Solved

Expiration link

Posted on 2015-01-01
7
206 Views
Last Modified: 2015-01-02
I have a website that provides a hyperlink instead of the actual file for download. I want to encode within this link the ability to have a time expiration, and also a limited use method. I have been trying to find a code that will check the link to make sure it is using the domain on file where this hyperlink is being used. I need it to call back and disable the link of the domain name on file does not match. Is there someone who can help me write a coding snippet that will do this?
0
Comment
Question by:vdavid23
7 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40527033
Hi vdavid,

I want to encode within this link the ability to have a time expiration

Is the link a simple/static thing or does it call back to a database when clicked?  If so, it would be trivial to add a datetime field to the database that can be checked on click to see if the server time is greater than the value of the field and provide the appropriate response.

and also a limited use method

Not sure I understand how the links are being used here. How do you control where a user chooses to activate the link?  Can they click it in an email?  Enter it directly into a browser?  Embed it in a web site?  All three?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40527157
A simple link can not do that.  In addition, the file that does a "call back" must be a program file.  Nothing else will make a connection back to your server.
0
 
LVL 30

Assisted Solution

by:Marco Gasi
Marco Gasi earned 333 total points
ID: 40527345
IMHO, you have to manage all that stuff server side. An idea could be to store data in a database for each download link you send. Data should be a download url with some parameter such as a random string: http://www.example.com/downloadlink.php?k=mknjnerijndcjnsidjcwflkpsldlcsòdl and the timestamp
This link should point not to the file to download but to a php page which will serve the file after having procesed the string and compared it with the database: here you an know if more than 12 hours are past and if the domain i the right one and so on: this depends on what parameter you store in the database.
It's not a difficult task and if I understood your need, I think this would be what I'd do
Cheers
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 2

Author Comment

by:vdavid23
ID: 40527622
I think I need to clarity more, what we want to accomplish is this. We do not want to sell digital material on our website. What we want to do instead is provide a hyperlink to the digital media that will be used on the internet.

Example: John has a website. He needs photos for his website design. He purchases the rights for use of the images he purchases, but at no time has total access to the images unless he purchases the full rights to the image.

What we want to provide is a hyperlink to this image stored on our server with an encrypted hyperlink which expires after its usage agreement expires. This contract can vary in time based off of his agreement.

What we want to do is also have a call back in that link that determines the domain or other information provided upon purchase to validate the proper usage of the image. If it does not pass the validation check then the link is disable for that location.

If there is a coding snippet or current product that does this that would be appreciated.  We have found http://www.vibralogix.com/linklokurl/ or Php Link directory, but we are still researching whether this will accomplish what we want.

We also understand by using this method it will take up more bandwidth for our server, but we are attempting to protect & prevent the usage of digital media on other websites in which they are not authorized to do. We are attempting to provided maximum profitability for the author of the digital work.

Any recommendations would be appreciated?
0
 
LVL 30

Assisted Solution

by:Marco Gasi
Marco Gasi earned 333 total points
ID: 40527650
Well, I misunderstood your question :-(
Anyway, since a link is just a string, I don't think you can embed anything. But you can provides links with params which point to a php page: the page processes the parameters and serve the image using header(). Let me summarize:
I come to your sit and subscribe a contract A which gives me rights A. Then you create a link for me to use in my page:

http://www.vdavid23.com/images.php?userid=1254&image=jncjdnchdbuerf

You have to generate a random string when you generate the link and all these data have to been stored in the database 'images'

When I place your link in my web page as src attribute of an img tag, your site receive the request and can process it. I can give only a not tested pseudo-code, but it should give you an idea:

$userid = $_GET['userid'];
$image = $_GET['image'];

//validation here

$sql = "SELECT * FROM images WHERE userid='$userid' AND image='$image'";
$stmt = $pdo->query($sql);
/*
 * if the user can buy the same image with two different contracts this code fails 
 * and we need to add more parameters to the link, such as timestamp
 */
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$file = $result['file'];
$contract_type = $result['contract_type'];
$expiration_date = $result['expiration_date'];

/*
 * check here if the expiration date is past
 * if the contract is still valid and so on
 */

if ($allright)
{
$file_name = basename($file);
$file_extension = strtolower(substr(strrchr($file_name,"."),1));

switch( $file_extension ) {
    case "gif": $ctype="image/gif"; break;
    case "png": $ctype="image/png"; break;
    case "jpeg":
    case "jpg": $ctype="image/jpg"; break;
    default:
}

header('Content-type: ' . $ctype);	//this will serve the image to publish
}

Open in new window


Hope this can help you.
Cheers
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 167 total points
ID: 40527692
This sounds like you might want to consider a two-tier design of an "API key."  One tier of the key would provide the client with access to your site, sort of like a client-authentication via a session.  The other tier of the key would be, in effect, a database key to that client's records.  The database of client records could contain anything your application needs (including the list of images and the expiration dates for access to these images).

FWIW, most stock image libraries do not work this way.  Instead they watermark the unlicensed images, and release the licensed images on a "royalty-free" basis.  Probably one reason for the different business relationship goes to the nature of the internet.   Once you put something online, you have released it into the wild, where it can be stolen, copied, modified, repurposed, republished and reused.  You might find this interesting:
http://www.tineye.com/about
0
 
LVL 2

Author Comment

by:vdavid23
ID: 40527838
Ray Paseur and Marco Gasi are excellent! I am not sure how to award you both points, but this gives us a direction now to work with. Ray you are totally brilliant to see what we are attempting to do. When I have tried to describe this to other programmers they give me a blank stare. There is a method to my madness.

You are totally right, once that image, video, ebook, or MP3 is downloaded it does not matter what licensing agreement that was made, it would no longer matter. Very similar to providing them cloud access to software packages to run their business. We are hoping this new business model will catch on.

We would like to see more linking, and less transfer. I understand for years we have done it this way, but look where we are at today. Case in point: John wants to host an image file on his website. He agrees that he will only use it once, for a single domain, or even a MP3 or video file, but we all know that is not the case, because much of the time either John will use it on another website he is hosting, or Bill who visits his website then right clicks the image, and we have no means of controlling who or what uses that image. Even pulling the embedded link is a common practice to host video files, so we figured why not have some form of verification, and if the information does not match, and since they do not have access to the original file all they will have is a broken link.

Google images is a great example of sharing images without the consent of the author. I am sure they never thought this through before implementing this feature, and shame on them, because all they are doing is encouraging the practice of piracy instead of preventing it.

Their message about the MPAA and stopping piracy is moot if they themselves are participating in the same act that they are trying to stop.

We decided someone needs to step up to the plate, and do something.

Sure, maybe that $2.00 image does not matter, but really?

We at Goldmarc Solutions feel everyone deserves the right to earn what "they feel" they should for their time and labor. At Goldmarc Solutions we have been looking at the bigger picture, and how even a $2.00 image can, and will affect the economy. Like I tell my clients, we have moved from an "industrial based society" to an "intellectual base society", and it is time we close the barn door before we have nothing of value to give.

We are hoping to release new and exciting products to the internet this year that will change the current business model of doing ecommerce on the internet. We want to establish a new paradigm and business model to prevent the piracy of digital media, and drive revenues, and profits to the authors. We are planning on getting a booth this year at Comdex to display all the new and innovative was we have been doing R&D on for the past couple of years to prevent piracy both using software and hardware solutions.

I hate to say it, we clutter our hard drives with way too much digital information. This may reduce the need for that new 3 terabyte hard drive. ;)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now