Jump to content

Chris Kassa

  • Content Count

  • Joined

  • Last visited

Posts posted by Chris Kassa

  1. I have confirmed that the confirmation email was not sent.

    It is not in SPAM folder and was not logged via email archive. The only emails that were sent were 1) Email to admin telling me of new account created and 2) Email to affiliate after I approved the account. No confirmation was email was ever sent when both "require email confirmation on signup" AND "require admin approval on signup" are enabled.

  2. Hello,

    I have global setting set to: "require email confirmation on signup" AND "require admin approval on signup".

    On new affiliate signup, I had to approve account (as expected), however the affiliate never had to confirm their email (they never receive any email until account is approved by admin).

    I expected that when user created account that, they would first have to confirm signup, then after they validate, the admin would approve the account. What appears to happen is that if "require admin approval" is on, it overrides the "require email confirmation".

    Am I seeing expected behavior? and is it possible to require confirmation of signup, then put in admin approval queue?

    Thanks for any clarifications.

  3. Quote

    that function should only be called after the sale  of your product.

    Understood. My concern is that the url sent to file_get_contents($url) is basically public knowledge. So if someone was to call the url directly, that they could possibly trigger a commission.

    I realize there is an order_id query within the implementation code on successful checkout page, but it still seems as though a script could send random order id's directly to a "good guess" of the commission trigger url.

    To alleviate my concerns, I have set the global configuration setting for "restrict commission generation to IP" to the static ip of my installation. This solves my perceived problem.

  4. As I understand, automated affiliate tracking is accomplished by calling:

    $aff_integrate = file_get_contents('http://www.yourdomain.com/affiliates/sale/amount/' . $sub_total['value'] . '/trans_id/' . $this->session->data['order_id'] . '/tracking_code/' . $_COOKIE['jamcom']);

    It would seem that any affiliate that knows the url scheme can simply add a `value` and `trans_id` with the cookie value and call it from a web browser.

    If that's true, How do we prevent abuse?

    If not, then why can I call a file and generate multiple commissions with the same cookie?

    For example, I can call this code and it generates a commission every time simply because the `trans_id` is different:

    $test_url = 'http://www.yourdomain.com/affiliates/sale/amount/8/trans_id/'.rand(0, 9999).'/tracking_code/' . $_COOKIE['jamcom'];
    $aff_integrate = file_get_contents($test_url);


    Hopefully I am missing something in my quick test, like the cookie getting deleted?

    Thanks for any replies.

  • Create New...