Anyone have a link to an in depth tutorial, or care to type out details on how to setup fhg's with CCbill? Thanks for any assistance!
Anyone have a link to an in depth tutorial, or care to type out details on how to setup fhg's with CCbill? Thanks for any assistance!
Hey Bec, I actually posted some source code that I wrote to do ours a while ago that I know several programs are using now. Shoot me off an e-mail and I'll send it to you when I get in tomorrow.
It's short, sweet, and secure.
exactly what you need?
something similar to :
http://www.gaybarcelona.tv/www/black...01/?id=9999999
Bec, feel free to ICQ me if you need the scripts for this. Its very simple PHP.
Bec,
Here is the coding i use on the Condom Cash FHGs...
Basically, wherever you have a url that goes to whosever tour you are building the FHGs for, put that in the HTML coding and your affiliates can link to it by adding /?affiliateid to the end of the location your FHG is stored at.Code:<a href="<?php $query=getenv("QUERY_STRING"); if ($query!=NULL) echo 'http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=929078-0049&PA='.$query.'&HTML=http://www.foreskinfantasy.com'; else echo 'http://www.foreskinfantasy.com'; ?>">Foreskin Fantasy</a>
Regards,
Leee
here other PHP version more easy
just add this
<? echo $_GET["id"] ;?>
where you want add the id
http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=989747-0000&PA=<? echo $_GET["id"] ;?>
the url is http://www.yourdomain.com/?id=affiliateid
Right, the problem with that one, imho though is that you cant track 'non' affiliate sales or redirect non-affiliate traffic if there is no id present, the traffic must go to the affiliates tour pageOriginally Posted by webnet
Regards,
Lee
just add this at the top
<?
if ($_GET["id"]=="")
{
$_GET["id"]="your-other-id" ;
}
?>
if the id is in blank you can add your own id for track purposes
Hey all.
All of the code that I've seen posted so far is incredibly insecure, and all of you can be most likely be hacked very easily (under 2 seconds).
The problem is that none of the code above validates the user input, it simply echos whatever the "query" variable is. It assumes that it's going to be an affiliate ID number. What happens if it isn't? What happens if it's an SQL injection? Or javascript that would allow for site cross scripting? Or php code that deletes everything on your site or uploads a trojan?
Rule #1 with programming is to never trust user input, and rule #1 when someone wants to hack a server is check and see if variables are being validated.
Here's a secure version of the code webnet posted.
<?php
$id = (int)$_GET['id'];
if ($id == ''){
$id == 'alternative tracking id';
}
?>
Then where you want the ID to appear
<?php echo $id ?>
Notice the use of the int function. This will get a numeric variable for whatever data is entered in the query string. And since we know our CCBill affiliate ID numbers are always numeric, it's the easiest way to avoid code injection.
Those of you running alternate code that doesn't validate user input may want to consider upgrading. :innocent:
its much safer to use this at the beginning of your <body> tag:
and then use this as your links:PHP Code:<?php $query=getenv("QUERY_STRING");
$query = (int)$query;
?>
This forces the query string to be an integer, which stops people from pushing illegal scripts onto your server and then leveraging that illegal script to rootkit your server and take it over.PHP Code:<a href="<?php
if ($query!=NULL)
echo 'http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=924683-0000&PA='.$query.'&HTML=http://www.boymegaplex.com';
else
echo 'http://www.boymegaplex.com';
?>">
cheers,
Luke
JP, you copied your code into this thread faster than I could LOL!!!
JP helped me with my code about a year back, so all the credit goes to him :luke:
Well no credit needed, not like it's 100,000 lines of code, hehe. Just some simple "secure programming advice". I see soooo many code examples posted on some of the webmaster resource sites, and I always feel bad because I know there just must be a ton of webmasters that aren't code monkeys who just copy/paste the code assuming there's nothing wrong with it.
I need to start a "Validate Your Variables" awareness week!
As just a little side note: There ARE a lot of things that can be done on the server level to help mitigate SOME of the problems that can be caused, such as SQL injection. Those of you that host with ChiliHost are pretty safe from many of those, as if I remember correctly, he installs mod_security on all of the boxes he runs (something that unfortunately not a lot of hosts do).
Something like mod_security won't protect you from cross site scripting and vulnerabilities like that however, but it does make it considerably more difficult for some of the more nasty nasties being done through scripts.
Wow, great responses! And I seriously appreciate the "secure" version on how to execute this!
... and just double checking - but the galleries will need to be saved as .php correct? And does the site owner need to create something in CCbill for every gallery?
Yes we do, plus we harden the server, lockdown ssh, secure the tmp directory, run rootkit scans, etc, etc...
Yes, save them as php (or get the server setup to parse html or use an htaccess file to get the site setup to parse html).
No, the owner does not need to set anything up with ccbill.
Posting Permissions
Reply With Quote
Bookmarks