Appendix B [ 313 ] The following SQL would create the table for us. CREATE TABLE `book4appa`.`download_access` ( `ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `user_id` INT NOT NULL , `product` INT NOT NULL , `file` VARCHAR( 255 ) NOT NULL , `access_granted` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , INDEX ( `user_id` , `product` ) ) ENGINE = MYISAM ; Providing access When a customer's order is updated to "paid", there are a few stages our framework needs to go through to provide access to these downloadable products: 1. Check to see if any of the products in the customer's order are downloadable. 2. Get a list of the IDs and les for these downloadable products. 3. Create a record in the new table for each of these products. The following code does exactly that! // provide access to downloads $downloadables = array(); First, we lookup the downloadable products. $sql = "SELECT ctp.file, v.name, i.product_id FROM content_types_products ctp, orders_items i, content c, content_versions v WHERE ctp.downloadable=1 AND i.order_id={$order} AND c.ID=i.product_id AND v.ID=current_revision AND ctp.content_version=v.ID"; $this->registry->getObject('db')->executeQuery( $sql ); We then iterate through those downloadable products, and store a copy. if( $this->registry->getObject('db')->numRows() > 0 ) { while( $row = $this->registry->getObject('db')->getRows() ) { $downloadables[] = $row; } This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Downloadable Products [ 314 ] We then iterate through them again, this time inserting them into the access table. foreach( $downloadables as $data ) { $insert = array(); $insert['user_id'] = $orderData['userid']; $insert['product'] = $downloadables['product_id']; $insert['file'] = $downloadables['file']; $this->registry->getObject('db')-> insertRecords('download_access', $insert ); } } Rescinding access Similar to giving access, when the order is refunded, we need to remove this access. elseif( $status == 'Refunded' ) { // remove access to downloads $downloadables = array(); $sql = "SELECT ctp.file, v.name, i.product_id FROM content_types_products ctp, orders_items i, content c, content_versions v WHERE ctp.downloadable=1 AND i.order_id={$order} AND c.ID=i.product_id AND v.ID=current_revision AND ctp.content_version=v.ID"; $this->registry->getObject('db')->executeQuery( $sql ); if( $this->registry->getObject('db')->numRows() > 0 ) { while( $row = $this->registry->getObject('db')->getRows() ) { $downloadables[] = $row; } foreach( $downloadables as $data ) { $p = $downloadables['product_id']; $u = $orderData['userid']; $this->registry->getObject('db')-> deleteRecords('download_access', " user_id='{$u}' AND product='{$p}' ",1 ); } } // we refunded the payment // update the order // email the customer // email the administrator } This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Appendix B [ 315 ] Centralized download area Finally, we come to the actual download area. This just needs to be a simple controller, which lists the users' entries from the access table, along with links to the corresponding downloads. Our controller needs to query the database, cache the results, and add them to a template tag. Obviously, the controller also needs to check that the user is logged in; otherwise, an error message should be displayed. private function listDownloads() { $this->registry->getObject('template')-> buildFromTemplates('header.tpl.php', 'downloads.tpl.php', 'footer.tpl.php'); $u = $this->registry->getObject('authenticate')->getUserID(); $sql = "SELECT p.name, d.file FROM content c, content_types_products p, download_access d WHERE c.ID=d.product AND p.content_version=c.current_revision AND d.user_id={$u}"; $cache = $this->registry->getObject('db')->cacheQuery( $sql ); $this->registry->getObject('template')->getPage()-> addTag('downloads', array( 'SQL', $cache ) ); } The corresponding view le would look like this: <h1>Downloads</h1> <ul> <! START downloads > <li><a href="ourdownloadarea/{file}">{name}</a></li> <! END downloads > </ul> What else is needed? Here we have looked into the bare bones of creating this functionality, but there are still other features and aspects that we would need to implement, including: Editing the create product functionality in the administration area Editing the edit product functionality in the administration area, so that a standard product could be converted to a downloadable product, and vice versa • • This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Download at Wow! eBook Downloadable Products [ 316 ] More security provisions, as discussed Download logging, to ensure that customers are not making a purchase and then giving their login details to others, so they can access the les In most instances, we would only want customers to make a single purchase of these products, as in most cases, duplicate purchases would be redundant Summary In this chapter, we looked into extending our framework to allow downloadable products, for which customers are automatically provided access when their purchase is made. We also looked into removing this access when orders are updated to "refunded". Although this is a very basic implementation, with a number of security issues that would need to be looked into in a live site, it does illustrate how we can quite easily extend the framework to accommodate new features and new types of products. If we wanted, we could easily extend our products' functionality to: Allow subscriptions: This allows upgrading user accounts based on certain purchases. This could be a "gold membership" product, which upgraded a user's permission rights to the site, allowing them to access more areas. Build dynamic downloads: If we were selling software, we could integrate the build process for that, so that license data or customer data is automatically inserted into their copy of the software (that is, the software is built direct from version control specically for that customer, helping to manage licensing and track piracy). E-mail-based products: This is just as we did with our purchasable voucher codes, where a custom e-mail is sent to the customer. E-mail-orle-basedproducts: We could combine our newly-created le-based products with an e-mail-based product, and have the les be sent as e-mail attachments. Drop shipping orders: If we have a supplier who offers a drop shipping service, where they fulll our orders, we could (assuming they had a suitable API) integrate with their systems to have the order dispatched. • • • • • • • • This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Cookbook Throughout the course of this book, we have developed a very exible framework, which we have illustrated several times, by rapidly extending the system to t new needs, or add new features. In this chapter, we will look at some smaller code snippets that can add additional value to our framework. In this chapter, you will learn: How to remind customers about forgotten details How to integrate Campaign Monitor in order to add new customers to our mailing list How to prevent spam signups with reCAPTCHA How to tweet about happy customers each time an order is paid Authentication reminders One useful feature for our framework would be to allow our customers to easily reset their password or to send them notication of their username. Help! I forgot my password! When a customer forgets their password, we can't just e-mail them a copy, because passwords are stored as a hash in the database. We also can't just reset the password, as fraudulent requests for new passwords would become a nuisance for customers. The solution to this is to generate a password reset key when a customer informs us that they have forgotten their password. We then e-mail the customer a link to a "reset password" page, with the reset key in the URL. The reset key is used to verify the customer resetting the password is the owner of that user account. Our users table already has a suitable eld for this, pwd_reset_key; all we need now is the code! • • • • This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 . $this->registry->getObject('template')-> buildFromTemplates('header.tpl .php& apos;, 'downloads.tpl .php& apos;, 'footer.tpl .php& apos;); $u = $this->registry->getObject('authenticate')->getUserID(); . and is licensed for the sole use by jackie tracey on 23rd February 2010 953 Quincy Drive, , Brick, , 08724 Appendix B [ 3 15 ] Centralized download area Finally, we come to the actual download area AUTO_INCREMENT PRIMARY KEY , `user_id` INT NOT NULL , `product` INT NOT NULL , `file` VARCHAR( 255 ) NOT NULL , `access_granted` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , INDEX ( `user_id`