January 9th, 2013, 03:38 AM
Since somebody brought up processing the payment automatically: That's not a good idea in my opionion. No offense, but since this is obviously your very first "real" project, you're almost guaranteed to screw up in one way or another. The last thing you want in this situation is to have your PayPal password lying around somewhere in the code or the database.
So don't do any interaction with PayPal. Just activate the members manually. Write a small backend script with a list of all inactive users and a button "activate" next to each one.
To be honest, I'm not really sure if it's a good idea to start your "life as a programmer" with a commercial website. While you're still new to PHP, you'll make a lot of mistakes (no matter how many books you may have read). As long as this happens on your own PC or your personal home page, it's basically just your own problem. But as soon as people pay for your service, things get serious. You might even get into legal trouble.
So if this project is any more than "pay $1 to watch my cute kitten videos", I strongly suggest hiring a professional programmer to write a proper page.
January 9th, 2013, 04:36 AM
i was mostly intrested in being an administrator in my own website .. and valdiating users.. based on the payment notification from paypal ...
wherever you look you see php on the web ...
still havent read one book that describes the administration side of a table
i sort of understand how an html form a php script takes data from a form and puts it in a table ...
i later found out that i can setup an administrator account .. with a user name .. password .. in a table and use that session variable to view a page which echoes the users table information ...
now i want to go a bit more advanced .. but am a bit clueless.. since i have never seen an example script where an adminstrator does something on a user table
January 9th, 2013, 08:30 AM
well after you establish a SECURE administrative login and are able to PROPERLY echo the user details to your screen.
Lets stop here for just a second before proceeding. By Secure and Proper i mean both input and output to your sql table has been properly validated and striped of any form of scripting and escape characters. And you should also be hashing your passwords column. Now the reason for validating input is to prevent SQL Injection attacks where the attacker will attempt to execute his/her own sql queries on your server. And validate output to prevent XSS(Cross Site-Scripting).
Now after the above is complete you can then add an edit link to your table rows when it is echoed to your screen. This edit page will accept the username or unique auto increment id by get method and will populate a form based on his/her records.
This form can be edited by you and posted to a script that will execute a mysql update function to alter their records. Remember that each and EVERY one of these pages should check your admin session variable.
This is the simplest way i know how to code this. Or you could even simply have an activate link on the table of users that will instantly activate the users account through mysql update
January 9th, 2013, 08:33 AM
But please take jackques recommendation and if this is a commercial site hire yourself a developer. Working with user information is sensitive data and improperly righting this code can compromise the security and privacy of your customers and lead to countless law-suites.
There are many developers on here who can accomplish such a task for a very reasonable price and save you thousands in potential litigation.
It is never advised for a novice programmer to handle sensitive data in their applications
January 9th, 2013, 10:14 AM
its simply for a learning purpose.. not for really professional stuffs...
so now i should really try to learn about a registration activation link .. and its connection to the table ...
that looks like a confirmation link ...
and i should try to do something to that table as an administrator ....
well this is better than almost nothing ....
okie dokie ...
January 9th, 2013, 10:54 AM
Learning by doing is great, nobody has a problem with that. What we suggest, however, is that you separate learning and doing business.
Originally Posted by gether
But since you've obviously made your decision, let's leave it at that.
Just to make sure there's no misunderstanding: An activation link (like in your example) and activating a user after he has paid are two completely separate things.
Originally Posted by gether
The activation link is used to make sure the email address entered upon registration is valid and actually belongs to the user. This confirmation is done by the user himself.
Activating a user to let him see a video is done by you and has nothing to do with sending out emails or generating links.
So in your database you'll have to separate fields for those two things (like "is_active" and "has_paid" or something).
January 9th, 2013, 11:19 AM
so the registration script must have a status generating mechanism ? like that ?
January 9th, 2013, 12:24 PM
Yes, something like that.
I hope the logic behind all that is clear to you? If not, leave all the PHP, HTML and database stuff aside and image the whole process from somebody filling out the registration form to you giving a member full access to your videos:
- Person X is interested in your videos, so he/she fills in personal data like the email address, a password and the PayPal email address
- The email address is used for all important communication, so you want to make sure it's correct. You do this by generating a secret code, sending it to the email address and requiring X to confirm it. As soon as you get the confirmation, you note this in your database (for example by setting the field "email_confirmed" to "1") and tell X to send a certain amount to your PayPal account -- this is all done automatically.
- After you've received the payment, you note this in your database (for example by setting the field "has_paid" to "1") -- you have to do this by hand. You can identify the user by the PayPal address given upon registration.
- Now X is a full member and can watch all videos.
Theoretically, you could leave out step 2 if you use the PayPal address for communication. But I'm strongly opposed to that. The PayPal address is critical data, and nobody has given you the right to actually send mails to this address. So have the user enter a separate email address for your website.
Comments on this post
January 9th, 2013, 01:49 PM
ok let me try to forget paypal for a while .. and try to think stuffs from the basics...
so registration forms can be unique ...
basically everything has a variable name and variable value
and a place for a variable name and a variable value in the table ...
January 9th, 2013, 02:17 PM
Well, that's something you should learn from books or (good) online tutorials.
We can help you with concrete problems, but you have to understand we cannot go through the whole language and explain everything from the ground up. That's just too much.
January 9th, 2013, 03:09 PM
closing in closing in ....
is this md5(uniqid(rand())) part of the php language ?
is that called anything special .. as being a part of a programming language in general ?
January 9th, 2013, 10:17 PM
Well in the coding world we call that copy and paste! but that will actually generate a random id hashed as MD5. At this point fairly useless to you unless your wanting to generate session id's without using php sessions.
However; you may want to use the MD5 part of that with a SALT code to hash your passwords in your DB. Storing plain text passwords is bad practice and should get into the habit of hashing them or better early in learning.
Just read a few posts back sorry. Yes that bit of code will be usefull if your generating an email confirmation. If you are wanting to validate emails however keep sepperate status for email valid and payment valid. Then require both to be true to sign in.
Originally Posted by gether
January 10th, 2013, 01:55 AM
there are many common things to all the programing languages.. isnt it ?
when i was in college .. i went throught the basics of c c++ java asp php
so what i have learned or what i think i have learned is that there are things in programming languages called functions ..which can generate a peice of code .. which is a part of that particular programing language ...
and you can assign a $variable_name to that function ?
and there are many such functions which automatically generates peices of codes for various functions ?
January 10th, 2013, 04:41 AM
what is that spam ?
this is what i want to do ?
what i am looking for is mostly looking like this
$confirm_code someextrabits login admin update
and a place for that in the table ..
January 10th, 2013, 08:08 AM
Sorry to be rude, but I'm not interested in holding hands while you copy and paste stuff you found somewhere on the Internet. Think for yourself, write your own code.
You had different people explaining you the general concept. What you need to do now is understand it. If there's something you don't understand, then ask specific questions. This is the first step, which comes before any programming or fumbling with databases.
But please stop copying and pasting stuff. This will get you nowhere if you don't know what you're doing. And this database layout you found is pretty bad with its plaintext passwords and weak confirmation codes -- not something you wanna have on your website.
Last edited by Jacques1; January 10th, 2013 at 08:11 AM.