...

View Full Version : Download links after 5 seconfs... how?



zurih
10-22-2005, 02:38 PM
Hello I'm new around here.

I would like to know how to make a download link to be valid only after 5 seconds on the download page.
Also, It would be nice to see the seconds counting from 5 to 0.

Appreciate any help.

thanks

rm-f
10-22-2005, 02:54 PM
download link to be valid only after 5 seconds

A nice way to annoy a visitor, or there is a some reason to intentionaly slow down the user?

martin_narg
10-22-2005, 06:06 PM
javascript can be easily circumvented when used as a security measure. Better idea is to use a server-side language to serve the file for secure downloads. Have a php/asp page flush the file as buffer content to the browser by setting the HTTP application header - this hides the link and enables you to control access to the file by using a standard login script to access the page serving the file. This sounds complicated but is in fact quite easy. There are loads of code snippets to do this for all the server-side languages that can be found via google.

Hope this helps

m_n

canadianjameson
10-22-2005, 11:21 PM
it is possible.

basically what you need to do is as follows: the code wont work but the ideas will... my coding skills arent that great :) also i'm trying to amalgamate like 3 codes into one :/




<script type="text/javascript">
mousetime=setTimeout('countDown(5)',0) // do we need this if its an onload?

function countDown(n){
if(!n){
document.getElementById('timer').style.visibility='hidden';
document.getElementById('timeToDownload').style.visibility='hidden';
document.getElementById('link').disabled = false;
}
else{
document.getElementById('timer').style.visibility='visible';
document.getElementById('timeToDownload').style.visibility='visible';
document.getElementById('link').disabled = true;
document.getElementById('timer').innerHTML=n;
mousetime=setTimeout('countDown('+(n-1)+')',1000);
}
}
<script>
</head>
<body onload="countDown(5)">


<div id="timeToDownload">In <div id="timer"></div> seconds you may </div> </<a href="myGoat.mp3" id="link">click here to download a song about me and my goat</a>

i tried mee best :D

martin_narg
10-23-2005, 09:02 PM
I would like to know how to make a download link to be valid only after 5 seconds on the download page.
Nice idea canadianjameson but this doesn't mean the link is invalid - disable javascript and the link is still valid and isn't hidden. Also, the link is *always* visible in the source code.

Securing the download links can only be done using a server-side language, not using javascript. Even using xmlhttp to get the links and dynamically insert them into the download page would require a server-side script to serve the secure link urls properly.

m_n

canadianjameson
10-24-2005, 05:18 AM
true, but my solution is equivalent... as i defy you to find an individual who can bypass the JS to get to the download link in UNDER 5 seconds.

can you help us make the solution work?

canadianjameson
10-27-2005, 07:59 PM
<html><head><title>5 sec link delay</title></head><body>
<a href="javascript:linkTo('link.html');">Link Page</a>
<a href="javascript:linkTo('anotherLink.html');">Another Page</a>
<script type="text/javascript">
var delay = 5; //change this value to the number of seconds you want.
var canLink = false;
function enableLinks(){
canLink = true;
}
function linkTo(url){
if (canLink) {
window.location=url;
}
}
window.onload = function(){
window.setTimeout("enableLinks()", delay * 1000)
};
</script></body></html>

someone posted it here
http://www.codingforums.com/showpost.php?p=369148&postcount=4

martin_narg
10-27-2005, 11:14 PM
Here's my effort using a combination of JavaScript and ASP. The trouble with just using javascript is that all links to the files are always available in the source code of the document (regardless of whether they are rendered in the browser for only 5 seconds, they are always in the source). Users can access the download with no restrictions. A server side language is needed to control access to the files.

Links page:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<script language="javascript" type="text/javascript">
window.onload = function() {
setTimeout(function() {
with(document.getElementById("links").style) {
visibility = "hidden";
display = "none";
}
}, 5000);
}
</script>
</head>

<body>
<%
If Not isDate(Session("linksPageLoadTime")) Then
Session("linksPageLoadTime") = Now
%>
Links only valid for 5 seconds!
<ul id="links">
<li><a href="download.asp?link=1">Download 1</a></li>
<li><a href="download.asp?link=2">Download 2</a></li>
<li><a href="download.asp?link=3">Download 3</a></li>
<li><a href="download.asp?link=4">Download 4</a></li>
</ul>
<%
Else
%>
You have already tried to access these links
<%
End If
%>
</body>
</html>
Download handler page:
<%
If Not isDate(Session("linksPageLoadTime")) Then
If DateDiff("S", Session("linksPageLoadTime"), Now) > 5 Then
Response.Write "Links no longer available"
Else
Dim strFile
Select Case Request("link")
Case 1
strFile = "download1.zip"
Case 2
strFile = "download2.exe"
Case 3
strFile = "download3.doc"
Case 4
strFile = "download4.swf"
Case Else
strFile = "nofile"
Response.Write "Invalid download requested"
End Select

If strFile <> "nofile" Then
Response.ContentType = "application/x-unknown"
Response.AddHeader "Content-Disposition","attachment; filename=" & strFile
Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(Server.MapPath(strFile))
Response.BinaryWrite adoStream.Read()
adoStream.Close
Set adoStream = Nothing
Response.End
End If
End If
Else
Response.Write "Invalid access to this page"
End If
%>Sure it needs to be blended into a login script to get around the fact the user can close down the browser and try again, but this is easily sorted out. By using a download handler page and validation on both client and server, it means that the links to the files are never shown anywhere to the user, in fact the users are just given a file download box when they click the link. The file to download is passed as a number in the querystring and caught by the handler page.

I've not tested this code at all, but the theory is sound and the code provided should only need to be tweaked (if needed) do to exactly what is required.

Hope this helps

m_n

VortexCortex
10-28-2005, 08:50 AM
I thought I recognized my code :thumbsup:
Here's a slight modification with a count down...
you could use a cypher to hide the download url from prying eyes, but that's a bit much for something they're going to get their hands on in five seconds...


<html><head><title>5 sec link delay</title></head><body>
<div id="counter"></div>
<a href="#" id="link">Link Page</a>
<script type="text/javascript">
var delay = 5; //change this value to the number of seconds you want.
var where = "somewhere.html";
var count = document.createTextNode("You have "+delay+" seconds left.");
var counter = document.getElementById("counter");
counter.appendChild(count);
function enableLink(){
document.getElementById("link").setAttribute("href", where);
}
function countDown(){
if(delay > 0){
delay--;
counter.removeChild(count);
count = document.createTextNode("You have "+delay+" seconds left.");
counter.appendChild(count);
}
if(delay < 1) enableLink();
else window.setTimeout("countDown()", 1000);
}
window.onload = function(){
window.setTimeout("countDown()", 1000);
};
</script></body></html>

:cool: Enjoy!

martin_narg
10-28-2005, 12:38 PM
you could use a cypher to hide the download url from prying eyesNice thought mate, but that's still too easy to get around. As the cypher has to be available to the client (and therefore the user) it means that all the information needed to reverse-engineer the cypher is left for all on display. It wouldn't slow down even an average js developer for more than a few seconds passing the encrypted link string back through the cypher function. Also, this solution is not supporting users without javascript enabled.

The *only* way to secure downloads is via server-side control. Javascript is easily worked around and can even be disabled or modified by the users! I'm not going to bang on about javascript's function - many people over many years have done this already and it is unanimous that javascript should function in a supportive role for the user and the page should gracefully degrade without it.

Hope this helps

m_n

VortexCortex
10-28-2005, 06:12 PM
You're right, any client side approach can be breached.

But you're WAY off track... you've made the links valid for only five seconds...
The question was if there was a way to make a link inactive until five seconds have passed, and show a count down. My code does exactly this. Your code does the opposite.

And anyhow... The user is going to get the link to the file in five seconds.

Working at my fastest:
It takes about five seconds to do a view source, scan through the source, locate the url of the file being delayed, return to the browser, paste the filename in the address bar, and press enter.

Or... I could just wait five seconds, and click the link.

In my opinion, if you go through the trouble to circumvent a five second delay, you've earned the right to not have to wait five seconds.

This is a javascript forum, so I respond with javascript solutions... :)

martin_narg
10-28-2005, 11:58 PM
Re-reading the question, I wholeheartedly agree. Full apology mate! I stand corrected and fully endorse your script! :thumbsup:

Apols

m_n

canadianjameson
10-29-2005, 04:12 AM
ehehe

firefly431
05-30-2009, 02:07 AM
redirect.htm

<script type="text/javascript">
mousetime=setTimeout('countDown(5)',0) // do we need this if its an onload?

function countDown(n){
if(!n){
document.getElementById('timer').style.visibility='hidden';
document.getElementById('timeToDownload').style.visibility='hidden';
document.getElementById('link').disabled = false;
}
else{
document.getElementById('timer').style.visibility='visible';
document.getElementById('timeToDownload').style.visibility='visible';
document.getElementById('link').disabled = true;
document.getElementById('timer').innerHTML=n;
mousetime=setTimeout('countDown('+(n-1)+')',1000);
}
}
<script>
</head>
<body onload="countDown(5)">


<div id="timeToDownload">In <div id="timer"></div> seconds you may </div> <form action="download.php" method="post"><input type="submit" value="Redirect">
<input name="file" id="file" type="text" style="visibility='hidden'" value="DownloadFile.extension">
</form>
download.php:

<html>
<head>
</head>
<body>
ClickyClicky
</body>
<?php
//post link
echo "<a href='" . $_POST["file"] . "'>Click Here!</a>";
?>
</html>

firefly431
05-30-2009, 02:12 AM
see? if u type in:
download.php?file=file.file
it will receive notin cuz it post :)
$_POST["file"] see?

digital-ether
05-31-2009, 06:57 AM
You'll need to generate an id for each download, and the time it was generated.

Then pass that generated ID in with the download request.

eg:

generate the link:

download.ext?id=long_random_id

Then when the download request is made, take the time associated with that id. It can be saved to database, file, memory etc. If the time is over 5 secs, allow the download by redirecting to the file, or serving the file directly from your server side script.

This is independent of your client side script that shows the countdown. So you it cannot be bypassed unless someone guesses the random id you generated for the download (unlikely).

-- update --

Since you're just waiting five seconds. If someone were to create a bot that tried to download before 5 seconds. Then you just make the server side sleep for 5 seconds.

eg in PHP:


$time_remaining = time() - $generation_time;
if ($time_remaining > 0) {
sleep($time_remaining);
}



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum