Solved

What is a good way to create a shopping cart, allow purchase of online e-book, which is then accessed via user login/password

Posted on 2013-05-31
11
629 Views
Last Modified: 2013-06-06
I have been asked to help a person who has written a professional book. She would like to sell an electronic version of the book through a shopping cart. Once the user has purchased the e-book, then they would somehow register for a login/password which would grant them access to the e-book. This e-book is simply several html files having chapters of the book. The registered user would have access to read these pages, but would not be able to copy/print the pages. The user could come back often to read the book from these web pages, after entering their registered login/password.

My expertise is on the ASP.NET/C# side, but the web host servers only have PHP / MySQL, which is the owner's preference. The owner also likes using DreamWeaver, and I notice there is a Login PHP extension that is available, but other solutions may be better. Esentially, we need some kind of shopping cart and the ability to register users to access the web pages of the e-book. What would be a good way to do this?
0
Comment
Question by:dwoolley3
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39212370
First you should know that if you put it on the web, I can copy it.  No, you really can't stop me.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39212374
Check out www.opencart.com it is in php/msq

However, when I hear, "The owner likes using dreamweaver" that is scary.  That sounds like trouble if they get frustrated when they can't use the drag and drop training wheels or your responsive site does not look exactly like the live site in the design view.  

I would strongly suggest you get them to understand some of what makes Dreamweaver easy, also makes it unsafe.  Your job is to make a site using the best security you know how.  By the way, ask them if they currently use dreamweaver to make php sites with a database.   If they do, ask them if they go remove the connection strings EVERY TIME they are done editing a site.  Site > Advanced > Remove Connection strings.  The reason is, the connection strings DW leaves will not show up when you are in DW ftp view, but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach as that is how DW makes it easy to drag and drop data fields.
0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 250 total points
ID: 39212393
but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach

padas, if someone is FTPing directly to your site you have much greater problems than having some Dreamweaver PHP lying around.  It's not quite as insecure as you make it out to be and it doesn't necessarily mean the operator is relying on training wheels.  There are lots of us who use it simply as a PHP IDE and also because it simplifies a few tasks and it has (or it used to) one of the largest developer communities on the web.

-------------------------------

dwoolley3, if the client really wants a complete DW solution, look into WebAssist for a very rich set of (paid) plugins that will cover just about any need.

However, I would steer you towards an even simpler solution:  a CMS.  WordPress or Joomla could be set up very rapidly and set to have protected pages or downloads.  With the additions of add-ons, you could turn the site into a subscription-based or single-payment portal very rapidly.  It also makes maintenance by the non-technical even easier than DW would be.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39212435
jason1178, I didn't think it the serverscripts were problem either until I had a site scanned for pci and the scripts were detected just by scanning.  https://my.controlscan.com/threats/details.cgi?id=310028 Maybe this is too old by now, but I don't risk it http://www.techrepublic.com/article/dreamweaver-testing-scripts-can-lead-to-database-compromise/5193555

A lot of what those scans bring up as potential errors are BS but this one caught my eye.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 39212479
Maybe this is too old by now

Just a bit (in the case of the second one), and slightly hysterical (in the case of the first one and also weirdly out of date).  

Even those pre-Adobe versions required a secondary security flaw on Apache that would allow a user to output PHP as plain text.  If you can do that, it doesn't matter how you create the site...an attacker would be able to locate and compromise the DB from connection strings located under any common location (wp-config?).

tl;dr Not all scan results mean the tools are inherently insecure.  If I 777 all my folders "because it makes scripts work no matter where I put them" I sort of deserve what I'm going to get.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39212504
I like Dreamweaver.  Because I charge by the hour every time I have to come back and fix it again.  I make a lot of money doing that.
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 39212636
If it is only one product then you don't really need a cart.

Most Payment Gateways have a form option you post the description and price to and they process the transaction.

A cart is only necessary if you have multiple products.

You can create a very simple one page purchase form that asks for the persons details and quantity and you post that off to a payment gateway that processes the transaction.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39212814
PayPal has some potential in both the "easy-to-use" and "capture client data" arenas.

You can password protect pages with something like this.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

You can send an authentication key with something like this.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html

You might consider creating a PDF from the original files of the book.  You could include a watermark on the pages identifying the copyright holder and the licensee.  Then when what DaveBaldwin describes happens, and someone gets an illicit copy, it will be obvious that it is protected material and it will be obvious who permitted the breach.  You can't prevent the breach, but you can take action to provide evidence.

For the breach to be actionable, your author must have registered the work with the US Copyright Office.  That's done, right?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39213298
While it is true that an author has the Copy Rights automatically when they create a work, Ray is right in that the record with the US Copyright Office gives an official record that can be used in court if needed.  Courts are not inclined to take an author's word without further evidence.
0
 

Author Comment

by:dwoolley3
ID: 39213319
Thanks for everyone's responses, which I am processing and researching. I also had a chance to ask the owner some questions and obtain her response.

She does have her work copyrighted 2012. She will be selling several products, thus needs a versatile cart. She had considered PDFs but ruled them out for "a variety of technical reasons."

I will be quickly learning PHP / MySQL over the next few weeks, but we are open to purchasing ready-made solutions that would provide the functionality needed.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39214788
She does have her work copyrighted 2012.
That statement appears to miss the point.  Is the work registered with the US Copyright Office?  Does she have receipts for the payments to the Copyright Office, showing proof that the copyrights were registered?  If the answer is "no," then the chance of successfully prosecuting a case against theft is essentially zero.  There is only one time I have seen a copyright theft prosecution succeed without copyright registration.  It was a pirated instructional yoga video.  The reason the plaintiff won was because the yoga model was his wife, and she testified that she had never modeled for the defendant.  If you don't have evidence that strong, you really should advise her to get registered.  There is a fee, but you can register data in batches of intellectual property for one fee.

... quickly learning PHP / MySQL over the next few weeks
It may take more than a few weeks; I do not say that to discourage you - it's simply a reality that it takes more than a few weeks to become productive in any programming language.

Here are some good places to start learning (Google them): Tizag, W3Schools, CodeAcademy.

Here are two of my favorite "Zero to Sixty" books.  You may want to set enough time aside to work through the examples and see how it all works.
http://www.sitepoint.com/books/phpmysql5/
http://www.amazon.com/PHP-MySQL-Web-Development-Edition/dp/0672329166/

And best of luck with your project, ~Ray
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Jquery Autocomplete PHP script 3 23
Help cleaning out CSS 2 32
Strip leading 0 from a var 3 14
WIX Redirect 1 1
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now