Selling membership access with PHP-SecureArea

Membership sites make up some of the biggest and most lucrative websites online and with PHP-SecureArea, the benefits are well worth the initial time investment.

How Much Can You Make?

The income potential of a membership site can be unlimited. If your website or service is valuable and you have enough traffic then your monthly income can be enormous.

A good example of a large membership site is RapidShare (http://www.rapidshare.com) which allows people to share their files with everyone and anyone. At around $10 per month with thousands of members, RapidShare is currently the 12th largest website on the net (according to Alexa) so you can bet they make a packet.

How Much Work Is Involved?

Setting up the technical side of selling membership and subscriptions on a website is relatively easy using PHP-SecureArea. PayPal has a built in subscription function which is relayed back to the application script on your site which allows or refuses access based on whether the user paid the bill that month.

The real work is in finding a market and creating a service worth subscribing to. Iif you really have something to offer or something that people need, then subscription can be an excellent approach.

While membership sites like RapidShare don’t involve any time or effort on the part of the administrator, many membership sites do. A common practice is to sell subscription to a blog or a section of a blog and to serve up content there on a continual basis. An alternatively ingenius idea is to rely on user interaction to sell membership. An example of this is Experts Exchange (http://www.experts-exchange.com) which worked in a similar manner to Yahoo! Answers where anyone could post a question and then other members could reply with their answers. However, only people who paid for a subscription could view the answers. This caused a lot of frustration for people who came in through Google and eventually Google cracked down on these sites, but they still exist and still make plenty of money. They rely on the users to create content that other people are willing to pay for and so the upkeep and maintenance of these sites is minimal.

To sell membership and subscription you need to know the basics of how to make money online. If you’re familiar enough with selling products online then there are a number of options to sell subscriptions or membership online.

PayPal has a very nice Recurring Payments suite. PHP-SecureArea uses this feature. You can create a button or series of buttons where your users can pay set prices for set time periods of membership. The IPN is used to keep track of your users after they pay. IPN is simply a method whereby PayPal sends a notice to a URL of your choice with the details of each payment you receive. For example when someone buys a months worth of subscription the IPN sends out a notice to your page with the price, time period, email address, etc of the user. PHP=SecureArea uses this to automatically control the access to the defined section of your web site. PayPal will continue to bill the person until they decide they no longer wish to subscribe, at which point PHP-SecureArea will simply drop them from your membership list.

This is a rough outline of how recurring payments for online sites works but using these basic steps you can set up subscription or membership for virtually anything you can think of. In most cases the products and services offered will be electronic and cost you nothing to issue or maintain, and so other than the minimal PayPal fees it’s 100% profit.

Anaylsing sales data in more detail

With PHP-eSeller, If you have items in category / subcategory and you wish to analyse the items sold per categtory / subcategory, then one method is to use a SQL View and export the data to a spreadsheet.

A SQL View is like a query in MS Access.  It is a combinations of a number of tables which gives you a much more convenient display.

However, Views are only supported on mySQL version 5 and above so you need to be using that version.

To create a view, go to your PHPMyAdmin interface on your server, go to the database where PHP-eSeller tables are located and in a SQL query box copy the following text :


CREATE VIEW fullsalesdetails AS
SELECT
ipn_tblsaleshistory.receiver_email,
ipn_tblsaleshistory.item_name,
ipn_tblsaleshistory.item_number,
ipn_tblmaincategory.maincategory,
ipn_tblsubcategory.SubCategory,
ipn_tblsaleshistory.quantity,
ipn_tblsaleshistory.mc_gross,
ipn_tblsaleshistory.payer_email,
ipn_tblsaleshistory.payment_date,
ipn_tblitems.item_owner
FROM ipn_tblsaleshistory INNER JOIN
((ipn_tblmaincategory INNER JOIN ipn_tblitems ON ipn_tblmaincategory.recid = ipn_tblitems.maincat_id)
INNER JOIN ipn_tblsubcategory ON ipn_tblitems.subcat_id = ipn_tblsubcategory.recid)
ON ipn_tblsaleshistory.item_id = ipn_tblitems.recid
WITH CHECK OPTION;

This will create a view called “fullsalesdetails”  Note that this assumes that when the tables were created there was no prefix used for the table name.

You can then look at this view in the same way as any table, and you can even query the view.  So you could do something like :


Select * FROM fullsalesdetails WHERE payment_date > "2008-05-01"

https SSL fix for IE

When using PHP-eSeller, if you are using the download login pages within https rather that http you may have to do a modification to the login_downloads_file.php

The modification is necessary to fix a bug in Internet Explorer for https SSL as explained on http://abeautifulsite.net/notebook/27 and http://support.microsoft.com/kb/316431

The change is to remove header(“Pragma: no-cache”); and replace with header(‘Pragma: private’);

Logging in and session errors

With PHP-eSeller, PHP-SecureArea or PHP-KeyCodes, if you get an error during installation where the admin keeps on logging out, it is usually because there is an issue with session variables on your server.

First check using the test file a_session_test.php  When the page is first loaded there will be a link, click the link and it should say ‘Welcome back’.  If it does not, then it means there is a sessions issue on your server.

There could be a number of reasons for this, usually it is caused by a configuration problem on the server.  There should be a folder on the server which is used to store sessions and somtimes the host has not set this correctly.  Or it could be that it is a shared server and the server does not know the path.

Contact your hosting and ask them to investigate.

Sometimes they will reply that you include the following code at the top of any PHP script that uses sessions:

session_save_path(“path to session folder”);

If you use session_save_path on the page that registers a variable, you have also to use session_save_path on all the pages, where you access the session-variable. Under win32 you can use the double \\ to specify eg “c:\\temp\\”

This is possible to do but is not really practical.

If they do reply with the above, it is worth asking them again to check the php.ini configuration and also ask if there is a global method where you can set the path and where you do not have to change every instance in the application.

One possible solution is to set the session.save_path in an .htaccess file.  You may not have access to the php.ini file so this may be the way to do it.  You can do that in the .htaccess file, which is kind of configuration file for Apache, and put it in your root web folder. 

If you add :

php_value session.save_path /home/groups/f/f4/f4l/tmp/

where the folder name is the absolute path to the folder.  You should be able to get the absolute path by logging into your control panel.

Sending email from windows server

PHP-eSeller and PHP-KeyCodes can both be installed on a Windows Server which runs PHP and has a mySQL database.  This is quite a common arrangement now, and many hosting companies provide this, enabling PHP applications to be installed on Windows Servers.

Both applications need to send out emails from the server and this can be done by configuring PHP-eSeller and PHP-KeyCodes to use SMTP if the standard PHP email has not been set up.  This requires minor configuration changes to the config file which means entering the SMTP host, username, password.  All of these details should be available from your web site host if you donot know them.

You do not have to use the web server SMTP details, you can use an external SMTP mail service such as http://www.authsmtp.com.  Sometimes, these provide a better mail service than your host and may be more reliable.

Why do I get asked twice to log in to secure area

With PHPSecureArea, when you set up a secure area protected by a htaccess / htpasswd file you may find that you have to login twice.

The probable reason is that you have linked to the protected area as

http://www.domainname.com/protected

or

http://www.domainname.com/protected/

Change this to the full file url for example :

http://www.domainname.com/protected/index.html

What is IPN

Instant Payment Notification (IPN) is the method that PayPal uses to automatically notify a defined web page when a PayPal payment has been made. For a complete description refer to the PayPal IPN Manual which you can find on the http://www.paypal.com/ipn site.

The principle that PayPal uses is as follows : You first create a PayPal ‘buy now’ button and place it on your web page or create the buttons dynamically from a database. When someone clicks on your ‘buy now’ button, (or ‘proceed to checkout’ button in the case of a shopping cart system), PayPal posts data to the web page you defined during IPN set up. Your web page must then respond back to the paypal site.

After PayPal has confirmed the payment, it posts data back to your web page. Your web page then sends the data back to PayPal to act as a security handshake. Then PayPal will send ‘completed’ if payment has been correctly completed.

Once ‘completed’ has been received by your web page, you process the data in whatever way you want. The IPN method provides a relativly simple method of checking when a purchase has been made but remaining secure. The handshake principle of IPN makes it impossible to trick a web site that payment has been completed.

For digital goods, PHP-eSeller takes the IPN data from PayPal, carries out security checks to make sure the details are correct, then emails the purchaser with a username/password, all without any intervention by yourself. The purchaser is then able to login to a secure area where they can download their items.

The list of items which the purchaser sees does not have any urls as that could compromise the security. The list is made up of buttons which are then translated into filenames by PHP.

The purchaser only sees the files he has purchased and cannot access the file in any other way.

For physical goods the processing is not as complicated. It checks the details received from PayPal, sends a confirmation email to the purchaser if there are no problems, and stores the sales details in the database. Obviously, there is no login process required for physical goods.

Linking Analytics to your Adwords Account and trouble shooting auto-tagging

I have had some problems in the past in linking Google AdWords and Analytics.

There are two steps to ensure that AdWords and Anayltics are linked :

(1) In your AdWords account, go to My Account > Account Preferrences.  Click the ‘edit’ link next to Tracking.  Select the box that says ‘Destination URL Auto-tracking” and click Save Changes.

(2) Still in your AdWords account, click the analytics tab and choose to ‘Apply Cost Data” and select Save Changes.

With Auto Taging enabled and wehn someone clicks on your AdWord advert, the browser is redirected to your landing page with an additional parameter (gclid) added on to the url of your

landing page as follows :

http://www.mysite.com/landingpage.htm?gclid=C0vh48787CeEukef34

It is this additional parameter that identifies vistors as coming from AdWords “google(cpc)” as apposed to organic “google(organic)”.  The correct google cookie is then placed on to the

visitor machine.  When a customer clicks on your AdWord, and then lands on your conversion page, you should see that that within the google(cpc) displays. 

The key point is : Google Analytics cannot tell if the visitor came from an AdWords click if the gclid parameter is missing on the page that the user eventually lands on.

The key is to test whether your landing page retains the gclid parameter and this can be easily done as follows :

1. Take your destination URL (eg http://www.yoursite.com/landing_page.html) and paste it into your browser’s location bar (where you usually type in a web address)
2. Add a test parameter on to the end of the URL.  If your URL does not already have parameters in it, append ?gclid=test.  If there are already parameters, append &gclid=test on to the end.  (For example, http://www.yoursite.com/landing_page.html becomes http://www.yoursite.com/landing_page.html?gclid=test; and http://www.yoursite.com/landing_page.html?myval=1 becomes)

http://www.yoursite.com/landing_page.html?myval=1&gclid=test
3. Press enter
4. Your browser will take you to your landing page.  Be mindful of redirects, especially if you are tracking with Doubleclick, Atlas, etc tags.
5. Is the gclid=test parameter still visible in your browser’s location bar?
If yes, then auto-tgging should come through onto your landing page (providing that you have enabled auto-tagging on your account of course).

If no, there is most likely an intermediate redirect that is stripping out the gclid parameter.

   1. First – change your destination URL to the ultimate page that the visitor lands on, thus bypassing any redirects
   2. Configure your server so that the gclid parameter is passed along in the redirect

Other possible problems are that users are landing on a 404 error page, or that your landing page does not have the required google Anaytics Javascript code located on it.

Posted in SOE

Placing Google Anayltics Javascript code into the template system of PHP-eSeller

If you want to track the PHP-eSeller template driven shopping cart pages using Google Anaytic Javascript code then the best place for the code is in the file ‘footer.htm’ which is located in the /templates/ folder.

Just make sure that the Javascript code goes between the <patTemplate:tmpl name=”footer”> and </patTemplate:tmpl> and not outsite of those tags.

You should be able to test it by just looking at the source of the shopping cart web page when you display it in the browser.  You should see the Javascript code somewhere near the bottom of the page.

Using drop downlists with buttons

If you are creating buy now button by hand and if you want to give customers an option when they are buying a product with PHP-eSeller, you can easily do this using a drop down list.

An example might be :

<form action="http://www.yourservername/eseller/ipn/process.php" method="post">
<select name="item_number">
<option value="">Select a product</option>
<option value="item_a">Small $1.00</option>
<option value="item_b">Medium sized file $2.00</option>
<option value="item_c">Large file $3.00</option>
</select>
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

You will need to create three products with item_number of item_a, item_b and item_c. The customer then selects which one they require and click the buy now button which takes them to PayPal.