There are many schemes out there to stop people changing your links but in my opinion there is only one worth considering – the “htaccess technique”. It does require a certain level of technical expertise to set up but its not that difficult and this tutorial will take you through the steps needed.

A popular way to make money is by use of affiliate links. This is where you advertise a product on your website and the product owner pays you a percentage of the purchase price when the person who follows the link subsequently buys the product or service.

For example a (fictitious) company Brilliant Books sells books at www.brillbooks.com and has an affiliate scheme where they pay 10% to you for every person you send to them who buys one of their books. They do this by getting you to register as an affiliate and give you a unique affiliate id code of 1234.

They know it’s you who sent the potential buyer to them because you link to www.brillbooks.com?affid=1234 instead of to www.brillbooks.com

Some people write malicious programs that they install on computers without the owners knowledge that will for example alter your link to brillbooks so that it says www.brillbooks.com?affid=6666 Now when the potential buyer clicks on the link the 10% affiliate fee goes to someone else.

So how do you stop this?

1. Find out if your web host is suitable.

This method only works for web servers that use Apache (as far as I know). Go to www.netcraft.com/whats and type in your website address into the “whats that site running” box. Then look under the “server” column and look for the word “Apache”. If its there then this method will work.

2. What is htaccess. Where is it located.

htaccess is a configuration file that contains instructions for the web server. You may already have one ( or more than one as they can work on a per directory basis). To find out fire up your ftp program or file browser or whatever you normally use to upload your website to your webserver and have a look.

htaccess is stored as a hidden file on the webserver which means its filename will be .htaccess
Your ftp program may by default not show you hidden files so you may need to enable viewing hidden files to be able to see .htaccess
Look for .htaccess in the same folder as your website’s index file. (index.html, index.htm, index.php or similar)

If you find one then you can edit it using any editor that is suitable for text files. Watch out on Windows systems that it doesn’t try to change the name to something more Windows friendly. This is because a file named .htaccess is alien to Windows. Usually putting quotes round the name when you do Save As will solve any problems i.e. save as “.htaccess”

If you don’t find an existing one then create a new one.

3. What changes do I need to make to .htaccess

Here is an example of the changes you need to make. Just add all the following at the top of your .htaccess file. Don’t touch anything that’s there already.

<ifmodule mod_rewrite.c>
RewriteEngine On

RewriteRule anyfilename.htm http://myaffid.blueberryc.hop.clickbank.net/?tid=LOGO1 [R=301,L]

</ifmodule>

4. Now change example code to real code

Where I have anyfilename.htm you should put a filename appropriate to your situation. e.g. if you were linking to a book website and a book about rare birds you might put rarebirds.htm This filename can be anything you want as long as it DOESN’T already exist.

Where I have put http://myaffid.blueberryc.hop.clickbank.net/?tid=BIRDS1 you should put your real affiliate id link as provided by your affiliate website.

Leave the [R=301,L] alone. It tells the webserver to redirect any requests for rarebirds.htm to http://myaffid.blueberryc.hop.clickbank.net/?tid=BIRDS1

5. And finally

Edit your webpage and put your new cloaked website affilate link in place of the existing link.

For example you might have the following html:

<p>The people at Brill Books have some good books about <a href="http://myaffid.blueberryc.hop.clickbank.net/?tid=BIRDS1">Rare Birds</a>.</p>

You should change it to

<p>The people at Brill Books have some good books about <a href="rarebirds.htm">Rare Birds</a>.</p>

It no longer looks like an affiliate link but it is. Make sure you check it is working properly of course.

This tutorial will show you a simple example of a user registration system. It hasn’t been designed as a class you can plug in to your application. Instead it is a tutorial to show you how to use the mcrypt functions within your application.

This is not a complete solution to your security worries! You will almost certainly need to consider other factors to build a secure application but this is a good start. So if your hosting company (or government department!) puts your database on a couple of cds and puts them in the post (mail) you can sleep better at night knowing your data is safe.

The demo system asks users for 2 pieces of data:

a username
and a real name

This data is then stored in a mySQL database. The username is stored as it is entered and the real name is stored encrypted.

The encryption key is stored in a file. Without it, it is not possible to determine the users real name.

The encryption is based on the mcrypt library which supports a wide variety of algorithms and modes of operation. I have chosen to use BLOWFISH in CBC mode.

The first thing to check before using this code is that your hosting has mcrypt available. The easiest way is to look in your phpinfo output and search for mcrypt. The other way is to try the demo and if it reports errors then you probably don’t have it!

Configuration File

It is best to create a config file that contains access details for your database and your secret encryption key. Make the key equal to 56 characters of random data. Don’t just change the odd character from what is below. Generate your own unique key. You can find many guides to creating random strings. There is a good one here

Also change the table name (demousers) to match your database table.

Save the following as config.php and upload it to your webserver. Locate it so that it is not accessible to web users if possible.

<?php
define("DB_SERVER", "localhost");
define("DB_NAME", "databasename");
define ("DB_USER", "databaseuser");
define ("DB_PASSWORD", "password");
define ("THE_KEY", "thwkdyetrabdlp963gdmnsb49dhsrqi785hfipl;aw3467fbdjs713ga");
define("USER_TABLE", DB_NAME.".demousers");
?>

Database Table

Here is a typical database table that works with the tutorial.

CREATE TABLE `demousers` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(25) NOT NULL default '',
`realname` varchar(32) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=InnoDB AUTO_INCREMENT=2 ;


The Code

Follow the link to view the code. Any questions post a comment.

Mcrypt protection demo

You can see the the demo in action here

Its a problem I come across often. Someone does a complete site redesign and all the filenames and paths have changed. They are really pleased with their new site. It looks good and works well. But what they don’t realise is their users aren’t so happy. Why? Well perhaps they have bookmarked one of your old pages. Or perhaps they type a search phrase into a search engine and it returns a link to your old pages. In both cases they will get “Page not found”.

301 Redirect

The solution to these problems is the “301 Redirect” and isn’t hard to do if your web hosting uses Apache which is a common situation. Unlike some other solutions to this problem, this method is also search engine friendly.

The method I will be explaining is how to redirect using .htaccess.

What is .htaccess

Its just a simple text file with an unusual name. Most file names you will be used to are like this: name.txt
There is a part before the dot and a part after which is known as the file extension.
With .htaccess there is nothing before the dot.

Making .htaccess

You can create .htaccess the same way you create any text file. All you need to be careful of is that after you have created it you need to check it REALLY is named .htaccess Some file editors will try and “help out” by appending .txt to the file name for example

I will explain some of the most common types of redirect you will want to do, but all of them will use the following as a basic .htaccess file so to start with put the following in your .htaccess file


<IfModule mod_rewrite.c>

RewriteEngine On
RewriteBase /

</IfModule>
This just checks that your webserver is configured correctly to allow .htaccess to work, switches the redirect feature on and tells it to work from the top level of your website. Add the commands given later in this tutorial after the RewriteBase / command.

I will now give some examples of typical situations in which you would use .htaccess. Choose the one that best solves your problem and add the commands shown to your .htaccess file

Simple Redirect to home page

The most basic redirect is for the situation where you don’t really have a specific page in mind. You just want them to go to your home page. Use this as a minimum, it will stop people getting page not found and is a useful stopgap solution while you wait for the search engines to catch up with your new website structure.

For example you may have previously had a load of webpages in a folder called htmlpages and the folder isn’t there anymore. Add the following and any requests for pages like http://site.com/htmlpages/index.php will be redirected to http://site.com/

RewriteRule ^htmlpages/(.*) http://site.com/ [R=301,L]

Just to explain what this means…
The ^ indicates start of line
(.*) means any combination of characters
so this rewrite rule will apply to any url that starts with htmlpages/ and is followed by absolutely anything
The [R=301,L] says “Do a 301 redirect” and “this is the last rule”.

So for your site just put whatever you want to “redirect from” after the ^ and replace “http://site.com/” with where you want to redirect to.

i.e.
RewriteRule ^<old page> http://newsite.com [R=301,L]

<old page> needs to be specified as a regular expression. If you don’t know what a regular expression is just type regex into a search engine to find many sites that will explain in more detail.

Redirect because of a renamed directory

In this case use the following

RewriteRule ^old_directory/(.*) new_directory/$1 [R=301,L]

This is very similar to before but in this case instead of dumping everything to the home page we are now going to be more precise.

The key here is the use of the $1 at the end of the new_directory. This tells it to replace the $1 with whatever was in the first regular expression group. In our case the (.*) so a rule like this

RewriteRule ^htmlpages/(.*) http://www.merseysidetoday.co.uk/code/$1 [R=301,L]

would cause a url of http://www.merseysidetoday.co.uk/htmlpages/index.php to be rewritten to http://www.merseysidetoday.co.uk/code/index.php

Redirect because you have renamed .html files to .php

You may have a website with static html pages that you want to change to have dynamic content. This will mean a rename to have the .php extension. To stop the dreaded “page not found” you can redirect all .html to be .php

RewriteRule ^(.*)\.html$ $1.php [R=301,L]

this means redirect <anything>.html to <anything>.php

Redirecting web pages with query strings

If your url has a query string in it you can’t match it using just a RewriteRule command. You must use RewriteCond.
The RewriteCond command goes on the line before RewriteRule as shown below.

I recently wanted to redirect wordpress blog pages to corresponding VBulletin blog articles. Not a very common situation I suppose but it provides a good example of how to redirect pages that contain query strings. e.g. http://www.designertuts.com/blog/?p=8 (p=8 is the query string)

To redirect http://designertuts.com/blog/?p=8 to http://designertuts.com/forum/blog.php?b=15 use the following command (due to its length the RewriteRule has split onto 2 lines but you should type it on a single line)

RewriteCond %{QUERY_STRING} ^p=8$
RewriteRule ^blog/$ http://designertuts.com/forum/blog.php?b=15 [R=301,L]

The RewriteCond line says apply the following RewriteRule if the url ends with the query string ?p=8
The RewriteRule says rewrite urls ending with blog/ (and we know from the RewriteCond that they will also have ?p=8) to http://designertuts.com/forum/blog.php?b=15

Upload .htaccess

Now we need to upload it to our webserver. Before you do upload it make sure there isn’t an existing htaccess file there already. If there is you will need to look at what’s in it and see if it’s possible to merge together the existing commands with what you are trying to do. If all is well just use your favourite ftp program as usual making sure it is uploaded in ascii not binary mode.
You can place it wherever you want. Its effects will be felt in the folder it is placed in and in any subfolders.

Notes

Use of .htaccess is only appropriate when you DON’T have control over your webserver’s configuration. If you are the administrator then it is better to put commands in your httpd.conf file as this will lead to faster processing of the commands.

Make sure your hosting allows htaccess files. Ones that do may still restrict what you are allowed to do with them.

Watch out for .htaccess files in other directories as they may conflict with each other.

A good summary can be found here
http://www.addedbytes.com/apache/mod_rewrite-cheat-sheet/
Any problems leave me a comment.

Mike

This paypal ipn tutorial explains how to use Paypals IPN system with a simple single item purchase. Instant Payment Notification allows you to integrate your PayPal payments with your website’s back-end operations, so you get immediate notification and authentication of the PayPal payments you receive. The main use of IPN is where your website needs to know immediately that payment has been made. For example you might have sold something that you will then make available for the user to download.

There is a lot of information on the Paypal website which is worth looking at but the following paypal ipn example will show you in detail a real world example of how to use it.

There are 3 main parts to an IPN system.

1) A webpage that initiates a call to Paypal to make a payment
2) A php page on your webserver that Paypal calls to notify you that payment has been made
3) A webpage that confirms the above have occurred, and continues on to the next phase of you web application.

1 and 3 will be part of your website and accessible to users in the normal way. 2 however is only ever accessed by paypal.

I will first explain some of the issues that you need to understand if you want to know how to use IPN.

Paypal Account Setup

Your Paypal account must be setup correctly to use IPN. Check the following in your paypal account (under edit profile).

under “Selling Preferences” , “Instant Payment Notification Preferences”

• set IPN to “On”
• set IPN Url to the page containing the ipn code shown later in the tutorial. The name I use is “http://<yourwebsite address>/paypalipn.php” but you can use anything here.

Under “Selling Preferences”, “payment receiving preferences”

• block payments from users who pay with echeck. (This is because these will not be instant)

Under “account information” , “email”

• make a note of your primary email address. You will need to embed it in the code below. This email will be visible to users so make it a professional one. Users don’t get a good feeling about sending money to a hotmail address or to an address that doesnt match the website.

Sequence of Events

The way IPN works is a bit unusual so to explain…

You initiate IPN by sending a message to Paypal from the webpage that the user is on when they confirm a purchase.
What happens next is that 2 completely separate chains of events occur.

• The first is the obvious one where the user goes to the paypal website, makes the payment and is returned to your website where they can be told their purchase is confirmed.
• The second is initiated by Paypal and envolves Paypal calling up a predetermined webpage on your site (paypalipn.php). Paypal will send a message to this page which indicates that the payment has happened, how much was paid, who paid it, who was paid etc. On this page you need to check these details and somehow log that the payment has happened, usually by updating a database.

These two chains of events are happening at the same time (only the first is visible to the user). Although as the paypal event is more complex it will usually take longer. For this reason when you send the user to the confirmation page and it checks the database that payment has happened ok it may well find that the payment hasn’t yet been made. You will need to create some code that waits for the payment to go through and as this can take quite a few seconds you will need to inform the user with a message along the lines of “Waiting for Paypal to confirm payment…”.

So in summary

1. Customer makes a payment through your website.
2. Paypal sends an IPN to your specified ipn webpage specifying what has been bought etc
3. Your webpage validates the IPN and sends Paypal an acknowledgement.
4. Customer continues to access your website.

2 and 3 occur in parallel with what the user is doing in 4) on your website.

The purchase page

The easiest way to generate the code to use on this page is to use Paypals “Buy Now Button” function. Log in to Paypal and look under Merchant Services for “Buy It Now” button.

Fill in the information as required

You must take steps to ensure the security of the purchase.
There are various ways of doing this

• Encrypt the button on the paypal site (there is an option for this)
• Encrypt the button yourself (complex and beyond this tutorial)
• Manually check all prices before shipping. I assume this isn’t appropriate for this tutorial.
• Check all the values in the IPN processing. (Explained below in the paypalipn.php code)

If you enter an image for the button make sure it is on a secure (https) server otherwise the user will get a warning about insecure items which may scare them off continuing with the purchase.

Click to “Create Button” and copy and paste the code produced into your purchase web page.

The code will look something like this…

button code

The IPN webpage code

Paypal IPN page
Save this as paypalipn.php

Notes

There are two methods of validating the IPN sent by Paypal. Shared Secret and Postback. Paypal recommends shared secret as it is more secure but this tutorial uses Postback. Shared Secret requires that you have dedicated hosting, SSL enabled and you use Paypal Encypted website payments. Paypal recommends Postback for shared hosting applications and where you dont have SSL.
They also don’t recommend you use IPN unless you have SSL !

This is too complicated!

Hope you enjoyed the tutorial. IPN is a complicated subject. If you found it too complicated there are a few commercial products out there that will handle everything for you, such as (this is an affiliate link so I am paid for this recommendation)

• Vibralogix Linklok Paypal

Here are some useful websites to help you.

Overview

IPN Variables

Order Management Guide

Script Generator

Forum