Geeklog Forums

I am not a programmer (more like amature system admin) but I am trying to write a minimalist script which could be quite interesting for the community. It will allow paid subscription for Geeklog membership levels (groups) and/or access to different downladable products. (I refer to this thread). Below is what I can do myself, in terms of making it happen. But I need help from somebody who knows GL data structure and basically can write one SQL command. Here we go ...

Features

A registered user at GL site is presented with an option to become a paid subscriber and to receive access to certain content (articles, or articles with download links). When he clicks on "purchase" button he is taken to the site of credit card processing company (like paysystems. com etc.). After he has completed his transaction he will be assigned to a GL group that has access to member content or to pages with downloadable files.

Pre-conditions:

script "subscribe.php" is located in a separate directory under GL public_html directory

access to this script is controlled by .htaccess file (apache mod_rewrite); a rewrite rule specifies which referer may access this page (will be "*.cardprocessor.com" or something). So, no other security features are needed. If page is accessed by somebody else it gets redirected to a "homepage" and optionally the incident will be logged. This makes it unnecesary to integrate "subscribe.php" script with GL security system.

a geeklog user group should be created beforehand by admin through standard Geeklog interface, the group should be named "product1" (there may be several groups like that").

script has following config variables defined:

• group1 ="product1";
• group2 ="product2" etc.

includes lib-config.php for db access

Execution

script is called by credit card processing company when upon successful transaction. The url to be called passes one parameter to the subscribe.php script (call it $purchased). For example, $purchased="product1" (i.e. when configuring the cardprocessor account, the admin gives them as "success page" the following url:

Again, mod_rewrite should ensure that this script is never accessed by anyone but cardprocessor server (it is probably possible to fake referer headers, but let's live with that).

now, when script is called, the script does the following things:

1. fetches user id of current user (from session data? from cookie?)
2. depending on "purchased" variable, selects which group the user should be subscribed to.
3. executes SQL to assign $groupname to current user.
4. writes log about transaction success and exits. otherwise display error, sends email to admin and advises client to contact admin with his transaction confirmation from cardprocessor.

Now the user who successfully paid for "product1" is member of "product1" geeklog group and can access protected page where he can download his product. He can return many times and download it again by simply logging in. Also, we may define a special geeklog group "Support" to which only members of "productX" group will have access.

Do you think it can work? I think, GL session may expire while user is filling in credit card at cardprocessor site so subscribe.php script may actually require user to re-login and this will complicate the script by including login function...

Can anyone of Geeklog community help me with this piece of PHP code? SQL portion is what really a problem for me. I intend to document this script well and make it available to the community.

I don't know PHP, SQL, don't have any money, and am new to GL but I hope you can get this going. If there is anything other than those things I can do to help I will. I know that doesn't really answer your questions but I just wanted to give moral support for what it's worth. Mark

It would probably be better (and more secure) to modify something like: http://www.perl-studio.com/php/paypal_members/ or similar scripts for other credit card processing companies. The server to server communications (or B2B if you prefer) are more reliable and provide a better level of security. You can probably google around for more examples. -Vinny

I was wondering how many products that you were thinking of and would these products just map to topic areas or plugins that would require this group membership?

I ask as it may get interesting if there are 50+ groups to manage. The other way although similar is to create rights or permissions which are then assigned to a group.

I created a block recently for managing features (rights) and groups - refer to topic here

I would be using $_USER['uid'] for the user id. The $_USER array is set when the Geeklog session is created.

Regarding creating groups and assigning groups: I'd suggest you look at a plugin install.php which automatically creates new groups and assigns the root user to the new groups. The code is there and is pretty clear.

Blaine

---

Geeklog components by PortalParts -- www.portalparts.com

First, thanks everybody for comments.

Vinny, I've scanned available scripts on the net, as you recommended, and understand the issue much better now. Basically, what I was proposing is "call-back" script to which the cardprocessor POSTs results of successful transaction. This script on geeklog server needs to to a) filter the input and ensure it doesn't contain code from "bad people" (done with regexp) b) do something with variables it received (order number, client address etc. normally, no credit card number is passed back). For example, simply email summary to admin. Or, as I suggested, assigns user to a paid group. Variables differ from cardprocessor to cardprocessor but principle remains the same. There is a sample script for PayPal illustrating the point.

Blaine, the number of product groups is dependent on what kind of products you're offfering. If we are talking about several levels of subscription then GL groups will do just ok. If we sell hundreds of individual products then of course it wouldn't be feasible to create a group for each paperclip. You may still want to make "customer support" group for all clients.

In case of several downloadable products:
We need to provide(re)download link to an individual client (without using GL access groups) I think the solution may be a) creating url to a normally hidden file through MD5 salted with, say, client id number b) emailing this link to individual client; or dynamically generating such link on GL site for this client so that only client with this ID will be able to access the file.

I think implementing a call-back script that subscribes a user to a group is a bare minimum to give GL some commerce functionality. This may eventually grow into a plugin that could include subscription period management (unsubscribe after a period); or integration with a shopping cart (which should be easy) and remembering customer details from purchases (less easy).

By the way, I'm progressing with the script - DB group insert part is done, working on "POST" data cleaning. Should I post code so far?

I'm also interested in a micro - payments type system, where someone pays in paypal for lets say 50 cents, and they are either able to get access to post an add or something similiar. Would this be doable?

Just wondering if this was still being worked on or not? Thanks.

If you absolutely must have a micropayment system for GL one does exist. For a price. For $149.95 you can buy DreamAccount. Visit description on hotscripts.com here...

http://hotscripts.com/Detailed/10350.html

Official website

http://dreamcost.com/?page=dreamaccount&aid=4

Any other current GL solutions?

well if anyone realy wants this i might do it if the price is right

---

glFusion - Technology Fused with Style - www.gllabs.org

I wish I could afford it.

Rgds