• Features of PHP-eSeller

  • PHP-eSeller is an easy to install and maintain PHP shopping cart system with a range of features to automatically sell your mp3 files and other digital products such as ebooks, pdf and image files. It comes with a number of PHP shopping cart templates, but you can add "buy now" and "add to cart" buttons by hand to an existing web site if you find that more convenitent.

    In addition, you can also sell physical goods as well as digital goods.

  • Defining a product

    By default, a product is defined as digital. To make it a physical item, simply tick a checkbox.

    Defining a digital product includes :

    • Set a time limit for the purchaser to download the product (default 4 days).
    • Set the maximum number of downloads allowed for each product (default 3).
    • Define the files which can be downloaded for the product - each product may have more than one digital download file associated with it.

    In addition :

    • Optionally select a category and subcategory for the product for use with the store front.
    • Enter a description of the product which is displayed in the store front / shopping cart using a WYSIWYG style html editor.
  • File security

    By default, a product is defined as digital. To make it a physical item, simply

    Security of your digital products is important as this is where you make your money. You do not want people to access your files with out paying for them.

    • Location of the download files on the server cannot be deduced by looking at the web pages.
    • A unique url link is supplied to the purchaser after they have purchased the product to allow them to download.
    • When the purchaser goes to the download area, they will only see the items that they have purchased.
    • The purchaser cannot deduce the file locations and cannot download after the time limit has expired, or if they have downloaded the item the maximum number of times.
    • For added security, and the recommended method, the files should be stored on the web server outside the root of the web site. If they are stored within the publicly accessible area of the web site, then the folder can be protected by the supplied htaccess file.
    • Downloads can only be made from pages on your server and not from another server.
    • Downloaded files are not cached.
    • Files are downloaded by a force download mechanism so that any file type will present a 'save as' dialog box.
  • Paypal security

    There are a number of checks in the script to ensure that the data received from PayPal has not been modified.

    • The script checks the PayPal transaction id in the database to make sure that it has not been previously used.
    • The cost/currency of the item is checked against the database to make sure that it has not been changed.
    • The receiver email address is checked to make sure that it is your primary PayPal receiver email address.
  • PHP Shopping Cart and Store front

    Displaying the buy now and shopping cart buttons is achieved in a number of ways to make it as simple as possible to integrate them within an existing web site.

    • Products become visible as soon as you have created them in the admin area.
    • The add to cart and buy now button code is created for you on the fly for each product. Any changes to the product definition such as cost or description, are immediately displayed.
    • Products may be listed within categories and subcategories.
    • The button image may be chosen from a list or you may enter the url of your own button image.
    • Shopping cart systems are displayed using Bootrap Twitter version 4 so that they are fully responsive and work on mobile devices, phones, tables and desktop computers.
    • Product items and menu item categories can be sorted so that the items are displayed in the required order.

    Buttons may also be created by hand if you do not want to use the shopping cart system, so you can mix your existing physical product buttons with the digital products on an existing web site.

  • Email customers via newsletter

    The email functions can be used to send out newsletters to all or specific customers.

    • Email all customers who have purchased any item.
    • Email all customers who have purchased a particular item.
  • PayPal Flow Chart

    This provides a brief description of some of the principles behind the application which incorporates the PayPal IPN system.

    PHP-eSeller
  • PayPal IPN

    Instant Payment Notification (IPN) is the method that PayPal uses to automatically notify a defined web page when a PayPal payment has been made. For a complete description refer to the PayPal IPN Manual which you can find on the http://www.paypal.com/ipn site.

    The principle that PayPal uses is as follows : You first create a PayPal 'buy now' button and place it on your web page or create the buttons dynamically from a database. When someone clicks on your 'buy now' button, (or 'proceed to checkout' button in the case of a shopping cart system), PayPal posts data to the web page you defined during IPN set up. Your web page must then respond back to the paypal site.

    After PayPal has confirmed the payment, it posts data back to your web page. If payment is correctly completed, PayPal sends 'completed' to your web page along with other data which your site can monitor. Once completed has been received by your web page, you process the data in whatever way you want.

    For digital goods, PHP-eSeller takes the IPN data from PayPal, carries out security checks to make sure the details are correct, then emails the purchaser with a download link, all without any intervention by yourself. The purchaser is then able to login to a secure area where they can download their items.

    The list of items which the purchaser sees does not have any url's as that could compromise the security. The list is made up of buttons which are then translated into filenames by PHP. The purchaser only sees the files he has purchased and cannot access the file in any other way.

    For physical goods the processing is not as complicated. It checks the details received from PayPal, sends a confirmation email to the purchaser if there are no problems, and stores the sales details in the database. Obviously, there is no login process required for physical goods.

  • Purchasing a digital item

    The basic operation is that when a customer purchases an item, a unique download link is added to tblusers.

    At the same time the application looks up the files that are applicable for this item using the tables tblitems and tblfiles.

    Once the files have been identified, tbldownloads is updated with the user, files, number of download retires and expiry date.

    When the customer goes to the download page, the files are looked up using tblusers and tbldownloads and the user is presented with a list of buttons for the files he purchased.

    Should the same customer make another purchase, he will be given another link, but can use either link. The customer will then be presented with a list of files applicable for both purchased items.

    Purchasing of an item is controlled by the PayPal IPN system. Only when the confirmed message is received from PayPal will the application process the purchase. There are a number of checks within the application to prevent attempts to spoof a purchase. These include checking the purchased price and currency, and checking the PayPal transaction id to make sure that it has not be used before.

    As the customer downloads an item, the number of allowed downloads is reduced.

    Physical items have simpler processing because there are no downloads associated with the physical items. If digital and physical items are added to a cart, the system is able to handle the different processing and hence customers are able to purchase both physical and digital goods at the same time.

  • Downloading files

    When a customer logs in and is presented with a button or buttons, clicking on a button will force a download. This means that no matter what the file type, a 'save as' dialog box will be displayed so that the customer can select a destination for the item on their computer.

    Normally, when you click on a link in a web browser, and the link is for a file called chapter1.docx for example, it will be recognized by the browser as a Word document and it will open the document within Word, assuming Word is installed on the computer of course. Similarly for other file types.

    PHP-eSeller has a force download mechanism so that no matter what the file type, it will always present a 'save as' dialog box. The mechanism does behave slightly differently with different browser / operating systems, but I have not come across any issue with the method after much testing and use by my customers.

    The advantage of a force download mechanism is that the customer is presented with a file type which he will recognize. If you use .zip or similar compression format, the customer may not have an unzip utility or may not even know what it is. The disadvantage is that the customer will be presented with an uncompressed file which may take time to download.

    You may wish to create two versions of a file, one in the original format, and the other in a zip format. This will allow customers to download the item in either format.

  • Maximum file download size

    PHP puts a limit on the size of file that it can process so that poorly written scripts do not use up all the memory. This means that there is a maximum file size that can be downloaded which will be defined by the memory_limit attribute in the php.ini file.

    This feature may not be on your server because it is only enabled when PHP has been compiled to include memory limit; the default value is 8Mbytes.

    Different hosts set up their server in different ways. Some may have the default value, some a larger value and some no restriction at all. You will have to contact your host to find out the details if you think that it could be a problem.

    When memory_limit is enabled on the server, if you attempt to download a file which is greater than the memory_limit, you will end up with a corrupt file.

    If memory_limit is enabled and if you need to have files greater than the memory_limit, you can change the value in the php.ini file. However, you will probably not have access to this file if your server is hosted by a hosting company.

    You can still overcome the problem by splitting up your files into a number of separate files. PHP-eSeller has the facility where you can define as many files against a product as you wish.

  • Purchasing a physical item

    When a purchaser buys a physical item, it makes the same checks as a digital item. It checks the value and currency and then stores the details in the sales history table. A confirmation email is sent to the customer.

    A customer can purchase both physical and digital items at the same time by adding them to the cart. In which case the customer will receive one email identifying their login details, and a second confirmation email for the physical item.

    Tables

    For those who are interested in the structure of the tables and how they are related, the following provides some relevant information.

    • tblmainsub

      Identifies the relationship between the main category and the subcategory record id's.

    • tblmaincategory

      Lists the main categories

    • tblsubcategory

      Lists the subcategories

    • tblsaleshistory

      This is purely a historical table and is not linked to other tables, so if your change the name of an item then this table will have the the old item name.

    • tblusers

      When a customer purchases a product, the unique download link is entered in this table. At the same time the tbldownloads is populated with the purchased item_id and download file details.

    • tbldownloads

      Identifies which files a customer can download including the number of downloads remaining which is decrement ed as each download is made.

    • tblsetup

      Contains global set up details.

    • tblpasswords

      Contains admin user details.

    • tblfiles

      Identifies the locations of the files for downloading.