Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    New to the CF scene
    Join Date
    Oct 2005
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Download links after 5 seconfs... how?

    Hello I'm new around here.

    I would like to know how to make a download link to be valid only after 5 seconds on the download page.
    Also, It would be nice to see the seconds counting from 5 to 0.

    Appreciate any help.

    thanks

  • #2
    Regular Coder
    Join Date
    Aug 2005
    Location
    Toronto, ON, Canada
    Posts
    231
    Thanks
    0
    Thanked 0 Times in 0 Posts
    download link to be valid only after 5 seconds
    A nice way to annoy a visitor, or there is a some reason to intentionaly slow down the user?
    rm -f /

  • #3
    Regular Coder martin_narg's Avatar
    Join Date
    Jul 2002
    Location
    Chamonix, France
    Posts
    600
    Thanks
    1
    Thanked 3 Times in 3 Posts
    javascript can be easily circumvented when used as a security measure. Better idea is to use a server-side language to serve the file for secure downloads. Have a php/asp page flush the file as buffer content to the browser by setting the HTTP application header - this hides the link and enables you to control access to the file by using a standard login script to access the page serving the file. This sounds complicated but is in fact quite easy. There are loads of code snippets to do this for all the server-side languages that can be found via google.

    Hope this helps

    m_n
    "Cos it's strange isn't it. You stand in the middle of a library and go 'Aaaaaaaaaaaaaaaaggggggghhhhhhh!'
    and everybody just stares at you. But you do the same in an aeroplane, and everybody joins in."
    -Tommy Cooper

  • #4
    Senior Coder
    Join Date
    Jul 2003
    Location
    My pimped-out igloo in Canadia
    Posts
    1,966
    Thanks
    36
    Thanked 0 Times in 0 Posts
    it is possible.

    basically what you need to do is as follows: the code wont work but the ideas will... my coding skills arent that great also i'm trying to amalgamate like 3 codes into one :/

    Code:
    <script type="text/javascript">
    mousetime=setTimeout('countDown(5)',0) // do we need this if its an onload?
    
    function countDown(n){
      if(!n){
        document.getElementById('timer').style.visibility='hidden';
        document.getElementById('timeToDownload').style.visibility='hidden';
        document.getElementById('link').disabled = false;
        }
      else{
        document.getElementById('timer').style.visibility='visible';
        document.getElementById('timeToDownload').style.visibility='visible';
        document.getElementById('link').disabled = true;
        document.getElementById('timer').innerHTML=n;
        mousetime=setTimeout('countDown('+(n-1)+')',1000);
        }
      }
    <script>
    </head>
    <body onload="countDown(5)">
    
    
    <div id="timeToDownload">In <div id="timer"></div> seconds you may </div> </<a href="myGoat.mp3" id="link">click here to download a song about me and my goat</a>
    i tried mee best
    Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes :)

  • #5
    Regular Coder martin_narg's Avatar
    Join Date
    Jul 2002
    Location
    Chamonix, France
    Posts
    600
    Thanks
    1
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by zurih
    I would like to know how to make a download link to be valid only after 5 seconds on the download page.
    Nice idea canadianjameson but this doesn't mean the link is invalid - disable javascript and the link is still valid and isn't hidden. Also, the link is *always* visible in the source code.

    Securing the download links can only be done using a server-side language, not using javascript. Even using xmlhttp to get the links and dynamically insert them into the download page would require a server-side script to serve the secure link urls properly.

    m_n
    "Cos it's strange isn't it. You stand in the middle of a library and go 'Aaaaaaaaaaaaaaaaggggggghhhhhhh!'
    and everybody just stares at you. But you do the same in an aeroplane, and everybody joins in."
    -Tommy Cooper

  • #6
    Senior Coder
    Join Date
    Jul 2003
    Location
    My pimped-out igloo in Canadia
    Posts
    1,966
    Thanks
    36
    Thanked 0 Times in 0 Posts
    true, but my solution is equivalent... as i defy you to find an individual who can bypass the JS to get to the download link in UNDER 5 seconds.

    can you help us make the solution work?
    Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes :)

  • #7
    Senior Coder
    Join Date
    Jul 2003
    Location
    My pimped-out igloo in Canadia
    Posts
    1,966
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Code:
    <html><head><title>5 sec link delay</title></head><body>
    <a href="javascript:linkTo('link.html');">Link Page</a>
    <a href="javascript:linkTo('anotherLink.html');">Another Page</a>
    <script type="text/javascript">
    var delay = 5; //change this value to the number of seconds you want.
    var canLink = false;
    function enableLinks(){
      canLink = true;
    }
    function linkTo(url){
      if (canLink) {
        window.location=url;
      }
    }
    window.onload = function(){
      window.setTimeout("enableLinks()", delay * 1000)
    };
    </script></body></html>
    someone posted it here
    need a simple counter
    Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes :)

  • #8
    Regular Coder martin_narg's Avatar
    Join Date
    Jul 2002
    Location
    Chamonix, France
    Posts
    600
    Thanks
    1
    Thanked 3 Times in 3 Posts
    Here's my effort using a combination of JavaScript and ASP. The trouble with just using javascript is that all links to the files are always available in the source code of the document (regardless of whether they are rendered in the browser for only 5 seconds, they are always in the source). Users can access the download with no restrictions. A server side language is needed to control access to the files.

    Links page:
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Untitled Document</title>
    <script language="javascript" type="text/javascript">
    window.onload = function() {
    	setTimeout(function() {
    		with(document.getElementById("links").style) {
    			visibility = "hidden";
    			display = "none";
    		}
    	}, 5000);
    }
    </script>
    </head>
    
    <body>
    <%
    If Not isDate(Session("linksPageLoadTime")) Then 
    	Session("linksPageLoadTime") = Now
    %>
    	Links only valid for 5 seconds!
    	<ul id="links">
    		<li><a href="download.asp?link=1">Download 1</a></li>
    		<li><a href="download.asp?link=2">Download 2</a></li>
    		<li><a href="download.asp?link=3">Download 3</a></li>
    		<li><a href="download.asp?link=4">Download 4</a></li>
    	</ul>
    <%
    Else
    %>
    	You have already tried to access these links
    <%
    End If
    %>
    </body>
    </html>
    Download handler page:
    Code:
    <%
    If Not isDate(Session("linksPageLoadTime")) Then
    	If DateDiff("S", Session("linksPageLoadTime"), Now) > 5 Then
    		Response.Write "Links no longer available"
    	Else
    	 	Dim strFile
    		Select Case Request("link")
    			Case 1
    				strFile = "download1.zip"
    			Case 2 
    				strFile = "download2.exe"
    			Case 3
    				strFile = "download3.doc"
    			Case 4
    				strFile = "download4.swf"
    			Case Else
    				strFile = "nofile"
    				Response.Write "Invalid download requested"
    		End Select
    		
    		If strFile <> "nofile" Then
    			Response.ContentType = "application/x-unknown" 
    			Response.AddHeader "Content-Disposition","attachment; filename=" & strFile 
    			Set adoStream = CreateObject("ADODB.Stream") 
    			adoStream.Open() 
    			adoStream.Type = 1 
    			adoStream.LoadFromFile(Server.MapPath(strFile)) 
    			Response.BinaryWrite adoStream.Read() 
    			adoStream.Close 
    			Set adoStream = Nothing 
    			Response.End 
    		End If
    	End If
    Else
    	Response.Write "Invalid access to this page"
    End If
    %>
    Sure it needs to be blended into a login script to get around the fact the user can close down the browser and try again, but this is easily sorted out. By using a download handler page and validation on both client and server, it means that the links to the files are never shown anywhere to the user, in fact the users are just given a file download box when they click the link. The file to download is passed as a number in the querystring and caught by the handler page.

    I've not tested this code at all, but the theory is sound and the code provided should only need to be tweaked (if needed) do to exactly what is required.

    Hope this helps

    m_n
    Last edited by martin_narg; 10-27-2005 at 10:36 PM.
    "Cos it's strange isn't it. You stand in the middle of a library and go 'Aaaaaaaaaaaaaaaaggggggghhhhhhh!'
    and everybody just stares at you. But you do the same in an aeroplane, and everybody joins in."
    -Tommy Cooper

  • #9
    Regular Coder
    Join Date
    May 2005
    Posts
    142
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thumbs up Ok, here we go...

    I thought I recognized my code
    Here's a slight modification with a count down...
    you could use a cypher to hide the download url from prying eyes, but that's a bit much for something they're going to get their hands on in five seconds...

    Code:
    <html><head><title>5 sec link delay</title></head><body>
    <div id="counter"></div>
    <a href="#" id="link">Link Page</a>
    <script type="text/javascript">
    var delay = 5; //change this value to the number of seconds you want.
    var where = "somewhere.html";
    var count = document.createTextNode("You have "+delay+" seconds left.");
    var counter = document.getElementById("counter");
    counter.appendChild(count);
    function enableLink(){
    	document.getElementById("link").setAttribute("href", where);
    }
    function countDown(){
    	if(delay > 0){
    		delay--;
    		counter.removeChild(count);
    		count = document.createTextNode("You have "+delay+" seconds left.");
    		counter.appendChild(count);
    	}
    	if(delay < 1) enableLink();
    	else window.setTimeout("countDown()", 1000);
    }
    window.onload = function(){
      window.setTimeout("countDown()", 1000);
    };
    </script></body></html>
    Enjoy!

  • #10
    Regular Coder martin_narg's Avatar
    Join Date
    Jul 2002
    Location
    Chamonix, France
    Posts
    600
    Thanks
    1
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by VortexCortex
    you could use a cypher to hide the download url from prying eyes
    Nice thought mate, but that's still too easy to get around. As the cypher has to be available to the client (and therefore the user) it means that all the information needed to reverse-engineer the cypher is left for all on display. It wouldn't slow down even an average js developer for more than a few seconds passing the encrypted link string back through the cypher function. Also, this solution is not supporting users without javascript enabled.

    The *only* way to secure downloads is via server-side control. Javascript is easily worked around and can even be disabled or modified by the users! I'm not going to bang on about javascript's function - many people over many years have done this already and it is unanimous that javascript should function in a supportive role for the user and the page should gracefully degrade without it.

    Hope this helps

    m_n
    "Cos it's strange isn't it. You stand in the middle of a library and go 'Aaaaaaaaaaaaaaaaggggggghhhhhhh!'
    and everybody just stares at you. But you do the same in an aeroplane, and everybody joins in."
    -Tommy Cooper

  • #11
    Regular Coder
    Join Date
    May 2005
    Posts
    142
    Thanks
    0
    Thanked 0 Times in 0 Posts

    "Five Second Rule!"

    You're right, any client side approach can be breached.

    But you're WAY off track... you've made the links valid for only five seconds...
    The question was if there was a way to make a link inactive until five seconds have passed, and show a count down. My code does exactly this. Your code does the opposite.

    And anyhow... The user is going to get the link to the file in five seconds.

    Working at my fastest:
    It takes about five seconds to do a view source, scan through the source, locate the url of the file being delayed, return to the browser, paste the filename in the address bar, and press enter.

    Or... I could just wait five seconds, and click the link.

    In my opinion, if you go through the trouble to circumvent a five second delay, you've earned the right to not have to wait five seconds.

    This is a javascript forum, so I respond with javascript solutions...
    Last edited by VortexCortex; 10-28-2005 at 05:25 PM.

  • #12
    Regular Coder martin_narg's Avatar
    Join Date
    Jul 2002
    Location
    Chamonix, France
    Posts
    600
    Thanks
    1
    Thanked 3 Times in 3 Posts
    Re-reading the question, I wholeheartedly agree. Full apology mate! I stand corrected and fully endorse your script!

    Apols

    m_n
    "Cos it's strange isn't it. You stand in the middle of a library and go 'Aaaaaaaaaaaaaaaaggggggghhhhhhh!'
    and everybody just stares at you. But you do the same in an aeroplane, and everybody joins in."
    -Tommy Cooper

  • #13
    Senior Coder
    Join Date
    Jul 2003
    Location
    My pimped-out igloo in Canadia
    Posts
    1,966
    Thanks
    36
    Thanked 0 Times in 0 Posts
    ehehe
    Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes :)

  • #14
    New to the CF scene
    Join Date
    May 2009
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Smile hahaaa use php

    redirect.htm
    Code:
    <script type="text/javascript">
    mousetime=setTimeout('countDown(5)',0) // do we need this if its an onload?
    
    function countDown(n){
    if(!n){
    document.getElementById('timer').style.visibility='hidden';
    document.getElementById('timeToDownload').style.visibility='hidden';
    document.getElementById('link').disabled = false;
    }
    else{
    document.getElementById('timer').style.visibility='visible';
    document.getElementById('timeToDownload').style.visibility='visible';
    document.getElementById('link').disabled = true;
    document.getElementById('timer').innerHTML=n;
    mousetime=setTimeout('countDown('+(n-1)+')',1000);
    }
    }
    <script>
    </head>
    <body onload="countDown(5)">
    
    
    <div id="timeToDownload">In <div id="timer"></div> seconds you may </div> <form action="download.php" method="post"><input type="submit" value="Redirect">
    <input name="file" id="file" type="text" style="visibility='hidden'" value="DownloadFile.extension">
    </form>
    download.php:
    PHP Code:
    <html>
    <head>
    </head>
    <body>
    ClickyClicky
    </body>
    <?php
    //post link
    echo "<a href='" $_POST["file"] . "'>Click Here!</a>";
    ?>
    </html>

  • #15
    New to the CF scene
    Join Date
    May 2009
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    see? if u type in:
    download.php?file=file.file
    it will receive notin cuz it post
    PHP Code:
    $_POST["file"
    see?


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •