So i noticed a few threads from new CB vendors asking about methods to protect their delivery page. That is not allowing anyone to just link or type in the page address to access the product without paying for it. I am no expert but have recently implemented a way (courtesy of cb and some googeling) of protecting my own download page such that the only people who can view it are ones that have paid through cb. This method validates a string of data that cb sends to your site when a person completes a purchase which includes a secret key among other things. You can create your secret key on the "My Site" page at clickbank (you will find it towards the bottom). So when someone purchases your product cb sends that secret key to your site along with the delivery page request. You can validate the secret key and let the visitor view your delivery page, otherwise if the validation is False (say someone just typed in your delivery url without purchasing) you can redirect them to somewhere else instead. Once you define your secret key on the "My Site" page here is what you need: <?php // [COLOR="Red"]yourdeliverypage.php[/COLOR] function cbValid() { $key='[COLOR="Red"]Your Secret Key[/COLOR]'; $rcpt=$_REQUEST['cbreceipt']; $time=$_REQUEST['time']; $item=$_REQUEST['item']; $cbpop=$_REQUEST['cbpop']; $xxpop=sha1("$key|$rcpt|$time|$item"); $xxpop=strtoupper(substr($xxpop,0,8)); if ($cbpop==$xxpop) return 1; else return 0; } if (!cbValid($rcpt, $time, $item, $cbpop)) { // redirect header ("Location: http://[COLOR="Red"]www.anyurlyouwant.com[/COLOR]/"); exit; } ?> Code (markup): First replace the text in red with your information, the first is the name of your delivery page (ex. thankyou.php, download.php, whatever), then your secret key (the same one you put into the field on the "My Site" page), and finally the url you want to send people to if they HAVE NOT paid for your product. Now, what do you do with this code? You probably have your delivery page as an .html or .htm file right? Copy the above code into your delivery page (such as thankyou.html, download.html) BEFORE THE <html> tag, so the very top of your page. Then change the file extension of your page from html (or htm) to .php Upload the file and you are good to go There are more things you can do like limit the number of days a customer can view the page, but that might be for another post (once i figure it out myself). Also remember to change the url in the "My Products" section at clickbank to the new .php page. EDIT: Attached Sample File, download and open with a text editor.
I'm definitely going to bookmark this - thanks! But how would anyone be able to 'guess' the URL of my PDF and get it? It obviously 'could' happen, but how serious a threat / possibility is this?
i think the biggest threat is not from someone "guessing" your delivery url (assuming you use something more complicated than "thankyou" or "download") but should they post the url somewhere, say a public forum, this would prevent others from downloading the file.
I found the link to your pdf. I found your Thank You page, too. They both look broken now (maybe you changed links around recently?). But at one point, both were publicly available. The real question is: will the public at large know how to do this? Will there be rampant theft of your product? I doubt it. But that script is a good idea.
This is a very big problem if you are selling a product and the buyer has to download the product people are stealing from you right now! no joke if you are selling 30 or more a day you are losing alot of money from this you just don't know it.
Okay: You guys have convinced me to prioritize this! I actually have noticed a slight dip in sales beginning in February, and I thought it was because I hadn't been doing my promotions work due to other projects. But now, you all have me wondering... So, Dave, I'm putting your code idea toward my front burner. And Flip, you made me think about something I'd read once... I think I know how you found the (now broken) link to my old version of the PDF. The question is, would Dave's code idea prevent that kind of theft? I doubt it. PS Dave: Does using this coding mean people won't be able to "Instantly" download upon payment? Will they have to wait until I get around to seeing their email and give them permission to download?
Nope, still instant download, they are directed to your delivery page and that direction includes the secret key and other string information which is automatically validated by the script. So you do not have to do anything and the payment and delivery works like normal for all your buyers.
Nope, just the secret key. The instant notification url thingie is for something more complicated. Maybe one day i'll figure that one out too
Cool, Dave. I'm in. And Flip, I'd sure like to know why you went through the trouble of finding my PDF. I am highly complimented that you were so interested, but glad you got a broke down link at the end of it. ;-) That's a strategy I now know to use frequently, as a security trick!
Thanks so much for the info! One question though what exactly do I put for the "secret key"? Little confused there
Dave, do you happen to know anything about putting this on a GoDaddy site? I have limited access/control (or knowledge) putting stuff in the <head> section using their templates. Although I did successfully add the site to BlogCatalog recently. So maybe it just looks weird in there, but winds up working about the same as I learned from Blogger. And Flip, thanks for replying. I hope Dave's system blocks people from doing that little thing you did to 'almost' find my PDF. ;-)
You can put anything you want, numbers and letters only in all caps though 16 characters. Think of it as a password. I went here https://www.grc.com/passwords.htm to generate something random and took the first 16 characters for my secret key.
If you are using their templates and editing them through their website builder i don't know if you will be able to add it before the <head> section. I would suggest building your own pages anyway (since you will learn more by doing it yourself) using an html editor. Programs like frontpage and dreamweaver (and the free open source alternative nvu found here:http://www.net2.com/nvu/) are good for beginners. Then you can insert the code yourself and upload all the files to your website directory via FTP. This script WILL NOT stop someone from linking directly to your PDF, only the delivery page. So while people will not be able to access your delivery page (say http://www.yoursite.com/thankyou.php) they CAN download your PDF through a direct link (say http://www.yoursite.com/yourfile.pdf). If I find a way to protect the individual file, I will post it in this thread.
Great code Dave I've always thought of implmenting something like this but that would mean a customer that purchased the item would not be able to visit it the thank you page again correct? I think if you people something that will allow the customer that payed to repeatedly visit the thank you page while at the same time keeping others away DL Guard is best but its kinda expensive around $100? So for a single use thank you page this code is great thanks Dave.
yea dave, thanks a bunch for this tutorial. i'm going to give it a shot. However you're right, this is only 1/2 the solution as we need to find a way to protect the actual .pdf file as well. Give us an update when you figure that one out ok?