Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 658
  • Last Modified:

What is a good way to create a shopping cart, allow purchase of online e-book, which is then accessed via user login/password

I have been asked to help a person who has written a professional book. She would like to sell an electronic version of the book through a shopping cart. Once the user has purchased the e-book, then they would somehow register for a login/password which would grant them access to the e-book. This e-book is simply several html files having chapters of the book. The registered user would have access to read these pages, but would not be able to copy/print the pages. The user could come back often to read the book from these web pages, after entering their registered login/password.

My expertise is on the ASP.NET/C# side, but the web host servers only have PHP / MySQL, which is the owner's preference. The owner also likes using DreamWeaver, and I notice there is a Login PHP extension that is available, but other solutions may be better. Esentially, we need some kind of shopping cart and the ability to register users to access the web pages of the e-book. What would be a good way to do this?
0
dwoolley3
Asked:
dwoolley3
  • 3
  • 2
  • 2
  • +3
2 Solutions
 
Dave BaldwinFixer of ProblemsCommented:
First you should know that if you put it on the web, I can copy it.  No, you really can't stop me.
0
 
Scott Fell, EE MVEDeveloperCommented:
Check out www.opencart.com it is in php/msq

However, when I hear, "The owner likes using dreamweaver" that is scary.  That sounds like trouble if they get frustrated when they can't use the drag and drop training wheels or your responsive site does not look exactly like the live site in the design view.  

I would strongly suggest you get them to understand some of what makes Dreamweaver easy, also makes it unsafe.  Your job is to make a site using the best security you know how.  By the way, ask them if they currently use dreamweaver to make php sites with a database.   If they do, ask them if they go remove the connection strings EVERY TIME they are done editing a site.  Site > Advanced > Remove Connection strings.  The reason is, the connection strings DW leaves will not show up when you are in DW ftp view, but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach as that is how DW makes it easy to drag and drop data fields.
0
 
Jason C. LevineNo oneCommented:
but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach

padas, if someone is FTPing directly to your site you have much greater problems than having some Dreamweaver PHP lying around.  It's not quite as insecure as you make it out to be and it doesn't necessarily mean the operator is relying on training wheels.  There are lots of us who use it simply as a PHP IDE and also because it simplifies a few tasks and it has (or it used to) one of the largest developer communities on the web.

-------------------------------

dwoolley3, if the client really wants a complete DW solution, look into WebAssist for a very rich set of (paid) plugins that will cover just about any need.

However, I would steer you towards an even simpler solution:  a CMS.  WordPress or Joomla could be set up very rapidly and set to have protected pages or downloads.  With the additions of add-ons, you could turn the site into a subscription-based or single-payment portal very rapidly.  It also makes maintenance by the non-technical even easier than DW would be.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Scott Fell, EE MVEDeveloperCommented:
jason1178, I didn't think it the serverscripts were problem either until I had a site scanned for pci and the scripts were detected just by scanning.  https://my.controlscan.com/threats/details.cgi?id=310028 Maybe this is too old by now, but I don't risk it http://www.techrepublic.com/article/dreamweaver-testing-scripts-can-lead-to-database-compromise/5193555

A lot of what those scans bring up as potential errors are BS but this one caught my eye.
0
 
Jason C. LevineNo oneCommented:
Maybe this is too old by now

Just a bit (in the case of the second one), and slightly hysterical (in the case of the first one and also weirdly out of date).  

Even those pre-Adobe versions required a secondary security flaw on Apache that would allow a user to output PHP as plain text.  If you can do that, it doesn't matter how you create the site...an attacker would be able to locate and compromise the DB from connection strings located under any common location (wp-config?).

tl;dr Not all scan results mean the tools are inherently insecure.  If I 777 all my folders "because it makes scripts work no matter where I put them" I sort of deserve what I'm going to get.
0
 
Dave BaldwinFixer of ProblemsCommented:
I like Dreamweaver.  Because I charge by the hour every time I have to come back and fix it again.  I make a lot of money doing that.
0
 
Julian HansenCommented:
If it is only one product then you don't really need a cart.

Most Payment Gateways have a form option you post the description and price to and they process the transaction.

A cart is only necessary if you have multiple products.

You can create a very simple one page purchase form that asks for the persons details and quantity and you post that off to a payment gateway that processes the transaction.
0
 
Ray PaseurCommented:
PayPal has some potential in both the "easy-to-use" and "capture client data" arenas.

You can password protect pages with something like this.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

You can send an authentication key with something like this.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html

You might consider creating a PDF from the original files of the book.  You could include a watermark on the pages identifying the copyright holder and the licensee.  Then when what DaveBaldwin describes happens, and someone gets an illicit copy, it will be obvious that it is protected material and it will be obvious who permitted the breach.  You can't prevent the breach, but you can take action to provide evidence.

For the breach to be actionable, your author must have registered the work with the US Copyright Office.  That's done, right?
0
 
Dave BaldwinFixer of ProblemsCommented:
While it is true that an author has the Copy Rights automatically when they create a work, Ray is right in that the record with the US Copyright Office gives an official record that can be used in court if needed.  Courts are not inclined to take an author's word without further evidence.
0
 
dwoolley3Author Commented:
Thanks for everyone's responses, which I am processing and researching. I also had a chance to ask the owner some questions and obtain her response.

She does have her work copyrighted 2012. She will be selling several products, thus needs a versatile cart. She had considered PDFs but ruled them out for "a variety of technical reasons."

I will be quickly learning PHP / MySQL over the next few weeks, but we are open to purchasing ready-made solutions that would provide the functionality needed.
0
 
Ray PaseurCommented:
She does have her work copyrighted 2012.
That statement appears to miss the point.  Is the work registered with the US Copyright Office?  Does she have receipts for the payments to the Copyright Office, showing proof that the copyrights were registered?  If the answer is "no," then the chance of successfully prosecuting a case against theft is essentially zero.  There is only one time I have seen a copyright theft prosecution succeed without copyright registration.  It was a pirated instructional yoga video.  The reason the plaintiff won was because the yoga model was his wife, and she testified that she had never modeled for the defendant.  If you don't have evidence that strong, you really should advise her to get registered.  There is a fee, but you can register data in batches of intellectual property for one fee.

... quickly learning PHP / MySQL over the next few weeks
It may take more than a few weeks; I do not say that to discourage you - it's simply a reality that it takes more than a few weeks to become productive in any programming language.

Here are some good places to start learning (Google them): Tizag, W3Schools, CodeAcademy.

Here are two of my favorite "Zero to Sixty" books.  You may want to set enough time aside to work through the examples and see how it all works.
http://www.sitepoint.com/books/phpmysql5/
http://www.amazon.com/PHP-MySQL-Web-Development-Edition/dp/0672329166/

And best of luck with your project, ~Ray
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now