Clickbank Security Using PHP
(Page 3 out of 5)This is the PHP function they give us:
// A bunch of stuff in here...
}
This function cbValid takes three parameters: $seed, $cbpop, and $secret_key. The script goes through that last step of ours I explained above, does the crazy shit and then compares the result to the one given to us by Clickbank.
Now we need to figure out what to do if your customer really didn't pay. The easiest thing to do, is just stop the script in its tracks, preventing the page under it from loading.
The exclamation point means "not". We're saying, first try this...
cbValid($seed, $cbpop, $secret_key)
.. pass the seed, proof of purchase, and secret key into your black box. If the function tells us NO, do the rest. In this case, "die". Die stops everything immediately, so if you have HTML or PHP code below that line, it won't be looked at if the Clickbank validation fails.
The "proper" way to grab $seed from the query string is this way:
You could also redirect the user to an error page of yours if you like:
header("Location:http://www.your.host/error.html");
die();
}
Instead of $seed and $cbpop we use $_GET["seed"] and $_GET["cbpop"]. This is because the variables don't appear magically out of thin air, they really appear in the URL as http://www.your.url/test.php?seed=SOMESEED&cbpop=SOMEPOP. We want these values to be taken out of the URL.