http://www.e-junkie.com/bb/ E-Junkie Forum RSS en-us Copyright 2013, 19.5 Degrees. All rights reserved. webmaster@e-junkie.com webmaster@e-junkie.com Wed, 1 Jun 2011 03:40:20 GMT Sat, 25 May 2013 08:24:17 GMT 681 E-JUNKIE 5 http://www.e-junkie.com/bb/ http://www.e-junkie.com/ej/logo.gif 290 104 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Wed, 1 Jun 2011 03:40:20 GMT
However, your landing URL could re-redirect to yet another URL that strips away the hash, making its involvement less apparent, and in that case simply copying the final landing page's URL to paste elsewhere could be made to fail if they don't go through the hash-bearing URL first and don't have a cookie proving they ever did go through that URL.]]> E-junkie Discussions; E-junkieGuru http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Sat, 14 May 2011 05:29:36 GMT
We actually do append a hash to the redirection URL to act as a simple MAC. Just somehow Robin forgot to document it O_o;

It's added after all the other variables, like this:
$url .= '&hash=' . md5($client_id . md5($password) . $url);

I've updated the documentation to reflect this:
http://www.e-junkie.com/ej/help.redirection.htm]]> E-junkie Discussions; E-JunkieRocketSurgeon http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Fri, 13 May 2011 11:50:56 GMT
Thanks for the suggestion - I'll look at putting that in place today and see how it goes.

Going forward it would be great if there was some way of identifying whether the visitor is coming from EJ though - I'm sure I'm not alone in trying to get that kind of functionality

Thanks
Martin]]> E-junkie Discussions; Martin_P http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Thu, 12 May 2011 22:01:33 GMT
Upon the buyer's first visit to your redirection landing page, save the GET value for 'txn_id' at your end and set a cookie in the buyer's browser with a value set to that ID (or maybe a hash of it, possibly incorporating other values from HTTP headers identifying the buyer's browser, OS, etc., thus making the cookie harder to forge on another computer).

If the 'txn_id' value in the URL for any visit matches an ID already stored at your end, look for the cookie indicating the original buyer is merely re-accessing their page; otherwise, if the cookie is absent, refuse to grant access.

If this blocks a legitimate buyer because they have cleared the cookie or are using a different computer or browser, you can simply delete the 'txn_id' from your end to allow the buyer to visit the URL and set a new cookie.]]> E-junkie Discussions; E-junkieGuru http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Thu, 12 May 2011 01:29:52 GMT
Would it not be possible to include a hash along with the other GET variables - say something similar to the POST handshake hash that gets passed when you transmit the IPN to an external link? Maybe a hash of the username/password and date/time?

Obviously have no idea how easy or not it would be to append that data to the GET vars, but as you're already passing a hash I don't imagine it would be that difficult.

Speaking of which, what does the hash that's in the GET vars actually signify?

Thanks
Martin]]> E-junkie Discussions; Martin_P http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Thu, 12 May 2011 00:51:43 GMT E-junkie Discussions; E-junkieGuru http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Wed, 11 May 2011 17:36:42 GMT
Thanks for that - I am actually using some of those GET vars already - my issue however is preventing someone just copy/pasting the URL once they're there and then sharing that link, so I wanted to find out how to stop direct access to the page (i.e. only allow someone to view it if they've come there via the link EJ creates).

The difficulty I'm facing is that there's no referrer being passed (probably because you're using a 302 redirect), and no handshake type variable is available to confirm where they're coming from.

Any suggestions?

Thanks
Martin]]> E-junkie Discussions; Martin_P http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Wed, 11 May 2011 17:28:17 GMT
Our help page here describes what kind of order information we pass on when you use the Redirection feature on a product:
http://www.e-junkie.com/ej/help.redirection.htm#product

You can create a script on your page that watches for this kind of order information to tell whether or not someone is visiting the page directly or if they have passed through a link we generated after an order. Bear in mind that our redirection links do expire the same way as download links do, so a buyer would not necessarily have unlimited access to that page even after they have paid.]]> E-junkie Discussions; E-JunkieMonster http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 http://www.e-junkie.com/bb/topic/5205/pg/0#post18014 Wed, 11 May 2011 13:55:14 GMT
For one of my products I'm using the redirection option to push buyers to a page on my site (rather than the download option).

I only want that page accessible if it's being accessed via the link generated by EJ (i.e. customers can only access it if they click on the "Click here to access ..." link on the ejunkie page, they should NOT be able to access the url on my site directly).

As not all browsers pass the referrer details I'm reluctant to use that to check whether they've arrived through the ej link but as it stands, I'm struggling to see any other option - which is why I'm asking here...!

**EDIT: I've just checked and it looks like NO header info is passed at all (using Firefox or IE) - is this because e-junkie uses a 302 redirect?

Anyone have any suggestions/ideas on only allowing access to a (self-hosted) page when it's being accessed from the ej link?

Thanks in advance
Martin]]> E-junkie Discussions; Martin_P