Simple eCommerce

~J~ · 13 Sep 2007 at 23:49

I have a product that I shall be selling online soon and want the general jist to be something like this:

Customer clicks "Buy Now"
Customer enters CreditCard/PayPal details.
Payment "IS" confirmed.
Customer Enters a name/email address
Customer receives activation key (on screen or email or both)
Customer can activate previously downloaded 'demo' with key.

Now how easy is this to do?

I have a site which is NOT a Joomla, Drupal or any other CMS kinda affair, and my knowledge of PHP isn't that great.

What bothers me the most are 2 things:

How can I 'test' the process of sending a payment? Do I have to ensure there is, say, £9.99 in my PayPal account and just keep sending and crediting that to make sure the other stuff works?

Likewise regarding the activation key; is there something out there can generate a key based on a phrase or something but it also pretty secure? I don't want some kind of equation-based code generator if it can be easily cracked. Something like a MD5 or the like would be ideal.

Anyone have any good pointers?

tsinc80697 · 14 Sep 2007 at 01:11

First part, you can use paypal as they have prebuilt things for this that you can adapt but you would need php knowledge I trhink. The only shopping cart system I have looked at was one I wrote myself from scratch using Protx payment system. No one will enter their details unless it is a secure system like that. The other way is to use paypal but I haven't looked at that and I am sure someone will know more about this than me!

For the second part, you can have an entry into the database when they enter their email/name. A random number is generated and MD5'd which can then be emailed to them.
When they input that activation code in your site it checks it against the one in the database and true/falses it

~J~ · 14 Sep 2007 at 01:32

OK, well will look into the first part a bit more.

As for the second part, sounds interesting but I just wanna clarify a few things.

Are you saying then that:

Customer call Bob enters his email as [email protected]. My site generates an activation code, say, A1B2C3D4E5 and emails it to them. What I want is if they enter [email protected] AND A1B2C3D4E5 into my program, it verifies as ok because the activation code is based on the email address. Is that what would happen? (Obviously I'd need to code in the decryption on my program but that's easy).

tsinc80697 · 14 Sep 2007 at 01:43

You could have 1 table with email address, name, activation code, activated

They enter email address and name.
Activation code is then created for that entry in the database.
The activation code is then emailed to that address.

They get a link to a verification page which says enter your email address, name and activation code.
When they have entered them, all 3 get sent to the database to see if there is a line in there which has those 3.
The Activation attribute in the database then changes from 0(which it is automatically assigned to when they sign up), to 1 if the information they entered is correct, otherwise you tell them error blah blah.

edit:

Just re-read the initial post and I think I've got wrong end of the stick but Ill leave the above incase it helps you atall.
They enter details to database, it generates a key to go with the data they entered. An email is then sent to that address with the generated key.
The program then asks for email & activation key, either the program queries the database on the Internet checking to see if the email & activation key are correct.

But if you want it all in the program then I don't know as I don;t program anything like C++ etc.
Maybe have a list of words that are MD5'd in the program and the key is one of them, each user has one of the words randomly chosen and MD5'd for their account?

Either all taht or I'm talking ****

~J~ · 14 Sep 2007 at 01:48

Nope that's great, I think I understand it now, not as bad as I thought it might be.

It's the "Payment made" to "Give activation key" that has be baffled as obviously I don't want someone making a payment of 0.01p and getting an activation code. Likewise I don't want the option of "Buy Now" and the customer having to wait for me to check payment and manually work out a key and email it to them. I just want it all automatic, secure, reliable and fast.

But that's been a big help, thanks for that.

tsinc80697 · 14 Sep 2007 at 01:54

Not sure if paypal works in the same was as prtox but with protx:

You send information to them, custoemr pays securely using credit card, they send information back a page of your choice, this page contains encrypted data, ie customer name, price paid, address, but no credit card details for security.

If paypal have a similar system where they POST data back to a web page of your choice, you can extract the data which might include the amount they just paid into your account, and with that you can enter the amount into your database where if it is 999 or however many pennies you want, then it does the activation part!

paulsheff · 14 Sep 2007 at 15:57

Yes, you can use something called Instant Payment Notification from Paypal to POST back to an address on your site details such as amount paid, transaction number etc etc

~J~ · 14 Sep 2007 at 16:14

paulsheff said:
Yes, you can use something called Instant Payment Notification from Paypal to POST back to an address on your site details such as amount paid, transaction number etc etc

That's VERY interesting!

HAd a quick look at the PayPal and it doesn't seem to answer a question that I have:

At the moment, transaction to and from my PayPal will say "Jason Hirst".

If I want to hide my name and put my company one instead, can that be done or do I have to set up a brand new PayPal account. If the latter, will it cause confusion if the bank account details are the same?