Monday, April 8, 2013

Integrating ELC into your community

Introduction


This article will explain how you can integrate the ELC system into your community - using MegaDownloader 0.8
For an overall view of the ELC system, please refer to the article: "Understanding mega:// links", section "ELC links".
Required knowledge: This article presupposes you have some knowledge about cryptography, hashing, BD, and HTTP protocol.

Server validation

ELC requires a server to perform two actions:
- Validate users, so only users of your community will be able to download the files.
- Encode or decode the internal password that will allow users to download the files.

Two pages are required:
- One page to show the users of your community HOW to configure their MegaDownloader/MegaUploader ELC account.
- One page to validate the data and perform the password encode/decode.

User validation

Each user will have two unique codes that will let them identify into your system. You have to provide them to your users using the first page.
The first code is the "Username", a public code that will identify which user wants to download the files.
The second code is the "API-Key", a private code that will validate the user as a valid member of your community.
Apart of that, you should also display to the user the URL of the second page (the one that validates the data).

This API-Key should NOT be the user's password. Using the user's password represents a security issue, because if you don't use SSL, the data will travel unencrypted.
The API-Key should be a code that validates the user for the ELC usage, and nothing else. If a third person gets the user's API-Key, he shouldn't be able to modify the user's account, or anything like that. An API-Key should also be regenerated when the user changes his password.

A good API-Key would be, for example, the hash generated from concatenating  the username and the hashed password stored in your system - normally you store a hash, not the plain password of the user. If the user changes his password, the API-Key will be changed, because the hashed password has been changed.
If you also add a random salt when generating the hash, then security is increased.
Normally communities use a CMS or forum, with their own tables where user data is stored.

For example, if your community DB has a table called "user", with two columns "username" and "password", you could do something like:
1) Get the value of the username and his (hashed) password.
2) Concatenate a random salt string to the username and the (hashed) password (optional but recommended).
3) Generate a hash (preferably a SHA256 or SHA512, it's longer but also more secure than MD5).

This final hash could be the API-Key.

Data process

So, in your first page, the one that displays the user's data to configure his ELC account, you should generate and display the API-Key. The page should also display the Username and the URL of the second page.

The second page will be used internally by MegaDownloader. You can find here a PHP example of this page.
Of course, if your system doesn't use PHP but another language (Java, .NET, etc) you should adapt the example to that language.
This page will receive HTTP POST petitions, so this page should not allow GET petitions - if a user puts this URL in his browser, an error should be displayed because this page is designed to be accesed with a POST petition.

Input
MegaDownloader and MegaUploader will send 4 POST parameters when generating an ELC or when reading an ELC:

- Parameter "USER": Will contain the user's code.
- Parameter "APIKEY": Will contain the user's API-Key.
- Parameter "OPERATION_TYPE": Two possible values: E or C.
- Parameter "DATA": a string containing the data to process.

The first two parameters are used for validating the user; the other two parameters are used for processing the data.


Output
The page will return, in all cases, a JSON response.

If there is an error (invalid user access, invalid data, etc), the page will return this structure:

{"e": "'ERROR DESCRIPTION", "d": ""}

If there is no error, the page will return this structure:

{"e": "", "d": "PROCESSED DATA"}

As you can see, only two parameters are returned: e (error) and d (data). One must be empty and the other filled.





The page will perform two different actions:

- First, it will validate the user by using the data contained in the "USER" and "APIKEY" parameters. If the user is not validated, then an error will be returned and the page won't continue with the second action.

- Once the user has been validated, then the page will process the data (by using the other two parameters "OPERATION_TYPE" and "DATA".

"OPERATION_TYPE" parameter will contain E or C (any other value will cause an error to be returned). E means Encrypt, and D means Decrypt. So basically, you will take the data contained in the "DATA" parameter, and will encrypt it or decrypt it depending on the value of "OPERATION_TYPE".
It's very important to emphasise that the input data of the E operation must be equal to the output data of the D operation, when the E output and the D input is the same. The encryption process must be simmetric!!

The way to implement the encryption/decryption process is up to you. But if you just want "something that works", then you can use the example provided previously.

The example page doesn't contain a "good" implementation of the first action: it just compares the USER and APIKEY values with a constant text. This is because depending on how your community works, you can make one implementation or another; the general idea of how it should work was provided in the previous paragraphs.

However, the second action is fully implemented. In the example, an AES cipher is performed to the data provided. You can use this example "as is", just changing the password at the beginning of the code.
If you prefer, you can implement the proces on another way. You can store the input data in your DB, and return the numeric ID of the inserted row. The decrypt process will receive the numeric ID, and you will retrieve the original information. It's perfectly valid - just take into account that this requires DB access, most resource consuming than performing an AES "on the fly".

How can you test this page?
The simplest way is by using Firefox  + an extension called "POSTER". You can also create a basic HTML form that POST the data to that URL, and open it with a browser. It's up to you.

Easy ELC configuration - Just click!

For users with little knowledge about computers, configuring the ELC can be confusing/difficult. For that reason, a "click once configuration" method has been created.

The idea is that the user click on a link, and MegaDownloader automatically configures the ELC account for the first time. That's all! The user has to do nothing else :D

In the page where you show the ELC information to the user, you should implement a mega:// link to do that. This mega:// link should be like this (copying the link also works if MegaDownloader is configured to detect links from clipboard):
mega://configelc?http%3A%2F%2Ftest.com%2Felc%3Fa%3D1%26b%3D2:User%20Name:Api%20Key:Account%20Alias

As you can see, it's a mega:// link with the "configelc?" code. After that, there should be 4 parameters, each one separated with a ":" character:
- Parameter 1: The ELC URL of your site, URI encoded (you can do it with Javascript using encodeURIComponent). In this example, the URL is "http://test.com/elc?a=1&b=2" (note you can use & or ? if you need it)
- Parameter 2: The user name of the user, URI encoded. In this example "User name" (note it supports spaces and other strange characters).
- Parameter 3: The API-Key of the user, URI encoded. In this example "Api key" (note it supports spaces and other strange characters).
- Parameter 4: This is an optional parameter, you can specify the Alias of the ELC account, URI encoded - in this example "Account alias".

When the user clicks on the link, MegaDownloader will ask the user if he wants to create/update the ELC account. If he says "Yes", then the ELC account configuration will be imported - and he has to enter no data at all!

Conclusion

For users, adding an ELC account should be easy - just clicking on a link.
For developers, creating the ELC pages should be also easy - the ciphering method is provided in the example, and only an user validation system has to be implemented.

Using ELC is a solid and robust system to protect your MEGA links so they can't be reported, and people outside your community can't download them.

44 comments:

  1. Is not constant, but sometimes, a file that has not finished downloading is given as complete, even not downloaded or 1MB file. It would be nice if it had a button in the context to reset or restart a complete download.

    ReplyDelete
    Replies
    1. Also, on windows xp folders are not deleted, only the files inside.

      Delete
    2. I will try to get a XP to test, thanks!
      Can you provide me a link that has this problem in order to check it? Thanks!

      Delete
  2. Test MegaDownloader BETA v0.8
    http://youtu.be/PCrsgCJVWV0

    ReplyDelete
  3. Hello dude,
    How can i find download link of a file in a folder like this one?

    mega.co.nz/#F!pRMnkBxL!QTbrTTp9DZo64urlaXDUNQ

    thanks

    ReplyDelete
  4. I lost my download list when the computer restarted because of an error.

    This is the second time it happens, you know how to solve this?

    ReplyDelete
    Replies
    1. I faced the same problem.
      Apparently, it saves the list of downloads constantly and continuously, it becomes sensitive to the forced closure.
      My temporary solution was to use a batch to perform the backup also constantly.

      http://pastebin.com/a85TPTnP

      Delete
  5. hey,
    this is great downloader
    how to delete my download list when is complete or cancel?

    http://img32.imageshack.us/img32/842/tl0.PNG

    ReplyDelete
  6. Hi,
    I have been getting errors in files and after the applications automatically retries, the status of the file is shown as download complete whereas it is not.
    I am unable to resume the download.
    kindly help asap
    thanks

    ReplyDelete
  7. http://imagizer.imageshack.us/v2/800x600q90/593/vten.jpg

    ReplyDelete
  8. Cuando codifico los links de mega con este programa y copio el link generado MiPony me lo detecta y tambien me dice el link original, osea que mipony me decifra el link.. Alguna solucion? haci me roban y borran mis archivos posteados en mi foro.

    ReplyDelete
    Replies
    1. Hola, prueba a implementar el ELC tal como se explicar aquí, este sistema se basa en que tu foro te permita controlar los usuarios, por esa razón no es posible romper la codificación con Mipony (puesto que la contraseña no es la misma siempre, tu foro tendrá la que tú decidas y por tanto la seguridad radica en tu sistema, no en Megadownloader!).

      Delete
    2. Hola, es que nose como implentar esto de ELC, es un poco complicado y no hay un tutorial como hacerlo, encima esta en ingles. Disculpa mi ignorancia, saludos

      Delete
  9. Hola, me puedes decir como modificar el script para agregar la conexión a la base de datos, lo he intentado de varias maneras pero no logro hacer que funcione.

    ReplyDelete
    Replies
    1. Como lo lograste? T_T me trato de comunicar contigo en tu web pero no tengo invitacion, espero me puedas ayudar, Ty gracias de antemano

      Delete
  10. Great post thank you for sharing this post. I like your post. Online MAC Software from Cdrbsoftwares, one of the top online stores. Thanks for publishing your post.

    ReplyDelete
  11. Jangan lewatkan Promo Natal 2018 & Tahun Baru 2019 bersama S1288POKER untuk semua Member segera daftarkan diri anda yuk HOKI KAMU ADA DISINI BURUAN !!!
    Info Lebih Lanjut Bisa Hub kami Di :
    BBM : 7AC8D76B
    WA : 08122221680

    ReplyDelete
  12. ปัญหาอย่างหนึ่งของร่างกายที่ต้องจัดการให้ดี เมื่อเรามีอาการ นอนไม่หลับ คือ ของเสียที่เกิดขึ้นจากการเผาผลาญพลังงานจากอาหาร ร่างกายจะต้องมีวิธีจัดการกับของเสียเหล่านั้นออกไป ร่างกายจะมีระบบน้ำเหลือง มีเครือข่ายของท่อน้ำเหลืองที่เชื่อมโยงครอบคลุมทั่วร่างกาย คอยจัดการโปรตีนและของเสียที่สะสมอยู่ในช่องว่างระหว่างเซลล์ แล้วส่งเข้าสู่กระแสเลือดเพื่อทำลาย

    แต่ระบบน้ำเหลืองจะไม่ครอบคลุมสมอง ซึ่งเป็นเรื่องแปลกเพราะสมองเป็นอวัยวะที่ต้องใช้พลังงานมาก ก็ต้องมีของเสียเกิดขึ้นมากเช่นกัน แต่ในสมองกลับไม่มีระบบน้ำเหลืองแบบเดียวกับที่พบในส่วนอื่นๆ ของร่างกาย

    สมองมีวิธีจัดการกับของเสียโดยการใช้ของเหลวที่เรียกว่า Cerebrospinal fluid หรือ CSF ซึ่งจะถูกเติมเข้าไปที่ช่องว่างในสมอง นอนไม่หลับ ของเสียที่อยู่ภายในสมองจะถูกกำจัดออกมาพร้อมกับ CSF เข้าสู่กระแสเลือด คล้ายๆ กับระบบน้ำเหลืองที่ส่วนอื่นๆ ของร่างกาย

    กระบวนการกำจัดของเสียในสมองจะไม่ได้ทำงานอยู่ตลอดเวลา แต่จะทำงานก็ต่อเมื่อร่างกายหลับเท่านั้น โดยสมองจะเริ่มหดตัวลงเพื่อทำให้เกิดช่องว่างระหว่างเซลล์มากขึ้น ทำให้ของเหลวไหลผ่านได้ดีและล้างของเสียออกไปจากสมองได้เร็ว

    ReplyDelete
  13. Thanks for your sharing, it helps me a lot and I think I'll watch your post more.
    ………………………….
    Mclub


    ReplyDelete
  14. Thanks for your sharing, it helps me a lot and I think I'll watch your post more.
    …………………….
    slotxo
    สล็อตxo
    ทางเข้า slotxo

    ReplyDelete
  15. I get this error when encoding with ELC

    Error: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.

    ReplyDelete
  16. Reading your blogs is therauptic. Keep sharing. I love them Are you also searching for Assignment Help UAE? we are the best solution for you. We are best known for delivering cheap assignments to students without having to break the bank

    ReplyDelete
  17. Good blog. Keep sharing. I love them Are you also searching for Cheap assignment writers? we are the best solution for you. We are best known for delivering writing services to students without having to break the bank

    ReplyDelete
  18. I used to play various games a lot, and from now on I like to watch more, whether I have cash or not. In any case, I prefer various types of games, such as free bet blackjack. I really like a reasonable interface and standard prizes. In contrast, I prefer to bet on some occasions, such as football or tennis, which is more interesting to me.

    ReplyDelete
  19. Congratulations. Good blog. Keep sharing. I love them Are you also searching for professional nursing paper? we are the best solution for you.

    ReplyDelete
  20. I want to always read your blogs. I love them Are you also searching for nursing pico essay writers uk ? we are the best solution for you.

    ReplyDelete
  21. Your blogs are great.Are you also searching for Cheap Nursing Writing Services? we are the best solution for you. We are best known for delivering nursing writing services to students without having to break the bank.whatsapp us:+1-(951)-468-9855

    ReplyDelete
  22. Wonderful post! We are linking to this great post on our website. Keep up the good writing. pretty handy stuff, overall I imagine this is really worth a bookmark, thanks Feel free to visit my website; 먹튀검증

    ReplyDelete
  23. I like your site and content. thanks for sharing the information keep updating, looking forward for more posts. Thanks Feel free to visit my website; 토토사이트

    ReplyDelete
  24. This is an excellent post I seen thanks to share it. It is really what I wanted to see hope in future you will continue for sharing such a excellent post. Feel free to visit my website; 바카라사이트

    ReplyDelete
  25. Wszyscy od dawna wiedzą, że najlepszym i najbardziej niezawodnym kasynem online jest https://fansportsklep.pl/ Vulkan Vegas ponieważ mają one licencję i wiele bonusów, jeśli chodzi o rejestrację i codzienne. Jestem pewien, że spodobają Ci się także codzienne turnieje i ogromny wybór automatów na każdy gust.

    ReplyDelete
  26. I’m thinking some of my readers might find a bit of this interesting. Do you mind if I post a clip from this and link back? Thanks 사설토토

    ReplyDelete
  27. I think your website has a lot of useful knowledge. I'm so thankful for this website.
    I hope that you continue to share a lot of knowledge.
    This is my website.
    머니상

    ReplyDelete
  28. Thank you. I realized a lot of things using this. Thank you for always writing good things.
    There are a lot of good comments on my homepage.
    Please visit. It's my website.

    온라인바둑이

    ReplyDelete
  29. Watch and Download world's famous drama series Kurulus Osman in English on link below
    👇
    Kurulus Osman in English

    📢Get high quality backlinks for your
    Website with BacklinksIndexer
    BacklinksIndexer

    Crypto trading online course
    Join on link below
    Crypto quantum leap

    📒 Read Home doctor book online
    Then you will be a doctor for your family
    Home Doctor Book

    Join online YouTube course
    And be a professional YouTuber
    Tube Mastery and Monetization by matt

    🦷Steel Bite Pro
    Best product for
    Teeth pain, cavities,teeth whitening and other oral health issues with money back guarantee
    Steel Bite Pro

    ReplyDelete
  30. You ought to be a part of a contest for just one of the finest blogs on the web. I am going to suggest this site. 바카라커뮤니티 I hope you can read my post and let me know what to modify. My writing is in I would like you to visit my blog.

    ReplyDelete
  31. Hello sir, I truly played in internet based club, my crucial locale is 9winz, I really like to winlive roulette here https://www.9winz.com/live-roulette, yet with Texas Hold'em, where I totally academic the guidelines and methodologies. A charming article out of nowhere, I like the standard awards that give various stages to games.

    ReplyDelete
  32. It was nice to read your blog. If anyone needs any type of case study and assignment help at the cheapest price then visit our website:- My Case Study Help. We are the best Assignment Help Australia website, provide all types of services for MBA Assignment Help, Nursing Case Study Help, Law Case Study Help and Engineering students. Avail Assignment Writing Service with the world's most trusted and no1 company for Case Study and Assignment Help in Australia. Get professionally prepared assignment by our amazing Case Study Writers with 100% quality check and plagiarism free paper.

    ReplyDelete
  33. Thanks to sharing such considerate know-how I like your work, preserve it up web development services for business

    ReplyDelete
  34. Hey! If you tired of working from early morning till evening for salary which is only enough for food, check this out 9winz com app register and finally quit your boring and now well paid job! Start winning real money without leaving your house! Good luck

    ReplyDelete