Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


What is a good way to create a shopping cart, allow purchase of online e-book, which is then accessed via user login/password

Posted on 2013-05-31
Medium Priority
Last Modified: 2013-06-06
I have been asked to help a person who has written a professional book. She would like to sell an electronic version of the book through a shopping cart. Once the user has purchased the e-book, then they would somehow register for a login/password which would grant them access to the e-book. This e-book is simply several html files having chapters of the book. The registered user would have access to read these pages, but would not be able to copy/print the pages. The user could come back often to read the book from these web pages, after entering their registered login/password.

My expertise is on the ASP.NET/C# side, but the web host servers only have PHP / MySQL, which is the owner's preference. The owner also likes using DreamWeaver, and I notice there is a Login PHP extension that is available, but other solutions may be better. Esentially, we need some kind of shopping cart and the ability to register users to access the web pages of the e-book. What would be a good way to do this?
Question by:dwoolley3
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39212370
First you should know that if you put it on the web, I can copy it.  No, you really can't stop me.
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39212374
Check out it is in php/msq

However, when I hear, "The owner likes using dreamweaver" that is scary.  That sounds like trouble if they get frustrated when they can't use the drag and drop training wheels or your responsive site does not look exactly like the live site in the design view.  

I would strongly suggest you get them to understand some of what makes Dreamweaver easy, also makes it unsafe.  Your job is to make a site using the best security you know how.  By the way, ask them if they currently use dreamweaver to make php sites with a database.   If they do, ask them if they go remove the connection strings EVERY TIME they are done editing a site.  Site > Advanced > Remove Connection strings.  The reason is, the connection strings DW leaves will not show up when you are in DW ftp view, but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach as that is how DW makes it easy to drag and drop data fields.
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 750 total points
ID: 39212393
but if you ftp directly to the site and you see MM_connectionstrings or something like that, it's an easy security breach

padas, if someone is FTPing directly to your site you have much greater problems than having some Dreamweaver PHP lying around.  It's not quite as insecure as you make it out to be and it doesn't necessarily mean the operator is relying on training wheels.  There are lots of us who use it simply as a PHP IDE and also because it simplifies a few tasks and it has (or it used to) one of the largest developer communities on the web.


dwoolley3, if the client really wants a complete DW solution, look into WebAssist for a very rich set of (paid) plugins that will cover just about any need.

However, I would steer you towards an even simpler solution:  a CMS.  WordPress or Joomla could be set up very rapidly and set to have protected pages or downloads.  With the additions of add-ons, you could turn the site into a subscription-based or single-payment portal very rapidly.  It also makes maintenance by the non-technical even easier than DW would be.
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39212435
jason1178, I didn't think it the serverscripts were problem either until I had a site scanned for pci and the scripts were detected just by scanning. Maybe this is too old by now, but I don't risk it

A lot of what those scans bring up as potential errors are BS but this one caught my eye.
LVL 70

Expert Comment

by:Jason C. Levine
ID: 39212479
Maybe this is too old by now

Just a bit (in the case of the second one), and slightly hysterical (in the case of the first one and also weirdly out of date).  

Even those pre-Adobe versions required a secondary security flaw on Apache that would allow a user to output PHP as plain text.  If you can do that, it doesn't matter how you create the attacker would be able to locate and compromise the DB from connection strings located under any common location (wp-config?).

tl;dr Not all scan results mean the tools are inherently insecure.  If I 777 all my folders "because it makes scripts work no matter where I put them" I sort of deserve what I'm going to get.
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39212504
I like Dreamweaver.  Because I charge by the hour every time I have to come back and fix it again.  I make a lot of money doing that.
LVL 59

Expert Comment

by:Julian Hansen
ID: 39212636
If it is only one product then you don't really need a cart.

Most Payment Gateways have a form option you post the description and price to and they process the transaction.

A cart is only necessary if you have multiple products.

You can create a very simple one page purchase form that asks for the persons details and quantity and you post that off to a payment gateway that processes the transaction.
LVL 111

Accepted Solution

Ray Paseur earned 750 total points
ID: 39212814
PayPal has some potential in both the "easy-to-use" and "capture client data" arenas.

You can password protect pages with something like this.

You can send an authentication key with something like this.

You might consider creating a PDF from the original files of the book.  You could include a watermark on the pages identifying the copyright holder and the licensee.  Then when what DaveBaldwin describes happens, and someone gets an illicit copy, it will be obvious that it is protected material and it will be obvious who permitted the breach.  You can't prevent the breach, but you can take action to provide evidence.

For the breach to be actionable, your author must have registered the work with the US Copyright Office.  That's done, right?
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39213298
While it is true that an author has the Copy Rights automatically when they create a work, Ray is right in that the record with the US Copyright Office gives an official record that can be used in court if needed.  Courts are not inclined to take an author's word without further evidence.

Author Comment

ID: 39213319
Thanks for everyone's responses, which I am processing and researching. I also had a chance to ask the owner some questions and obtain her response.

She does have her work copyrighted 2012. She will be selling several products, thus needs a versatile cart. She had considered PDFs but ruled them out for "a variety of technical reasons."

I will be quickly learning PHP / MySQL over the next few weeks, but we are open to purchasing ready-made solutions that would provide the functionality needed.
LVL 111

Expert Comment

by:Ray Paseur
ID: 39214788
She does have her work copyrighted 2012.
That statement appears to miss the point.  Is the work registered with the US Copyright Office?  Does she have receipts for the payments to the Copyright Office, showing proof that the copyrights were registered?  If the answer is "no," then the chance of successfully prosecuting a case against theft is essentially zero.  There is only one time I have seen a copyright theft prosecution succeed without copyright registration.  It was a pirated instructional yoga video.  The reason the plaintiff won was because the yoga model was his wife, and she testified that she had never modeled for the defendant.  If you don't have evidence that strong, you really should advise her to get registered.  There is a fee, but you can register data in batches of intellectual property for one fee.

... quickly learning PHP / MySQL over the next few weeks
It may take more than a few weeks; I do not say that to discourage you - it's simply a reality that it takes more than a few weeks to become productive in any programming language.

Here are some good places to start learning (Google them): Tizag, W3Schools, CodeAcademy.

Here are two of my favorite "Zero to Sixty" books.  You may want to set enough time aside to work through the examples and see how it all works.

And best of luck with your project, ~Ray

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question