ClickBank transactions can be difficult to keep secure, hiding your affiliate links and keeping your download directory secret. But, with PHP (which most hosting sites provide) that can be easy. I’m not going to discuss the securities available with the .htaccess file here. Just a simple way to use PHP to secure your transactions.
PHP is a relatively simple programming language that has some powerful features. The first of which is its “Server side” processing. Server side processing means that the HTML pages that are produced by the code are created at the remote server. This means that the code to produce the page is never seen by the end user, only what results from the process. This intrinsic property makes PHP the perfect tool for securing your ClickBank transactions.
First, ClickBank uses an open URL affiliate link, which gives users the ability to insert their own affiliate, or a friends, ID in the link before processing. Thereby stealing the commission that would normally go to you. Secondly, as the provider of the product being sold, you have a vested interest in keeping your products safe from theft. ClickBank provides an encryption based solution to validate the purchase process, but this process does not keep the download link safe from the purchaser, or anyone that makes the effort to discover your “Thank you” page…that page which allows the purchaser to obtain the product.
Now, let’s get down to brass tacks. The first method I’ll show you is how to protect your affiliate link. All that’s required is a one page, one line, PHP page. As you can see below, the page contains only one line and is used in your href on the page you use to direct traffic to ClickBank for the purchase of your promotional item.
<?php header(“Location: http://affID.pubID.hop.clickbank.net”); ?>
The affID and pubID are not actual ID’s, of course. But, the above line, used in a PHP page will provide a hidden link to your affiliate sale on ClickBank. Used in your Promotional page, this method will effectively hide the IDs from modification prior to use. Simply use the PHP page in the link you provide on your pages, as shown below (assuming the PHP page is called affiliate.php)
a href=”affiliate.php” target=”_blank”
That done, let’s get on to the security of the purchase process. This will require some additional PHP coding to include all the optional methods that you may desire. Such as, including the purchaser in your Autoresponder program or database, sending follow-up eMails or including the purchaser in a “Preferred Customer” program. These can be included, but this example doesn’t go to that length.
First, let’s look at what ClickBank provides for its verification process. Below, you’ll see the parameters ClickBank provides to validate the purchase process:
ClickBank receipt number (cbreceipt)
Epoch time of the order (time & seconds)
ClickBank item number (item)
ClickBank proof of purchase (cbpop)
Customer name (cname)
Customer e-mail (cemail)
Customer zip (czip)
Customer country (ccountry)
Affiliate nickname (cbaffi)
Vendor variables (up to 128 characters)
These values are passed back to your “Thank you” page, or the page you provide to receive the return transaction. As well, the “Vendor variables” can be used to return the product name, if you are selling more than one product. The example I show includes the ability to inject the product name according to the Item number, so it’s not necessary to pass the product name through the payment process.
The code below begins with a modified version of ClickBank’s provided validation function and is included in the PHP page, so it’s not necessary to create an “Include” page to embody it separately or to “Request” the passed values inside the function (as is the method suggested by ClickBank).
First is the cbvalid function where your transaction is verified. Next is a segment to destroy any prior cookie values. Then comes the code to gather and process the values provided by ClickBank in the return from the purchase. In this segment you would include your “Secret Key” where “YOURSECRETKEY” is located. And finally, where “YOURTHANKYOUPAGE” is located would be your PHP Thank You page. Notice that the parameters passed in this href do not include the “cbpop” value, that is obtained from the cookie values stored previously.
=====================Begin page==================
<?php
function cbValid($skey, $rcpt, $time, $item, $cbpo)
{ $xxpop=sha1(“$skey|$rcpt|$time|$item”);
$xxpop=strtoupper(substr($xxpop,0,8));
if ($cbpo==$xxpop) return 1;
else return 0;
}
if (isset($_COOKIE[‘receipt’])) {setcookie(“receipt”, “”, time()-3600);};
if (isset($_COOKIE[‘time’])) {setcookie(“time”, “”, time()-3600);};
if (isset($_COOKIE[‘item’])) {setcookie(“item”, “”, time()-3600);};
if (isset($_COOKIE[‘proofop’])) {setcookie(“proofop”, “”, time()-3600);};
if (isset($_GET)) {
if (isset($_REQUEST[‘cbreceipt’]) && isset($_REQUEST[‘time’]) && isset($_REQUEST[‘item’])) {
$skey = “YOURSECRETKEY”;
$rcpt = $_REQUEST[‘cbreceipt’];
$time = $_REQUEST[‘time’];
$item = $_REQUEST[‘item’];
$cbpo = $_REQUEST[‘cbpop’];
$cbna = $_REQUEST[‘cname’];
$cbem = $_REQUEST[‘cemail’];
$cbzp = $_REQUEST[‘czip’];
$cnty = $_REQUEST[‘ccountry’];
$affi = $_REQUEST[‘cbaffi’];
$dtal = $_REQUEST[‘detail’];
if (!isset($dtal)) {
if ($item==’1′) {$dtal=”Product1″;};
if ($item==’2′) {$dtal=”Product2″;};
if ($item==’3′) {$dtal=”Product3″;};
if ($item==’4′) {$dtal=”Product4″;};
if ($item==’5′) {$dtal=”Product5″;};
}
if (cbValid($skey, $rcpt, $time, $item, $cbpo)==1) {
setcookie(“receipt”, $rcpt, time()+3600);
setcookie(“time”, $time, time()+3600);
setcookie(“item”, $item, time()+3600);
setcookie(“proofop”, $cbpo, time()+3600);
$cbna=str_replace(” “,”+”,$cbna);
header(‘Location: YOURTHANKYOUPAGE.php?item=’ . $item . ‘&dtal=’ . $dtal . ‘&cbna=’ . $cbna . ‘&rcpt=’ . $rcpt);
}
} else echo ‘NOPE (someone is trying to fool your system)’;
} else echo ‘NOPE, (someone is trying to fool your system)’;
exit;
?>
==================End Page=================
Next is the Thank You page. This page may be created as you wish, and is included here only as an example of how to provide a page to allow the purchaser to click a Download button. The important part is located in the line: “href=”DOWNLOADPAGE.php?item=$item””. This line directs the purchaser to your download, through a hidden PHP link. You should replace DOWNLOADPAGE with your actual page name.
=====================Begin page==================
<?php
$item=$_REQUEST[‘item’];
$dtal=$_REQUEST[‘dtal’];
$cbna=$_REQUEST[‘cbna’];
$rcpt=$_REQUEST[‘rcpt’];
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<script>
if(self!=top) { url=self.location.href;
if(document.images) { top.location.replace(url); }
else { top.location.href=url; } }
else { self.focus(); }
</script>
<?php echo ‘<title>’ . $dtal . ‘ Sales Page</title>’ ?>
<style type=”text/css”>
<!–
body {
font: 100% Verdana, Arial, Helvetica, sans-serif;
background: #666666;
margin: 0;
padding: 0;
text-align: center;
color: #000000;
}
.oneColElsCtrHdr #container {
width: 46em
background: #FFFFFF;
margin: 0 auto
border: 1px solid #000000;
text-align: left
}
.oneColElsCtrHdr #header {
background: #FF01FF;
padding: 0 10px 0 20px
text-align: center;
}
.oneColElsCtrHdr #header h1 {
margin: 0;
padding: 10px 0;
}
.oneColElsCtrHdr #mainContent {
padding: 0 20px;
background: #FFFFFF;
}
.oneColElsCtrHdr #footer {
padding: 0 10px;
background:#FF01FF;
}
.oneColElsCtrHdr #footer p {
margin: 0
padding: 10px 0;}
–>
</style>
</head>
<body class=”oneColElsCtrHdr”>
<div id=”container”>
<div id=”header”> <?php echo ‘<h1>’ . $dtal . ‘</h1>’ ?>
<!– end #header –>
</div>
<div id=”mainContent”> <?php echo ‘<h1>Thank you ‘ . $cbna . ‘ for Purchasing ‘ . $dtal . ‘!</h1>’ ?>
<p>You’ve been directed to this page so you can download your purchase. To complete your transaction, please click the button below and your purchase will be downloaded to you from our vault. Reminder: your credit card or bank statement will show a charge by ClickBank or CLKBANK*COM.</p>
<h2><u>Do Not</u> close this page until your Download has finished!</h2>
<p>In case the download fails, for any reason, you can restart it from here. If you close this page and the download fails, you will be required to reenter through the ClickBank system (You will not have to pay again). You will receive a ClickBank receipt for your purchase. Read it and you’ll find a link to reestablish your connection with this page so you can attempt to download the product again.</p>
<p align=”center”><a href=” DOWNLOADPAGE.php?item=$item”><img src=”_images/dl_now.gif” alt=”Download Click Here” width=”128″ height=”45″ /></a></p>
<p>If for any reason you need to contact send your eMail to us at:</p>
<?php echo ‘<p><a href=”mailto:support@yourhost.com”>support@yourhost.com</a> and please include your invoice number (‘ . $rcpt . ‘) from ClickBank as proof of purchase. Thank you again for your support.</p>’ ?>
<p></p>
<!– end #mainContent –>
</div>
<div id=”footer”>
<p> </p>
<!– end #footer –>
</div>
<!– end #container –>
</div>
</body>
</html>
==================End Page=================
Finally, the Download PHP page. As in the Return PHP page, this one also includes the ClickBank verification process. This is to protect you from someone finding the Download page and using it directly to obtain unauthorized access to your products.
=====================Begin page==================
<?php
function cbValid($item) {
$skey=”YOURSECRETKEY”;
$rcpt=$_COOKIE[‘receipt’];
$time=$_COOKIE[‘time’];
$cbpo=$_COOKIE[‘proofop’];
$xxpop=sha1(“$skey|$rcpt|$time|$item”);
$xxpop=strtoupper(substr($xxpop,0,8));
if ($cbpo==$xxpop) return 1;
else return 0;
}
$item = $_REQUEST[‘item’];
if (cbValid($item)==1) {
if (isset($item)) {
if ($item==’1′) { header(“Location: http://www.yourhost.com/secretfolder/Product1.pdf”); };
if ($item==’2′) { header(“Location: http://www.yourhost.com/secretfolder/Product2.msi”); };
if ($item==’3′) { header(“Location: http://www.yourhost.com/secretfolder/Product3.wmf”); };
if ($item==’4′) { header(“Location: http://www.yourhost.com/secretfolder/Product4.zip”); };
if ($item==’5′) { header(“Location: http://www.yourhost.com/secretfolder/Product5.exe”); };
}
else {
die(“Error: Attempt To Download File Without Authorization…”);
}
}
?>
==================End Page=================
This completes the process of securing your ClickBank purchase process. Good luck and happy returns!
Posted by Dinotech 
Dinotech's Weblog 