Tweet
Clickbank/Download Cloak
Hi. I have recently registered an ebook with Clickbank and have a security script query.
Once someone purchases the book they are taken to my own website thank you page. Within that page I have the link to another page that is the book/pdf file. My concern is that once someone lands on that page they could copy the url and send it to whoever they like for free access. How do I stop this?
Clickbank have the following mumbo jumbo to somehow stop it but I don't understand it and do not know where or how it would link into my site. I have placed the 'robots, no index, no follow' etc html in my head element but it is point 6 number 3 and point 7 below that I do not understand...something to do with cgi..... hope someone can help.
Kind regards
Michelle.
6. Thank You Page Protection
When the customer completes a purchase, several values are passed along in the query string if you have specified a secret key in your account settings. These are the ClickBank receipt number (cbreceipt), the epoch time of the order (time), the ClickBank item number (item), and the ClickBank proof of purchase (cbpop) value.
During the purchase we encrypt the receipt, time, and item using the secret key you specify in your account. We will then pass the result back to you as a query string parameter called "cbpop". Use the validation script to confirm the cbpop value is correct.
Unlike prior versions of this script there is no need for a "seed" value.
PHP SOURCE:function cbValid(){ $key='YOUR SECRET KEY'; $rcpt=$_REQUEST['cbreceipt']; $time=$_REQUEST['time']; $item=$_REQUEST['item']; $cbpop=$_REQUEST['cbpop']; $xxpop=sha1("$key|$rcpt|$time|$item"); $xxpop=strtoupper(substr($xxpop,0,
); if ($cbpop==$xxpop) return 1; else return 0;}
PERL SOURCE:sub cbValid{ my($q,$key,$rcpt,$time,$item,$cbpop,$xxpop); $key='YOUR SECRET KEY'; $q='&'.$ENV{'QUERY_STRING'}; $q=~/\Wcbreceipt=(\w+)/; $rcpt=$1; $q=~/\Wtime=(\w+)/; $time=$1; $q=~/\Witem=(\w+)/; $item=$1; $q=~/\Wcbpop=(\w+)/; $cbpop=$1; use Digest::SHA1 qw(sha1_hex); $xxpop=uc(substr(sha1_hex("$key|$rcpt|$time|$item" ),0,); return 1 if $cbpop eq $xxpop; return 0;}
Once someone purchases the book they are taken to my own website thank you page. Within that page I have the link to another page that is the book/pdf file. My concern is that once someone lands on that page they could copy the url and send it to whoever they like for free access. How do I stop this?
Clickbank have the following mumbo jumbo to somehow stop it but I don't understand it and do not know where or how it would link into my site. I have placed the 'robots, no index, no follow' etc html in my head element but it is point 6 number 3 and point 7 below that I do not understand...something to do with cgi..... hope someone can help.
Kind regards
Michelle.
6. Thank You Page Protection
- The following html code inside your <HEAD> element of a page should prevent a robot from indexing that page or following links on that page:
META name="robots" content="noindex, nofollow" - Give your Thank You Page URL an obscure file name (it does not have to be thankyou.htm -- that is too easy to guess)
- If you are concerned about security and you have experience with cgi programming, you can generate a script that will verify the customer's successful completion of the purchase process before allowing him or her access to the Thank You Page. Please follow the instructions below for implementing the ClickBank Link Security Script:
When the customer completes a purchase, several values are passed along in the query string if you have specified a secret key in your account settings. These are the ClickBank receipt number (cbreceipt), the epoch time of the order (time), the ClickBank item number (item), and the ClickBank proof of purchase (cbpop) value.
During the purchase we encrypt the receipt, time, and item using the secret key you specify in your account. We will then pass the result back to you as a query string parameter called "cbpop". Use the validation script to confirm the cbpop value is correct.
Unlike prior versions of this script there is no need for a "seed" value.
PHP SOURCE:function cbValid(){ $key='YOUR SECRET KEY'; $rcpt=$_REQUEST['cbreceipt']; $time=$_REQUEST['time']; $item=$_REQUEST['item']; $cbpop=$_REQUEST['cbpop']; $xxpop=sha1("$key|$rcpt|$time|$item"); $xxpop=strtoupper(substr($xxpop,0,
); if ($cbpop==$xxpop) return 1; else return 0;} PERL SOURCE:sub cbValid{ my($q,$key,$rcpt,$time,$item,$cbpop,$xxpop); $key='YOUR SECRET KEY'; $q='&'.$ENV{'QUERY_STRING'}; $q=~/\Wcbreceipt=(\w+)/; $rcpt=$1; $q=~/\Wtime=(\w+)/; $time=$1; $q=~/\Witem=(\w+)/; $item=$1; $q=~/\Wcbpop=(\w+)/; $cbpop=$1; use Digest::SHA1 qw(sha1_hex); $xxpop=uc(substr(sha1_hex("$key|$rcpt|$time|$item" ),0,
); return 1 if $cbpop eq $xxpop; return 0;}
Comment