Jump to content
Larry Ullman's Book Forums

Loggin In Without Using Paypal Sandbox


Recommended Posts

Hello,

 

It seems that when I test out the scripts for the first project in the e-commerce book with fake registrants, I can log in even though I have not paid with the Pay Pal sandbox. Would this be a problem if the PayPal was "real". I have looked at the code and do not see any kind of trigger or blocking mechanism, at least not on the Index page or Register page.

 

Marie

Link to comment
Share on other sites

Thanks for your question. If I recall correctly, yes, the first project does allow you to log in without having paid. But, most importantly, you can't view content without having paid (actually, without having an active account). Not only is this not a problem, but it's actually ideal, as it encourages people to pay (they can get in and get a sense of what's there) and encourages people to renew. For example, after paying once, the user's account is valid for a year. After that point, they need to renew. But they can come back in 13 months and then renew. In my opinion, outright blocking people from logging in until they've paid will hinder sales.

Link to comment
Share on other sites

Thanks for your question. If I recall correctly, yes, the first project does allow you to log in without having paid. But, most importantly, you can't view content without having paid (actually, without having an active account). Not only is this not a problem, but it's actually ideal, as it encourages people to pay (they can get in and get a sense of what's there) and encourages people to renew. For example, after paying once, the user's account is valid for a year. After that point, they need to renew. But they can come back in 13 months and then renew. In my opinion, outright blocking people from logging in until they've paid will hinder sales.

 

Thank you,

 

I guess I didn't examine things as thoroughly as I could have done. Good point about giving people a sense of what the site is all about. This is exactly what I want to do with my "real" site. I have several of your books and am finding the eCommerce book most beneficial as I do not plan to become a full scale web developer. I just want to get my site up and running and have a good idea of what is going on in the code so I can hire an expert to maintain and carry it further if necessary.

 

Marie

Link to comment
Share on other sites

  • 11 months later...

Hello,

 

A year later and I have my site almost completed and have changed my mind about my members loggin in without paying. I would prefer that they can register, then go to Paypal and then pay before they log in. So I have my code set up so that when they register a 0 goes into a status field. This should change to a 1 when they pay.

 

However, at this point whether my users have a 1 or a 0 in their status field I am getting this message which is part of the script.

 

The email address and password do not match those on file.

 

Following is what I have altered in the login.inc.php.

 

I have altered this line: $q = "SELECT id, username, type, IF(date_expires >= NOW(), true, false) FROM users WHERE (email='$e' AND pass='" . get_password_hash($p) . "')";

 

TO the following: $q = "SELECT id, username, type, status FROM users WHERE (email='$e' AND pass='" . get_password_hash($p) . "' AND status=1)";

 

I have taken out the following line as well: //if ($row[3] == 1) $_SESSION['user_not_expired'] = true;

 

SO the rest of the code remains the same:

 

if (mysqli_num_rows($r) == 1) { // A match was made.

 

// Get the data:

$row = mysqli_fetch_array ($r, MYSQLI_NUM);

 

// If the user is an administrator, create a new session ID to be safe:

// This code is created at the end of Chapter 4:

if ($row[2] == 'admin') {

session_regenerate_id(true);

$_SESSION['user_admin'] = true;

}

 

// Store the data in a session:

$_SESSION['user_id'] = $row[0];

$_SESSION['username'] = $row[1];

 

 

// Only indicate if the user's account is not expired:

//if ($row[3] == 1) $_SESSION['user_not_expired'] = true;

 

} else { // No match was made.

$login_errors['login'] = 'The email address and password do not match those on file. ';

}

 

}

 

Any thoughts would help. Thanks,

 

Marie

Link to comment
Share on other sites

Hello,

 

I believe that the status conditional may have been what was causing the problem. I have since reworked everything back to the original code as it is presented in the eCommerce book. However a few other related problems have sprung up, concerning PayPal and registering etc.

 

I did not use the PayPal Sandbox but went directly to the live coding.

 

However, PayPal is not necessarily smooth and problems can occur which would make the user give up and maybe try again later or not attempt to subscribe to the site at all. BUT their information is now in the users table, whether as soon as they have hit the submit button, so IF they try to register again they are going to get the message that their email and password are not available. However, they can still log in to the site anyway which would be a bit confusing because they haven't paid.

 

What is an easy way to re-register and pay if they stopped the process for whatever reason the first time?

 

Marie

Link to comment
Share on other sites

Okay, I think I may have figured out something.

 

The person Registers, Hits the Submit Button is then on the PayPal site. For some reason it doesn't work, the person get frustrated or whatever so then then decide to go back to my site (hopefully). On the Register page is a link to cancel their previous information which simply takes everything out of the Users table. Then they hit the Register button again and go to PayPal.

 

At this point, on my site, the Registered User can enter my site by Logging in on the Index page. SO, the Login form will change to be available only to Active Users - those who have paid.

 

So, when they register the Users table will have an Active field with a 0 which will change when they have paid. So their Inactive status would be in a table similar to the "Orders" table in the Power is Knowledge site.

 

This should work as long as people don't get fed up with PayPal.

 

It seems to me that one DOES have to have an account with PayPal once they get to the page where they enter their email. They are then asked to create a PayPal password. I am wondering if this will turn people away.

 

Marie

Link to comment
Share on other sites

I didn't go back and reread your previous post, so this is just a suggestion.

I think you have good idea to try to simplify register/login/paying for your user. Try to make it as smooth as possible so they have no reason to abandon. (But something accidentally could happen.)

 

I do something like this with my site but I do expect them to register separately first. In other words when they want to pay, they have to login or else they have to click register link. (In your case you would should Register form instead of Login form) But what I do is when they register they are already logged in. They don't have to activate email because I don't need that email now. My site is different than yours and I'm just describing how I made it easy for my user by trying not to give them any choices until they are done paying. Also I ask them to confirm what they want to purchase (then I make entry into database in case something goes wrong I can contact them). After they confirm I bring up the credit card form (in your case you would send them to paypal).

 

I have an idea that maybe you could simplify yours if you allow them to register and login even if they have not paid. They can't do very much until they pay. But at least they won't be confused if they get stopped part way through for whatever reason. And also they don't have to register over again, only once.

 

But I think your main ideas is very good. Maybe just think how you can make it easier when something goes wrong, without making it more complicated when everything goes right.

Link to comment
Share on other sites

Thanks for your comments.

 

One of the basic problems would still exist however. IF someone was registering then hit submit button their information goes into the database. It wouldn't matter if they came back two minutes later or two days later. IF they tried to register again, they would get a message saying that the email address had already been registered. How does one clear their information out of the database so they can register again assuming that they may only have ONE email address or wanted to use that particular email address? Do we want our databases full of information that isn't necessary. Can they delete their information without a session being involved?

 

Marie

Link to comment
Share on other sites

Well, regarding sessions, now that I am using SSl (along with sessions) for all my database access, it seems safer to me to always do that for any database access.

 

But here is the thing about what you are saying. If they are already in the database then they only need to log in. Maybe it is something I am missing because I didn't reread your original post. But what I'm really saying is why don't you rethink this part. For example, here is what you could do:

 

Here are the things you want your user to do:

1. register (provide email and password)

2. pay

3. provide details such as name, phone number (if required)

4. activate email (if you require this)

5. login when coming to use your website.

 

So when they first time register, you have step 1 taken care of.

When they come back, make them enter email and password. Your code will try to log them in. If that email is not in database then your code will register them. So really, register and login is the same thing for your user. It is different for your code. You could tell them a little message that your site streamlines the register and login into one easy step.

Your code, after successful login/register takes them to paypal (I think that's what you want to do--and that's a good idea).

If they previously registered, log them in and if they are already paid then they can use your site otherwise send them to paypal.

Now the only issue you have, they have paid but you don't have it confirmed until you get the IPN. So either they have to wait before they can use your site or you can assume success and let them use your site then if IPN fails you revert them to unpaid status.

After they are paid, then they have option or requirement to update profile and give you any other information you need. Activate email now.

This way, until they pay, it is the most easy for them. Let them do the rest of the work later, so they have no reason to think this is too much trouble for them.

 

Also, a user can log in but not have access to your site because they have not paid and maybe they didn't activate their email yet, if that is a requirement.

 

Probably, you would need to have some way to delete old entries and you might keep a LastUpdated column which gets the date when this user's data was updated. Anybody not updated in 6 months or 1 year could be deleted. You could send warning email first. In my opinion, deleting old unused entries is secondary importance to providing smoother user interface (to increase successful register/paypal experience).

 

You would also need a Forgot Password link.

 

Well, this is just one way of doing it. But it would smooth out the process for your user. Although your coding will be more complex.

 

This is got me thinking now -- I should have done it this way at my website.

 

But if you don't want to do it this way, when they come back and register and your code notices it is already in database, then just log them in. No need to delete and renter.

 

I hope I'm not making it more complex for you, Marie.

Link to comment
Share on other sites

I appreciate your thoughtful reply. All of these ideas are valid.

 

The issue I am having with my website is at point number 1 - the registration page.

 

Right now I have a fake user who has registered their name, username, email and password and then clicked submit and went to the PayPal page. So their information entered the database BUT they didn't go any further than that click and the next page for whatever reason - the doorbell rang, the cat ran across the keyboard, they are unsure - who knows.

 

So the next day or five minutes later they want to Register and follow through but this time they won't get past the submit button because they will get an error mesage which is in the script, that the email and username has already been registered.

 

SO the problem is - how do they pay now or how do they clear that previous information so they can follow through register again and then pay all in one step?

 

With my site I intend NOT to have them log in unless they have registered and followed through with the payment.

 

Marie

 

Marie

Link to comment
Share on other sites

Hello,

 

I MAY have figured out this problem. I have inserted the following code into my Register page script. IF the user puts in the same email address or combination that is already in the database then the script tells the person to continue directly to PayPal.

 

} else { // The email address or username is not available.

 

 

include ('header.html');

 

// Updated message:

echo "<h3>It appears that you have already registered. Please proceed to Paypal.

 

 

</strong></p>";

 

 

echo '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="cmd" value="_s-xclick">

 

<input type="hidden" name="hosted_button_id" value="VDZXU4VACMK6N">

<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">

<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">

</form>';

 

include ('footer.html');

 

// Finish the page:

exit(); // Stop the page.

Link to comment
Share on other sites

Would this work for you:

When they register, have your code check if they are already registered (but not paid) and then your code continues as if they are just registering for the first time. This seems to me the easiest way for you to code it and also the easiest for your user. It would be more work for you, I would think, to delete that entry then insert it again. So you have to change your logic so it knows when to move that person along instead of do the error.

Link to comment
Share on other sites

It appears that would work. Providing you are checking they are not already paid, in case they try to register when they are already paid. And providing you are sure there is not another person with same username. I assume you have the right checks in place. Looks good to me -- I hope it works out for you.

Link to comment
Share on other sites

Yes you are right. The script will not work exactly as I have it. A person who has completely different information but is using the same Username will get the page that they have already registered, when they probably haven't. SO back to scripting.

 

Thanks,

 

Marie

Link to comment
Share on other sites

 Share

×
×
  • Create New...