Using different currencies in PayPal

Posted on by No Comments ↓

What currency should you sell your products in ? 

PayPal is able to handle quite a wide range of currencies and you have to descide which currency you should sell your products in. 

I guess the question really is “are you selling to the world or are you expecting payments from customers who are based in your locality ?”  This will depend on the type of products you are selling.  Digital products have the advantage that you have no shipping to worry about so you can choose whatever currency you want. 

The only issue that I have discovered with selling in different currencies is to do with the set up of your associated PayPal account. If your ‘native’ PayPal currency is GPB and you want to sell in Euros, you have to tell PayPal to automatically accept ‘foreign’ currency transactions (the default is to ask).  If you do not do this and you receive a purchase through your shopping cart you will receive an email saying something like “PayPal purchase verified and order is waiting to be processed” with body text of :  “Unknown pending reason was received.”
 
Telling PayPal to accept all currencies and convert them to GPB resolves the issue.

Ways to counter SQL Injection

Posted on by No Comments ↓

Here are a few suggestions to counter the problem of sql injections.

Database Permissions

Set the permissions on the database username / password as tightly as possible.  If you are displaying data, there is no need for the user to have insert or update permissions into the database.  One solution is to have two usernames / passwords.  One would have select permissions, and would be used only for display.

The other would have select, insert and update permissions used only for forms that require data to be stored in the database.

Test all data input

All form data and all url query strings should be tested.

For example, if you are passing data using a query string any record id’s are usually integer, so test that they are actually integer values with a function such as isumeric in classic ASP.

Use correct data types and data sizes in the databaseThis means that if you have a colunn which is a persons name, the data type size only needs to be 40 characters.

There is no need to have a data size any larger than required.

Convert text to htmlBefore storing text in a database, convert it into html.  This will change inputs such as the Javascript <script> to its html equilivant which cannot be executed on a web page.

Filter out any characters that may cause issues. and are not required.

Use parameterized queries

If you use parametized queries for connection to the database you eliminate string concatenation.  You should always use parametized queries rather than constucting the sql.

Check characters particlarly with username / password

If an entry is a username, it normally does not require any other characters other than a to z and 0 to 9 and it only needs to be say, 8 characters long.

Configuring the fckeditor HTML editor

Posted on by No Comments ↓

The fckeditor is described on the web site http://www.fckeditor.net and is a configurable html text editor with many add ons and plugins.

The configuration file in the fckconfig.js file is set to use the english language ‘en’ with a toolbar set called ‘pg_toolbar’. The FCKEditor web site provides full desciption on its options and configuration.

The fckeditor has the ability to upload images and files with a file manager system. This is disabled by default.

To set up the upload facility in fckeditor.

(A)

In the file \fckeditor\editor\filemanager\browser\default\connectors\php\config.php

change ‘false’ to ‘true’ to allow uploads.

The relevant line in config.php file :
// SECURITY: You must explicitly enable this “connector”. (Set it to “true”).
$Config[‘Enabled’] = false ;

(B)

Create a folder on the server where you want the files to be located and identify
the folder in \fckeditor\editor\filemanager\browser\default\connectors\php\config.php

Then change the permissions on that folder to 777.

The relevant line in config.php file :
// Path to user files relative to the document root.
$Config[‘UserFilesPath’] = ‘/UserFiles/’;

the document root being the root of the web server.

Another area of customisation that you may want to implement is defining the toolbar that appears above the text box which is used to enter product descriptions. The toolbar has been trimmed to make it more manageable and to remove tools that are not required all that often. However, you may want to add back in some buttons which is very easy to do.

Open up the file /fckeditor/fckeditor.js with a suitable text editor.

The toolbar that we use is called FCKConfig.ToolbarSets[“pg_toolbar”].

The default toolbar is FCKConfig.ToolbarSets[“Default”].

If you want to add a button from the default toolbar, just copy it and place it into FCKConfig.ToolbarSets[“pg_toolbar”].

Or if you want all the buttons, rename FCKConfig.ToolbarSets[“Default”] to FCKConfig.ToolbarSets[“pg_toolbar”] and remove the old FCKConfig.ToolbarSets[“pg_toolbar”].

Note that the very last button on the toolbar is used to maximise the editor window which can help if you are doing more detailed work with the html.

EasyPHP on Windows 7

Posted on by No Comments ↓

EasyPHP is an application that you install on your Windows computer which you can use as a development system for PHP / Apache and mySQL databases.

It can be downloaded form http://www.easyphp.org/ and I find it a very good way to develop applications using PHP on my Windows computer.

EasyPHP contains a single exectuable which when run, installs PHP, Apache web server and a mySQL database onto your Windows computer. All
very neat an convenient to use.

However, when I tried to install on Windows 7 I came across a number of issues with Apache and with mySQL.

When I launched the software, Apache wouldn’t start. Here is the error :

Apache cannot run: another Web server is using the Web port or port is blocked by firewall.

To overcome this issue :

1. Click the EasyPHP icon beside the “Apache” button.
2. Click “Configure” then click “EasyPHP“.
3. Uncheck “Check server’s TCP port before starting” then click “Apply” button and then “Close” button.
4. Click “Apache” button and then click “Start“.

That fixes the “Apache cannot run…” problem.

The above gets the Apache server to work but after I closed EasyPHP and ran it again, I got this second error message :

Unexpected end of MySql… See log file?

This is a mySQL error message and is actually a file permission problem.

So I changed the user permission for the EasyPHP directory and mySQL correctly started.

To set your permissions this is what you do :

1. Open and view Drive C using the windows explorer, then double click “Program Files” assuming that you installed EasyPHP in that folder.
2. Right click on the folder where you installed EasyPHP then click “Properties“.
3. On “Security” tab click “Edit…” button.
4. Select the user that you are currently using. This will probably be something like “Users (computer name)”
5. Under “Permissions for Users” box, tick “Full control” on “Allow” column.
6. And then click “OK” button to apply the changes.

Now you should be able to start mySQL server by clicking “mySQL” button on EasyPHP dialog and then click “Start“. Or shut down EasyPHP and restart it again.

Hopefully that will solve issues when working with Windows 7 and EasyPHP.

Things to check if username / password is not sent

Posted on by No Comments ↓

When you have completed the set up of PHP-eSeller, here are a few pointers which you should check if emails are not being sent out after a purchase.

  • Make sure that you have assoicated a digital file with the product that you are purchasing.  If you have not assoicated a digital file with the product, an email will not be sent to the purchaser although an email will be sent to the admin email address saying no file is assoicated with the product.
  • Check that your web server is able to send emails using PHP.    Most web servers will not have a problem with this so is unlikely to be the issue now.
  • Check if you have entered the installation url correctly in the Global Set up admin page. I have seen http://wwww/ rather than http://www. or even just www.
  • Check that your PayPal email address is the PayPal PRIMARY email account which you set in Global Set up admin page.