be shared with friends. When the friend opens the ebook they will only have access to the evaluation version of the ebook, but when they purchase the ebook they too will have full access--hence, viral marketing. (The likelihood of two friends having the same registration code is 0.1%--one in thousand!)
My goal is to steer clear of breaking out of the viral marketing cycle. What I saw in your suggestions is a way for a user to be given a receipt number that they input into a link that then takes them to a database that in turn provides the registration code to unlock the entire ebook. Without a valid receipt number no registration numbers are provided. Also, if someone else attempts to use the receipt number they will only be given the registration number that corresponds to the original key code.
I'm not concerned about downloads. In fact my feelings are counter to those who use alternate ebook compilers that don't contain the power of Activ 1,000 possible key codes. Not everyone agrees on everything, that's why they have horse races (and different ebook compiliers.) My thinking is to make it as simple as possible for the end user and to reduce the number of steps to the conclusion of the transaction. Also, I don't want them to purchase it if they are going to have trouble downloading it or getting it to operate on their system. Any way, those are my goals and I think you have provided a way to make gift ebooks a possibility. That is that someone can make the purchase and then send a link to a friend to unlock their copy of the ebook.
In addition to gift ebooks the same system makes it possible to sell through ebay. Their successful payment receipt number will link to only one key code, which translates into only one registration code. Of course, your suggestion to be able to reset the count to zero will allow the user to access an entirely different key code -- registration number combination (and of course that would then be locked until the sys op sets the count back to zero.
The real beauty of this approach is that leeched downloads are a thing of the past (of course hacking the MySQL database is always a concern, but one that is very minimal.)
Hi, When I originally came accross this thread the question asked was regarding an instant download system for digital products on eBay.
I used a script called GRIGG which did the job pefectly. As soon as someone made their payment via PayPal the system would email them with the download URL of the item I had sold.
The only drawback with this is that email isn't guaranteed to get delivered but while using it I noticed my feedback begin to glow red hot as eBay buyers don't expect to receive their download within seconds of making their payment.
Here is a link to the site for the script for which I am not an affiliate of, I just wanted to help out.
With any business, it is up to the individual owner of said business to ensure the success of the business. You may make more or less than any sample figures or results that might be quoted on our web sites or other publications. All business involves risk, and many businesses do not succeed. Further, Answers 2000 Limited does NOT represent that any particular individual or business is typical, or that any results or experiences achieved by any particular individual/business is necessarily typical.
Our company's websites' content (including this website's content) includes advertisements for
our own company's websites, products, and services,
and for other organization's websites, products, and services.
In the case of links to other organization's websites,
our company may receive a payment, (1) if you purchase products or services,
or (2) if you sign-up for third party offers, after following links from this website.
Unless specifically otherwise stated, information about other organization's products and services,
is based on information provided by that organization,
the product/service vendor, and/or publicly available information - and should
not be taken to mean that we have used the product/service in question.
Additionally, our company's websites contain some adverts which we are paid
to display, but whose content is not selected by us, such as Google AdSense ads. For more
detailed information, please see Advertising/Endorsements Disclosures
constitutes consent for this. For details, please see Privacy.