eBook authors eBook Software - create and publish your own ebooks
Create your own eBooks
 
   
EBookApprentice.com
Learn How To Create, Publish & Market E-Books
 
   
EBookCompiler.com
E-Book Creation Software
 
   
EBookPower.com
Add sophisticated multimedia to your E-Books
 
   
CoverFactory.com
Create E-Book covers in minutes
 
 
  EBookSubmit.com
E-Book Marketing & Promotion made easy
 
  EBookJungle.com
Search engine for E-Books
 
  EBookInterviews.com
Interviews with eBook authors
 
  EBookEnhance.com
Tools for building better eBooks
 
 
 
Archived Message:

Automated Downloading - How did he do it?


 
richardv2 I bought an info product the other day on eBay. I happened to go almost immediately to my email and my e-mail confirmation from the seller was already there. I clicked on the "Download from here" link and had the product in a few seconds.

How does this work? I presume it is some sort of automation software that does it all while the seller is sleeping or off on vacation, but I haven't seen this in cruising around. Any reason why I shouldn't look into this as a method to sell ebooks?


Posted on: 10:23 pm on March 28, 2005
Ebook Architect Hello.

this technique is known as your "passback parameters". It allows you to pass a customer back to a specified page once their order has gone through. You said you bought the book off of ebay, which means that ebay probably has some type of tool built into their system to allow you to bring your customers to a specific page once they have ordered your product. Or it may send the purchaser and email, in which cas you could just put a download link in the email.

hope this helps.


Posted on: 9:11 pm on March 30, 2005
Storyman Chances are that if you look into the merchant account you'll find more information. There are numerous after market type of programs for the merchant program that might provide passback.

If you do find out the specifs please post information.


Posted on: 5:33 pm on April 4, 2005
aritrim Are you using Paypal?

Posted on: 2:18 pm on April 11, 2005
richardv2 Yes, I use PayPal.

Posted on: 4:22 pm on April 11, 2005
aritrim The process for automating the download for paypal is like this -
On your order page you have to put the button that you can generate by loggin into paypal account and selecting the "Buy Now" buttons under Merchant Tools.
When you will generate the button it will ask for the target page that is the page where the user will be redirected after the completion of payment
Order Page ---> Paypal Processor --->Download Page
Thats it.  You can check the Paypal stuff on my sitewww.webamplayer.com.

Posted on: 4:59 pm on April 11, 2005
Storyman Have you looked at Microcreations Automatic Payment System? Makes life so much easier and for a reasonable price.

Also, when setting up PayPal you might want to sign up for a free developer's account, then look at Sandbox--which is a way to set up a dummy account for testing purposes.


Posted on: 5:53 pm on April 11, 2005
ebiz96 Hi There

I sell info products on ebay but do not use any automated system, however once someone buy's my item and had paid via paypal, on receipt of paypal confirmation email to me i forward the download link to my website where the buyer can download the purchased item.


But there are some sellers on ebay they use outlook express to forward download links automatically, the problem with using this method is that when someone purchases your item and only  wrong amount for the item, then the outlook express will still send the download instructions, outlook express has no way of knowing it how much someone has paid.


On the other hand there are professional service sites like the one suggested by storyman, and also there is a script which you can use if you know your way around configuring website scripts which will allow the seller to configure there info products sales via auction sites and forward the download links all this is interlocked with the payment merchant site.


PS: Ebay or any other auction site to my knowledge do not offer any methods of linking your info product downloads after payment, i might be wrong please correct me if someone know how to.


I hope this helps.

Sincere


Ash


Posted on: 7:53 pm on May 17, 2005
aritrim I can secure a paypal link using paypal IPN. The person who is buying will never be able to trace the actual location of the file in your server but will get the download link as a random numeric link (php session id).

Posted on: 4:10 am on May 18, 2005
pj Aritrim,

Would you mind a small tutorial or set of steps here to use the IPN feature for this..?

Thanks,
pj


Posted on: 2:59 pm on June 30, 2005
Storyman Aritrim,

How secure are session ids for this purpose?


Posted on: 5:28 am on July 1, 2005
aritrim The download url when using session ids somewhat look like this
http://www.somedomain.com/jhgyb?=ks87bhNJmmkI09q9gxcVFbhnPOi67

The session ids prevent leeching of your product. Because the buyer will never get the physical location of the product on the server, he wont be able to access your server location in the future or pass the same to his friend to bypass your payment processor...however this does not stop the piracy of your ebook itself as he can just pass the ebook to his friends or associates.


Posted on: 12:59 pm on July 1, 2005
Storyman The reason I ask is that PHP has known vulnerabilities and was curious about the security of session ids. I just Googled "hijack session ids" and a slew of articles appeared. Here is one from Site Point.

http://www.sitepoint.com/blog-post-view.php?id=156260

(Edited by Storyman at 9:25 am on July 1, 2005)


Posted on: 5:21 pm on July 1, 2005
EBookCompiler I wonder if you guys are talking about the same session IDs

PHP has a feature where it can identify the browser session, and it calls this a session ID. If a new person opens the browser at the same URL, or the same person returns later, they get a different session ID.

Maybe I'm misunderstanding, but aritrim seems to be talking about some sort of customer ID, rather than PHP's built-in session ID feature?


Posted on: 7:57 pm on July 1, 2005
Storyman When it comes to PHP it pays to double check since different versions have different vulnerabilities. If we are talking about PHP 5 that is an entirely different animal that PHP 4.3 or even PHP 4.0. A lot depends on which version is loaded on the server and how the ini file is configured.

One thing that is worth mentioning in regards to Aritrim's earlier comment about ebook sharing. With Activ's 1,000 possible registration numbers it really isn't a factor if someone shares their ebook with others since there is a 0.1% chance of the registration number working on any two computers.

I'm not sure how this would be implemented with Ebay buyers since once the ebook is downloaded they still need to activate. Maybe Aritrim's approach could be integrated with Activ's system so the keycode would correlate with a table of registration codes.

The advantage would be if the buyer did attempt to share the ebook the second level user would see the preview version instead of the entire ebook. In addition the friend would be able to purchase the ebook by using something like Microcreation's APS (Automatic Payment System). The trick is sharing the Ebay buyer's key code with a MySQL table that provides the registration number, is secure, and can only be used by that one person from just one machine.

(Edited by Storyman at 12:37 pm on July 1, 2005)


Posted on: 8:35 pm on July 1, 2005
Storyman Sunil,

I'm not a PHP guru by any means and we could very well be talking about different things. Some time ago I recall reading about what you describe, "PHP has a feature where it can identify the browser session, and it calls this a session ID. If a new person opens the browser at the same URL, or the same person returns later, they get a different session ID" as a security risk for versions earlier than PHP 5.0.

If we are talking about different PHP session ids, hopefully Aritrim we clear up the matter. Since he used the term "PHP session ids" I took it to mean just that. It would be interesting if he's creating a customer id with an unique url that cannot be used by anyone else. They only way that comes to mind is by verifying the IP address. The security flaw in that comes from spoofing of IP addresses, which spammers have been known to do--so it is possible.

I wish I could recall the details but remember enough to be cautious about securing session ids used to identify a user. If Aritrim has knowledge about this matter and can provide links regarding the security that would be most helpful. It's a big subject and I'm still learning.


Posted on: 8:52 pm on July 1, 2005
aritrim Hi Storyman and Sunil,
Actually I am neither a PHP guru as well. When I launched my product I found that I was having leeched downloads from my server everyday and I needed to stop that. At the begining my download page was quite simple like after completion of payment you were taken to a Thank You page where you find a link "Click here to download" you could also get the *actual physical* location by viewing the source of the said page. So later you can just tell your friend ok Harry you can download this from here -
http://www.onedomain.com/download/stuff.exe

So I had to implement something to stop it. Now when you complete your payment you wont get any physical address of the location of the file on the server. Instead you get a random URL based on your session id (generated through MD5 hashing)  and after you download the product you will never be able to download it clicking the same link again...
The following is just a fragment of code I am using...

$id = md5(uniqid(rand(), true));
$fh = fopen($scodes_file, 'a');
fwrite($fh, "$id\n" )  ;
fclose($fh);
header( "Location: $http_root/ipn_download.php?id=$id" );
       

(Edited by aritrim at 2:27 am on July 2, 2005)

(Edited by aritrim at 2:28 am on July 2, 2005)


Posted on: 2:20 am on July 2, 2005
Storyman Thanks for the info. MD5 seems to be the answer for secure code.

What do you think of adapting your system so an Ebay buyer can use a key code to download the corresponding registration code for an Activ ebook?


Posted on: 7:48 am on July 2, 2005
aritrim Storyman,
Can you please elaborate the requirement.
Generally to generate a activation key a decrypting algorithm is used. For example if you use the session id as a registration key ... you pick up leftmost 10 characters of the session id ... reverse string it ... do some more manipulations and  generate an unique registration code.
Correspondingly that registration code when keyed in to your software/ebook registration module it should be able to validate it. But this will involve some hassle I think.
However I can think of a better solution. It will be like generating a unique key after the user completes his payment but NOT using the session id rather using your own encryption algorithm. The key will be random. On the software/ebook the corresponding validation module will be attached to validate this key and ensure access to user. For software it wont be a problem. But for ebooks a custom built exe wrapper may be necessary.

Posted on: 8:05 am on July 2, 2005
Storyman One of the benefits of Activ is that a 1,000 passwords can be generated, each of which correspond to an unique registration code.

The key code is derived from the serial number of the hard drive. The end user provides the key code and a table supplies the corresponding registration code.

What I'm thinking is when a purchse is made on Ebay they are sent a link. The link is to download the ebook. Once the ebook is opened they click on a link that will direct them to a secure location that supplies the corresponding registration code.

The problem is you don't want the link to work for anyone else. Otherwise it could be used by others to retrieve the registration code. I'm thinking that there must be a way to create a session id that will allow access to an unique url either once or for a twenty-four hour period.

This problem seques into another idea that I think could benefit ebook producers. That is the ability for someone to buy an ebook as a gift for someone else. It is the same type of problem. The buyer makes the purchase and an email is sent to the receipient, who then clicks on a link to retrieve the ebook. Once opened the ebook then retrieves the corresponding registration code based on the key code derived from the hard drive serial number.

I've thought about the gift ebooks for awhile, but haven't come up with anything that is practical. Maybe you can think of something.


Posted on: 8:27 am on July 2, 2005
aritrim Ok now we need a database. And it will be MySQL obviously.
So we create a table "customers" with 3 basic fields. Later we can extend it to however a few more.
Field1 - Regcode
Field2 - Password
Field3 - Count
we will have a front interface with 1 text box on the webpage
Your Registration Code:

The user after purchasing now gets his registration code and he will be redirected to this webpage. Correspondingly he gets the password. But  for each fetch we increase the counter by 1 in the database. A Regcode is locked if the counter reaches 2 or  3 or 5 or whatever you decide.
So after a regcode is locked it is basically deactivated unless you reset it to 0 again in database.

You can add another important option here -  the payment transaction number...which will not be accepted ever as a duplicate...which means payment transaction number + registration number jointly if valid will produce a password.
If the payment transaction number already exists in the database...the user will be informed that he has already got his pass, incase he has lost it he will have to contact the seller personally.
Let me know if this helps.


Posted on: 8:49 am on July 2, 2005
Storyman That certainly is in the right direction.

Let's say someone purchases a gift ebook. They are given a link that contains information to the transaction number and url to download the ebook.

Once the ebook is downloaded (keep in mind that they initially download a preview version that is complete, but has locked pages that they cannot see.)

The gift receiver clicks on the link within the ebook. The are asked for the "gift number", which goes to table #1 and retrieves a transaction id number.

The transaction number is then married to the key code id number (that has been supplied by the ebook) and stored in table #2.

Of course table #3 has id number, key code, and registration number.

As you said this approach would track a user's access to the registration number. It would also lock in the key code/registration number so it wouldn't matter if anyone else accessed it because they would be given only the corresponding registration code to the real user's key code.

As you mentioned adding a counter to table #2 would allow the user to change the key code/registration number combo when reset to zero.

This approach seems doable and provides the security needed with one caveat--that the transaction numbers are randomly generated alpha/numeric characters.

In the matter of Ebay the only thing that is changed is the transaction number. Do you know if there is an Ebay (or better yet PayPal) hack that will pull the transaction number from successful transactions?

(Edited by Storyman at 4:10 am on July 2, 2005)


Posted on: 12:06 pm on July 2, 2005
aritrim Of course you can pull a successful transaction number using Paypal IPN.

$txn_id = $_POST['txn_id'];

This is the variable that Paypal IPN returns the transaction number after a successful payment.


Posted on: 2:16 pm on July 2, 2005
Storyman It should work then. Do you see any flaws?

Posted on: 5:41 pm on July 2, 2005
isuccess Are you interested in doing the 'same' thing? Most affiliate software programs will allow the same process to take place, if you're buying an ebook outside eBay. For example, you could be purchasing through Clickbank or Paypal and the software would process the entire transaction from start to download. I can make suggestions or you can see how this works on my site with a free download. Regards.

Posted on: 3:12 am on July 3, 2005
aritrim isuccess,
Not Sure what you are trying to say.
"For example, you could be purchasing through Clickbank or Paypal and the software would process the entire transaction from start to download. " -> Yes, however our discussion here relates to hiding/cloaking/expiring/securing of download links to prevent leeched downloads which unfortunately is NOT provided by your mentioned payment processors. There are a few scripts out there which needs to be purchased and some among them are good while others arent. We are trying to discuss a feasible solution and then perhaps test it practically.

(Edited by aritrim at 4:54 am on July 3, 2005)


Posted on: 3:21 am on July 3, 2005
Storyman Right now I'm using Microcreation's APS that allows payment and immediate access for the registration code:
http://home.att.net/~microcreations/
and Gold Panner's HPYrLock for disabling ebooks before refunds:
http://www.goldpanner.ca/hyprlock/index.htm

The advantage with both of these systems is that the user can download the ebook before purchase to evaluate the ebook. The benefit is two-fold. First, the user has an evaluation copy on their system, which translates in fewer refunds because: a) they know it works on their system. b) they know exactly what they are getting for their money.

Second, when the user decides to make the purchase they are given the required registration code at the conclusion of the purchase that unlocks the entire ebook. Even if the ebook is accidently deleted from the drive simply downloading the ebook will give the user full access to the ebook once again.

An added benefit is that the same copy of the ebook can be shared with friends. When the friend opens the ebook they will only have access to the evaluation version of the ebook, but when they purchase the ebook they too will have full access--hence, viral marketing. (The likelihood of two friends having the same registration code is 0.1%--one in thousand!)

My goal is to steer clear of breaking out of the viral marketing cycle. What I saw in your suggestions is a way for a user to be given a receipt number that they input into a link that then takes them to a database that in turn provides the registration code to unlock the entire ebook. Without a valid receipt number no registration numbers are provided. Also, if someone else attempts to use the receipt number they will only be given the registration number that corresponds to the original key code.

I'm not concerned about downloads. In fact my feelings are counter to those who use alternate ebook compilers that don't contain the power of Activ 1,000 possible key codes. Not everyone agrees on everything, that's why they have horse races (and different ebook compiliers.) My thinking is to make it as simple as possible for the end user and to reduce the number of steps to the conclusion of the transaction. Also, I don't want them to purchase it if they are going to have trouble downloading it or getting it to operate on their system. Any way, those are my goals and I think you have provided a way to make gift ebooks a possibility. That is that someone can make the purchase and then send a link to a friend to unlock their copy of the ebook.

In addition to gift ebooks the same system makes it possible to sell through ebay. Their successful payment receipt number will link to only one key code, which translates into only one registration code. Of course, your suggestion to be able to reset the count to zero will allow the user to access an entirely different key code -- registration number combination (and of course that would then be locked until the sys op sets the count back to zero.

The real beauty of this approach is that leeched downloads are a thing of the past (of course hacking the MySQL database is always a concern, but one that is very minimal.)

(Edited by Storyman at 8:52 pm on July 2, 2005)


Posted on: 4:36 am on July 3, 2005
mickyboy73 Hi,
When I originally came accross this thread the question asked was regarding an instant download system for digital products on eBay.

I used a script called GRIGG which did the job pefectly. As soon as someone made their payment via PayPal the system would email them with the download URL of the item I had sold.

The only drawback with this is that email isn't guaranteed to get delivered but while using it I noticed my feedback begin to glow red hot as eBay buyers don't expect to receive their download within seconds of making their payment.

Here is a link to the site for the script for which I am not an affiliate of, I just wanted to help out.

http://www.idevspot.com/

It's the product calledGriggEbaySuite

Hope anyone finds it of use, I can recommend it.


Posted on: 4:07 pm on August 12, 2005

Go to Active Discussion Thread

Participate in Current/New Discussions

List All Archived Forums



Copyright © 2000-2015, Answers 2000 Limited.

With any business, it is up to the individual owner of said business to ensure the success of the business. You may make more or less than any sample figures or results that might be quoted on our web sites or other publications. All business involves risk, and many businesses do not succeed. Further, Answers 2000 Limited does NOT represent that any particular individual or business is typical, or that any results or experiences achieved by any particular individual/business is necessarily typical.

Disclosure: Our company's websites' content (including this website's content) includes advertisements for our own company's websites, products, and services, and for other organization's websites, products, and services. In the case of links to other organization's websites, our company may receive a payment, (1) if you purchase products or services, or (2) if you sign-up for third party offers, after following links from this website. Unless specifically otherwise stated, information about other organization's products and services, is based on information provided by that organization, the product/service vendor, and/or publicly available information - and should not be taken to mean that we have used the product/service in question. Additionally, our company's websites contain some adverts which we are paid to display, but whose content is not selected by us, such as Google AdSense ads. For more detailed information, please see Advertising/Endorsements Disclosures

Our sites use cookies, some of which may already be set on your computer. Use of our site constitutes consent for this. For details, please see Privacy.

Contact Us    About and Terms Of Use    Privacy    Advertising/Endorsements Disclosures