Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Oct 2018
    Location
    New York
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Saving what someone wants to buy

    Hello. I have been away from coding for years and feeling very rusty!

    Am working on a website where people can buy a subscription to access premium content.

    The challenge is that unlike a regular ecommerce site, I need to not only handle the shopping/checkout process, but also do account creating similar to how this site does it.

    Originally I wanted to follow the same process that CodingForums uses where you create an account, activate it, and then log in to use the site, and then you would finish buying a subscription, but from what people are telling me, that is a bad idea and they say that lots of people will ditch before finishing things.

    So I am trying to figure out how to capture what they want to buy.

    I don't like using cookies, and I think a session will do, but am unsure?!

    Here is the scenario where I need help...

    A guest is on my website, and they like what they see, and decide theyw ant to pony up $20 to become a member and get access to premium content. They click on "Subscribe" in the menu, and the first thng I do is display a page with a couple of subscription plans (e.g. Silve, Gold, Platunum).

    I want to have them click on one of those options, and then be able to store it temporarily.

    At ths point they are just some random guest on my website, and they will not have a corresponding record in the database.

    Also, if they leave my website or close their browser, I am not certain what to do? Is it understood that their choice gets lost, and it's no big deal?

    Depending on how I tackle what i just described will afefct how I build the rest of the registration and checkout process.

    Hopefully you sorta follow what i am asking about?

    Thanks.

  2. #2
    Master Coder sunfighter's Avatar
    Join Date
    Jan 2011
    Location
    Washington
    Posts
    7,955
    Thanks
    36
    Thanked 1,064 Times in 1,060 Posts
    IMHO, I'd partner up with a business that processes credit card payments and PayPal. Let them be responsible for securing personal information and the process will sign them up as soon as they click the button. These things are done immediately or close to it and you will get a message from the go-between that the payment is done and good (Telling you that you now have money) so you can them place them into your database and get a password and what ever you need to allow them access to the hidden content of your site.
    Evolution - The non-random survival of random variants.
    Physics is actually atoms trying to understand themselves.

  3. #3
    New Coder
    Join Date
    Oct 2018
    Location
    New York
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by sunfighter View Post
    IMHO, I'd partner up with a business that processes credit card payments and PayPal. Let them be responsible for securing personal information and the process will sign them up as soon as they click the button. These things are done immediately or close to it and you will get a message from the go-between that the payment is done and good (Telling you that you now have money) so you can them place them into your database and get a password and what ever you need to allow them access to the hidden content of your site.
    I ask about how to accomplish something on an IT forum and your response is, "Go hire someone to do it for you"

    Seriously?

    (Maybe they should shut down this website and everyone can go hire a vendor? Who knew it was that easy?!)

  4. #4
    Master Coder sunfighter's Avatar
    Join Date
    Jan 2011
    Location
    Washington
    Posts
    7,955
    Thanks
    36
    Thanked 1,064 Times in 1,060 Posts
    ... "Go hire someone to do it for you"

    Seriously?
    Yes, Seriously. This money transaction over the internet has security issues. Large companies have been sued for a breach in the way they handled security, do you want to risk everything you own dealing with this?

    As for the site => It's here to help people with their code, not explain how PayPal works. Maybe if you had posted code you would have gotten a different answer. Maybe our resident security officer would have shown you the errors in your code and explained it.
    Evolution - The non-random survival of random variants.
    Physics is actually atoms trying to understand themselves.

  5. #5
    New Coder
    Join Date
    Oct 2018
    Location
    New York
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by sunfighter View Post
    Yes, Seriously. This money transaction over the internet has security issues. Large companies have been sued for a breach in the way they handled security, do you want to risk everything you own dealing with this?

    As for the site => It's here to help people with their code, not explain how PayPal works. Maybe if you had posted code you would have gotten a different answer. Maybe our resident security officer would have shown you the errors in your code and explained it.
    Maybe you should re-read what I said.

    I never asked for help coding payment processing...

    (And actually, writing code to interact with a payment gateway isn't that hard to do.)

  6. #6
    Supreme Master coder!
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    10,360
    Thanks
    10
    Thanked 1,189 Times in 1,179 Posts
    Are you doing a site from scratch (your own creation), or using WordPress?

    We don't know what "Premium Content" means ... or what your site is selling that requires 'subscriptions'.

    How about this idea ... they may wish to remain anonymous, but require them to at least enter an email address. At that point, you can insert a row in your database with their email address and a random key and a timestamp. If they browse and never add anything to their cart, you can drop their row off the database after a couple days. If they do select something, you add their items to the "order" database table based on their row ID in the "member" table. If they abort at this point, you can now email them with a thank you, and a link to complete their registration (w/ url variable with their random key). If they continue to register, you will then email them to 'confirm' their email. Now they can log-in and continue shopping or paying.

    Your SQL (PDO) database will have several tables. You can read about "normalizing" tables to develop an efficient database. Perhaps a table for "members", a table for "products" (your subscriptions), a table for "orders", which will be the largest table. The tables are all related because the "orders" table will have the ID of the product, the ID of the member, timestamps for when their subscription started, and when it ends.

    https://www.essentialsql.com/get-rea...imple-english/

    The biggest decision is whether or not you store sensitive information about your members. That's where Sunfighter is correct ... you willl not want to store any credit card information. But what other information is sensitive? Probably not an email address, but a person's real address, phone numbers, and even their names might be sensitive. If your site is compromised, someone will have a complete list of your members with names, addresses, emails, and phone numbers. No credit card numbers, but the damage is done ... they now know what people have subscriptions to what products.

    If a person is not at least willing to provide an email address, then they will have to know that anything they select will not be retained. Cookies won't do much good because they can be erased, altered or a person may use a different computer/browser. If they give a fake email address, there's nothing you can do to avoid that.
    Last edited by mlseim; Feb 14th, 2019 at 01:26 AM.

  7. #7
    New Coder
    Join Date
    Oct 2018
    Location
    New York
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    Are you doing a site from scratch (your own creation), or using WordPress?
    God no, I would *never* do WordPress!!!

    This is a hand-coded CMS/ecommerce site.


    Quote Originally Posted by mlseim View Post
    We don't know what "Premium Content" means ... or what your site is selling that requires 'subscriptions'.
    Think of an online newspaper/magazine (e.g. Wall Street Journal) - some content is free to anyone landing on the site (i.e. Unregistered Guests) but to access a lot of the content - which is behind a paywall - you have to be a paid member (i.e. a Subscriber).


    Quote Originally Posted by mlseim View Post
    How about this idea ... they may wish to remain anonymous, but require them to at least enter an email address. At that point, you can insert a row in your database with their email address and a random key and a timestamp. If they browse and never add anything to their cart, you can drop their row off the database after a couple days. If they do select something, you add their items to the "order" database table based on their row ID in the "member" table. If they abort at this point, you can now email them with a thank you, and a link to complete their registration (w/ url variable with their random key). If they continue to register, you will then email them to 'confirm' their email. Now they can log-in and continue shopping or paying.
    There is nothing dirty about my site, and currently I only accept credit cards, so I will know who they are.

    In my original design, a person would click on "Subscribe" and I would *immediately* ask for Username, Email Address, Password and create a Member record and then do other things like Account Activation, Signing TOS, and Make Payment.

    After lots of research, the experts say that asking people to create an account first thing on an ecommerce site is a great way to have lots of people jump ship!!

    So I was trying to figure out how to store what the user does (e.g. choose the "Sliver Plan") and so on.

    Over the last several days, I have decided on a new workflow that seems to be more in line with what UX experts recommend...

    A user chooses "Subscribe", I display a page with membership choices, they choose one, I save that in a PH session, if they choose an option that offers a free eBook, then I take them to the product catalog next to choose their free book, and store that in the PHP session as well, and then I take them to a ONE PAGE checkout form.

    I use what was stored in the session to calculate an order total.

    And then I ask for their username, email, password, sign TOS, and credit card details.

    When they choose "Place Order", I create a record in my database and charge their credit card.



    Quote Originally Posted by mlseim View Post
    Your SQL (PDO) database will have several tables. You can read about "normalizing" tables to develop an efficient database. Perhaps a table for "members", a table for "products" (your subscriptions), a table for "orders", which will be the largest table. The tables are all related because the "orders" table will have the ID of the product, the ID of the member, timestamps for when their subscription started, and when it ends.

    https://www.essentialsql.com/get-rea...imple-english/
    Thanks, but Data Modeling is something I will never forget, so that is easy.

    Just had to get my head back into coding PHP and simply things like sessions.

    I think I feel more comfortable now building this. And to @Sunfighter's comments - Hell no!! I am NOT using software when I can code a better solution myself.



    Quote Originally Posted by mlseim View Post
    The biggest decision is whether or not you store sensitive information about your members. That's where Sunfighter is correct ... you willl not want to store any credit card information.
    That is never a hard decision.

    Only an idiot would store payment details.

    And for recurrent billing, the modern way is to use token... (I know more about this than you gave me credit for, Sunfighter.) ;-)

    But I'm not storing anything dealing with credit cards.

    Only username, email, HASHED password, and order details.


    Quote Originally Posted by mlseim View Post
    But what other information is sensitive? Probably not an email address, but a person's real address, phone numbers, and even their names might be sensitive. If your site is compromised, someone will have a complete list of your members with names, addresses, emails, and phone numbers. No credit card numbers, but the damage is done ... they now know what people have subscriptions to what products.
    Yes, that is a risk, but one you have to take if you run an online business.

    And there are things that can be done to mitigate that risk.


    Quote Originally Posted by mlseim View Post
    If a person is not at least willing to provide an email address, then they will have to know that anything they select will not be retained. Cookies won't do much good because they can be erased, altered or a person may use a different computer/browser. If they give a fake email address, there's nothing you can do to avoid that.
    My original questions were based on not having a revised flow.

    Now that I know I won't ask for the email until checkout, that makes things easier as to my, "But I don't have an email and a member record, so what do I do?!"

    I can just store the chosen member plan and possible free eBook in a session. If they close their browser, tough for them. (No harm, no foul.)

    About the only thing I'm not entirely satisfied with is creating a member record and running theor credit card without a verofoed email. But the consensus I get from others is that I can do that after the order is placed. And that most people paying online will be smart/careful enough to make sure they don't FUBAR their own email address.

    I still would prefer my orig method where you get an activation email immediate after creating your account - just like you do here - but people say that won't jive with consumers during ecommerce checkout, so I have to yield to that advice and favor $$$ over potential for phat-fingered email addresses on occassion.

  8. #8
    Supreme Master coder!
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    10,360
    Thanks
    10
    Thanked 1,189 Times in 1,179 Posts
    I sort of like your idea of offering something for free ... really free, but they have to download the free 'content' of whatever that happens to be. If they are interested in that, you know they are somewhat interested. When they get something for free, you get their email address, which is the most important thing (imo). Some would use the word "baiting", but I don't think it is. You really are giving them a free document of some kind, like an ebook.

    Remember that we don't know who anyone is here on this forum. We all have different talents. I've been told from others here that I give bad advice, but I don't really care. I'm just a guy having fun discussing stuff and learning things from others. We're building websites, not nuclear reactors.

  9. #9
    New Coder
    Join Date
    Oct 2018
    Location
    New York
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    I sort of like your idea of offering something for free ... really free, but they have to download the free 'content' of whatever that happens to be. If they are interested in that, you know they are somewhat interested. When they get something for free, you get their email address, which is the most important thing (imo). Some would use the word "baiting", but I don't think it is. You really are giving them a free document of some kind, like an ebook.
    I think you misunderstood me earlier...

    The website I am building is similar to the NY Times, Washington Post, Boston Globe, Wall Street Journal, etc. (Except I am not selling generic news or financial news.)

    Anyone can land on my site and read articles for free. However, the good stuff is what I call "premium" content, and to read that, you have to buy an annual subscription which requires your Name, Email, and Credit Card/Biling Details.

    There is no "baiting". If you want content you have to pay up.

    If you buy the Premium+ plan, then I throw in an eBook valued at $40 for free. (That could be consdiered an "entiement" but still is not "baiting".)


    Quote Originally Posted by mlseim View Post
    Remember that we don't know who anyone is here on this forum. We all have different talents. I've been told from others here that I give bad advice, but I don't really care. I'm just a guy having fun discussing stuff and learning things from others. We're building websites, not nuclear reactors.
    And I too enjoy intelligent discussions working towards finding solutions to challenging business and IT problems!

    (When people tell me I can't do something - especially coding-wise, and that I should just go buy something, then I roll my eyes at best, and snarl at worst...)

  10. #10
    Supreme Master coder!
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    10,360
    Thanks
    10
    Thanked 1,189 Times in 1,179 Posts
    I'm not able to offer any additional advice or comments. It appears you might already know what the program will be, and how you will accomplish it. Your programming skills are superior to mine, so I'll just say "you got this, keep plugging away".


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •