0

I just signed up with an affiliate network and they want me to include something like this on my order confirmation pages:

<script type="text/javascript" src="//www.affiliate-monkey.com/js/track.js?eventid=1234&pid=5678&reference=XYZ_123&amount=123.45"></script> 
<noscript>
   <img src="//www.affiliate-monkey.com/event.php?pid=5678&eventid=1234&reference=XYZ_123&amount=123.45" border="0" width="1" height="1">
</noscript>

In particular, they want me to pass the customer reference and the purchase amount.

Is there some sort of Best Practice on how to integrate this into a Rails application?

This is how I thought it might work:

class SubscriptionsController < ApplicationController

  ...

  def create
    @subscription = CreateSubscription.call(@plan, current_user)
    if @subscription.errors.blank?
      flash[:success] = "You changed your plan!", :plan => @plan.name
      redirect_to subscription_path(:reference => current_user.reference_number, :amount => @plan.amount)
    else
      render :new
    end
  end

  ...

end

However, I dislike the fact that users can see the reference and amount parameters in the URL. I don't want them to get tampered with.

What might be a better way to do this?

Tintin81
  • 9,821
  • 20
  • 85
  • 178
  • 1
    You can probably access / fetch `current_user` and its plan in the controller action (`show`?) you're redirecting to, can't you? – Stefan May 05 '17 at 08:18
  • @Stefan: Yes, I can. But the `show` action doesn't know that the user has just made a purchase. Or does it?? – Tintin81 May 05 '17 at 08:23
  • 1
    Oh, I see. You could redirect to a separate confirmation page (as assumed by the affiliate network) instead of just showing a flash message. Or simply check if `flash[:success]` is set. – Stefan May 05 '17 at 08:26
  • Yes, indeed I am showing a `:success` flash message there. So I could grab the `current_user`'s purchase information **if** a `:success` flash message is displayed. Not bad... – Tintin81 May 05 '17 at 08:28

0 Answers0