This page contains answers to some of the most frequently asked questions by people looking to purchase PHP-SecureArea. This is also a good place to start for those who are having problems with installation.
Use this list to jump to the appropriate answer below:
Do I have to enter anything into the PayPal site to identify the IPN url?
Is PHP installed on my web server and what version do I have?
My pages show fatal errors.
Why do I keep getting error messages about headers already sent?
I keep getting error messages about session_start
I get an open_basedir error message
Do I have to create a new database?
How do I work out the full path to the secure area folders?
How do I backup my PHP-SecureArea site?
Do you host this product?
What knowledge and what facilities do I need?
Can I stop a user from logging in?
Should I user SSL?
What happens if a customer changes their PayPal email address ?
Why can't I edit the product item_name ?
Are there issues with re-installing the application ?
What do the mySQL error messages mean ?
How do I change the language code for PayPal ?
I get a 500 Internal Server Error on my protected area
PHP 5.3 depreciated functions
The admin pages keeps on returning to the login screen
Setting a character set
You do not have to do any configurations on the PayPal site for your account to identify the IPN URL. This is because the IPN URL is part of the data sent to PayPal when the customer clicks on the buy now button.
Make a new file on your web site called info.php, containing the following text, and call it from your browser:
<?PHP phpinfo() ?>
If nothing happens then you don't have PHP installed.
If you see errors like:
Parse error: parse error, unexpected T_VARIABLE in
e:\phpfiles\withinweb\phpsecurearea\config.php on line 13
Notice: Undefined variable: dbhost in e:\phpfiles\withinweb\phpsecurearea\admin\a_setup.php on line 154
then it's likely you have left out a semi-colon or ending quote from a line in config.php.
Another reason could be that you have opened config.php in a program like Word to edit it, and saved it as a HTML web page, instead of a proper text file.
Always edit config.php with a text editor such as notepad or an editor designed to edit web pages such as Dreamweaver.
If you see errors like this:
Warning: Cannot add header information - headers already sent by (output started at /webfiles/phpsecurearea/config.php:87) in /webfiles/phpsecurearea/index.php on line 322
then you probably have blank lines or spaces after the final ?> in your config.php file. Sometimes text editors add these so you may have to try a different text editor to remove these spaces or blank lines.
If you see errors like this:
Warning: session_start() [function.session-start]: open(/tmp\sess_d40f380d37d431fc1516e9a895ad9ce0, O_RDWR) failed: No such file or directory (2) in c:\webfiles\phpsecurearea\setup.php on line 123
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at c:\phpsecurearea\eseller\setup.php:1) in c:\webfiles\phpsecurearea\setup.php on line 123
These are all related to PHP failing to save "session" files on your hard disk (in a directory called /tmp). Usually the reason is that you don't have a folder called /tmp on your computer. This is often the case with Windows installations.
The solution is to set the PHP setting for this path to point to a real folder. You can do this in your php.ini file:
session.save_path = C:\temp
I have created a php file to test sessions. This is located in the admin folder at : http://www.yourservername.com/phpsecurearea/admin/a_session_test.php.
Your hosting provider or server administrator may have restrictions on which directories can use 'includes'. To check this, log into the administration section of PHP-SecureArea and click on 'PHP info' link in the left hand side menu. This will display your site php info page. Find 'open_basedir' and check if the setting is something other than 'no value'. If it is something other than 'no value' then you might have to install PHP-SecureArea in the directory shown. Check with your hosting provider.
You don't have to create a new database if you don't want to. You could install the tables in an existing database providing that the table names do not clash. You can set an optional prefix for table names during installation - this will stop table name clashes.
All of my tables are prefixed with sec_, so providing none of the existing tables have that prefix, there should be no problem.
To get the full path, log in to the admin pages and click on the menu item 'PHP Info' and look for SCRIPT_FILENAME. That will give you the full file name of that file you are looking at. From that you should beable to work backwards to the root of your web site or to any other part of your site.
With many applications it is neccessary to find the full path name of a folder and then enter it into the admin area of the application. absolutepath.zip will help you do this. Download, unzip, and ftp to the location of the page / image / directory and then call the file in your browser - http://www.example.com/images/absolutepath.php
Note that the full path name of the folder is not the same as the http url of the folder directory - it will not work. The full path of the folder looks something like \myserver\www\public_html\eseller\files\
There are two things you need to make a copy of : the database with its data, the htpwassd files that have the login details. The SecureArea scripts themselves are less important, since you should have the original files and any others you have modified to change the look of your displays.
The database can be easily backed up using the in built back up / restore facility.
No, you purchase the application and install it onto your own web server.
Your system must meet the requirements of :
The application has been written to make it as easy to install as possible with minimum knowledge of PHP or mySQL. You need to be able to upload the files to your web server and to edit a configuration file with appropriate information.
You will also need to be able to integrate the subscription buttons into your web site.
If you wish to stop a user with a given email address from logging in, you can do that in the 'manage users' display in the admin section.
If you wish to use SSL to further protect your customer login section and the protected areas then you can.
Using SSL means that the username / passwords that are sent to the web server, and the web pages that are viewed by customers are all encrypted.
You have to make the judgment yourself as to how important security is depending on the type of content that you are protecting. In many situations SSL is probably not really needed. However, if you are particularly concerned about security and have the technical ability to use SSL, then use it.
If someone purchases a recurring subscription and then changes their email address in PayPal, the application will still operate as normal. IPNs sent by PayPal use the email address that was in operation when that subscription was started. The customer will have to continue to log in to the secure area using their original email address. However, notification emails sent by PayPal will use the new Primary email address.
You can change the 'item name' of an existing secure area but it is better not to change the 'item number'. The reason is that the IPN from PayPal will use the original item number and so when the subscription is finished PHPSecureArea will not be able to process the secure area properly.
If you have to install the application in a different location on your server, you will have problems with existing subscribers because the posting url that the PayPal IPN uses will be the original url.
The following is a list of some of the mySQL errors that can occur and which may help if you are having problems connecting to the database.
|Error message||Possible reasons|
|Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'USERNAME@localhost' (Using password: YES) in /usr/home/..../test.php on line 8||Your MySQL username/password is incorrect|
|Access denied for user: 'USERNAME@localhost' (Using password: YES)||Your MySQL username/password is incorrect|
|Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL Server Host 'HOSTNAME' (1) in /usr/home/..../test.php on line 8||Your MySQL hostname is incorrect|
|Could not connect: Unknown MySQL Server Host 'HOSTNAME' (1)||Your MySQL hostname is incorrect|
|Warning: mysql_connect() [function.mysql-connect]: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /usr/home/...../test.php on line 8||Your MySQL hostname is incorrect or you do not have the MySQL service started|
|Could not connect: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)||Your MySQL hostname is incorrect or you do not have the MySQL service started|
|Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'mysql.domain.com' (60) in /usr/home/..../test.php on line 8||Your MySQL hostname is incorrect or you do not have the MySQL service started|
|Could not connect: Can't connect to MySQL server on 'mysql.domain.com' (60)||Your MySQL hostname is incorrect or you do not have the MySQL service started|
The language code for the PayPal site is defined in the button using a hidden field.
So for English language use
<input type='hidden' name='lc' value='US' />
Possible values are France(FR), Spain (ES), Italy (IT), Germany (DE), China (CN), English (US).
The customer should then see the login page in the defined language.
To change the language code, go to the file ipnfunction.php open in a text editor and you should see the default language code of
<input type='hidden' name='lc' value='US' />
Change the value to what ever code you require and upload the file back to your server.
This sometimes happens on some servers and appears to be to do with the way it handles the .htaccess file.
In the htaccess file in the root of the protected area, delete the line :
Make sure that you use a text editor like notepad or Dreamweaver and not Word.
Version PHP 5.3 has a number of functions that are depreciated and earlier versions of PHPeSeller, PHPSecureArea and PHPKeyCodes will display warning messages identifying those depreciated functions when installed on PHP 5.3. It will still work as the functions are still there although they will be removed in PHP 6
To overcome this for earlier versions of the applications, in the error.php file just use
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
This will stop the depreciated warning messages being displayed.
If you login to the admin pages and then click to go to a different page in the menu it returns to the login screen. This is becuase there is something wrong with your server session variables. The server stores the sessions and for some reason this is not being done correctly. You need to contact your hosting company to sort the problem out.
There is a test at :
Which will attempt to start the sessions. It will show a link that you click and should tell you if the session has been correctly started.
If you are using extended characters in your text you may find that they display as small blocks or as question marks on the page. To overcome this you could add the following to the connect() function in the clsdatalayer.php file in the /classes/ folder.
However. this function is only available for version PHP 5.2.3 and above.