The past few days i’ve been searching for a simple and free affiliate script to integrate into my personal project.
The quest brought me to PostAffiliate, which is released as GNU/GPL and it was based on PHP-Affiliate v1.2. The PostAffiliate website claim that they fixed vulnerability in PHP-Affiliate, but upon using the software, i felt that PostAffiliate 1.3 has serious flaw in which the user password is stored as a plain-text in the database!
So i’ve taken my time to touch up PostAffiliate 1.3, mainly to fix the plaintext password storing method in PostAffiliate. The password is now hashed in SHA-1 before stored in the database. I’ve also fix some potential security vulnerability point and updated the login page (I plan to clean the code as it’s too messy).
Here’s my half-assed (actually 1 hour) modifications on PostAffiliate : PostAffiliate fix
Stay tune as i’m planning to rewrite most of the postaffiliate part and release the modification under GNU/GPL.
keyword : free affiliate php software script