Chris Kassa

I have confirmed that the confirmation email was not sent. It is not in SPAM folder and was not logged via email archive. The only emails that were sent were 1) Email to admin telling me of new account created and 2) Email to affiliate after I approved the account. No confirmation was email was ever sent when both "require email confirmation on signup" AND "require admin approval on signup" are enabled.

Hello, I have global setting set to: "require email confirmation on signup" AND "require admin approval on signup". On new affiliate signup, I had to approve account (as expected), however the affiliate never had to confirm their email (they never receive any email until account is approved by admin). I expected that when user created account that, they would first have to confirm signup, then after they validate, the admin would approve the account. What appears to happen is that if "require admin approval" is on, it overrides the "require email confirmation". Am I seeing

Is there a config setting to disable Affiliate referrals, or do I need to edit templates? I would like to disable Affiliate referrals to eliminate these items from Affiliate dashboard: - Affiliate signup link - Quick Stats sidebar -> Affiliate referrals total

Understood. My concern is that the url sent to file_get_contents($url) is basically public knowledge. So if someone was to call the url directly, that they could possibly trigger a commission. I realize there is an order_id query within the implementation code on successful checkout page, but it still seems as though a script could send random order id's directly to a "good guess" of the commission trigger url. To alleviate my concerns, I have set the global configuration setting for "restrict commission generation to IP" to the static ip of my installation. This solves my perceived

As I understand, automated affiliate tracking is accomplished by calling: $aff_integrate = file_get_contents('http://www.yourdomain.com/affiliates/sale/amount/' . $sub_total['value'] . '/trans_id/' . $this->session->data['order_id'] . '/tracking_code/' . $_COOKIE['jamcom']); It would seem that any affiliate that knows the url scheme can simply add a `value` and `trans_id` with the cookie value and call it from a web browser. If that's true, How do we prevent abuse? If not, then why can I call a file and generate multiple commissions with the same cookie? For example