What is a good way to create a shopping cart, allow purchase of online e-book, which is then accessed via user login/password
I have been asked to help a person who has written a professional book. She would like to sell an electronic version of the book through a shopping cart. Once the user has purchased the e-book, then they would somehow register for a login/password which would grant them access to the e-book. This e-book is simply several html files having chapters of the book. The registered user would have access to read these pages, but would not be able to copy/print the pages. The user could come back often to read the book from these web pages, after entering their registered login/password.
My expertise is on the ASP.NET/C# side, but the web host servers only have PHP / MySQL, which is the owner's preference. The owner also likes using DreamWeaver, and I notice there is a Login PHP extension that is available, but other solutions may be better. Esentially, we need some kind of shopping cart and the ability to register users to access the web pages of the e-book. What would be a good way to do this?
My expertise is on the ASP.NET/C# side, but the web host servers only have PHP / MySQL, which is the owner's preference. The owner also likes using DreamWeaver, and I notice there is a Login PHP extension that is available, but other solutions may be better. Esentially, we need some kind of shopping cart and the ability to register users to access the web pages of the e-book. What would be a good way to do this?
Dave Baldwin
First you should know that if you put it on the web, I can copy it. No, you really can't stop me.
Check out www.opencart.com it is in php/msq
However, when I hear, "The owner likes using dreamweaver" that is scary. That sounds like trouble if they get frustrated when they can't use the drag and drop training wheels or your responsive site does not look exactly like the live site in the design view.
I would strongly suggest you get them to understand some of what makes Dreamweaver easy, also makes it unsafe. Your job is to make a site using the best security you know how. By the way, ask them if they currently use dreamweaver to make php sites with a database. If they do, ask them if they go remove the connection strings EVERY TIME they are done editing a site. Site > Advanced > Remove Connection strings. The reason is, the connection strings DW leaves will not show up when you are in DW ftp view, but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach as that is how DW makes it easy to drag and drop data fields.
However, when I hear, "The owner likes using dreamweaver" that is scary. That sounds like trouble if they get frustrated when they can't use the drag and drop training wheels or your responsive site does not look exactly like the live site in the design view.
I would strongly suggest you get them to understand some of what makes Dreamweaver easy, also makes it unsafe. Your job is to make a site using the best security you know how. By the way, ask them if they currently use dreamweaver to make php sites with a database. If they do, ask them if they go remove the connection strings EVERY TIME they are done editing a site. Site > Advanced > Remove Connection strings. The reason is, the connection strings DW leaves will not show up when you are in DW ftp view, but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach as that is how DW makes it easy to drag and drop data fields.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jason1178, I didn't think it the serverscripts were problem either until I had a site scanned for pci and the scripts were detected just by scanning. https://my.controlscan.com/threats/details.cgi?id=310028 Maybe this is too old by now, but I don't risk it http://www.techrepublic.com/article/dreamweaver-testing-scripts-can-lead-to-database-compromise/5193555
A lot of what those scans bring up as potential errors are BS but this one caught my eye.
A lot of what those scans bring up as potential errors are BS but this one caught my eye.
Maybe this is too old by now
Just a bit (in the case of the second one), and slightly hysterical (in the case of the first one and also weirdly out of date).
Even those pre-Adobe versions required a secondary security flaw on Apache that would allow a user to output PHP as plain text. If you can do that, it doesn't matter how you create the site...an attacker would be able to locate and compromise the DB from connection strings located under any common location (wp-config?).
tl;dr Not all scan results mean the tools are inherently insecure. If I 777 all my folders "because it makes scripts work no matter where I put them" I sort of deserve what I'm going to get.
I like Dreamweaver. Because I charge by the hour every time I have to come back and fix it again. I make a lot of money doing that.
If it is only one product then you don't really need a cart.
Most Payment Gateways have a form option you post the description and price to and they process the transaction.
A cart is only necessary if you have multiple products.
You can create a very simple one page purchase form that asks for the persons details and quantity and you post that off to a payment gateway that processes the transaction.
Most Payment Gateways have a form option you post the description and price to and they process the transaction.
A cart is only necessary if you have multiple products.
You can create a very simple one page purchase form that asks for the persons details and quantity and you post that off to a payment gateway that processes the transaction.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
While it is true that an author has the Copy Rights automatically when they create a work, Ray is right in that the record with the US Copyright Office gives an official record that can be used in court if needed. Courts are not inclined to take an author's word without further evidence.
ASKER
Thanks for everyone's responses, which I am processing and researching. I also had a chance to ask the owner some questions and obtain her response.
She does have her work copyrighted 2012. She will be selling several products, thus needs a versatile cart. She had considered PDFs but ruled them out for "a variety of technical reasons."
I will be quickly learning PHP / MySQL over the next few weeks, but we are open to purchasing ready-made solutions that would provide the functionality needed.
She does have her work copyrighted 2012. She will be selling several products, thus needs a versatile cart. She had considered PDFs but ruled them out for "a variety of technical reasons."
I will be quickly learning PHP / MySQL over the next few weeks, but we are open to purchasing ready-made solutions that would provide the functionality needed.
She does have her work copyrighted 2012.That statement appears to miss the point. Is the work registered with the US Copyright Office? Does she have receipts for the payments to the Copyright Office, showing proof that the copyrights were registered? If the answer is "no," then the chance of successfully prosecuting a case against theft is essentially zero. There is only one time I have seen a copyright theft prosecution succeed without copyright registration. It was a pirated instructional yoga video. The reason the plaintiff won was because the yoga model was his wife, and she testified that she had never modeled for the defendant. If you don't have evidence that strong, you really should advise her to get registered. There is a fee, but you can register data in batches of intellectual property for one fee.
... quickly learning PHP / MySQL over the next few weeksIt may take more than a few weeks; I do not say that to discourage you - it's simply a reality that it takes more than a few weeks to become productive in any programming language.
Here are some good places to start learning (Google them): Tizag, W3Schools, CodeAcademy.
Here are two of my favorite "Zero to Sixty" books. You may want to set enough time aside to work through the examples and see how it all works.
http://www.sitepoint.com/books/phpmysql5/
http://www.amazon.com/PHP-MySQL-Web-Development-Edition/dp/0672329166/
And best of luck with your project, ~Ray