Clickbank Security Using PHP
(Page 2 out of 5)If you've looked around the Clickbank site you'd know that Clickbank offers some friendly pieces of code in a few different programming languages like Perl and PHP that can help you protect your downloads. Basically this is what happens:
* Your order link contains what's called a "seed". This is just a word or a piece of text, which can be anything you want.
* Your customer clicks on the order link and pays.
* Clickbank takes that seed, and uses your secret key on it -- basically mashes the two together and does a bunch of crazy stuff to come up with a garbled piece of junk. But this a garbled piece of junk that can ONLY come from this seed and secret key. You change the value of the seed or secret key even a little and this "hash" changes.
* The seed and the hash are passed back to the thank you page where your Clickbank script sits. (We have the secret key added to your script, and it never changes, so it doesn't need to be handed to us by Clickbank.) This Clickbank script takes the seed and the secret key and does the same crazy shit Clickbank did to us to compute your own hash.
Clickbank calls this their "cbpop" or Clickbank Proof of Purchase.
The hash was something we figured out on your own and the hash Clickbank are compared. If they match, we're in business because the customer here really did buy from us.. The customer can't figure this out on his or her own because they never actually saw the secret key. (And no, you can't "reverse" a hash to figure out the original secret key.)
If you get nothing out of what I just told you, remember this: it's almost impossible for anyone to figure out the right Proof of Purchase code without that secret key.