User Accounts for Restricted Content


#1

Hello everyone, my name is Garrett, and I’m a newby to PHP.
I have programmed in HTML for the past 6 years, and this is the first time that I must make a website with User Accounts.

My website requires users to Sign Up for access to Restricted Content. From my research, I have found that PHP with PayPal seems to be the best way to go.

What I need to do is:

  1. Provide a Sign-Up service.
  2. Gather Information on my Clients through the registration process.
  3. Charge $X for access to Restricted Content (RC).
  4. Have a Log-In service for access to the RC.
  5. Only allow members to access the RC.
  6. After Sign-Up, have a PHP Script dynamically create a webpage based on user input.

Can anyone point me to some tutorials that can guide me through this?
I really appreciate anything ya’ll can do for me!

One more question:
Do I need a certain file on my server to allow PHP to occur?


#2

To see if you have PHP you can do 2 things… 1) Call your hosting service and ask :slight_smile: If you have problems let us know and we will do our best to help and explain what is going on. Unfortunately you will be trying to run LOOOONG before you start to crawl, so be prepared to be confused.

Oh and remember you can always check into premade scripts first. We unfortunately don’t help people alter those to fit their sites though so you will be on your own there.


#3
To see if you have PHP you can do 2 things... 1) Call your hosting service and ask or 2) create a small script on your website (most call it phpinfo.php) and try to pull it up through a browser. Script(made in Notepad and saved with quotes around the name): [code]<?php phpinfo(); ?>[/code]

I did this, and all I got was the code above on a webpage. This is not on my production server however, it is still being set up for internet use. I am running a dual Athlon system with Windows Server 2000. How can I enable PHP on this machine? Or is it already enabled by default?

This should bring up a series of tables with PHP information related to your sites capabilities. (You should NEVER leave this page available for anyone else to see... A HUGE security hole.)

Thank you for this information, for security is a concern.

Now since you are just beginning to learn PHP (assuming you have NO programming experience but plenty of presentation experience) - There are plenty of places to go for tutorials on the web and various books available. For a tutorial specifically for PHP and Paypal check out the Zend tutorials ( http://www.zend.com/zend/tut/ ) there is one specifically for Paypal ( Paypal, the PHP approach), but be warned this is a pretty advanced tutorial. There a various excellent tutorials for beginners at http://www.codewalkers.com in the tutorials/basics section to help explain some of the things you will see while doing the Zend tutorial. I would reccomend looking over the Zend tutorial and then trying line by line to understand what is going on.

True, I mostly specialize in presentation, but I do know programming logic. I’ve never taken a programming language class, but I did have the time to learn the logic, so I hope this will assist the learning process.
I’m reading over the PHP/Paypal Tutorial now.

So did I give you enough direction? If you have problems let us know and we will do our best to help and explain what is going on. Unfortunately you will be trying to run LOOOONG before you start to crawl, so be prepared to be confused.

Yes, you’ve helped alot! However, be prepared to hear more questions :)

Oh and remember you can always check into premade scripts first. We unfortunately don't help people alter those to fit their sites though so you will be on your own there.

I understand that, and I want to create this on my own anyhow. Off the top of your head, do you know of any premade scripts that can help me with what I need?

Thanks again!


#4

If you only got the plain text for the script LIG gave you then you probably don’t have PHP installed.

To download PHP for windows you can go to http://www.php.net/downloads.php. There are a couple of versions based on using IIS or using APACHE so make sure you chose the right one.

You mentioned that you tested it on a machine that was NOT your production server. It’s important to note that there are some differences on the various platforms (i.e. windows vs linux/unix) and of course certainly between versions. That being said, it’s best to try and mirror your production server with your development. server.

Good luck and happy coding.


#5

OK, I finally got PHP up and running. I installed Apache and MySQL as well. I figured out a whole lot, and got PHPMyAdmin on.
I’m following the Zend Paypal and PHP Article
[http://www.zend.com/zend/tut/tutorial-paypal.php]

Now whenever I create users under the Users table in the paypal_tutorial database, it wont allow me to log in with the user/pass that I specify. I can log in as root with no password. I am using the paypal_tutorial database and the tables which are created by following the tutorial. These are my scripts:

IPN.php

<?php 
### LISTING OF ipn.php 
define ("DBHOST", "localhost"); 
define ("DBNAME", "paypal_tutorial"); 
define ("DBUSER", "root"); 
define ("DBPASS", ""); 

### CONNECT TO THE DATABASE 
function DatabaseConnect() { 
    if (!($mylink = mysql_connect(DBHOST, DBUSER, DBPASS))) { 
        echo mysql_error(); 
        exit; 
    } //fi 
    mysql_select_db(DBNAME) or die(mysql_error()); 
} // end function 

DatabaseConnect(); // this will automatically connect us 

// below supported vals that paypal posts to us, this list is exhaustive.. but 
// without notify_version and verify_sign NOTE: if in is not in this array, it 
// is not going in the database. 

$paypal_vals = array("item_name", "receiver_email", "item_number", 
    "invoice", "quantity", "custom", "payment_status", 
    "pending_reason", "payment_date", "payment_gross", "payment_fee", 
    "txn_id", "txn_type", "first_name", "last_name", "address_street", 
    "address_city", "address_state", "address_zip", "address_country", 
    "address_status", "payer_email", "payer_status", "payment_type", 
    "subscr_date", "period1", "period2", "period3", "amount1", 
    "amount2", "amount3", "recurring", "reattempt", "retry_at", 
    "recur_times", "username", "password", "subscr_id", "option_name1", 
    "option_selection1", "option_name2", "option_selection2", 
    "num_cart_items" 
); 

// build insert statement 
while (list ($key, $value) = each ($HTTP_POST_VARS)) { 
    if (in_array ($key, $paypal_vals)) { 
        if (is_numeric($value)) { 
            $addtosql .= " $key=$value,"; 
        } else { 
            $newval = urlencode($value); 
            $topost .= "&$key=$newval"; //used later in reposting 
            $value = addslashes($value); 
            $addtosql .= " $key='$value',"; 
        } //fi 
    } //fi 
    $entirepost .= "[$key]='$value',"; 
} //wend 

$entirepost = addslashes($entirepost); // just in case.. 

$addtosql = substr("$addtosql", 0, -1).";"; //chop trailing "," replace with ";" 

$sql1 = " 
    INSERT INTO accounting_paypal 
    SET date=now(), entirepost='$entirepost',". $addtosql; 
mysql_db_query(DBNAME, $sql1) or die($sql1); 

// We could use this in a log, or to track which users have which payment. 
$paypal_id = mysql_insert_id(); 

if ($HTTP_POST_VARS['payment_status'] == "Completed" 
    || $HTTP_POST_VARS['payment_status'] == "Pending") 
{ 
    $username = $HTTP_POST_VARS['payer_email']; 
    $sql = " 
        UPDATE users 
        SET paid = 'Y' 
        WHERE username = '$username' 
    "; 
    $result = mysql_db_query(DBNAME, $sql) or die($sql); 
} //fi     
### END LISTING OF ipn.php 
?> 

And als index.php.

<?php 
### LISTING OF index.php 
### first some definitions we will be using. 
define ("DBHOST", "localhost"); 
define ("DBNAME", "paypal_tutorial"); 
define ("DBUSER", "root"); 
define ("DBPASS", ""); 

define("PAYPAL_USER", "you@youremail.com"); 
define("PPLINK", "https://www.paypal.com/xclick/business=". 
    PAYPAL_USER. 
    "&item_name=members_payment&item_number=1". 
    "&amount=10.00&no_note=1&currency_code=USD"); 

// our login form for user logins 
$SHOW_LOGIN_FORM = <<<ENDFORM
    <br /><br /> 
    <center><form method='post' action='$PHP_SELF'><table> 
    <tr> 
        <td>Username: </td> 
        <td><input name='username' type='text' value=''></td> 
    </tr> 
    <tr> 
        <td>Password: </td> 
        <td><input name='PASSWORD' type='password' value=''></td> 
    </tr> 
    <tr> 
        <td colspan='2' align='center'> 
            <input type='submit' value='Log In'> 
        </td> 
    </tr> 
    </table> 
    </form></center> 
ENDFORM;

// a function to handle setting cookies. 
function sec_setcookie($var, $val, $modify=3600) 
{ 
    $exp = gmstrftime("%A, %d-%b-%Y %H:%M:%S", time() + $modify); 
    $dom = $GLOBALS["HTTP_HOST"]; 
    if (preg_match("/^(.*):(.*)$/", $dom, $arr)) { 
           print_r($arr); 
        $dom = $arr[1]; 
    } 
    $parts = explode(".", $dom); 
    $dom = ".". $parts[count($parts)-2]. ".". $parts[count($parts) - 1]; 
    setcookie($var, $val, time() + $modify,"/", $dom, 0); 
    ${$var} = $val; 

    global ${$var}; 
} //end function 

### CONNECT TO THE DATABASE 
function DatabaseConnect() 
{ 
    if (!($mylink = mysql_connect(DBHOST, DBUSER, DBPASS))) { 
        echo mysql_error(); 
        exit; 
    } //fi 
    mysql_select_db(DBNAME) or die(mysql_error()); 
} // end function 
DatabaseConnect(); // this will automatically connect us 


### NOW THE LOGIC 
// first see if we have a post 
if ($HTTP_POST_VARS['username'] && $HTTP_POST_VARS['password']) { 
    $sql = " 
        SELECT * 
        FROM users 
        WHERE username = '$username' 
            AND password = '$password' 
    "; 
    $result  = mysql_db_query(DBNAME, $sql); 

    if (mysql_num_rows($result) > 0) { 
        $info = mysql_fetch_assoc($result); 
        if ($info[paid] == "Y") { 
            sec_setcookie("username", $username); 
            sec_setcookie("password", $password); 
        } else { 
            echo "<center><font color=red><b>ERROR, ACCOUNT NOT PAID</b></font><br> 
            <a href=".PPLINK.">CLICK HERE</a> to pay for service.</center>"; 
            die(); 
        } //fi 
    } else { 
        sec_setcookie("count", $count + 1); 
        echo "<center><font color=red><b>ERROR IN LOGIN - SIGN UP FOR AN ACCOUNT FIRST</b></font></center>"; 
        if ($count > 3) { 
            echo "<center><font color=red><b>TOO MANY ATTEMPTS, TRY LATER</b></font></center>"; 
        } else { 
            echo $SHOW_LOGIN_FORM; 
        } //fi 
        die(); 
    } //fi 
} //fi 

if($_COOKIE['username'] && $_COOKIE['password']) { 
    $sql = " 
        SELECT * 
        FROM users 
        WHERE username = '$username' 
            AND password = '$password' 
    "; 
    $result  = mysql_db_query(DBNAME, $sql); 

    if (mysql_num_rows($result) == 0) { 
        # clear the cookies 
        sec_setcookie("username", ""); 
        sec_setcookie("password", ""); 
        echo $SHOW_LOGIN_FORM; 
        die(); 
    } //fi 
} else { 
    echo $SHOW_LOGIN_FORM; 
    die(); 
} //fi 
?> 
HERE IS THE PAID FOR PAGE. 

Is these something wrong in my code? Whenever I try to log in with any account, paid for or not, it tells me to sign up for an account.

Does anyone know where to find a script that will handle user registration?

Thanks for all of the help.
[/url][/code]


#6

UPDATE

I finally found some scripts to help me make what I need!

They handle user registration, login, and limited access to my site.
The only problem I face now is integrating this with PayPal.

I want the registration process to allow me to collect user information and allo them to make a transaction from the same page, then output what they enter into a website (not transaction details, but the other data they enter, i.e. favorite websites). Can anyone point me towards some tutorials that handle this?