latest stable versions: v150827 (changelog)
top⇑

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Protect ClickBank upsell clickbank_postvars()

Home Forums Community Forum Protect ClickBank upsell clickbank_postvars()

Tagged: , ,

This topic contains 5 replies, has 1 voice. Last updated by  Leho Kraav 3 years, 2 months ago.

Topic Author Topic
Posted: Monday Nov 4th, 2013 at 6:21 pm #60859
Leho Kraav
Username: lkraav

I’m using Membership Options page to sell Level 1 access.

I’m using Pitch Plus flow and Upsell page to sell Level 2 access.

Problem is people are able to go directly to Upsell page and get Level 2 access without first purchasing Level 1. What is recommended way to stop this?

I see a need for at least two functions.php level checks:

* check if person is already logged in as Level 1 member – then he can use upsell to upgrade at any time
* if not logged in, check referrer info, and make sure last page visited was clickbank’s order page

Is there anything I’m missing?

  • This topic was modified 3 years, 2 months ago by  Leho Kraav.

List Of Topic Replies

Viewing 5 replies - 1 through 5 (of 5 total)
Author Replies
Author Replies
Posted: Monday Nov 4th, 2013 at 6:50 pm #60861
Leho Kraav
Username: lkraav

Actually I’m seeing that upsell return URL contains a whole bunch of request parameters to check against.

Now the question is which ones should I choose and what are the values to check for integrity?
Posted: Monday Nov 4th, 2013 at 7:04 pm #60862
Leho Kraav
Username: lkraav

Sounds like s2member_sig_ok() is something I’d want to use. I wonder if just giving it the whole URL for processing is good enough for verification..
Posted: Monday Nov 4th, 2013 at 7:48 pm #60865
Leho Kraav
Username: lkraav

I am still stuck.

add_action( 'template_redirect', 'my_template_redirect' );
function my_template_redirect() {
    if ( is_page( "upsell" ) ) {
        if ( current_user_can( "access_s2member_level1" ) ) return;

        if ( ! is_array( c_ws_plugin__s2member_pro_clickbank_utilities::clickbank_postvars() ) )
            die( "failed" );
    }
}

For some reason clickbank_postvars() doesn’t not validate the request. Is this maybe because it’s already been done in “init” action and I’m running it twice?

  • This reply was modified 3 years, 2 months ago by  Leho Kraav.
Posted: Monday Nov 4th, 2013 at 8:32 pm #60866
Leho Kraav
Username: lkraav

Right, during upsell phase apparently we don’t have any clickbank return just yet

if(!empty($_REQUEST["s2member_pro_clickbank_return"]) # fails

So back to s2member_sig_ok(). Why does it fail in template_redirect()?
Posted: Monday Nov 4th, 2013 at 8:49 pm #60868
Leho Kraav
Username: lkraav

I’ve come to the conclusion that I using clickbank_postvars() to verify $REQUEST[“cbpop”] should works after all. Confirmation on this would be nice.

Unfortunately during upsell flow this verification routine is blocked by the $_REQUEST[“s2member_pro_clickbank_return”] check. This means I have to copy-paste the whole routine for myself.

Is there a better way? Is there an oversight in the library regarding the problem I’ve presented above?

  • This reply was modified 3 years, 2 months ago by  Leho Kraav.
Viewing 5 replies - 1 through 5 (of 5 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.