This page provides a brief description of some of the principles behind the application which incorporates the PayPal IPN system.
Instant Payment Notification (IPN) is the method that PayPal uses to automatically notify a defined web page when a PayPal payment has been made. For a complete description refer to the PayPal IPN Manual which you can find on the http://www.paypal.com/ipn site.
The principle that PayPal uses is as follows : You first create a PayPal 'buy now' button and place it on your web page or create the buttons dynamically from a database. When someone clicks on your 'buy now' button, (or 'proceed to checkout' button in the case of a shopping cart system), PayPal posts data to the web page you defined during IPN set up. Your web page must then respond back to the paypal site.
After PayPal has confirmed the payment, it posts data back to your web page. If payment is correctly completed, PayPal sends 'completed' to your web page along with other data which your site can monitor. Once completed has been received by your web page, you process the data in whatever way you want.
For digital goods, PHP-eSeller takes the IPN data from PayPal, carries out security checks to make sure the details are correct, then emails the purchaser with a download link, all without any intervention by yourself. The purchaser is then able to login to a secure area where they can download their items.
The list of items which the purchaser sees does not have any url's as that could compromise the security. The list is made up of buttons which are then translated into filenames by PHP. The purchaser only sees the files he has purchased and cannot access the file in any other way.
For physical goods the processing is not as complicated. It checks the details received from PayPal, sends a confirmation email to the purchaser if there are no problems, and stores the sales details in the database. Obviously, there is no login process required for physical goods.
The basic operation is that when a customer purchases an item, a unique download link is added to tblusers.
At the same time the application looks up the files that are applicable for this item using the tables tblitems and tblfiles.
Once the files have been identified, tbldownloads is updated with the user, files, number of download retires and expiry date.
When the customer goes to the download page, the files are looked up using tblusers and tbldownloads and the user is presented with a list of buttons for the files he purchased.
Should the same customer make another purchase, he will be given another link, but can use either link. The customer will then be presented with a list of files applicable for both purchased items.
Purchasing of an item is controlled by the PayPal IPN system. Only when the confirmed message is received from PayPal will the application process the purchase. There are a number of checks within the application to prevent attempts to spoof a purchase. These include checking the purchased price and currency, and checking the PayPal transaction id to make sure that it has not be used before.
As the customer downloads an item, the number of allowed downloads is reduced.
Physical items have simpler processing because there are no downloads associated with the physical items. If digital and physical items are added to a cart, the system is able to handle the different processing and hence customers are able to purchase both physical and digital goods at the same time.
When a customer logs in and is presented with a button or buttons, clicking on a button will force a download. This means that no matter what the file type, a 'save as' dialog box will be displayed so that the customer can select a destination for the item on their computer.
Normally, when you click on a link in a web browser, and the link is for a file called chapter1.doc for example, it will be recognized by the browser as a word document and it will open the document within word, assuming word is installed on the computer of course. Similarly for other file types.
PHP-eSeller has a force download mechanism so that no matter what the file type, it will always present a 'save as' dialog box. The mechanism does behave slightly differently with different browser / operating systems, but I have not come across any issue with the method after much testing and use by my customers.
The advantage of a force download mechanism is that the customer is presented with a file type which he will recognize. If you use .zip or similar compression format, the customer may not have an unzip utility or may not even know what it is. The disadvantage is that the customer will be presented with an uncompressed file which may take time to download.
You may wish to create two versions of a file, one in the original format, and the other in a zip format. This will allow customers to download the item in either format.
PHP puts a limit on the size of file that it can process so that poorly written scripts do not use up all the memory. This means that there is a maximum file size that can be downloaded which will be defined by the memory_limit attribute in the php.ini file.
This feature may not be on your server because it is only enabled when PHP has been compiled to include memory limit; the default value is 8Mbytes.
Different hosts set up their server in different ways. Some may have the default value, some a larger value and some no restriction at all. You will have to contact your host to find out the details if you think that it could be a problem.
When memory_limit is enabled on the server, if you attempt to download a file which is greater than the memory_limit, you will end up with a corrupt file.
If memory_limit is enabled and if you need to have files greater than the memory_limit, you can change the value in the php.ini file. However, you will probably not have access to this file if your server is hosted by a hosting company.
You can still overcome the problem by splitting up your files into a number of separate files. PHP-eSeller has the facility where you can define as many files against a product as you wish.
When a purchaser buys a physical item, it makes the same checks as a digital item. It checks the value and currency and then stores the details in the sales history table. A confirmation email is sent to the customer.
A customer can purchase both physical and digital items at the same time by adding them to the cart. In which case the customer will receive one email identifying their login details, and a second confirmation email for the physical item.
For those who are interested in the structure of the tables and how they are related, the following provides some relevant information.
Identifies the relationship between the main category and the subcategory record id's.
Lists the main categories
Lists the subcategories
This is purely a historical table and is not linked to other tables, so if your change the name of an item then this table will have the the old item name.
When a customer purchases a product, the unique download link is entered in this table. At the same time the tbldownloads is populated with the purchased item_id and download file details.
Identifies which files a customer can download including the number of downloads remaining which is decrement ed as each download is made.
Contains global set up details.
Contains admin user details.
Identifies the locations of the files for downloading.