Sale tracking fraud protection

This plugin will disable unauthorized creation of sales - using MD5 checksum. All you need to do is to activate this plugin and set a "Secret key" in plugin configuration.

The checksum has to be computed in the sale tracking integration and passed in one of the data1.. data5 parameters. Only sales with correct checksum will be saved to Post Affiliate Pro.

When editing the plugin configuration, you have to set also the data parameter - you should choose one of the data1 .. data5, but be aware of the fact, that if you use Lifetime Commissions, you have probably already used the Data1 parameter, so you have to choose another one that is not used yet.

In our example, we will use "secret" as our secret key and "data5" as parameter:

Now you have to edit your sale tracking code and add php command for md5 hashing. Notice that the sale.setData is using Data5 and also that our secret key is "secret" (green) - you have to use values depending on your plugin configuration. Example of sale tracking code with added md5 calculation in Data5:

<script id="pap_x2s6df8d" src="https://your_site/affiliate/scripts/salejs.php" type="text/javascript">
<script type="text/javascript">
var sale = PostAffTracker.createSale();
sale.setTotalCost('<?php echo $total; ?>');
sale.setOrderID('<?php echo $order; ?>');
sale.setProductID('<?php echo $prodid; ?>');
sale.setData5('<?php echo md5($total.','.$order.','.'secret'); ?>');

Now, each time the sale is processed, the Data5 parameter filled with a checksum will be checked inside of PAP and only transactions with proper checksum will be saved.

Note: this plugin can be used only in PHP webpages, otherwise secret key will be not hashed and your secret key will be visible to everyone!

In case you are using API to track sales then this is how the implementation of sale tracking fraud protection should look like:

$saleTracker = new Pap_Api_SaleTracker('URL_TO_PAP/scripts/sale.php');
$sale1 = $saleTracker->createSale();