Payment system

[vombomin]

hi guys I really need help with this...

I am making a site that utilises a payment system sort of like Istockphoto.com in fact exactly like Istockphoto.com.

In case you dont know what the Istock payment system is then here's an explanation

Istockphoto has a credit pased payment system which means that

1: you select how many credits you want
2: you get charged so much money based on how many credits you choose (minimum of 10 credits)
3: if payment is successfull credits get added to your account
4: if you buy a picture credits are removed and money is transfered into the uploaders onsite account (prefeably adjustable amounts)

thanks for listening and please I need help ASAP

[etono]

I don't quite know what you are looking for here? I understand the payment credits thing, but what is it that you need help with? Picking a payment gateway?, creating transactions?, storing customer info and credits?, using credits?, and/or downloading images?

From you post I gather that you want info about storing the credits? If so maybe you can just create a new field in your member/customer database table to store the credits. Then, if they wish to exchage credits for downloads, then just update their record to have less credits?

I am sure I missed you point, but I tried

[vombomin]

you got the jist of it... all I really need to know now is how to update the database with the credits that people buy for example

someone has 23 credits and buys another 10.. I need to add the credits they already have and the credits they have just purchase together and then update the database with that value and also i need to subtract credits with every download...

when the site is finished I'll post what done just incase anyone else wants to do what i am doing.

[etono]

Are you using a MySQL database? I am sure someone else can give you a better SQL statement where you can update the amount right from the statement, but you can always select the amount with:

Code:

$id = 5  //random customer id
$sql = "SELECT credits FROM customers WHERE customer_id='$id'";
$result = mysql_query( $sql );
if( mysql_num_row( $result ) == 1 ) {
    $credits = mysql_result( $result, 0, 'credits' );
    
    // if this is a purchase add to the credits
    // $credits += $purchased_credits;

    // we will assume this is a download though
    $credits -= $credits_used;

    // we have the new credits so update the database record
    $sql = "UPDATE customers SET credits='$credits' WHERE customer_id='$id'";
    mysql_query( $sql );
}

I hope someone will update this because I am interested in how to do more with my SQL statements. Hope some of this will help you!

[vombomin]

thanks I'll change what needs changed and add a few more bits to it like maybe something to read the users id from the database using the username... I'll post that when I've done it

[etono]

Why don't you save the users id number when they login to a session variable? Then you will have access to it from all your pages. Of course you will need to make sure to start the session on each page though...

Code:

<?php
session_start();
$_SESSION['cust_id'] = $customer_id;  // save to a session
?>

[vombomin]

Good idea... necer thought of that... thanks... I'll get to work on implementing that straight away... thanks for all your help

[vombomin]

ok what I need now is to register the user... i have the form there but dont know how to make it so that the credits are automatically set to 0 (also in the database should credits be CHAR or INT?)

the script is starting to take form now... still quite a way to go but hopefully with everyones help I can make this open source and I want to thank etono for his help

edit: heres the register script so far have commented out db connect to show what the form looks like (aint pretty)

so here it is

PHP Code:

<?php
//require('db_connect.php');    // database connect script.
?>

<html>
<head>
<title>Register an Account</title>
</head>
<body>

<?php


if (isset($_POST['submit'])) { // if form has been submitted
    /* check they filled in what they supposed to, 
    passwords matched, username
    isn't already taken, etc. */

    if (!$_POST['uname'] | !$_POST['passwd'] | !$_POST['passwd_again'] | !$_POST['email']) {
        die('You did not fill in a required field.'<a href="javascript:history.go(-1);"> Go Back One Space </a>);
    }

    // check if username exists in database.

    if (!get_magic_quotes_gpc()) {
        $_POST['uname'] = addslashes($_POST['uname']);
    }



    $name_check = $db_object->query("SELECT username FROM users WHERE username = '".$_POST['uname']."'");

    if (DB::isError($name_check)) {
        die($name_check->getMessage());
    }

    $name_checkk = $name_check->numRows();

    if ($name_check != 0) {
        die('Sorry, the username: <strong>'.$_POST['uname'].'</strong> is already taken, please pick another one.');
    }
    

    // check passwords match

    if ($_POST['passwd'] != $_POST['passwd_again']) {
        die('Passwords did not match.');
    }

    // check e-mail format

    if (!preg_match("/.*@.*..*/", $_POST['email']) | preg_match("/(<|>)/", $_POST['email'])) {
        die('Invalid e-mail address.');
    }

    // no HTML tags in username, website, location, password

    $_POST['uname'] = strip_tags($_POST['uname']);
    $_POST['passwd'] = strip_tags($_POST['passwd']);
    $_POST['website'] = strip_tags($_POST['website']);
    $_POST['location'] = strip_tags($_POST['location']);



    // check show_email data

    if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) {
        die('Nope');
    }
    
        // check if email exists in database.

    if (!get_magic_quotes_gpc()) {
        $_POST['uname'] = addslashes($_POST['uname']);
    }



    $name_check = $db_object->query("SELECT email FROM users WHERE email = '".$_POST['email']."'");

    if (DB::isError($name_check)) {
        die($name_check->getMessage());
    }

    $name_checkk = $name_check->numRows();

    if ($name_checkk != 0) {
        die('Sorry, the email: <strong>'.$_POST['uname'].'</strong> is already registered, please enter another one.');
    }

    /* the rest of the information is optional, the only thing we need to 
    check is if they submitted a website, 
    and if so, check the format is ok. */

    if ($_POST['website'] != '' & !preg_match("/^(http|ftp):///", $_POST['website'])) {
        $_POST['website'] = 'http://'.$_POST['website'];
    }

    // now we can add them to the database.
    // encrypt password

    $_POST['passwd'] = md5($_POST['passwd']);

    if (!get_magic_quotes_gpc()) {
        $_POST['passwd'] = addslashes($_POST['passwd']);
        $_POST['email'] = addslashes($_POST['email']);
        $_POST['website'] = addslashes($_POST['website']);
        $_POST['location'] = addslashes($_POST['location']);
    }



    $regdate = date('m d, Y');

    $insert = "INSERT INTO users (
            username, 
            password, 
            regdate, 
            email, 
            website, 
            location, 
            show_email, 
            last_login
            credits) 
            VALUES (
            '".$_POST['uname']."', 
            '".$_POST['passwd']."', 
            '$regdate', 
            '$credits',
            '".$_POST['email']."', 
            '".$_POST['website']."', 
            '".$_POST['location']."', 
            '".$_POST['show_email']."', 
            'Never')";

    $add_member = $db_object->query($insert);

    if (DB::isError($add_member)) {
        die($add_member->getMessage());
    }

    $db_object->disconnect();
?>


<h1>Registered</h1>

<p>Thank you, your information has been added to the database, you may now <a href="login.php" title="Login">log in</a>.</p>

<?php

} else {    // if form hasn't been submitted

?>
<h1>Register</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username*:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Name*:</td><td>
<input type="text" name="name" maxlength="50">
</td></tr>
<tr><td>Password*:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td>Confirm Password*:</td><td>
<input type="password" name="passwd_again" maxlength="50">
</td></tr>
<tr><td>E-Mail*:</td><td>
<input type="text" name="email" maxlength="100">
</td></tr>
<tr><td>Website:</td><td>
<input type="text" name="website" maxlength="150">
</td></tr>
<tr><td>Location</td><td>
<input type="text" name="location" maxlength="150">
</td></tr>
<tr><td>Show E-Mail?</td><td>
<select name="show_email">
<option value="1" selected="selected">Yes</option>
<option value="0">No</option></select>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>

<?php

}

?>
</body>
</html>

[etono]

I would make the credits an INT. You can just specify when you add the user to the database to start the credits at zero. If you are using a MySQL database you can escape your text using the function mysql_escape_string(). Also after you have verified that your post data is valid you may want to put it into an array, so that you are certain the array contains "clean" data ready to be inserted into the database. Also rather than escaping out of quotes within your sql statement you can use the curly braces for arrays.

Code:

$mysql = array();
$mysql['uname'] = mysql_escape_string( $_POST['uname'] );
$mysql['passwd'] = md5( $_POST['passwd'] );
//and so on for all variables


//I shortened the sql obviously you would add all fields
$sql = "INSERT INTO users ( username, password, credits ) VALUES ( '{mysql['uname']}', '{mysql['passwd']}', '0')";
mysql_query( $sql );