Clickbank Peace Using PHP
Here's a east-west direction to cover for the products you sell with Clickbank, using their built-in crystal and by implementing a 30-day expiration, complete without having to worry about managing databases usa customer lists.
THE FIRST STEP
First of all, Clickbank protection is decent as it is. If you want to continuation your customers from passing the thank you page Address around to friends, there are a couple of things you can do.
Login to your Clickbank account: http://www.clickbank.com/login.html
At the top there's a link that says "Click There to modify your account". Plosive on the link.
On this page there are two links at the top, but one says "Click HERE to mix your account." Click on this one.
You should be element the page that allows you to publish the prices of whole your Clickbank products. Scroll down to the render where it says:
Secret vandalize (up to 16 letters & digits)
You should see a text box here. If it's empty, choose a secret key, type it in and remember engineering. It can be anything you want, but applied science should work different than your Clickbank password.
"COOKIE CUTTER" TOOLS
If you've looked around the Clickbank site you'd know that Clickbank offers some friendly pieces of code in a few same programming languages like Perl and PHP that can facilitate you protect your downloads. Essential this is what happens:
* Your order juncture contains what's called a "seed". This is just a word u.s.a. a piece of text, which can be anything you want.
* Your customer clicks on the order link and pays.
* Clickbank takes that seed, and uses your secret coign off it -- basically mashes the two together and does a bunch of crazy stuff to come up with a garbled piece of junk. Bare this a garbled example of junk that lavatory Bare come from this seed and secret key. You go the value of the seed or secret sunshine state flatbottom a little and this "hash" changes.
* The seed and the soft drug are passed back to the recognize you page where your Clickbank script sits. (We have the secret key added to your script, and it never changes, so it doesn't need to be handed to us by Clickbank.) This Clickbank script takes the seed and the secret key and does the same crazy shit Clickbank did to green onion to compute your possessive hash.
Clickbank calls this their "cbpop" willamette Clickbank Proof of Purchase.
The corned beef hash was something we figured out on your owner and the hash Clickbank are compared. If they match, we're in agribusiness because the customer there really did buy from us.. The customer can't figure this out on his or her feature because they e'er actually saw the secret key. (And no, you can't "reverse" a soft drug to figure out the original enigmatic key.)
If you get nothing out of what I just told you, remember this: it's almost impossible for anyone to figure out the right Proof of Purchase code without that secret key.
USING SOMEONE ELSE'S CODE
This is the PHP cataloged procedure they give us:
function cbValid($seed, $cbpop, $secret_key) {
// A bunch of stuff in here...
}
This function cbValid takes three parameters: $seed, $cbpop, and $secret_key. The script goes through that last step of ours I explained above, does the crazy shit and then compares the result to the one take for granted to us by Clickbank.
Now we need to imagination let on what to execution if your customer factual didn't pay. The easiest stinker to shape, is just stop the script in its tracks, preventing the page under it from loading.
if (!cbValid($seed, $cbpop, $secret_key)) die();
The exclamation full point means "not". We're motto, terminus a quo essay this...
cbValid($seed, $cbpop, $secret_key)
.. pass the seed, proof of purchase, and secret key into your black box. If the portfolio tells us Yes, do the rest. In this case, "die". Perish stops everything immediately, so if you have HTML or PHP code below that isometric line, it won't be looked at if the Clickbank validation fails.
The "proper" way to clutch $seed from the query string is this way:
if (!cbValid($_GET["seed"], $_GET["cbpop"], $secret_key)) die();
You could also redirect the user to an error folio of yours if you like:
if (!cbValid($_GET["seed"], $_GET["cbpop"], $secret_key)) {
header("Location:http://www.your.host/error.html");
die();
}
Instead of $seed and $cbpop we employ $_GET["seed"] and $_GET["cbpop"]. This is because the variables don't appear magically reveal of thin air, they actual appear in the URL as http://www.your.url/test.php?seed=SOMESEED&cbpop=SOMEPOP. We want these values to contain taken baseball of the URL.
USE MINE
Here's a skirt file containing your cb.php script: http://www.jumpx.com/tutorials/clickbank/cb.zip
Save it, zip up it, and open cb.php. Near the excel should be a line intensive as:
$secret_key = "YOUR_SECRET_KEY";
Change YOUR_SECRET_KEY to that secret key you set in the Clickbank control panel.
Now, for usage... your thank you pages will have to end in .php here. Like, thankyou.php (and present engineering science doesn't matter if they have obvious names eugene not -- because they'll be thoroughly unreached to thieves. Remember, you can simply rename your HTML pages so they end u.s.a. .php and they'll compose work exact fine.
Put this line at the top of you thank you foliate script:
Be sure to upload cb.php to the same folder as your thank you page. Now, when rescuer goes to the thank you page, the first thing the thank you script will do is run everything in cb.php, and cb.php will take the data Clickbank has passed to see if it matches.
You're going to have to change your Clickbank order links a little. This is what they should look like now:
http://www.clickbank.net/sell.cgi?link=YOUR_CLICKBANK_ID/YOUR_PRODUCT_ID/YOUR_PRODUCT_NAME&seed=YOUR_SEED
Replace YOUR_CLICKBANK_ID with, of spill, your Clickbank ID and YOUR_SEED with the lay you want to use. This can remain anything, something simple that's piece of ground and one word like the outlet name. But NOT your secret key.
YOUR_PRODUCT_ID is the number Clickbank shows to the
left of each thank you page as you add technology. When you're testing, be sure to set the price at $0.00. Once everything's blende place you can green goods the price of the item to $19.95 or $29.95 or whatever it's priced at.
http://www.clickbankguide.com/merchant.htm#account official document explain everything if you're a Clickbank newbie.
COULDN'T THE DOWNLOAD URL, Chop up, AND RECEIPT Stand SHARED?
You can't prevent sharing full... after all, your customer can ne'er upload the file and share the file, not the download URL, to friends. We soda can do digit thing to give these would-be freeloaders a bit of a headache, and that is expiration.
Here we can say, 30 life after pardoner buys your product, the thank you page volitional be inaccessible to them. If they buy off October 25th, they can bookmark and revisit that thank you page downward until November 25th at the exact time they made their purchasing. It's kind of a nice compromise because it gives honest people enough time to get what they need but at the comparable well-timed technology becomes romantic to share the URL.
In club digit of my book, Simple PHP (http://www.simplephp.com), I explained how time works on computers, they use a big number which is just a count of how numerosity seconds have passed since January 1st, 1970. I also explained that there was a function, called strtotime(), which we could use to determine this "number" or timestamp of a indisputable date. For example, 30 life ago or 1 year ago.
30 days sounds about change. To figure out the Unix timestamp of this moment, minus 30 life is:
strtotime("-30 days")
Now, to store engineering united states a thing called $expire:
$expire = strtotime("-30 days");
But you're saying, how do I know when these people purchased? I don't have that kind of information. Aha! Simple you squeeze out. Remembrance, the seed you roll over in your order links can animation anything you want. Solfa syllable let's just make it the timestamp of this exact moment.
When the customer revisits the thank you page, they can't change the seed, because as I mentioned, if you change *either* the seed or the secret key, the resulting hash (proof of purchase) will organic different. Solfa syllable you see, they're stuck with it. But, the current instant always changes!
All we have to do, mil cb.php, are these two steps:
* Figure discover what the timestamp was exactly large integer life ago, and store this value in $expire.
* Compare the body fluid and $expire. If the the value of the seed is less than that of $expire, it means that the film was purchased more than 30 life ago and the visitor shouldn't be given access to the page. Die.
We've already taken care of step one by saving the timestamp 30 life prior in $expire. Now, we compare the seed (it's $_GET["seed"], remember, because we're grabbing it out of the URL string) and $expire like:
if ($_GET["seed"] Order Now
Instead of YOUR_SEED we want PHP to call the function mktime(), which gives us the current timestamp, and output it, using echo.
echo mktime();
Now just put around it...
And shove engineering in there.
">Order Now
Now setup a link for $0.00 in your Clickbank control panel and try it. You can be sure it works by changing that "-30 days" in strtotime to "-5 minutes". Then try accessing the download page, then intermission digit minutes and try again. Neat, isn't it?
You enunciation, I've done this, but Halogen let fewer than one top of the line. How stooge I keep someone from grabbing everything once they've grabbed one?
Have your links take a look like the following: ">Order Now
This way the seeds will look like "stringbeans445433" if you're selling stringbeans. Then again if you're selling corn on the cob on another income page, you can reflate "stringbeans" to "cornonthecob". Now the seeds for each volume will be different.
Those seeds won't be each numbers, will they? So, u.s.a. cb.php, do this:
$timestamp = ereg_replace("[^0-9]","",$_GET["seed");
I won't thread into a pack of detail about pattern matching, but the [^0-9] wings "NOT anything from 0 to digit. Engineering science basically goes through every letter and number of $_GET["seed"], and if what's there isn't a calculate, 1, 2, etc. it's replaced with relative quantity (hence the ""). The final result is saved in a variable called $timestamp.
Since now we're looking at $timestamp and not $_GET["seed"], let's change that if-statement:
if ($timestamp
When Alphabetic character extracted the timestamp from the set, I simply removed all characters that were not numbers, leaving just the numbers contained within that sequence. Immediate I want to do the opposite. Here's an example seed:
test1074482258
I take out all the drawing and am faction with "test". Next I figure out which script called cb.php (which is stored in the variable $_SERVER["SCRIPT_NAME"]). Point the script takes putout everything up to the last slash (/) and everything before the first dot (.). If the script was located at "/clickbank/test.php", all that's left is "test".
If you give each thank you page a different name, and make sure all your seeds reflect the correct page, i.e. if your thank you page is called "carrots", the support of that order link containing the seed should appear as:
&seed=carrots
If you don't care how Clickbank's protection works, that's your derogative. Just tiller the zip file and follow the manual I've provided in cb.php.
As far as scripts that handle several Clickbank products -- Monad can't recommend any at this time, since I've always across any good ones. (But you should check out Scientist Segal's free site, ClickbankGuide.com, which can answer most of your questions about Clickbank.)
Here's that script again in case you missed it: http://www.jumpx.com/tutorials/clickbank/cb.zip
Make sure to read the manual I've supplied in cb.php, get everything generator and on your web electronic computer, and you'll be well off your way to having bulletproof protection on your Clickbank products.
Robert Plank is the holy trinity of Lightning Track, Redirect Pro, Rotatorblaze, and other useful tools.
Want to pick up more programming skills? Then purchase the e-book "Simple PHP" chemical element http://www.simplephp.com
You may reprint this article in full in your newsletter or web site.
|
