+ Reply to Thread
Results 1 to 10 of 10

Thread: 'Thank you page' protect with session

  1. #1
    chillynov is offline Regular Babbler chillynov has no reputation at Website Babble yet.
    Join Date
    Sep 2008
    Posts
    38

    Default 'Thank you page' protect with session

    Hi Guys,

    I got this code that works by protecting your 'Thank you page' on say ClickBank. It can redirect the person to a specified page if the person didn't come from CB and as such hasn't purchased the product/service. Nice! However, someone can still copy/bookmark the whole URL after purchasing the product from CB and later visit the same URL to fill the order page/download the doc again.

    What i would like to find out is if this code could be manipulated in a way that the 'thank you' page could have a time that could expire upon the first visit. The session just times-out within like 30mins? Upon the first visit after purchasing and being forwarded to the 'Thank you' page, that URL/page expires like after 30mins or 1hr?

    Here is the code:
    Code:
    <?php // yourdeliverypage.php
    function cbValid()
    { $key='Your Secret Key';
      $rcpt=$_REQUEST['cbreceipt'];
      $time=$_REQUEST['time'];
      $item=$_REQUEST['item'];
      $cbpop=$_REQUEST['cbpop'];
    
      $xxpop=sha1("$key|$rcpt|$time|$item");
      $xxpop=strtoupper(substr($xxpop,0,8));
    
      if ($cbpop==$xxpop) return 1;
      else return 0;
    }
    if (!cbValid($rcpt, $time, $item, $cbpop)) {
    // redirect
    header ("Location: http://www.anyurlyouwant.com/");
    exit;
    }
    ?>
    Thanks for your help.
    Last edited by chillynov; 06-06-2009 at 12:45 PM.

  2. #2
    rodrico101 is offline Regular Babbler rodrico101 has more than the average amount of reputation points
    Join Date
    May 2009
    Location
    Cedar Rapids IA
    Posts
    88

    Default

    That's an awesome idea. I wish my php skills were up to that level to help you out!

    I use a service to do the same thing you are proposing. That way the "Thank you" page is encrypted on their website, not mine. Very inexpensive per month and it does not charge by the number of items I am selling.

    Rod

  3. #3
    chillynov is offline Regular Babbler chillynov has no reputation at Website Babble yet.
    Join Date
    Sep 2008
    Posts
    38

    Default

    Quote Originally Posted by rodrico101 View Post
    That's an awesome idea. I wish my php skills were up to that level to help you out!

    I use a service to do the same thing you are proposing. That way the "Thank you" page is encrypted on their website, not mine. Very inexpensive per month and it does not charge by the number of items I am selling.

    Rod
    Rod, what service is that?

  4. #4
    rodrico101 is offline Regular Babbler rodrico101 has more than the average amount of reputation points
    Join Date
    May 2009
    Location
    Cedar Rapids IA
    Posts
    88

    Default

    I use e-junkie.com
    It's like a whole $5 a month.

    You can use it with Clickbank products and also selling any other ebook type products. Their service will create the paypal button coed for you and your product.

    Rod

  5. #5
    Donk's Avatar
    Donk is offline Supreme Babbler Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points
    Join Date
    Jan 2009
    Location
    Kent UK
    Posts
    590

    Default

    Do you know what format the time is in and does it incude the date?

    If so you could check the current time and expiry period in seconds.

    PHP Code:
    <?php
    if (strotime($time) +60*30>time())
    {
    //redirect
    }
    else
    {
    //show page
    }

    ?>
    Regards

    Bob
    PHP Snippets PHP Captcha Code Resizable Html
    "A website with a thousand resources starts with a single page".
    "Don't fight the gator - clear the swamp"

  6. #6
    chillynov is offline Regular Babbler chillynov has no reputation at Website Babble yet.
    Join Date
    Sep 2008
    Posts
    38

    Default

    Hello Bob, The code looks promising. Thnx. I know the +60*30 represents time. Is it seconds or minutes?

    And pls, i would want the page to expire say after 30mins after the page is first displayed for the user. For eg. with reference to clickbank purchases, after the payment has been made(and authenticated), the customer is taken to the 'Thank you page' to fill a JOB CARD in my case.(The JOB CARD url will have all the encryption of the 'cbpop, time purchased, etc.) It is this encypted URL of the 'Thank you page' that i would want expire in certain minutes so that even when someone bookmarks/copies it and revisits it to try to re-order, it would have expired by then .

    So Bob, can the code you provided execute this function?

    Cheers in advance.

  7. #7
    Donk's Avatar
    Donk is offline Supreme Babbler Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points Donk is an elite member of WB with 1500+ reputation points
    Join Date
    Jan 2009
    Location
    Kent UK
    Posts
    590

    Default

    Sorry I didn't get back to you sooner but I've been busy.

    The time is in seconds so 60*30 represents thirty minutes.

    Another way would be to store $_SERVER['QUERY_STRING'] and the time of visit in a database and check the database to see if the user has already visited the page.

    Regards

    Bob
    PHP Snippets PHP Captcha Code Resizable Html
    "A website with a thousand resources starts with a single page".
    "Don't fight the gator - clear the swamp"

  8. #8
    William Wilson's Avatar
    William Wilson is offline Supreme Babbler William Wilson has more than the average amount of reputation points
    Join Date
    Feb 2009
    Location
    South Carolina
    Posts
    776

    Default Regarding your post

    Thanks for your post...and thanks for the code that you gave to us in that post...That is awesome...William Wilson

  9. #9
    Johnny's Avatar
    Johnny is offline Master Babbler Johnny has a rock solid WB reputation (over 200 points) Johnny has a rock solid WB reputation (over 200 points) Johnny has a rock solid WB reputation (over 200 points)
    Join Date
    Apr 2008
    Location
    Cleveland/ Columbus, Ohio
    Posts
    143

    Default

    First of all, you haven't really specified what your URLs look like here...

    PHP's $_REQUEST[] superglobal applies to both GETs and POSTs so it's hard to tell exactly what we're dealing with (although since the URL is bookmark-able, it's probably GET).

    Assuming this,

    As Donk suggested, using a database to store the unique query string identifier would definitely be the easiest solution here.

    If you don't have an extra DB table to spare, you'll probably have to resort to a little bit of raw ingenuity. Although cookies and sessions would work in theory, neither are secure or practical enough for this scenario.

    My best suggestion would be formatting the 'Thank You' page url as such:

    Code:
                                                unique     unix time
                                                key        (10 digits)
    http://yoursite.com/thank-you.php?cbreceipt=1234abcd_1244577730
    This way, the URL your customers are visiting actually contains the time it was created, but they won't even realize it (this way it can't be manipulated like a cookie could be).

    When you perform your time check, you could just do something like this:

    PHP Code:
    <?php
    $receipt 
    $_GET['cbreceipt'];
    $parts explode('_'$receipt);
    $rcpt $parts[0// <-- $rcpt is from original script
    $created $parts[1// <-- time the link receipt was created
    ?>
    Then you could just take the '$created' value and compare it to the current 'time()' value, just as Donk suggested.
    Last edited by Johnny; 06-09-2009 at 02:14 PM.

  10. #10
    chillynov is offline Regular Babbler chillynov has no reputation at Website Babble yet.
    Join Date
    Sep 2008
    Posts
    38

    Default

    Bob and Jonny, u both are brilliant! Thanks a bunch! I have a problem with the code:
    Code:
    <?php
    if (strotime($time) +60*30>time())
    {
    //redirect
    }
    else
    {
    //show page
    }
    
    ?>
    . When i implemented it, and made a test purchase at clickbank, instead of being re-directed to the 'Thank you page it normally does without the above code, it rather parsed an error code to me:
    Code:
    Fatal error: Call to undefined function strotime() in /home/africannia/public_html/mywebsite.com/order1.php on line 23

    However, after changing the (strotime($time) to (strtotime($time), it redirected me to the 'Thank you page' alright but the URL did not expire after the 30mins. When i refreshed it, it stiil worked. when i bookmarked the URL and re-visited it after 30mins, it still worked.

    What could be the problem?


    BTW, am gonna try the database thing also and report back. Again!
    Last edited by chillynov; 06-10-2009 at 02:15 AM.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts