What is a good way to create a shopping cart, allow purchase of online e-book, which is then accessed via user login/password

Posted on 2013-05-31
Last Modified: 2013-06-06
I have been asked to help a person who has written a professional book. She would like to sell an electronic version of the book through a shopping cart. Once the user has purchased the e-book, then they would somehow register for a login/password which would grant them access to the e-book. This e-book is simply several html files having chapters of the book. The registered user would have access to read these pages, but would not be able to copy/print the pages. The user could come back often to read the book from these web pages, after entering their registered login/password.

My expertise is on the ASP.NET/C# side, but the web host servers only have PHP / MySQL, which is the owner's preference. The owner also likes using DreamWeaver, and I notice there is a Login PHP extension that is available, but other solutions may be better. Esentially, we need some kind of shopping cart and the ability to register users to access the web pages of the e-book. What would be a good way to do this?
Question by:dwoolley3
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39212370
First you should know that if you put it on the web, I can copy it.  No, you really can't stop me.
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39212374
Check out it is in php/msq

However, when I hear, "The owner likes using dreamweaver" that is scary.  That sounds like trouble if they get frustrated when they can't use the drag and drop training wheels or your responsive site does not look exactly like the live site in the design view.  

I would strongly suggest you get them to understand some of what makes Dreamweaver easy, also makes it unsafe.  Your job is to make a site using the best security you know how.  By the way, ask them if they currently use dreamweaver to make php sites with a database.   If they do, ask them if they go remove the connection strings EVERY TIME they are done editing a site.  Site > Advanced > Remove Connection strings.  The reason is, the connection strings DW leaves will not show up when you are in DW ftp view, but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach as that is how DW makes it easy to drag and drop data fields.
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 250 total points
ID: 39212393
but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach

padas, if someone is FTPing directly to your site you have much greater problems than having some Dreamweaver PHP lying around.  It's not quite as insecure as you make it out to be and it doesn't necessarily mean the operator is relying on training wheels.  There are lots of us who use it simply as a PHP IDE and also because it simplifies a few tasks and it has (or it used to) one of the largest developer communities on the web.


dwoolley3, if the client really wants a complete DW solution, look into WebAssist for a very rich set of (paid) plugins that will cover just about any need.

However, I would steer you towards an even simpler solution:  a CMS.  WordPress or Joomla could be set up very rapidly and set to have protected pages or downloads.  With the additions of add-ons, you could turn the site into a subscription-based or single-payment portal very rapidly.  It also makes maintenance by the non-technical even easier than DW would be.
Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39212435
jason1178, I didn't think it the serverscripts were problem either until I had a site scanned for pci and the scripts were detected just by scanning. Maybe this is too old by now, but I don't risk it

A lot of what those scans bring up as potential errors are BS but this one caught my eye.
LVL 70

Expert Comment

by:Jason C. Levine
ID: 39212479
Maybe this is too old by now

Just a bit (in the case of the second one), and slightly hysterical (in the case of the first one and also weirdly out of date).  

Even those pre-Adobe versions required a secondary security flaw on Apache that would allow a user to output PHP as plain text.  If you can do that, it doesn't matter how you create the attacker would be able to locate and compromise the DB from connection strings located under any common location (wp-config?).

tl;dr Not all scan results mean the tools are inherently insecure.  If I 777 all my folders "because it makes scripts work no matter where I put them" I sort of deserve what I'm going to get.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39212504
I like Dreamweaver.  Because I charge by the hour every time I have to come back and fix it again.  I make a lot of money doing that.
LVL 58

Expert Comment

by:Julian Hansen
ID: 39212636
If it is only one product then you don't really need a cart.

Most Payment Gateways have a form option you post the description and price to and they process the transaction.

A cart is only necessary if you have multiple products.

You can create a very simple one page purchase form that asks for the persons details and quantity and you post that off to a payment gateway that processes the transaction.
LVL 110

Accepted Solution

Ray Paseur earned 250 total points
ID: 39212814
PayPal has some potential in both the "easy-to-use" and "capture client data" arenas.

You can password protect pages with something like this.

You can send an authentication key with something like this.

You might consider creating a PDF from the original files of the book.  You could include a watermark on the pages identifying the copyright holder and the licensee.  Then when what DaveBaldwin describes happens, and someone gets an illicit copy, it will be obvious that it is protected material and it will be obvious who permitted the breach.  You can't prevent the breach, but you can take action to provide evidence.

For the breach to be actionable, your author must have registered the work with the US Copyright Office.  That's done, right?
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39213298
While it is true that an author has the Copy Rights automatically when they create a work, Ray is right in that the record with the US Copyright Office gives an official record that can be used in court if needed.  Courts are not inclined to take an author's word without further evidence.

Author Comment

ID: 39213319
Thanks for everyone's responses, which I am processing and researching. I also had a chance to ask the owner some questions and obtain her response.

She does have her work copyrighted 2012. She will be selling several products, thus needs a versatile cart. She had considered PDFs but ruled them out for "a variety of technical reasons."

I will be quickly learning PHP / MySQL over the next few weeks, but we are open to purchasing ready-made solutions that would provide the functionality needed.
LVL 110

Expert Comment

by:Ray Paseur
ID: 39214788
She does have her work copyrighted 2012.
That statement appears to miss the point.  Is the work registered with the US Copyright Office?  Does she have receipts for the payments to the Copyright Office, showing proof that the copyrights were registered?  If the answer is "no," then the chance of successfully prosecuting a case against theft is essentially zero.  There is only one time I have seen a copyright theft prosecution succeed without copyright registration.  It was a pirated instructional yoga video.  The reason the plaintiff won was because the yoga model was his wife, and she testified that she had never modeled for the defendant.  If you don't have evidence that strong, you really should advise her to get registered.  There is a fee, but you can register data in batches of intellectual property for one fee.

... quickly learning PHP / MySQL over the next few weeks
It may take more than a few weeks; I do not say that to discourage you - it's simply a reality that it takes more than a few weeks to become productive in any programming language.

Here are some good places to start learning (Google them): Tizag, W3Schools, CodeAcademy.

Here are two of my favorite "Zero to Sixty" books.  You may want to set enough time aside to work through the examples and see how it all works.

And best of luck with your project, ~Ray

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question