PHP or Javascript to read clickbank hoplink cookie? - php

I need to write a PHP or javascript that can read the clickbank cookie that's set when a user has clicked on one of my affiliate's hoplinks prior to reaching any of my sales pages.
How can one do this?
Here's my example:
I have a main salespage that I direct my referred users to (users who already know me and were not referred by an affiliate). It does not use ClickBank as a payment gateway.
I also have a salespage specifically for clickbank referrals. It uses ClickBank to clear transactions.
I would like to add script to MY salespage that will check to see if the user has an active cookie that denotes they've been referred to my product page by a hoplink. If so, I want to redirect them to the clickbank sales page for my product.
Any help much appreciated.

I know how the clickbank works and he tried to explain something different.
When affiliates sending visitors to his sale page, it adds the affiliate id at the end (fx mysite.com/?id=nick)
People can also come to his sale page directly(like mysite.com) simply typing his url. So he wants to check if the visitor come directly or with an affilate link.
So you have to answer first :
-Are you saving cookies at visitor browser(if not, you don't have to worry about your problem)?
-If not, then #Robert answer is going to help you...

You can't read cookies for a domain that isn't yours. So if ClickBank sets cookies for clickbank.com then you can't access them from yourdomain.com.
If you share part of a domain then you can. Eg. clickbank.example.com and yoursite.example.com the cookies could be set to example.com and be read by both. However clickbank would have to make this change so I think you're probably out of luck.

#Balir McMillan summed it up pretty well, cookies are locked to the domain that set it, that includes sub domains etc.
I am not fully shore how ClickBank works but it seems to me that you want to check to make sure that the referral was from a clickbank hop.
What you can do in PHP is check the $_SERVER['HTTP_REFERER'] to check the referrer, but I will tell you this can be faked and should be used with caution

Or you could get the hop variable directly from the URL and redirect to your affiliate sales page.
<?php
if(isset($_GET['hop'])) {
$cbid = htmlentities($_GET['hop']);
header('location: affiliatesalespage.php?a='.$cbid);
}
?>

Related

What is the Best Way to Limit Redirection to the Success Page after a PayPal Donation

We have a donation button on our web site that goes to PayPal. The donation gets processed, the user clicks a button on the PayPal success page and is then redirected back to a PHP page with a list of maps to download. I want to limit who can access this page to users coming from PayPal or users coming from our site. I have tried various .htaccess rules and they don't seem to work with users coming from PayPal http_referrer wise. And the referring IP always ends up being my IP address at home. I also tried coding the PHP redirect target form such that it with only renders the page if they are coming from paypal.com or from our site. Otherwise, they get an error page. So can anyone please suggest a better way to restrict access to the redirect page after the PayPal success page? Thanks.
There are many ways to go about it. This is something I have used in the past.
Firstly, you want to give access to users who have made a payment (or donated). Depending on whether you want to give users (who have paid) a one time access or allow multiple visits even after they log out, you can check whether this user, in this session, made a payment or not.
Here's one way to achieve it:
// PAYMENT CONFIRMATION
$payment_success="FALSE"; // DEFAULT to payment failed
$payment=mysql_real_escape_string($_GET['payment']);
$ab=$_REQUEST['ab'];
$tx=$_REQUEST['tx'];
$st=$_REQUEST['st'];
$amt=$_REQUEST['amt'];
if(($tx!="") AND ($st=="Completed") AND ($amt!="")){
$payment_success="TRUE";
}else{
header("location: index.php"); // or wherever you want to send users who haven't paid.
}
If you want to give access to users who have paid even after they have logged out, then you need to either set a cookie on their browser using setcookie(); or track their IP [$_SERVER\['REMOTE_ADDR'\]][2]and add to your DB so every time a user comes to your page, you can run a check to see if they are in your safe list or not.
Good luck
I ended up just adding a static token to the end of the PayPal redirect URL back to my site. I test the token within the target PHP page and let them access the target maps page if the token is correct. And I give them an error screen if it is not. This is a short term fix as I will have to manually change the token every now and then to keep people from bookmarking the page and downloading our maps more than once.
I'm going to experiment with either generating random buttons with different tokens or seeing if PayPal has something that they can send from their end that I can verify.
Thanks for the reply.

Creating session from referrer

Background: I have a website, which we'll call AwesomeSite.com; it handles all of my traffic. Additionally, for the purposes of marketing I have a second domain, which we'll call PromoForAwesomeSite.com; it redirects all traffic straight to AwesomeSite. Both sites are built using PHP, MySQL, and Apache.
Problem: I want to serve up different content to users based on how they came to my site. Specifically, I want to show promos if the user was redirected from PromoForAwesomeSite.
Question: How can I detect that a user came from PromoForAwesomeSite and thus create a different session state for them?
p.s. I am well aware of the shortcomings of this approach, in that once a session cookie is deleted promo users cannot see the promo content unless they revisit the redirect site (not likely). Unfortunately, this cannot be helped.
You can utilize the $_SERVER['HTTP_REFERER'] and see if contains the PromoForAwesomeSite.com in the referrer string. For instance something like this:
session_start();
if(substr_count($_SERVER['HTTP_REFERER'] , 'PromoForAwesomeSite.com')){
$_SESSION['from_promo'] = 1;
}
As referrers can be blocked by the browsers, so you might look into the possibility of sending a GET param in the redirect string from the promo site. Not sure how you are redirecting from your promo site but if its PHP you can do something like this , if not you will get the idea what I mean :)
HEADER('Location: http://AwesomeSite.com/index.php?from=promo');
So instead of (or in additional to) checking the referrer you can also check for this string and save in the session.
In your case the referrer won't be carried on if you do an automatic redirect at the landing time. Thus, If I were you, I would handle it like this:
1. On PromoForAwesomeSite.com
header('Location: http://www.awesomesite.com/promo.php');
2. On AwesomeSite.com
a. Create a promo.php gateway page
b. On the gateway page
setcookie('Promo', '1', time()+(5 * (24 * 3600))); // five days promotion cookie - adjust it
header('Location: http://www.awesomesite.com/index.php');
c. On the index.php
if($_COOKIE['Promo']){
// show promotion
}
This way you will solve the issue with the session as well.

How to Create a One Time Offer for Values Passed in PHP Form?

I have an interesting problem to solve here that may require some creative direction. I have a PHP page which has a variety of different page outcomes depending upon which value is passed through the web browser. For example:
http://examplesite.com/landingpage.php?id=one
http://examplesite.com/landingpage.php?id=two
http://examplesite.com/landingpage.php?id=three
With the current set-up, each of these pages has a different offer for the site visitor. Here is the catch...
I only want the page available to the visitor once per session.
That seems like it would be easy enough, but I cannot make it work right. I have used a one-time offer script to submit a cookie which then re-directs the user to another page if they have already viewed the offer, but that did not work for this situation. It will work fine for one landing page, but it is based on the root PHP page so if any of the other values are passed it will re-route the user even though they have not seen the offer.
For example, if a site visitor goes to:
http://examplesite.com/landingpage.php?id=one
they will see the one-time offer. Then, if they go to:
http://examplesite.com/landingpage.php?id=two
They will be re-routed as if they had seen the offer for 'two' which they had not.
I hope this issue makes sense. If you need further clarification, just ask. Thank you for going through my problem and if you don't have the exact answer, but can point me in the right direction it would be much appreciated.
Without looking at the code for landingpage.php, I can only guess that you are not factoring in the id when you check for the existence of the cookie. You need to set cookies on a per-id basis. Otherwise the behavior you see will occur: viewing id=one will set a cookie and when the user views id=two, landingpage.php sees the cookie exists and redirects the user.
If you want to keep it simple enough, you can just have your cookie be a string of id fields delimited with a character such as a pipe or comma: viewed_ids=one,two,three. Then you could parse this to see if the id of the current page is in the list of viewed ids and redirect the user if it is, or add it if it isn't.
I am sure you realize that maintaining state in the session can be easily worked around by the user, since you mentioned you only need this redirection to occur on a 'per-session' basis.

how to track from where visitor come to my site php

I want to track the site URL from where user reached my site.
From where he came i.el, Google, GMail, Facebook, etc.
I tried $_SERVER['HTTP_REFERER'] but it does not contain anything when user click on my site link from any external site but resides the value when I visit among my site pages and this is also not trusted.
So, What I can do from here?
Is there any other way to track the external URL through PHP?
Any idea?
EDIT: Now HTTP_REFERER is able to get the url from most of sites but not able to get the url if user came through Gmail and AOL. What could be the causes?
HTTP_REFERER is the only way to get any information about previous site.
And that is also up to the broser if it supplies that information, most do as default.
Its a header that is set by the browser in the request to your server, if it is not present, then you will never know where the user came from.
If the browser is sending and you still to not get anything on the server check if you have any code that interferes with the $_SERVER variable.
Try this URL, its a google search result that goes to a page that just dumps the HTTP_REFERER.
As the pages indicates, if the box lists (none), then your browser is not sending HTTP_REFERER but if you get a result then the problem is in sour server.
http://www.google.com/url?sa=t&source=web&cd=1&sqi=2&ved=0CBIQFjAA&url=http%3A%2F%2Fkarmak.org%2F2004%2Freftest%2Ftest&rct=j&q=http_referer%20test&ei=cNQ2TdGYGsmUOp_ExPoD&usg=AFQjCNFVSmYmQBUcL2l3_ZpmZzVWZztjWg&cad=rja
You can compare it to when you load the page withour google to redirect you:
http://karmak.org/2004/reftest/test
Here is their own start page with link:
http://karmak.org/2004/reftest/
Have you tried it in a variety of browsers? It's down to the browser (As far as I'm aware) to set HTTP_REFERER and sometimes privacy settings can prevent this.
Visitors coming from google can be tracked using google analytics, it gives you the search query terms used before.
This solution also track a lot of other things from your visitors. I undertand it's not PHP based, but it's the only other kind of solution I know if HTTP_REFERRER is not enough to you, and as you quoted google...

How can I know which website the member has visited previously?

So, I can use getenv('HTTP_REFERER') to get an URL which the member has visited previously, but it works only if it's the same website. I want this:
for example. the member firstly visits google.com then goes to my website. I want to show him, that previously he visited a google.com website. How can I do it if it's possible?
$_SERVER['HTTP_REFERER'] works fine for either case, as long as they followed a link from google.com to get to your site. Example: http://mrozekma.com/referer.php
You can only use the HTTP_REFERER header, and capture it the moment the visitor comes to your site. It might not be set, it might be false. There is no other way (and rightly so, I value my privacy). If you need to 'remember' the data store it in a session.
The simple answer is this is not possible. You can get the direct referrer if you're lucky, but nothing else (i.e. not the referrer of the referrer for example). Being able to retrieve the full history of a browser tab via JavaScript or post-back would be a major security issue.
Grabbing a browser's history is considered a breach of privacy, so any method that might exist to grab it would be considered a security bug in the browser.
Note that even the HTTP_REFERER header is considered to be a privacy issue by many people, so it's either disabled or filtered quite often (http://en.wikipedia.org/wiki/HTTP_referrer#Referrer_hiding).

Categories