Why do I get asked twice to log in to secure area

With PHPSecureArea, when you set up a secure area protected by a htaccess / htpasswd file you may find that you have to login twice.

The probable reason is that you have linked to the protected area as

http://www.domainname.com/protected

or

http://www.domainname.com/protected/

Change this to the full file url for example :

http://www.domainname.com/protected/index.html

What is IPN

Instant Payment Notification (IPN) is the method that PayPal uses to automatically notify a defined web page when a PayPal payment has been made. For a complete description refer to the PayPal IPN Manual which you can find on the http://www.paypal.com/ipn site.

The principle that PayPal uses is as follows : You first create a PayPal ‘buy now’ button and place it on your web page or create the buttons dynamically from a database. When someone clicks on your ‘buy now’ button, (or ‘proceed to checkout’ button in the case of a shopping cart system), PayPal posts data to the web page you defined during IPN set up. Your web page must then respond back to the paypal site.

After PayPal has confirmed the payment, it posts data back to your web page. Your web page then sends the data back to PayPal to act as a security handshake. Then PayPal will send ‘completed’ if payment has been correctly completed.

Once ‘completed’ has been received by your web page, you process the data in whatever way you want. The IPN method provides a relativly simple method of checking when a purchase has been made but remaining secure. The handshake principle of IPN makes it impossible to trick a web site that payment has been completed.

For digital goods, PHP-eSeller takes the IPN data from PayPal, carries out security checks to make sure the details are correct, then emails the purchaser with a username/password, all without any intervention by yourself. The purchaser is then able to login to a secure area where they can download their items.

The list of items which the purchaser sees does not have any urls as that could compromise the security. The list is made up of buttons which are then translated into filenames by PHP.

The purchaser only sees the files he has purchased and cannot access the file in any other way.

For physical goods the processing is not as complicated. It checks the details received from PayPal, sends a confirmation email to the purchaser if there are no problems, and stores the sales details in the database. Obviously, there is no login process required for physical goods.

Linking Analytics to your Adwords Account and trouble shooting auto-tagging

I have had some problems in the past in linking Google AdWords and Analytics.

There are two steps to ensure that AdWords and Anayltics are linked :

(1) In your AdWords account, go to My Account > Account Preferrences.  Click the ‘edit’ link next to Tracking.  Select the box that says ‘Destination URL Auto-tracking” and click Save Changes.

(2) Still in your AdWords account, click the analytics tab and choose to ‘Apply Cost Data” and select Save Changes.

With Auto Taging enabled and wehn someone clicks on your AdWord advert, the browser is redirected to your landing page with an additional parameter (gclid) added on to the url of your

landing page as follows :

http://www.mysite.com/landingpage.htm?gclid=C0vh48787CeEukef34

It is this additional parameter that identifies vistors as coming from AdWords “google(cpc)” as apposed to organic “google(organic)”.  The correct google cookie is then placed on to the

visitor machine.  When a customer clicks on your AdWord, and then lands on your conversion page, you should see that that within the google(cpc) displays. 

The key point is : Google Analytics cannot tell if the visitor came from an AdWords click if the gclid parameter is missing on the page that the user eventually lands on.

The key is to test whether your landing page retains the gclid parameter and this can be easily done as follows :

1. Take your destination URL (eg http://www.yoursite.com/landing_page.html) and paste it into your browser’s location bar (where you usually type in a web address)
2. Add a test parameter on to the end of the URL.  If your URL does not already have parameters in it, append ?gclid=test.  If there are already parameters, append &gclid=test on to the end.  (For example, http://www.yoursite.com/landing_page.html becomes http://www.yoursite.com/landing_page.html?gclid=test; and http://www.yoursite.com/landing_page.html?myval=1 becomes)

http://www.yoursite.com/landing_page.html?myval=1&gclid=test
3. Press enter
4. Your browser will take you to your landing page.  Be mindful of redirects, especially if you are tracking with Doubleclick, Atlas, etc tags.
5. Is the gclid=test parameter still visible in your browser’s location bar?
If yes, then auto-tgging should come through onto your landing page (providing that you have enabled auto-tagging on your account of course).

If no, there is most likely an intermediate redirect that is stripping out the gclid parameter.

   1. First – change your destination URL to the ultimate page that the visitor lands on, thus bypassing any redirects
   2. Configure your server so that the gclid parameter is passed along in the redirect

Other possible problems are that users are landing on a 404 error page, or that your landing page does not have the required google Anaytics Javascript code located on it.

Posted in SOE

Placing Google Anayltics Javascript code into the template system of PHP-eSeller

If you want to track the PHP-eSeller template driven shopping cart pages using Google Anaytic Javascript code then the best place for the code is in the file ‘footer.htm’ which is located in the /templates/ folder.

Just make sure that the Javascript code goes between the <patTemplate:tmpl name=”footer”> and </patTemplate:tmpl> and not outsite of those tags.

You should be able to test it by just looking at the source of the shopping cart web page when you display it in the browser.  You should see the Javascript code somewhere near the bottom of the page.

Using drop downlists with buttons

If you are creating buy now button by hand and if you want to give customers an option when they are buying a product with PHP-eSeller, you can easily do this using a drop down list.

An example might be :

<form action="http://www.yourservername/eseller/ipn/process.php" method="post">
<select name="item_number">
<option value="">Select a product</option>
<option value="item_a">Small $1.00</option>
<option value="item_b">Medium sized file $2.00</option>
<option value="item_c">Large file $3.00</option>
</select>
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

You will need to create three products with item_number of item_a, item_b and item_c. The customer then selects which one they require and click the buy now button which takes them to PayPal.

PHP-KeyCodes custom field

When you sell pin codes or software licence codes using PHP-KeyCodes, you may want the customer to enter in some text during purchase which is returned to you in the purchase information. This might be the type of cellphone, or some other information that you require for you records.

PayPal has a field called ‘custom’ which is a pass through field where any data entered into the field will be passed unchanged to PayPal and returned inside the IPN data.

In PHP-KeyCodes, entering text into the custom field is returned with the IPN payment details and the data is stored in the tblsaleshistory table along with all the other PayPal details and the purchased licence codes.

To use this feature all you need to do is add an html input text field as shown in http://www.withinweb.com/phpkeycodes/handbuttons.php The maximum number of characters that can be entered is 255.

Google releases Keyword Tool External with accurate search traffic numbers

Google has released its new Keyword Tool which generates accurate traffic data for keyword terms. See :

https://adwords.google.com/select/KeywordToolExternal

With the new Google tool you can search for any keyword or keyword phrase and see the estimated traffic.

The first column shows Advertiser Competition. The bar graph represents the number of advertisers that are bidding on each of the keyword phrase in you results. From this you can determine quickly whether a PPC Adwords campaign will require a high bid price and large budget.

Posted in SOE

Create a drop down option list with PHPSecureArea

If you have a number of membership options in PHP-SecureArea, these can be all displayed and selected from one drop down list.

For example :

<form action="/phpsecurearea/ipn/process.php" method="post">
<select name="item_number">
<option value="Memb01">1 month membership (£10.00)</option>
<option value="Memb03">3 month membership (£20.0)</option>
<option value="Memb06">6 month membership (£35.00)</option>
<option value="Memb12">12 month membership (£60.00)</option>
</select>
<input type="image" src="/phpsecurearea/images/btn/x-click-butcc-subscribe.gif" border="0" name="submit" alt="" title="Make payments with PayPal - it's fast, free and secure!" />
</form>

You first have to create separate product items in PHPSecureArea, for 1, 3, 6 and 12 months.

Entering them into the drop down list will provide the customer with an easy way to select instead of creating a button for each product.

How do I protect my digital files ?

If you are using an application like PHP-eSeller to sell digital files you need to make sure that your files are secure.

The best way to protect digital files (those files that you are going to sell) is to place them outside the root of your web site.

The root of the web site is normally the public_html folder or the www folder.

When placed ‘below’ these folders, it is not possible for anyone to get to those files using a web url address.

However, some hosts do not allow this, so instead you can protect your files by placing an .htaccess file in the folder.

An example .htaccess file which would do this is:

IndexIgnore *
AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
 deny from all
</Limit>

This will only work on a Linux type server and not on a Windows server.
http://www.javascriptkit.com/howto/htaccess.shtml has quite a good set of examples and gives some good background information on htaccess / htpasswd files