Do I need SSL on my Web Server for use with PayPal IPN?

PayPal upgrades:

1) Changes to PayPal security for HTTP/1.1 and TLS 1.2
2) IPN Verification Postback to HTTPS

PayPal say their target for these is June 2018

 

You may have seen an article from PayPal which talks about HTTP and TLS. This is a server issue
which is the responsibility of your web host. Essentially there is an upgrade by PayPal to ensure that
all their servers meet the latest standards and hence your web server will also require to operate
in that way. You should contact your host about this if you are unsure, although most servers will already
meet these standards.

 

The second update is using HTTPS for IPN verification.

PayPal says:

“If you are using PayPal’s instant Payment Notification (IPN) service, you will need to ensure
that HTTPS is used when posting the message back to PayPal for verification. HTTP PostBacks
will no longer be supported.”

“Merchants and partners use Instant Payment Notification (IPN) to receive notifications of
events related to PayPal transactions. The IPN message service requires that you acknowledge
receipt of these messages and validate them. This process includes posting the messages back
to PayPal for verification. In the past, PayPal has allowed the use of HTTP for these
PostBacks . For increased security going forward, only HTTPS will be allowed for PostBacks to
PayPal. At this time, there is no requirement for HTTPS on the outbound IPN call from PayPal
to the merchant’s IPN listener.”

In practice this means that you need https on your web server to send https to PayPal and
then you need to change the set up of you PHP-KeyCodes, PHP-eSeller or PHP-SecureArea
application to identify the URL of the site as https rather than http.

Note: if a customer tried to make a purchase it would still succeed, but your store would
not be notified of that fact, and your records will not reflect the sale properly. Nor
will the PHP application automatically send the information to the customer by email.

Refer to PayPal documentation:

https://www.paypal.com/au/webapps/mpp/ipn-verification-https

So do I need SSL on my Web Server when using PayPal IPN? Yes, the PostBack from PayPal will not work
and SSL will give better security for your site.

WordPress Plugin for selling License Key Codes – PHP-KeyCodes

Hello and welcome fellow programmers.

A WordPress version of PHP-KeyCodes has just been released which has most of the functionality of the standalone PHP/MySQL application PHP-KeyCodes.

The plugin can be viewed and downloaded from the following link:

https://wordpress.org/plugins/withinweb-php-keycodes/

The plugin allows you to sell per-configured license codes, pin numbers, mobile phone numbers or any other similar codes from your WordPress installation using a PayPal account.

Using Subversion for WordPress Plugins

Subversion Control for WordPress

If you write a plugin for WordPress and want to make it available on WordPress.org, you have to use Subversion to handle revisions, versions and source control.

There are a number of programs that you can use and which can be installed on a PC or a MAC. Many do use the command line which can be difficult for those not familiar with the particular commands. However, there are a number of client applications that have very good user interfaces which does make the process much easier.

SilkSVN Windows Command Line Client. https://sliksvn.com/download/
TortoiseSVN for Windows which can be downloaded at https://tortoisesvn.net/downloads.html
Versions for the Mac which can be downloaded at http://versionsapp.com

When I first began to look at WordPress and SVN, I wanted to use a visual method of updating. I wanted to click a button and for it to automatically do everything without thinking. However, I found that using a visual interface did not show the point of SVN and when I started to use a text interface, I found I understood the process much better. Also there is a lot of documentation available for the command line interface which is helpful when things go wrong.

The following are some notes that I have made over the years about using the command line system with WordPress which may help if you are having issues. It is based on the WordPress.org documentation but I have added in some extra points.

 

Command Line SVN

As I use Windows I use SilkSVN.  Download and install SilkSVN and in the cmd terminal (go to Windows Start and enter cmd.exe), type “svn” followed by the required commands. “svn help” will show help text and will show that SilkSVN is working.

The documentation that WordPress has produced is located here:

https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/

The only issue I have found when using SilkSVN is that you should use double quotes wherever it uses single quotes as in the standard SVN documentation.

Also, always make sure you change directory to where your local repository is located.

 

Starting a new plugin

On your computer, first create a local directory which will be your copy of the SVN repository.

In this document I will use my-local-dir to refer to the local directory.

Next, check out the pre-built repository using the co command:

my-local-dir / svn co https://plugins.svn.wordpress.org/your-plugin-name my-local-dir
> A my-local-dir/trunk
> A my-local-dir/branches
> A my-local-dir/tags
> Checked out revision 11325.

 

You will probably be asked your username and password which will be the one you were given when you registered for WordPress.org.

The above command will create a set of folders on your local computer in your local directory called “trunk”, “branches” and “tags”.

The “tags” folder is for your releases and will consist of a number of sub folders that correspond to your version numbers.

The “trunk” folder is where your development version is located.

Copy your files into the “trunk” folder and then you have to let subversion know you want to add the files into the repository:

my-local-dir / svn add trunk/*

 

Now check in the changes:

my-local-dir / svn ci -m "Check in to trunk"

 

Now copy the trunk files to the required tag folder.  In this example I am going to create a folder 1.0.0

my-local-dir / svn cp trunk tags/1.0.0
> A tags/1.0.0

 

and commit the changes:

my-local-dir / svn ci -m "tagging version 1.0.0"

So now on the remote repository you should have your released files in the tag/1.0.0 and your current working development files will also be in the “trunk” folder.

 

Creating a new version

We want to create a new version of our plugin so we:
* Modify the readme.txt with the new version number.
* Modify the main php file with the new version number.
* Update the trunk folder so that it contains the latest files.
* Copy the trunk folder to a new tags folder using SVN.
* Check in the changes using SVN.

Essentially the method is the same as described above but with a few more checks.

On your local computer, make sure that your trunk files are up to date.

We can do this by using the SVN update command. (First, change your directory to where the SVN local directory is situated):

my-local-dir / svn update

 

Files in the remote repository are downloaded and update the local files.

Copy over the file or files to your local trunk folder and then let subversion know you want to add those files back:

my-local-dir / svn add trunk/*

 

Now commit the changes:

my-local-dir / svn ci –m “add new files to trunk”

 

Now do a status display:

my-local-dir / svn stat

You can see the meaning of the status information further at the end of this article.

 

At this point, you may have to delete files / folders by:

my-local-dir / svn delete 

In some cases, you may have to use –force to force the deletion.

 

When you do:

my-local-dir / svn stat

you should now see those files/folders marked for deletion.

 

Deleting only deletes it form the local copy and only schedules if for deletion from the repository. You have to then commit the changes by:

my-local-dir / svn ci -m "New files update"
> Sending trunk/my-plugin.php
> Transmitting file data .
> Committed revision 11327.

 

That updates the files in the trunk folder and deletes any marked files.

Now that you have the files checked in to the trunk folder, you can copy over the files to a tag folder as described above.

 

You do this by:

my-local-dir / svn cp trunk tags/2.0
> A tags/2.0

 

Now, as always, check in the changes.

my-local-dir / svn ci -m "tagging version 2.0"
> Adding tags/2.0
> Adding tags/2.0/my-plugin.php
> Adding tags/2.0/readme.txt
> Committed revision 11328.

 

The assets folder

Use the assets folder for files like screenshots, banners and icons for wordpress.org site. Note that the assets folder is a separate folder in the root of the folder structure and is not a subfolder of the trunk or tag folder.

Update as the assets folder follows.

 

Navigate to the local folder which is the root of the SVN, then enter:

my-local-dir / svn add assets/*
>  A assets/sceenshot-1.png
>  A assets/sceenshot-2.png

The “add assets/*” identifies all files in the assets folder.

 

After you add all your files, you need to check in the changes back to the central repository using ci:

my-local-dir / svn ci -m “Add assets”
> Adding assets/screenshot-1.png
> Adding assets/screenshot-2.png
> Transmitting file data
> Committed revision 1124545

 

Status Command

A useful command is “svn status” which gives information about the state of the repository.

 my-local-dir / svn stat

 

If you see ? in the list of files or folders, it means that they are not under svn control. In which case do “svn add
To use this command as with all the other commands, you need to change directory on your local computer to the root folder of the SVN.

U: Working file was updated
G: Changes on the repository were automatically merged into the working copy
M: Working copy is modified
C: This file conflicts with the version in the repository
?: This file is not under version control
!: This file is under version control but is missing or incomplete
A: This file will be added to version control (after commit)
A+: This file will be moved (after commit)
D: This file will be deleted (after commit)
S: This signifies that the file or directory has been switched from the path of the rest of the working copy (using svn switch) to a branch
I: Ignored
X: External definition
~: Type changed
R: Item has been replaced in your working copy. This means the file was scheduled for deletion, and then a new file with the same name was scheduled for addition in its place.
L : Item is locked
E: Item existed, as it would have been created, by an SVN update.

 

Problems, problems, problems

If you get a message ‘folder name’ is scheduled for addition, but is missing then look at the following document:

https://benohead.com/svn-file-scheduled-addition-missing/

Also look at:

http://svnbook.red-bean.com/en/1.6/svn.ref.svn.c.delete.html

The method that I have found to use is rm (remove), or you may use the delete command. So you do something like:

my-local-dir / svn rm –force c:\csv\withinweb_wp_keycodes\withinweb-php-keycodes\tags\2.0.0\views

Once you have removed all the problems you should be able to commit.

Note that you may have change the local directory to the file or folder that you are going to delete or you have to enter the full path name of the file or folder.

 

Checking differences

Checking files are at the correct version can be done by doing a diff.

An HTML5 Audio Player using a Customized Image

HTML 5 is able to play audio in a browser without the need for a plugin. In the long run, HTML 5 will probably put an end to audio plugins such as Microsoft Windows Media Player, Silverlight and Adobe Flash.

The audio player download provided here consists of JavaScript and css that give a customized version of the HTML 5 audio. You may use it as is on a web page or you may want to modify it to show a different image. At present there is no WordPress plugin for the code.

This code is also used in the PHP-eSeller application for audio previews.

 

Click here for a full description

 

Click here to download

New version of PHP-eSeller PHP Shopping Cart Digital Goods

PHP-eSeller has been updated to include fully responsive displays on the admin and public shopping cart displays so that they work well on all types of devices, mobile, tablets and desktop.

PHP-eSeller

Some of the cart displays now use the JQuery Datatable system that can be easily modified to change formatting and add in other options.

The JQuery Datatable plugin is well documented, is very extensive and has many features and functions.

Other shopping cart displays are based on the latest version of Twitter Bootstrap which is a framework to ensure that displays work well on different device types. Bootstrap is a well known framework which can be easily changed and modified to work with your particular layout. It is also very well documented with many forum sites.

PHP-eSeller has been completely re-written and is fully compatible with PHP 7 servers.

 

Twitter Bootstrap PHP Cart System

Live Demo

 

Datatable Cart System with HTML Audio Preview and no formatting

Live Demo

 

Datatable Cart System including Twitter Bootstrap

Live Demo

Sell software license keys and pin numbers with a WordPress Plugin

PHP application to sell key codesWordPress PHP-KeyCodes is a WordPress Plugin to sell software license keys, product keys, serial keys, mobile phone codes and any other pre-generated license codes.

The plugin is available from here:

WordPress PHP-KeyCodes

It is similar to the stand alone application PHP-KeyCodes which is described on:

https://www.withinweb.com/phpkeycodes/

If you are a software developer, then using license keys is a way to ensure that your products are safe and secure.  You use this application to automatically distribute the codes after payment from PayPal.

The pin numbers are listed in the database one entry per line.  When a purchase is made, PayPal sends an IPN notification to the plugin which then extracts the first pin number, sends it to the purchaser and then removes that pin number from the list.

The email sent to the purchaser contains the pin number or key code, and you will receive a copy of the email.

The sales history listing also identifies which pin number has been sold to the purchaser.

A local test system is included which allows you to test without connecting to PayPal.

Setting a value in the Lower Limit entry box causes an email to be sent to the administrator when the minimum number of key codes has been reached.

The system has a high level of security in that the license key code will not be sent out until the correct PayPal return code is received with the correct purchase values.  The system checks that the database value is the same as the amount that has been spent, and the currency code is the correct value.  This ensures that any alteration to the button code will not work.

The html code for the PayPal buy now buttons can be easily placed on your WordPress pages.

Installation

The installation into WordPress is the same as for any plugin as is the procedure for upgrades which ensures the plugin is kept up to date.

WordPress PHP-KeyCodes

A Shopping Cart using PHP Sessions

This posts illustrates a relatively simple shopping cart using PHP sessions to store cart details, quantities and total cart amount.  The cart has an add to cart button , remove from cart button and displays the total value of the cart.

This post is taken from part of the book PHP Tutorials: Programming with PHP and MySQL which is available as a paper back printed version or as a downloadable Kindle version. Click here for paper back version.

The following listing is the complete PHP shopping cart:

<?php session_start();
#cart.php - A simple shopping cart with add to cart, and remove links
 //---------------------------
 //initialize sessions

//Define the products and cost
$products = array("product A", "product B", "product C");
$amounts = array("19.99", "10.99", "2.99");

//Load up session
 if ( !isset($_SESSION["total"]) ) {
   $_SESSION["total"] = 0;
   for ($i=0; $i< count($products); $i++) {
    $_SESSION["qty"][$i] = 0;
   $_SESSION["amounts"][$i] = 0;
  }
 }

 //---------------------------
 //Reset
 if ( isset($_GET['reset']) )
 {
 if ($_GET["reset"] == 'true')
   {
   unset($_SESSION["qty"]); //The quantity for each product
   unset($_SESSION["amounts"]); //The amount from each product
   unset($_SESSION["total"]); //The total cost
   unset($_SESSION["cart"]); //Which item has been chosen
   }
 }

 //---------------------------
 //Add
 if ( isset($_GET["add"]) )
   {
   $i = $_GET["add"];
   $qty = $_SESSION["qty"][$i] + 1;
   $_SESSION["amounts"][$i] = $amounts[$i] * $qty;
   $_SESSION["cart"][$i] = $i;
   $_SESSION["qty"][$i] = $qty;
 }

  //---------------------------
  //Delete
  if ( isset($_GET["delete"]) )
   {
   $i = $_GET["delete"];
   $qty = $_SESSION["qty"][$i];
   $qty--;
   $_SESSION["qty"][$i] = $qty;
   //remove item if quantity is zero
   if ($qty == 0) {
    $_SESSION["amounts"][$i] = 0;
    unset($_SESSION["cart"][$i]);
  }
 else
  {
   $_SESSION["amounts"][$i] = $amounts[$i] * $qty;
  }
 }
 ?>
 <h2>List of All Products</h2>
 <table>
   <tr>
   <th>Product</th>
   <th width="10px">&nbsp;</th>
   <th>Amount</th>
   <th width="10px">&nbsp;</th>
   <th>Action</th>
   </tr>
 <?php
 for ($i=0; $i< count($products); $i++) {
   ?>
   <tr>
   <td><?php echo($products[$i]); ?></td>
   <td width="10px">&nbsp;</td>
   <td><?php echo($amounts[$i]); ?></td>
   <td width="10px">&nbsp;</td>
   <td><a href="?add=<?php echo($i); ?>">Add to cart</a></td>
   </tr>
   <?php
 }
 ?>
 <tr>
 <td colspan="5"></td>
 </tr>
 <tr>
 <td colspan="5"><a href="?reset=true">Reset Cart</a></td>
 </tr>
 </table>
 <?php
 if ( isset($_SESSION["cart"]) ) {
 ?>
 <br/><br/><br/>
 <h2>Cart</h2>
 <table>
 <tr>
 <th>Product</th>
 <th width="10px">&nbsp;</th>
 <th>Qty</th>
 <th width="10px">&nbsp;</th>
 <th>Amount</th>
 <th width="10px">&nbsp;</th>
 <th>Action</th>
 </tr>
 <?php
 $total = 0;
 foreach ( $_SESSION["cart"] as $i ) {
 ?>
 <tr>
 <td><?php echo( $products[$_SESSION["cart"][$i]] ); ?></td>
 <td width="10px">&nbsp;</td>
 <td><?php echo( $_SESSION["qty"][$i] ); ?></td>
 <td width="10px">&nbsp;</td>
 <td><?php echo( $_SESSION["amounts"][$i] ); ?></td>
 <td width="10px">&nbsp;</td>
 <td><a href="?delete=<?php echo($i); ?>">Delete from cart</a></td>
 </tr>
 <?php
 $total = $total + $_SESSION["amounts"][$i];
 }
 $_SESSION["total"] = $total;
 ?>
 <tr>
 <td colspan="7">Total : <?php echo($total); ?></td>
 </tr>
 </table>
 <?php
 }
 ?>

The cart example uses the following sessions to maintain the state of the cart:

$_SESSION[“qty”][i] Stores the quantity for each product
$_SESSION[“amounts”][i] Stores the price from each product
$_SESSION[“cart”][i] Identifies which items have been added to the cart
$_SESSION[“total”] Stores the total cost

The sessions are actually arrays so in the case of:

$_SESSION[“qty”][i]

is the quantity for the element with number i.

Description of the PHP shopping cart code

We start by defining PHP to use sessions by:

session_start();

This has to be at the very top of the PHP page.

Next we set up our products and populate our sessions. In this example we are using a fixed array of product descriptions and amounts. You may want to do this in your application or you could read in the data into the $product and $amounts array from a database.

//---------------------------
 //initialise sessions

 //Define the products and cost
 $products = array("product A", "product B", "product C");
 $amounts = array("19.99", "10.99", "2.99");

 if ( !isset($_SESSION["total"]) ) {

  $_SESSION["total"] = 0;

  for ($i=0; $i< count($products); $i++) {
   $_SESSION["qty"][$i] = 0;
   $_SESSION["amounts"][$i] = 0;
 }
}

The following code will reset and clear the sessions when the Reset Cart link is selected.

//---------------------------
  //Reset
  if ( isset($_GET['reset']) )
   {
    if ($_GET["reset"] == 'true')
    {
     unset($_SESSION["qty"]); //The quantity for each product
     unset($_SESSION["amounts"]); //The amount from each product
     unset($_SESSION["total"]); //The total cost
     unset($_SESSION["cart"]); //Which item has been chosen
   }
}

The following code adds an item to the sessions when the ‘Add to Cart’ link is clicked:

//---------------------------
//Add
if ( isset($_GET["add"]) )
{
$i = $_GET["add"];

$qty = $_SESSION["qty"][$i] + 1;

$_SESSION["amounts"][$i] = $amounts[$i] * $qty;
$_SESSION["cart"][$i] = $i;
$_SESSION["qty"][$i] = $qty;
}

and the following deletes an item from the cart when the ‘Delete from Cart’ link is clicked:

 //---------------------------
 //Delete
 if ( isset($_GET["delete"]) )
 {
   $i = $_GET["delete"];
   $qty = $_SESSION["qty"][$i];
   $qty--;
   $_SESSION["qty"][$i] = $qty;

 //remove item if quantity is zero
 if ($qty == 0) {
   $_SESSION["amounts"][$i] = 0;
   unset($_SESSION["cart"][$i]);
 }
 else
 {
   $_SESSION["amounts"][$i] = $amounts[$i] * $qty;
 }
 }

The rest of the code is the visual display using a table and various loops to show the product lists and the cart details together with the links.

This post is taken from part of the book PHP Tutorials: Programming with PHP and MySQL which is available as a paper back printed version or as a downloadable Kindle version. Click here for paper back version.

PHP-eSeller is a complete application that utilizes a shopping cart using PHP Sessions and is available from here:

Click here to go to PHP-eSeller

A guide to sell digital downloads online using a PHP Shopping Cart

Digital goods, electronic goods, digital products or e-goods are anything you can sell that is in a digital format.  The types of products include ebooks, software, website templates, music, videos, license codes, ringtones and pdf tutorials.  The costs of adding a digital item to a shopping system is very small so it can be a great way make a steady income.

A PHP shopping cart with add to cart buttons can be combined with selling digital downloads as used in the PHP-eSeller application.

Here are just a few of the advantages to selling digital downloads using a specially designed PHP shopping cart:

• No inventory – you have no stock levels to maintain so you have no storage problems or supply problems.
Costs are the same to sell one or thousands digital goods.
No postage costs.
• The customer will instantly receive the product using a digital download system.
• The transaction is quickly completed so you have the money in your account straight away.

Some online services specialize in selling digital goods, including invoicing, payment, and delivering the digital copy for you.  In that case, you have to pay some sort of fee to the service provider.

Alternatively you can have a PHP shopping cart on your web site that you install yourself or get a developer to install for you.

Choosing a PHP Shopping cart can be difficult, here’s some guidelines to help you get started:

1) Fees

The payment system that the shopping system uses will have some kind of transaction fees.  This will vary so check what they require and what you can afford. Selling through PayPal is often a convenient way and they use a transaction fee.

2) Integration with your website

Make sure the shopping cart can be integrated with your website.  This may be by modifying a template system or by adding buttons to your existing web pages.

3) Features

Here’s a few of the features that might be helpful:
* Automatic product download
* Have the option of no shipping
* The ability to simultaneous sell tangible goods and e-goods

4) Security

It’s important that the purchase made by the customer is secure. You should expect your customer, after purchasing your product, to receive a secure link to immediately download the purchased item. The link should expire within a certain amount of time.

5) Easy to Use

Make sure the transaction is smooth and easy for your customer, you want to make it easy so that your customer come back for more.

Here’s a great eCommerce guide from my site at:

http://withinweb.com/global/hints_tips_and_tricks/digital_files.pdf

on further concepts for digital downloads.

The product PHP-eSeller is designed to sell digital goods from your web site using a PHP shopping cart system.  PHP-eSeller has a number of carts, and displays which enable you to integrate it to an existing site.

  Click here to go to PHP-eSeller description  

New version of PHP Subscription Manager

The PHP Subscription Manager PHP-SecureArea has been updated to give administration pages that are more responsive and easier to use.

PHP-SecureArea enables you to set up a subscription manager in PHP and a demo version of the new administration pages can be seen at:

https://www.withinweb.com/phpsecureareademos/admin/index.php

The PHP membership script uses the facilities of PayPal to automatically allow customers access to secure areas of your web site after a valid payment has been received.

For full information go to:

https://www.withinweb.com/phpsecurearea/