url verification

turbo · December 30, 2013, 7:33pm

Hi everyone,

I’m trying to protect a page using the php code provided by jvzoo.

I don’t know much about php so to setup my page I don’t know where to place my content.

[php]<?php

function jvzValid()
{
$key=‘My_Secret_Key’;
$rcpt=$_REQUEST[‘cbreceipt’];
$time=$_REQUEST[‘time’];
$item=$_REQUEST[‘item’];
$cbpop=$_REQUEST[‘cbpop’];

$xxpop=sha1("$key|$rcpt|$time|$item");
$xxpop=strtoupper(substr($xxpop,0,8));

if($cbpop==$xxpop)
    return 1;
else
    return 0;

}
?>[/php]

The content of the page is just html with normal coding:

[code]

Thank You For Your Decision

Your download are ready!

[/code]

So what I need is to have the content of the page displayed when a purchase is made and the customer click the download access link provided by the jvzoo platform as the script is supposed to verify the purchase validity, and a different content if someone try to access the page using the direct url of the page or a wrong purchase link.

Here is the explanation I found on jvzoo faq:

[i]When a purchase has been completed, there are several values that are passed to your Thank You page, provided you have entered your “secret key” into your account. The values that get passed are the receipt number (cbreceipt), the time of the purchase (time), the JVZoo item number (item) and the proof of purchase value (cbpop).

When a customer makes a purchase, JVZoo encrypts the receipt, time, and item. This is accomplished by using the secret key that you specified in your account. That information is then passed to you in the cbpop query screen. You can confirm that the proof of purchase (cbpop) is correct by using the validation script.
[/i]

Any help will be greatly appreciated.

Have an awesome day.

Turbo

astonecipher · December 30, 2013, 10:17pm

Is the html and php script on the same page? What are you unsure about? I am not understanding the question.

turbo · December 30, 2013, 11:46pm

Yes the php and the html are on the same page

my issue is how do I structure the page, where go the php, the html and how do I do to have a separate content on the page when people don’t come from the url provided to them by the jvzoo platform (with their purchase info in the url)

What id did first is the following, but when going to the url I can access page and all the content, so it means the page is not protected:

[php]<?php

function jvzValid()
{
$key=‘My_Secret_Key’;
$rcpt=$_REQUEST[‘cbreceipt’];
$time=$_REQUEST[‘time’];
$item=$_REQUEST[‘item’];
$cbpop=$_REQUEST[‘cbpop’];

 $xxpop=sha1("$key|$rcpt|$time|$item");
 $xxpop=strtoupper(substr($xxpop,0,8));

 if($cbpop==$xxpop)
     return 1;
 else
     return 0;

}
?>

Thank You For Your Decision

Your download are ready!

[/php]

My second trial was the following and in this case I get a blank page but I cannot be certain that’s working because I don’t have a url containing the data required by the jvzoo script

[php]<?php

function jvzValid()
{
$key=‘My_Secret_Key’;
$rcpt=$_REQUEST[‘cbreceipt’];
$time=$_REQUEST[‘time’];
$item=$_REQUEST[‘item’];
$cbpop=$_REQUEST[‘cbpop’];

 $xxpop=sha1("$key|$rcpt|$time|$item");
 $xxpop=strtoupper(substr($xxpop,0,8));

 if($cbpop==$xxpop)
     return 1;
 else
     return 0;

}

Thank You For Your Decision

Your download are ready!

?>
[/php]

and also while making the second sample in dreamweaver, I got an message from dreamweaver saying the code was not valid.

And also in the second example I don’t know how to display a different content for the non buyer.

I hope this is more understandable…
sorry I’m not english speaker!

Turbo

astonecipher · December 31, 2013, 12:48am

Your second script will not show anything because you are not parsing the html code.

For the script to work, the jvzValid function will need to be called at the top of the page, so the $_REQUEST array can be used. If you check to see something like

[php]if (isSet( $_REQUEST[‘cbpop’])) {

 $cbpop=$_REQUEST['cbpop'];

}[/php]

it checks to see if there is anything with that name in the request array. On the same token you can do,

[php]if (!isSet( $_REQUEST[‘cbpop’])) {

 header("location: someotherpage.html");

}[/php]

And send them back to the order page if they bookmark the page or come by accident.

Review your html/ php page that sends them here, too. If you are using hidden inputs for requests, your programs can easily be hijacked by even an amateur thief.

turbo · December 31, 2013, 6:41pm

astonecipher,

thanks a lot for your help.

But as i’m not a coder, I don’t know how to put this all together.

If I understand, I should have something like this:

[php] <?php

function jvzValid()
{
    $key='My_Secret_Key';
    $rcpt=$_REQUEST['cbreceipt'];
    $time=$_REQUEST['time'];
    $item=$_REQUEST['item'];
    $cbpop=$_REQUEST['cbpop'];

  $xxpop=sha1("$key|$rcpt|$time|$item");
  $xxpop=strtoupper(substr($xxpop,0,8));

  if($cbpop==$xxpop)
      return 1;
  else
      return 0;

}
?>

if (isSet( $_REQUEST[‘cbpop’])) {

  $cbpop=$_REQUEST['cbpop'];

Thank You For Your Decision

Your download are ready!

Video #1

}

if (!isSet( $_REQUEST[‘cbpop’])) {

  header("location: salespage.html");

}
[/php]