Logging in and session errors

With PHP-eSeller, PHP-SecureArea or PHP-KeyCodes, if you get an error during installation where the admin keeps on logging out, it is usually because there is an issue with session variables on your server.

First check using the test file a_session_test.php  When the page is first loaded there will be a link, click the link and it should say ‘Welcome back’.  If it does not, then it means there is a sessions issue on your server.

There could be a number of reasons for this, usually it is caused by a configuration problem on the server.  There should be a folder on the server which is used to store sessions and somtimes the host has not set this correctly.  Or it could be that it is a shared server and the server does not know the path.

Contact your hosting and ask them to investigate.

Sometimes they will reply that you include the following code at the top of any PHP script that uses sessions:

session_save_path(“path to session folder”);

If you use session_save_path on the page that registers a variable, you have also to use session_save_path on all the pages, where you access the session-variable. Under win32 you can use the double \\ to specify eg “c:\\temp\\”

This is possible to do but is not really practical.

If they do reply with the above, it is worth asking them again to check the php.ini configuration and also ask if there is a global method where you can set the path and where you do not have to change every instance in the application.

One possible solution is to set the session.save_path in an .htaccess file.  You may not have access to the php.ini file so this may be the way to do it.  You can do that in the .htaccess file, which is kind of configuration file for Apache, and put it in your root web folder. 

If you add :

php_value session.save_path /home/groups/f/f4/f4l/tmp/

where the folder name is the absolute path to the folder.  You should be able to get the absolute path by logging into your control panel.

Sending email from windows server

PHP-eSeller and PHP-KeyCodes can both be installed on a Windows Server which runs PHP and has a mySQL database.  This is quite a common arrangement now, and many hosting companies provide this, enabling PHP applications to be installed on Windows Servers.

Both applications need to send out emails from the server and this can be done by configuring PHP-eSeller and PHP-KeyCodes to use SMTP if the standard PHP email has not been set up.  This requires minor configuration changes to the config file which means entering the SMTP host, username, password.  All of these details should be available from your web site host if you donot know them.

You do not have to use the web server SMTP details, you can use an external SMTP mail service such as http://www.authsmtp.com.  Sometimes, these provide a better mail service than your host and may be more reliable.

What is IPN

Instant Payment Notification (IPN) is the method that PayPal uses to automatically notify a defined web page when a PayPal payment has been made. For a complete description refer to the PayPal IPN Manual which you can find on the http://www.paypal.com/ipn site.

The principle that PayPal uses is as follows : You first create a PayPal ‘buy now’ button and place it on your web page or create the buttons dynamically from a database. When someone clicks on your ‘buy now’ button, (or ‘proceed to checkout’ button in the case of a shopping cart system), PayPal posts data to the web page you defined during IPN set up. Your web page must then respond back to the paypal site.

After PayPal has confirmed the payment, it posts data back to your web page. Your web page then sends the data back to PayPal to act as a security handshake. Then PayPal will send ‘completed’ if payment has been correctly completed.

Once ‘completed’ has been received by your web page, you process the data in whatever way you want. The IPN method provides a relativly simple method of checking when a purchase has been made but remaining secure. The handshake principle of IPN makes it impossible to trick a web site that payment has been completed.

For digital goods, PHP-eSeller takes the IPN data from PayPal, carries out security checks to make sure the details are correct, then emails the purchaser with a username/password, all without any intervention by yourself. The purchaser is then able to login to a secure area where they can download their items.

The list of items which the purchaser sees does not have any urls as that could compromise the security. The list is made up of buttons which are then translated into filenames by PHP.

The purchaser only sees the files he has purchased and cannot access the file in any other way.

For physical goods the processing is not as complicated. It checks the details received from PayPal, sends a confirmation email to the purchaser if there are no problems, and stores the sales details in the database. Obviously, there is no login process required for physical goods.

Using drop downlists with buttons

If you are creating buy now button by hand and if you want to give customers an option when they are buying a product with PHP-eSeller, you can easily do this using a drop down list.

An example might be :

<form action="http://www.yourservername/eseller/ipn/process.php" method="post">
<select name="item_number">
<option value="">Select a product</option>
<option value="item_a">Small $1.00</option>
<option value="item_b">Medium sized file $2.00</option>
<option value="item_c">Large file $3.00</option>
</select>
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

You will need to create three products with item_number of item_a, item_b and item_c. The customer then selects which one they require and click the buy now button which takes them to PayPal.

How do I protect my digital files ?

If you are using an application like PHP-eSeller to sell digital files you need to make sure that your files are secure.

The best way to protect digital files (those files that you are going to sell) is to place them outside the root of your web site.

The root of the web site is normally the public_html folder or the www folder.

When placed ‘below’ these folders, it is not possible for anyone to get to those files using a web url address.

However, some hosts do not allow this, so instead you can protect your files by placing an .htaccess file in the folder.

An example .htaccess file which would do this is:

IndexIgnore *
AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
 deny from all
</Limit>

This will only work on a Linux type server and not on a Windows server.
http://www.javascriptkit.com/howto/htaccess.shtml has quite a good set of examples and gives some good background information on htaccess / htpasswd files

Creating a database user with myPHPAdmin

PHP-eSeller, PHP-SecureArea and PHP-KeyCodes all require a mySQL database and hence require a database username and password. Normally you will interact with the mySQL database using a control panel which will incorporate tools to easily create database and users. These facilities are provided by your web host and will be the best way to create database users.

However, with some web hosts it may be necessary to to create a user using myPHPAdmin.

To creating a user using the myPHPAdmin interface, asuming that you are logged in to myPHPAdmin with full previleges :

In a sql text box enter :

GRANT SELECT, INSERT, UPDATE, DELETE ON eseller.* TO eselleruser@localhost IDENTIFIED BY 'piggy911';
FLUSH PREVILEGES;

This above assumes that ‘eseller’ is the name of the database, ‘eselleruser’ is the name of the database user and ‘piggy911’ is the password.

This will create a user with select, insert, update and delete previlages which is all that is required for a normal user.

NOTE that to create tables the user needs to have create table privileges which can be given by changing the the sql to

GRANT ALL PRIVILEGES ON eseller.* TO eselleruser@localhost IDENTIFIED BY 'piggy911';
FLUSH PREVILEGES;

Templates caching with PHP-eSeller

PHP-eSeller can display ‘buy now’ buttons and ‘add to cart’ buttons in a number of different ways.  Buttons can be created by hand and then added to existing web pages or they can be displayed dynamically through a template system.

PHP-eSeller uses the pat template system which includes a caching method to improve the speed of the pages.

When you install PHP-eSeller all you need to do is change the permissions of the template folder ‘tmplcache’ to be set to 777.

When the page is viewed, caching will be implemented and pages will display quicker.  The folder ‘tmplcache’ is part of the installation structure although it is an empty folder.

Modifying fckeditor for use in PHP-eSeller

Fckeditor is used in PHP-eSeller as an HTML text editor and provides a powerful easy to use web editor. It is fully described on the web site http://www.fckeditor.net/

The main area of customisation that you may want to implement is defining the toolbar that appears above the text box which is used to enter product descriptions. We have trimmed down the toolbar buttons to make it more manageable and to remove tools that are not required all that often. However, you may want to add back in some buttons which is very easy to do.

Open up the file /fckeditor/fckeditor.js with a suitable text editor.

The toolbar that we use is called FCKConfig.ToolbarSets[“pg_toolbar”].

The default toolbar is FCKConfig.ToolbarSets[“Default”].

If you want to add a button from the default toolbar, just copy it and place it into FCKConfig.ToolbarSets[“pg_toolbar”].

Or if you want all the buttons, rename FCKConfig.ToolbarSets[“Default”] to FCKConfig.ToolbarSets[“pg_toolbar”] and remove the old FCKConfig.ToolbarSets[“pg_toolbar”].

Note that the very last button on the toolbar is used to maximise the editor window which can help if you are doing more detailed work with the html.

Number of product items per page

How to change the number of items displayed in PHP-eSeller and in the admin area of PHP-SecureArea.

With PHP-eSeller, if you are using a template driven display and wish to change the number of product items displayed per page then it can be done very easily. If you open up the file /functionscart/content.php in a text editor, you should see near the top of the file some page configuration settings. Similarly, in cart/includes/content.php file you will find configuration page settings which you can change if you are using this as your display.

With PHP-SecureArea, you may wish to change the number of users that are displayed in the admin display. Again this is very easy to do by opening the file a_usersmanage.php in a text editor and looking for the page configuration settings which are a few lines down in the code.

Make sure that you use a text editor such as notepad or a web page editing application – don’t use MS Word. Also, take a backup of any pages before you make changes, just in case.

PayPal and eChecks

An eCheck is when the customer only has a bank account, and not a credit card or additional form of payment to back up their account should their account be overdrawn when PayPal tries to debit it, so PayPal doesn’t pay you for 3-5 days while they wait for the money to transfer.

All withinweb applications (PHP-SecureArea, PHP-eSeller, or PHP-Keycodes) are able to handle Checks and in addition, will automatically send an email to the purchaser informing them that they have paid by eCheck and that there will be a delay before purchase is complete. Once the eCheck has cleared the application (PHP-SecureArea, PHP-eSeller, or PHP-Keycodes) will complete the process in the normal way and send the appropriate emails to the customer all without intervention by yourself.

When we recieve an eCheck purchase we often send an additional email to the customer just to further explain the situation and maintain a relationship with the customer.

In fact there are many situations where there can be a delay in payment being completed. All these situations are automatically handled by Withinweb.com applications.

There can be customer service nightmares when people use eChecks in PayPal. Most customers don’t know what it is, and PayPal appears not to warn them. Providing that you inform the customer, there should not be a problem and you can maintain your relationship with the customer.