abigail

Would this work for you: When they register, have your code check if they are already registered (but not paid) and then your code continues as if they are just registering for the first time. This seems to me the easiest way for you to code it and also the easiest for your user. It would be more work for you, I would think, to delete that entry then insert it again. So you have to change your logic so it knows when to move that person along instead of do the error.

Well, regarding sessions, now that I am using SSl (along with sessions) for all my database access, it seems safer to me to always do that for any database access. But here is the thing about what you are saying. If they are already in the database then they only need to log in. Maybe it is something I am missing because I didn't reread your original post. But what I'm really saying is why don't you rethink this part. For example, here is what you could do: Here are the things you want your user to do: 1. register (provide email and password) 2. pay 3. provide details such as name, phone number (if required) 4. activate email (if you require this) 5. login when coming to use your website. So when they first time register, you have step 1 taken care of. When they come back, make them enter email and password. Your code will try to log them in. If that email is not in database then your code will register them. So really, register and login is the same thing for your user. It is different for your code. You could tell them a little message that your site streamlines the register and login into one easy step. Your code, after successful login/register takes them to paypal (I think that's what you want to do--and that's a good idea). If they previously registered, log them in and if they are already paid then they can use your site otherwise send them to paypal. Now the only issue you have, they have paid but you don't have it confirmed until you get the IPN. So either they have to wait before they can use your site or you can assume success and let them use your site then if IPN fails you revert them to unpaid status. After they are paid, then they have option or requirement to update profile and give you any other information you need. Activate email now. This way, until they pay, it is the most easy for them. Let them do the rest of the work later, so they have no reason to think this is too much trouble for them. Also, a user can log in but not have access to your site because they have not paid and maybe they didn't activate their email yet, if that is a requirement. Probably, you would need to have some way to delete old entries and you might keep a LastUpdated column which gets the date when this user's data was updated. Anybody not updated in 6 months or 1 year could be deleted. You could send warning email first. In my opinion, deleting old unused entries is secondary importance to providing smoother user interface (to increase successful register/paypal experience). You would also need a Forgot Password link. Well, this is just one way of doing it. But it would smooth out the process for your user. Although your coding will be more complex. This is got me thinking now -- I should have done it this way at my website. But if you don't want to do it this way, when they come back and register and your code notices it is already in database, then just log them in. No need to delete and renter. I hope I'm not making it more complex for you, Marie.

I didn't go back and reread your previous post, so this is just a suggestion. I think you have good idea to try to simplify register/login/paying for your user. Try to make it as smooth as possible so they have no reason to abandon. (But something accidentally could happen.) I do something like this with my site but I do expect them to register separately first. In other words when they want to pay, they have to login or else they have to click register link. (In your case you would should Register form instead of Login form) But what I do is when they register they are already logged in. They don't have to activate email because I don't need that email now. My site is different than yours and I'm just describing how I made it easy for my user by trying not to give them any choices until they are done paying. Also I ask them to confirm what they want to purchase (then I make entry into database in case something goes wrong I can contact them). After they confirm I bring up the credit card form (in your case you would send them to paypal). I have an idea that maybe you could simplify yours if you allow them to register and login even if they have not paid. They can't do very much until they pay. But at least they won't be confused if they get stopped part way through for whatever reason. And also they don't have to register over again, only once. But I think your main ideas is very good. Maybe just think how you can make it easier when something goes wrong, without making it more complicated when everything goes right.

It works perfectly! And thank-you so much for all your work helping me. I know you like to solve problems but even so. I probably would not have put in the time to learn it at this level to get such a complicated rule working. Not to waste your time, but this got me thinking last night: What type of person develops something like regex? I mean we are programmers and tend to think a certain way that others do not, unless they are engineers. But most of us are lucky just to be able to figure out how to use regex. What kind of a mind develops it? This is rhetorical question of course.

I don't really have to rush with this because I have it working, just not ideally working. I will test the style sheet further tomorrow and maybe you want to wait what I find out before you do yours. But the only other time I had problem with style sheet was with the final /, which I haven't been testing that for these cases. And then I had extra space or missing space and my website wouldn't load it all and it gave a 500 error. Otherwise I haven't had any problems with the style sheet while working with the modrewrites.

If you think it's worth doing I won't give up. Too bad you have to take time to write code. You could test my code, all except writing the .htaccess file. You would have to believe that I type in what you tell me to. Then you can see the results for yourself. I don't know if that would save you any time. One thing to consider -- my page did not use the style sheet so I didn't test further. Maybe it would do as you say but there is something wrong anyway.

Well, that does not work. I believe it is syntax error because it doesn't find my style sheet. When I remove one or both of the $| then it can't find /hiv or /aids. Maybe this isn't worthwhile. All this time spent. It's pretty minor, really. Actually, it's not cancer going to 2 scripts that I want. I wanted /cancer goes to /cancer-treatment /cancer-symptoms-treatment goes to /cancer-symptoms-treatment or /cancer-symptoms could go to /cancer-symptoms-treatment This it will not let me do. I'm pretty sure it wouldn't let me do this either: /sympt goes to /cancer-symptoms-treatment But these things are so minor, really. Look what it can do. It's working great for 99% of it, and good for the other 1%. I did another test and it will let me do /sympt goes to /symptoms-cancer-treatment So this is another option I didn't think of. I could do /urtic goes to /urticaria-hives-treatment and at least user will see hives and also google will see both.

Here is what I have now: RewriteRule ^hiv[_\-\./]|aids[a-z_\-\./]*$ hiv-aids-treatment.php And it does everything except if user types hiv it does 404 User must do hiv- Is there a way to say 'or nothing'? But I don't understand why aids works but hiv doesn't. When I put the first bracket before the second bracket, it caught hives. What I'm thinking is hiv-aids is a much more sought after condition that hives, so if I can't use hives I will have to use Urticaria. Because of what I wrote below I just thought of an idea: could I use filename urticaria-hives-treatment. It doesn't allow user to type hives but url looks better and better for SEO. Don't worry about trying to tell me what to do. Kicking around ideas is the best way to come up with the best method/solution. As for my tackling regex, I really didn't want to. I knew what a headache it was going to be. But when I realized that the best thing I could do for SEO, and it would be very significant for SEO, is the modrewrite, I went ahead anyway. Larry gives some info in the book which got me started. Here's the thing to understand. Users typing in is secondary. But now that I can provide that it is really nice. For example I can send you an email and say "look at my new page about cancer at adviceofthequeen.com/cancer". I don't have to give them a link even. And I don't have to type in long or complicated filenames. In addition, someone might get to my site that way then instead of using my navigation, says to himself, I wonder if she has treatment for leukemia and he can even just type leuk into browser and get around lots of my website that way. But here's the thing. The real advantage is in SEO canonicalization. My code directs everything to one url: /hiv-aids-treatment, no matter how it got there. And there is one more detail I forgot to mention. My code also adds #hiv-aids-treatment to the end. And google would think that is a different url. So as I see it, there are only 2 ways to do it. Either only use /hiv-aids-treatment.php (without #), or use /hiv-aids-treatment and everything is canonical to that. The only issue I have, and apparently this can't be solved, is that once I have a rule that catches 'cancer', then I can't use 'cancer' any place else. I can't even use it in the file name. I can't use 'cancer symptoms'. That is why I abbreviated it and for this instance it doesn't matter because no-one will be searching for cancer symptoms treatment. But there are others that collide and I will solve most of them by combining them into a grouping. But here is one example: I am now working on adding Mental Sharpening, which is a major term. Later I will add Mental Retardation. Which I will have to name retardation-treatment instead of mental-retardation-treatment, or even retardation-mental-treatment (unless I can use this because mental is not the first word). It's not very significant for user but for google it is. For example, because of drought we have retarded plant growth, etc. Google can bring up my website for plant retardation treatment. But even all of these collisions are still minor. Most people would find these because they are already at my site or by word of mouth. The major ones is what I need google to see.

Sorry the editor won't let me update previous post. I know this is a little off your subject but seems like the best place for my question. I've been using this: [!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"] But I want to move forward to html 4 strict. That's what I've been thinking. One book I'm reading recommends XHTML 4 strict. But one website said XHTML has been abandoned by the W3C and won’t be updated. So what do you (experts) recommend and would you post it so I know the syntax is correct. One thing though, I want my code to validate. Maybe I have to stay with transitional then. I did a little testing and changed by transitional to strict. There are a few cosmetic things which can be fixed. But also I have some external links that use target attribute which doesn't validate. Also there is javascript to focus the cursor on the form. That doesn't validate either.

I know this is a little off your subject but seems like the best place for my question. I've been using this:

I should point out that I only understand small amount of regex. So the reason it is the way it is now is I got it working step by step mostly by looking online and also a previous post I had here. So changes are good providing it end ups working. Here then is what I am doing overall: I have many files (webpages) which I am adding to and probably might be about 50 or even more in the end. I could post the current file if you need it. For SEO and to make the url prettier I am doing the modrewrite. But because I am doing this it also is very convenient to allow user to type in directly just that name and they can get there that way. So that is the secondary goal. All this has been working well until now because of the confict with hives and hiv-aids. I did have previous similar confict with cancer and cancer-symptoms but I solved that by using c-symptoms instead. Generally what I do is my code will issue: http://adviceofthequeen.com/cancer-treatment which modrewrite sends to cancer-treatment.php Then my user can type in: adviceofthequeen.com/cancer which modrewrite also sends to cancer-treatment.php In some cases I let them shorten it such as leukemia they only have to type leuk. So for hiv-aids my code will issue: http://adviceofthequeen.com/hiv-aids-treatment which modrewrite sends to hiv-aids-treatment.php User should be able to type either: adviceofthequeen.com/hiv or: adviceofthequeen.com/aids and modrewrite sends to hiv-aids-treatment.php I don't expect anyone would enter hiv.php or aids.php. The code wouldn't have to support that. But it seems reasonable to me that if someone types in hiv-aids-treatment.php then that file should be displayed because that file exists. I noticed online I should be able to disallow ^(hive) but it didn't work for me and maybe I didn't know where to place it. Let me know if it is still unclear. And thanks for taking time to try to figure this all out.

It only partially worked. It did let hives be recognized but now it doesn't recognize hiv at all. Of course, through code I use hiv-aids-treatment which works. But I also want user to be able to type in hiv or aids and get to hiv-aids. These are the 3 I tried with same results (hiv gives 404 error): RewriteRule ^hiv[^e]|aids[a-z_\-\./]*$ hiv-aids-treatment.php RewriteRule ^hiv[^e][a-z_\-\./]|aids[a-z_\-\./]*$ hiv-aids-treatment.php RewriteRule ^hiv[^ea-z_\-\./]|aids[a-z_\-\./]*$ hiv-aids-treatment.php

Maybe you know if I can do this. I want the urticaria rule to be hives. But the hiv-aids rule always catches it. And even it will not let me use hives-treatment.php for the filename. RewriteRule ^urticaria[a-z_\-\./]*$ urticaria-treatment.php RewriteRule ^hiv|aids[a-z_\-\./]*$ hiv-aids-treatment.php So this rule goes to hiv-aids: RewriteRule ^urticaria[a-z_\-\./]*$ hives-treatment.php But if it can't be done it's not the end of the world. And what I really want is this rule to go to hives but even the above rule would be better than that filename urticaria. RewriteRule ^hives[a-z_\-\./]*$ hives-treatment.php Maybe there is a way to tell the hiv-aids rule to ignore (hive). Also, my code shows the url ending with hiv-aids-treatment.php, so I can't disallow letter 'e'.

One thing I just noticed, and this might save you some time. When I go to cpanel, then filemanager, the menu at left shows my top level directory is /home/advice10. Assuming, you have linux webhosting, probably yours shows you that information.

Here is how I do mine. I had to ask my webhost and they said that /home/advice10 would refer to my directory above the web files. define ('MYSQL', '/home/advice10/mysqli_dbc.inc.php');

I have it working now along with the mod_rewrite. Like you said, I started with '/'. But I think there was a reason I didn't do it that way before and maybe it was because of subdomain. But it is working now anyway.

I want to use absolute referencing for my css and images, because of the mod_rewrite issue in another post. So that if a user adds slash, "/", to end of url the style sheet and images would be found. When I use this for includes it works: define ('BASE_URI', '/home/advice10/public_html/'); But when I use it for css and images the browser doesn't find it. So I asked my webhost how to do absolute referencing and explained about when the slash, "/", is added to the end the browser doesn't find the style sheet, this is what they said: I believe that the absolute external reference you are looking for would be href="http://adviceofthequeen.com/minus/style/zw3c.css". Once again the internal relative reference resolves from the file that pulls up that style sheet, however if you are looking to go a directory up, for example: the location of your client is in "public_html/example" (domain.com/example) directory, and you want to use the style sheet in the "minus" directory, the reference you could use would be "../minus/style/zw3c.css" or the above mentioned "http://adviceofthequeen.com/minus/style/zw3c.css". The ".." stands for parent directory. You should never use the absolute reference of the server internally on a website. So the 2 issues I have with this are: 1) Should I use the http... for style sheet and images directories? 2) I use BASE_URI for my includes directory, and does that go against what webhost said: "You should never use the absolute reference of the server internally on a website."?

Actually, I figured out an even better way for me. So my customer can type into browser just cancer and my program can use cancer_treatment. They can even type in just hiv or just aids or hiv_aids. Here's what my code looks like then: RewriteEngine On RewriteRule ^cancer[a-z_]*$ cancer_treatment.php RewriteRule ^hiv|aids[a-z_]*$ hiv_aids_treatment.php RewriteRule ^sleep[a-z_]*$ sleep_disorders_treatment.php RewriteRule ^sickle[a-z_]*$ sickle_cell_anemia_treatment.php RewriteRule ^addict[a-z_]*$ addiction_treatment.php RewriteRule ^fear|phobia[a-z_]*$ fear_phobia_treatment.php Regarding my previous post, the reason to use one Rule is because I wouldn't have to edit file each time I add a new treatment. So there is not much advantage to do it your way, I would think. But I like my new idea much better anyway. I suppose I will have to use absolute referencing for the css and images. Otherwise user sees 404 error but that is only if they type in the trailing /. Someone might do that I suppose. Anyway, except for that minor problem of trailing / everything seems to be working great now.

Here's something I thought of now. Can I write just one RewriteRule that will change all my file names, here are examples: RewriteRule ^cancer_treatment$ cancer_treatment.php RewriteRule ^hiv_aids_treatment$ hiv_aids_treatment.php RewriteRule ^sids_treatment$ sids_treatment.php RewriteRule ^sleep_disorders_treatment$ sleep_disorders_treatment.php RewriteRule ^asthma_treatment$ asthma_treatment.php So if it ends with _treatment then I want .php added. The reason I'm doing this is for SEO. That's why I want treatment in all the names.

Thank-you for finding the syntax typo. Evidently, that is the reason it wouldn't run in my live directory! (I've changed the names of my pages to add _treatment at the end.) I took off the / from the cancer_treatment page and that works well now. The only time it would show 404 not found is if the user typed it into browser with the /. My code won't use that. Does that make sense to you that I should do it that way or do you think I have to use absolute referencing? This is the code I'm using now: RewriteEngine On RewriteRule ^cancer_treatment?$ cancer_treatment.php RewriteRule ^ptsd_treatment?$ ptsd_treatment.php

I'm trying to do mod_rewrite like this: RewriteEngine On RewriteRule ^cancer/?$ cancer.php RewriteRule ^ptsd/?$ptsd.php I have my testing directory, named minus, so the same code should be at adviceofthequeen.com and adviceofthequeen.com/minus/ I put this code into the .htaccess file in minus directory and when I type into browser: http://adviceofthequeen.com/minus/cancer the cancer.php page comes up correctly. But when I type into browser: http://adviceofthequeen.com/minus/cancer/ the cancer.php pages comes up but without the style sheet and images. So I also put this same code into .htaccess file above the minus directory (the real live code) and when I type into browser: http://adviceofthequeen.com/ it throws a 500 Internal Server Error. I'm pretty sure that if I ask hosting tech support about this they will suggest I use the cpanel redirect. I want to do this for all my files and now there is only 6 but there could be maybe about 50 when I'm done. It doesn't seem that redirect is the best way to do this. Is there any syntax error in my mod_rewrite? There was nothing in the .htaccess files except directory protection in the minus directory which is temporarily not on right now. Apache version 2.2.21 PHP version 5.2.17 MySQL version 5.0.92-community-log

You do have a good point -- because the user goes to PayPay, security is their responsibility, I would think. And I think I remember that Larry said that in his book, about the IPN needing HTTPS. But the IPN is just a file that never shows in the browser. I looked into my ipn.php file I used for testing and there is this line: $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); // Test //$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); // Live I think this is what Larry was talking about. I don't think you need ssl on your site to do the IPN.

This is exactly what I didn't understand at first. It is because someone can "get between" your site and PayPal. I don't think I can explain it very well (I'm not sure the correct termonology). So someone would appear to your user as if it is PayPal but really is not. They then have your user's credit card number. Also read my much earlier post here (when the book was brand new) when I was asking Larry about this (he can explain it better). But if you read further about PayPal, I think you will find like I mentioned that they don't REQUIRE the SSL. I think you have option of using Encrypted Button. I think that is how they get around having to use the SSL. It might be a good way for you to do it. But now that I understand that someone could "get between" my site and my database update, so even that part is not safe without SSL -- that's why I like it now. It took some designing of my site to figure out when I want to use SSL. Larry makes it seem easy but real world cases probably take lots of planning -- more than just implementing. That's been my experience anyway. I just finished my BuyNow button a few weeks ago so it's all fresh for me. That's why I know exactly where you are with this. Getting your thinking straight is what you have to do now. I sent you email through the forum with more information I didn't think I should post here. Let me know if you don't get it. Remember, IPN is separate from SSL. They are entirely different issues.

First of all, I'm not an expert at this by any means. I just started using a BuyNow button on my website about a month ago and I only seriously started programming it about a year ago while using Larry's ecommerce book. So all this is just my opinion and many people might disagree. First of all, IPN and SSL are two different things. For the SSL, I feel exactly as you do. I would rather pay for something after I at least have some paying customers at my website. For me, I am using my webhost shared certificate. It's not as elegant as your own certificate but it is free. About your webhost, I don't know what they provide. My site is new yet but you can try it out and see how I've done it and please give me improvement suggestions if you see anything: AdviceOfTheQueen.com. With that said, as far as I know, with the simple payment you are doing, PayPal does not REQUIRE you to use SSL. However, I am now convinced that is the correct way for you to do it. And in addition, all your database interaction with your user should also be SSL. Using the shared certificate solved the problem for me because it is free. But I will point out it was a little complicated to get it programmed. You will probably have to spend some time to learn it. Use of the certificate is automatic (for me) but I have to know when to use a different url and because it's shared it's not https vs http. Look at my site and you will see what I mean. But now that it's programmed, looking back, it seems easy. For the IPN, while you are using that free version of PayPal, there is no way for you to know if your customer's charge was successful. For example, maybe they typed a wrong number, maybe they went over their credit limit, maybe their card is expired. You have no way to know this. The only way you know this is by IPN. Implementing IPN isn't as hard as it first seems. Follow Larry's example because he has done most of the work for you. Whatever your customer does after they try to charge, it makes no difference. You could just as well update your database before they go to PayPal. The reason you care about what your customer does after they charge at PayPal -- you want them to come back to your site. You don't want them to go somewhere else online. Somewhere else on this forum I posted about Stripe.com, which I am now using because of someone else suggested here at this forum. I don't want to become a Stripe 'evangelist' but you might like this better than PayPal. They REQUIRE you use SSL but you will find out Successful Charge immediately (without IPN). They still expect you to implement Webhook, which is similar to IPN, which will notify you when there is a ChargeBack. You might also like to implement both PayPal test mode (I did) and Stripe test mode and see which you like better. P.S. I didn't read the PayPal doc you posted (maybe in the past I already read it). Their document probably makes it more confusing than it really is.

Really, it's only because of NewEcommerce1 (here) that I found out about Stripe. Stripe is limited but PayPal is soooooo complex. Also, they are new yet and maybe they will be adding features. I have problem because of my old computer and Stripe uses new javascript and my computer hangs. I have to go to library to test! (I am awaiting my friend to give me his 'old' XP computer.) Their tech support helped me out greatly. Just something to know about, at first I sent email question to their customer support and did not get reply for several days. They did answer tech support, though and they really did great. It seems you need to know a bit more programming than you would for PayPal. Just for others information: I find out credit card approval immediately but they will send charge back or other notices by Webhook. Even successes if I set it up that way. Webhook works much like PayPal's IPN.