PHP Security Script

Status
Not open for further replies.
kjb1891

kjb1891

New member
Mar 12, 2007
216
1
0
I'm setting up a non-crappy-ebook Clickbank site and I 've got just about everything up and running except for the security script that they provide to protect the thank you page. I want to use the PHP script that they provide but they won't help me out with it at all for whatever reason.

I have only a limited amount of experience with PHP. So, I need a little help with it. What do I have to do with this script to get it to work?

- Do I have to put the <?php & ?> at the beginning and end?
- Where do I place the script at on the pages programming?
- Do I have to name the file .php?
- What else am I missing?

Here's the script they provide:
PHP: 
function cbValid()
{ $key='YOUR SECRET KEY';
  $rcpt=$_REQUEST['cbreceipt'];
  $time=$_REQUEST['time'];
  $item=$_REQUEST['item'];
  $cbpop=$_REQUEST['cbpop'];

  $xxpop=sha1("$key|$rcpt|$time|$item");
  $xxpop=strtoupper(substr($xxpop,0,8));

  if ($cbpop==$xxpop) return 1;
  else return 0;
}
Thanks for any help guys. I greatly appreciate it. :D
 


Hmm, it's only a function, which you need to actually CALL somewhere... First, replace the 'YOUR SECRET KEY' with the key they gave you. Then, insert the whole code into the desired webpage (along with the <?php and ?> tags). Based on configuration of your webserver, maybe you will need to make page ending with .php. Then, somewhere in your code, you will need to call this function - I guess it will be when you process the actual "transaction" (when someone buys the ebook?). If the function returns true, you will proceed with the transaction, and vice versa. Its hard to tell without actually seeing the page... Hope I helped at least a bit.
 
Houdas has sent you along the right path but, if you really are struggling with PHP you'll need to find out what it means to 'call a function'; you'll also need to know how to evaluate the value that is 'returned' by the function, and act accordingly. This isn't just a cut-and-paste job, unfortunately.

Read section I, III and IV of the PHP introduction at PHP: PHP Manual - Manual. This will take about an hour, but it will be an hour very well spent since you'll be able to solve these kind of problems by yourself in the future.
 
Thanks for the help.

Could I call on the function using onload at all? Or does that really only work with Javascript?
 
No, onLoad is a JavaScript handler and the function itself is PHP. You can't call PHP functions directly from JavaScript.

I'll agree with sleepylee - read some basics about PHP, learn how the principles work, and then it will all become clear.
 
  • Like
Reactions: kjb1891
Here's something very simple. You could try header redirects. So, if the user is a valid customer, you could send them to your download page or if they didn't successfully purchase your product, you could send them to an error page or something.
PHP: 
<?php
function cbValid()
{ $key='YOUR SECRET KEY';
  $rcpt=$_REQUEST['cbreceipt'];
  $time=$_REQUEST['time'];
  $item=$_REQUEST['item'];
  $cbpop=$_REQUEST['cbpop'];

  $xxpop=sha1("$key|$rcpt|$time|$item");
  $xxpop=strtoupper(substr($xxpop,0,8));

  if ($cbpop==$xxpop) return 1;
  else return 0;
} 

if(cbValid()) //They paid so send them to the download
  header("Location: http://www.YourDomain.com/DownloadPage.html");
else //They did not pay so send them to the error page
  header("Location: http://www.YourDomain.com/Error.html");
?>

Hope this works for ya.
 
Thanks Darin. That script looks good to me from what I know.

Should I replace the if/else part that you used instead of the if/else that ClickBank provided or should I keep that script as is except for the secret key part?

Also, I've been reading up on some PHP and still have a couple questions about it.

One, should this script go right into my thank you page's programming itself or should I save it as a seperate file/URL from the thank you page and call on the function script that way?

Second, what would be best to call the function() with? The fopen(), include(), require(), or some other type of PHP call?

Thanks once again for any help. :)
 
You should place the code I gave you as is at the top of the page where your Clickbank customers go to after ordering. Of course you'll need to change the secret key part as well as the redirect locations inside the header calls I gave you. You dont need to worry about calling the function. I already wrote the call inside the code I gave you. Basically, I just added the bottom 4 lines of code to the code you already supplied. The code I added simply called the cbValid function which checks to see if the purchase was valid. If it was valid (returns a 1), I call the header function and pass it the location to the download page (you need to change the URL for the download page). If it wasn't a valid purchased (returns a 0), I call the header function and pass it the location to the error page.

That should work for you.
 
  • Like
Reactions: kjb1891
OK, I got things working now. I used the following code in the script:
PHP: 
if(!cbvalid()) echo "ERROR LOADING PAGE - You Do Not Have Permission To Access This Page";
if(!cbValid()) die();

If the parameters aren't met then the page will just display the error message. If they are met then it just loads the rest of the page like normal.

Thanks for the guys. :bowdown:
 
That works too and is probably more secure as well. I would just change the code slightly to:
PHP: 
if(!cbvalid())
{
   echo "ERROR LOADING PAGE - You Do Not Have Permission To Access This Page";
   die(); 
}

This code would only call cbvalid() once and save a little bit of running time. Although this wouldn't make a huge difference, it's a good habit to try and call functions as few times as possible.
 
Status
Not open for further replies.
Top Bottom