Subscription Manager Features

PHP-SecureArea is easy to install and maintain with a range of features to automatically allow customers to register access to areas of a web site. The application allows you to build a web site with paid password protection.

Defining a subscription includes :

• Enter regular billing details with cost and duration of cycle.
• Define installment subscriptions.
• Optionally define trial period 1 and trial period 2

Security of your files is important as this is where you make your money.

• Your files are protected by a username / password login system and cannot be accessed without the correct details.
• The username with a unique password is emailed to the purchaser after they have purchased the product. The email address being the purchaser's registered PayPal email address.
• All passwords are stored in the database in encrypted format.
• For added security, and the recommended method, the 'password' folder should be stored on the web server outside the root of the web site.

There are a number of checks in the script to ensure that the data received from PayPal has not been modified.

• The script checks the PayPal transaction id in the database to make sure that it has not been previously used.
• The subscription details of the item is checked against the database to make sure that it has not been changed.
• The receiver email address is checked to make sure that it is your primary PayPal receiver email address.

Subscription buttons are created using html coding and can be placed on any type of file so that they my be easily integrated within an existing web site.

The email functions can be used to send out newsletters to all or specific customers.

• Email all customers who have purchased any item.
• Email all customers who have purchased a particular item.

This provides a brief description of some of the principles behind the application which incorporates the PayPal IPN system.

Instant Payment Notification (IPN) is the method that PayPal uses to automatically notify a defined web page when a PayPal payment has been made. For a complete description refer to the IPN Manual which you can find on the http://www.paypal.com/ipn site.

The principle that PayPal uses is as follows : You first create a PayPal button and place it on your web page or create the buttons dynamically from a database. When someone clicks on your button, PayPal posts data to the web page you defined during IPN set up. Your web page must then respond back to the paypal site.

After PayPal has confirmed the payment, it posts data back to your web page using IPN. If payment is correctly completed, PayPal sends 'completed' to your web page along with other data which your site can monitor. Once completed and verified has been received by your web page, you process the data in whatever way you want.

PHP-SecureArea takes the data from PayPal, carries out security checks to make sure the details are correct, then emails the purchaser with a username / password, all without any intervention by yourself. The purchaser is then able to login to the subscription area for a time period defined for that purchase.

Purchasing of a subscription is controlled by the PayPal IPN system. Only when the confirmed message is received from PayPal will the application process the purchase. There are a number of checks within the application to prevent attempts to spoof a purchase. These include checking the purchased price and currency, and checking the PayPal transaction id to make sure that it has not be used before.

You first set up the protected areas (the area that customers subscribe to) in the admin pages. So when you create a secure area name called 'protected1' which points to the protected1 folder, it modifies the htaccess file in the protected1 folder to point to an htpasswd file called htpasswd_1 where 1 is the alias record id. At the same time it creates a htpasswd file called htpasswd_1 in the htpasswd folder.

In fact there may be a number of htpasswd files, one for each secure area.

When a customer makes a purchase, the username is added to tblusers. At the same time it modifies htpasswd_1 with the correct username / password.

The password is automatically created by the system using a random character generator. The purchaser will receive an email which contains their password.

As soon as the user has received the password, they may log into their secure area for the time duration as defined by the subscription.

The purchaser may also log into a customer area, where they can see their particular details, listing their subscriptions. They may also change their password.

After the subscription has finished, or the customer cancels the subscription, the username / password is removed from the htpwasswd files so preventing the user accessing that secure area.