Sale tracking fraud protection

This plugin will disable the unauthorized creation of sales - using the MD5 hash checksum. All you need to do is to activate this plugin and set a "Secret key" in the plugin configuration.

The checksum has to be computed in the sale tracking integration and passed in one of the data (data1 to data5) parameters. Only sales with the correct checksum will be saved to Post Affiliate Pro.

When editing the plugin configuration, you have to choose the data parameter for the secret key, so be aware of the fact, that if you also use a different feature like Lifetime Commissions, you have probably already used the Data1 parameter, so you have to choose another one that is not used yet.


In our example, we will use "secret" as our secret key and "data5" as a parameter:

Now you have to edit your sale tracking code and add a PHP command for MD5 hashing. Notice that the sale.setData is using Data5 and also that our secret key is "secret" - you have to use the same values as in the plugin configuration. Example of sale tracking code with added MD5 calculation in Data5:

<script id="pap_x2s6df8d" src="https://URL_TO_PAP/scripts/yxqy2j" type="text/javascript">
</script>
<script type="text/javascript">
var sale = PostAffTracker.createSale();
sale.setTotalCost('<?php echo $total; ?>');
sale.setOrderID('<?php echo $order; ?>');
sale.setProductID('<?php echo $prodid; ?>');
sale.setData5('<?php echo md5($total.','.$order.','.'secret'); ?>');
PostAffTracker.register();
</script>

Now, each time the sale is processed, the Data5 parameter filled with a checksum will be checked inside of your Post Affiliate Pro account and only transactions with correct checksum will be saved.

Note: this plugin can be used only on PHP web pages! Otherwise, the secret key will not be hashed and it will be visible to everyone!

In case you are using API to track sales then this is how the implementation of sale tracking fraud protection should look like:

$saleTracker = new Pap_Api_SaleTracker('URL_TO_PAP/scripts/yxqy2j');
$sale1 = $saleTracker->createSale();
$sale1->setTotalCost(100);
$sale1->setOrderID('oid');
$sale1->setData5(md5($total.','.$order.','.'secret'));
$saleTracker->register();


Campaign-specific secret key

Besides the main secret key in the plugin configuration, you can set different secret keys for every campaign. 
When the Sale Tracking Fraud Protection plugin is active, there is a setting in every campaign (you need to edit the specific campaign in the Campaign Manager) for a secret key specific only to the particular campaign:  

If you set this campaign-specific secret key, it will be used to create an MD5 hash.
If you leave this field empty, the general secret key from the plugin's configuration will be used instead. 
You can set the same secret keys for multiple campaigns. Keys don't have to be unique for each campaign. 

×