PHP redirect / Php Expire script / Php hide url

milsid · June 19, 2012, 3:06am

Hello everyone,

First time here for me. I have read many posts that bounce all around my need but none have hit the nail on the head. For the record, I am green to PHP but I manage to work out many issues after some trial and error. My concern is as follows and I am looking for a solution with a script example if possible.

I am selling a digital download product. When the purchaser completes the order they are directed to a PHP/HTML/JAVASCRIPT file that does a remarkable job of hiding all but one URL. That URL is the URL sent by Clickbank(it also contains important info). As soon as the purchaser clicks the “Complete Your Order” button, the purchaser is taken to a page that uses the clickbank info. This page requires their input in order to be sent to the download page. (Clickbank retains the original transaction info such as Credit card# etc) When the purchaser arrives at this page, at this time, the purchasers IP address has been captured and assigned to a unique Clickbank receipt number… So if they copy and paste this URL, email the URL, any other persons completing this form will get access to the download page BUT… I will also capture their IP address and the same Clickbank receipt number is also assigned to their IP address. The unique part is that anyone else who completes the form in this manner can be traced back to the original purchaser because that person was initially assigned the clickbank receipt number. So if the purchaser copied the URL and let 5 other people download the product, I will receive 5 additional emails containing their specific IP addresses but all having the same clickbank receipt number that can be directly connected to the original purchaser. Even though this security measure is in place and works, I would rather eliminate the ability to copy the URL, or, have it hidden by a redirect (that can’t be copied), or, an expiration timer activated as soon as each paying customer arrives at this page. As an example, the page would expire after 1 hour or immediately when their browser is closed.

I’ll continue my search and revise this post if I am successful in my search. Any input with examples or working scripts would be greatly appreciated. Thanks, Sid

wilson382 · June 19, 2012, 5:34pm

what you can do is have a field named “one_time_use” on a table with bool values 0/1 .

now lets say that i purchase your product and the receipt number is 005455 on the page

since this is a brand new purchase that receipt has not been used therefore the field ‘one_time_used’ should have a value of 0 as soon as someone get to your page just you an update query an set “one_time_use” to 1 now then on the top of the page check if is 1 and stop the script if is 0 continue

wilson382 · June 19, 2012, 5:43pm

ohh better yet you can also put a timeout for 20 mins

[php]<?php
// set timeout period in seconds
$inactive = 1200; //20 mins
// check to see if $_SESSION[‘timeout’] is set
if(isset($_SESSION[‘timeout’]) )
{
$session_life = time() - $_SESSION[‘timeout’];
if($session_life > $inactive)
{
// do something
}
}
else
{
$_SESSION[‘timeout’] = time();
}
?>[/php]

milsid · June 20, 2012, 1:07am

Hello Wilson382,

Thanks for posting your ideas. I like both of the ideas. I will definitely use the timeout option as a first line of defense, and, I want to try and implement the one_time_use option as well. The timer appears to be very straight forward as a simple copy and paste, however, as I noted above, I am very new to PHP (smart enough to stay out of trouble, but slow as a turtle in getting the get the results I need). Using the one_time_use option, is this an easy to implement task and if so, any possibility you could elaborate or have access to the script for this option?

I will tinker with the timeout script first and follow up. Thanks again for your help.
Sid

wilson382 · June 20, 2012, 1:26am

well first of what you do is retrieve the value stored in the field named one_time_use and compare it to 1 or 0 then you choose what do:

for example once you connect to the database you can run this query.
[php]
$query = "SELECT one_time_use FROM tblName WHERE receiptNumber = ‘$StringORvariable’ ";
$result = mysql_query($query) or die("Query didnt success ".mysql_error());

if (mysql_num_rows($result) > 0)
{
$row = mysql_fetch_assoc($result);
$onetimeUse = $row['one_time_use'];
}

[/php]

then once you got that you can compare and take actions with if…else statements
[php]
if ($onetimeUse == 0)
{
// grant access
}else
{
//deny access
echo “the book or product was already donwloaded or whatever you think sounds cool”;
}
[/php]

that’s the best way i think of as a measure of secure.

alternatively you can capture the IP from where the purchase was made and only allow user to download from that IP.