How to check if the webpage has actually been loaded?

I have an affiliate tracking script that is currently being exploited by an affiliate. In the main, site I track the affiliate clic开发者_StackOverflowks using this url www.example.com?member=affiliatecode, then I capture the query string $_GET['member'];

Problem is, an affiliate is exploiting this simple system and page loads on his site is being recorded as clicks going to mine.

What measures can I add to prevent this without changing the affiliate link to my site? An idea that I had is to check if my page has actually been loaded, but how would I do that in PHP?

Thanks

I don't quite grasp the exact problem (or more to the point, exactly how the affiliate is logging hits), but a solution may be to put a image on your page which should ensure that a browser has loaded it. So at the bottom of you page you should insert

<?
if ( isset($_GET['affiliate']) ){
    echo '<img src="affimg.php">';
}
?>

And then in the affimg.php, you would log the affiliate and then output a 1x1 image (remembering to set the headers). The downside is that there is no way to stop an affiliate just simply putting that image in to his page and if the affiliate is using an iframe, the image would still be loaded.

A better way may be to simply do some tracking. Rather than just requiring that one page gets visited, change it so that you require two or more using a database to track the ip addresses.

There may be a better way, but then I don't know the exact details.

First, you can never be sure that a bot/script instead a human "clicks" on an image, this is a fact. Secondly, you can make things a bit difficult. An idea would be:

Deliver a banner including a unique link that is triggered via a Javascript-click-event, like:

<a href="#" onClick="window.locatiom.href='http://www.targetsite.com/?token=<yourtokenhere>';"><img src="http://www.targetsite.com/image.jpg" /></a>

Save the token in your database before and give it a expiration time of some minutes. Then, only count the click if the token is valid later. So your affiliate has to change the "onClick"-Event or parse the source code to extract the token.

As said, it only makes things more difficult. You could also parse your affiliate's site source to see whether there, your banner is "clicked" automatically (which would be very cheeky).

Another addition would be to read a cookie on the client side and attach it to the generated link to implement a check if the client has already requested your target site.

Since you can't protect yourself completely from fakes, you can build several little tools like these that increase safety.

HTH