Continued from page 1
Here we can say, 30 days after someone buys your product,
thank you page will be inaccessible to them. If they buy on October 25th, they can bookmark and revisit that thank you page up until November 25th at exact time they made their purchase. It's kind of a nice compromise because it gives honest people enough time to get what they need but at same time it becomes impractical to share URL.
In chapter 9 of my book, Simple PHP (http://www.simplephp.com), I explained how time works on computers, they use a big number which is just a count of how many seconds have passed since January 1st, 1970. I also explained that there was a function, called strtotime(), which we could use to determine this "number" or timestamp of a certain date. For example, 30 days ago or 1 year ago.
30 days sounds about right. To figure out Unix timestamp of this moment, minus 30 days is:
strtotime("-30 days")
Now, to store it in a variable called $expire:
$expire = strtotime("-30 days");
But you're saying, how do I know when these people purchased? I don't have that kind of information. Aha! But you can. Remember, seed you put in your order links can be anything you want. So let's just make it timestamp of this exact moment.
When customer revisits thank you page, they can't change seed, because as I mentioned, if you change *either* seed or secret key, resulting hash (proof of purchase) will be different. So you see, they're stuck with it. But, current time always changes!
All we have to do, in cb.php, are these two steps:
* Figure out what timestamp was exactly 30 days ago, and store this value in $expire.
* Compare seed and $expire. If the value of seed is less than that of $expire, it means that product was purchased more than 30 days ago and visitor shouldn't be given access to page. Die.
We've already taken care of step one by saving timestamp 30 days prior in $expire. Now, we compare seed (it's $_GET["seed"], remember, because we're grabbing it out of URL string) and $expire like:
if ($_GET["seed"] < $expire)
And finally plug it into if-statement before that checked hashes:
if ($_GET["seed"] < $expire or !cbValid($_GET["seed"], $_GET["cbpop"], $secret_key)) die();
We've got that part taken care of, now for home stretch. We've got to actually get those seeds to be current time. How do we do that? Again, pages containing your order link will have to be renamed to end in ".php". Hey, you're one who wants to prevent theft.
Let's pretend this is a Clickbank link:
Order Now
Instead of YOUR_SEED we want PHP to call function mktime(), which gives us current timestamp, and output it, using echo.
echo mktime();
Now just put around it...
And shove it in there.
Order Now
Now setup a link for $0.00 in your Clickbank control panel and try it. You can be sure it works by changing that "-30 days" in strtotime to "-5 minutes". Then try accessing download page, then wait 5 minutes and try again. Neat, isn't it?
You say, I've done this, but I have more than one product. How do I keep someone from grabbing everything once they've grabbed one?
Have your links look like following: Order Now
This way seeds will look like "stringbeans445433" if you're selling stringbeans. Then again if you're selling corn on cob on another sales page, you can change "stringbeans" to "cornonthecob". Now seeds for each product will be different.
Those seeds won't be all numbers, will they? So, in cb.php, do this:
$timestamp = ereg_replace("[^0-9]","",$_GET["seed");
I won't go into a lot of detail about pattern matching, but [^0-9] means "NOT anything from 0 to 9. It basically goes through every letter and number of $_GET["seed"], and if what's there isn't a 0, 1, 2, etc. it's replaced with nothing (hence ""). The final result is saved in a variable called $timestamp.
Since now we're looking at $timestamp and not $_GET["seed"], let's change that if-statement:
if ($timestamp < $expire or !cbValid($_GET["seed"], $_GET["cbpop"], $secret_key)) die();
Now it checks with $timestamp instead of $_GET["seed"].
One last thing I implemented in here was a little something that keeps a customer from paying for one of your products, and getting access to rest. Look at this part of that order link I gave you:
&seed=thankyou
When I extracted timestamp from seed, I simply removed all characters that were not numbers, leaving just numbers contained within that string. Now I want to do opposite. Here's an example seed:
test1074482258
I take out all numbers and am left with "test". Next I figure out which script called cb.php (which is stored in variable $_SERVER["SCRIPT_NAME"]). Then script takes out everything up to last slash (/) and everything before first dot (.). If script was located at "/clickbank est.php", all that's left is "test".
If you give each thank you page a different name, and make sure all your seeds reflect correct page, i.e. if your thank you page is called "carrots", part of that order link containing seed should appear as:
&seed=carrots
If you don't care how Clickbank's protection works, that's your derogative. Just get zip file and follow instructions I've provided in cb.php.
As far as scripts that handle several Clickbank products -- I can't recommend any at this time, since I've never across any good ones. (But you should check out Harvey Segal's free site, ClickbankGuide.com, which can answer most of your questions about Clickbank.)
Here's that script again in case you missed it: http://www.jumpx.com utorials/clickbank/cb.zip
Make sure to read instructions I've supplied in cb.php, get everything setup and on your web server, and you'll be well on your way to having bulletproof protection on your Clickbank products.
Robert Plank is the creator of Lightning Track, Redirect Pro, Rotatorblaze, and other useful tools.
Want to pick up more programming skills? Then purchase the e-book "Simple PHP" at http://www.simplephp.com
You may reprint this article in full in your newsletter or web site.
