How to block direct visits to a thank you page without going through E-Junkie

product

ejunkie

customers

purchased

easily

site

type

hosted

depending

redirecting

cpol 2011-02-21 11:22:45 UTC #1

Currently, I'm redirecting customers to a thank you page hosted on my own site. Depending on the type of product purchased, I automatically create a membership account on my own site.

What is the best way to do this? I was thinking about using the HTTP_REFERER to make sure that customers are coming through ejunkie, but I know this can be easily spoofed.

In the documentation, ejunkie recommends blocking direct visits to a thank you page without going through E-Junkie. What is the best way to do this?

tarawagner 2011-02-21 11:36:29 UTC #2

Are you talking about a noindex nofollow tag? I add this code to any page I don't want indexed by Google or found otherwise:

<meta name="robots" content="noindex, nofollow ">

cpol 2011-02-21 11:41:36 UTC #3

Hi Tara,

I want to do some custom PHP scripting depending the type of product purchased when a customer lands on my thank you page. However, I don't just want anyone to be able to type in the thank you page url directly and have access.

Hence, I want to only allow access to my thank you page when ejunkie is the referrer to the URL.

E-junkie_Guru 2011-02-21 16:15:55 UTC #4

I think I've already replied to your email on this topic, but here's my reply again:

Using Redirection is not a reliable method to pass order data back to your system for the purpose you describe (registering the buyer for a user account in your system), since we cannot force every third-party payment processor's checkout site to automatically redirect all buyers to any thank-you page URL after checkout. E.g., PayPal only provides a Complete Purchase button the buyer must click to proceed to a thank-you page. If the buyer has no incentive (such as claiming a download they'd paid for) to click through to visit that page at some point, they might never visit any thank-you page at all, so the GET variables would never be handed-off to your page. The sole purpose of the GET variables we append to your URL when redirecting is simply so your page scripting can grab those variables to customize the page content displayed to the buyer, that's all.

To reliably transmit order data to your system, you should instead be using our custom/3rd-party Integration feature, which is designed to mimic PayPal IPN as closely as possible, so any ready-made off-the-shelf script or scripting approach which can handle PayPal IPN should be able to handle our Integration submissions with little or no modification:

http://www.e-junkie.com/ej/help.integration.htm

cpol 2011-02-21 21:13:20 UTC #5

I actually found a work around by using the generated codes feature. It's a bit roundabout, but since there's a handshake protocol in the php file, and the code file is always called I can create a user account that way.

Thanks for the reply.

E-junkie_Guru 2011-02-22 20:36:44 UTC #6

The only functional difference between using Send Generated Codes vs. our Integration feature is that the latter just POSTs the data to your URL without expecting any output in return, whereas we do expect to receive output back from a keygen URL, which we'd then forward as raw plaintext to the buyer.

Oh, and using Send Generated Codes counts as a digital product, whereas using Integration does not, so if you weren't selling any downloads, codes, nor product-specific redirections, you could use a tangible-goods-only subscription plan:

http://www.e-junkie.com/ej/pricing.htm

SOLUTIONS FEATURES PRICING DISCOVER PRODUCTS CONTACT HELP DOCS DASHBOARD

Forum

E-junkie Community Forum

Share and learn in the E-junkie community.