Subscription based site best practices input

[cjbeck71081]

I am sure i am the thousandth person on here to post asking questions about subscription based websites... but I'm not looking for too much info just a direction to get started in.  I have been programing PHP for years and I have been using(for light security programs) a mysql table to store usernames and passwords and then using a <form> to submit the textfields, pulldown rows that match username & password, and if($row >=1) then let the person into the site.

 

It has worked well in the past but now i want to go to paid subscriptions... and i don't know if that is the best method for storing, accessing and displaying pages that should be password protected for paid registered users.  I.E. i want to bump up the security of it, if that is necessary.

 

So i guess what i am looking for is a place i might be able to read up on best practices for "subscription based sites" and is PHP even the right language for that?  Is there a better programing language for subscription sites.

 

Anyway, any info would be great, this is a fairly generic question so all input is appreciated.

 

[flyhoney]

If I were you I would move to a PHP framework that has user authentication libraries.  This ought to be more secure and robust as opposed to building the site from scratch.

 

Some good frameworks:

Zend

CakePHP

CodeIgnitor

Symfony

 

These all follow the MVC pattern (Model-View-Controller).  They can be a bit tough to figure out at first, but once you get the hang of it your life will improve 10000%. 

 

If you are doing paid subscription stuff, you are going to need a payment gateway, like paypal or authorize.net.  You will also need an HTTPS certificate, anytime you are dealing with money.

[cjbeck71081]

Thanks i appreciate the info. Of those selections which do you prefer?  How do you typically handle the credit card payments, is there any liability in processing payments?  I have typically stuck with PayPal in the past because they handle the entire transaction, therefore reducing the liability to my client.

[flyhoney]

Honestly I have used all of them, and they all have their pros/cons.  I would argue that CodeIgnitor is probably the easiest one to start with, Symfony or Zend being the more complicated ones.  CakePHP is a good compromise.

 

Like you, I have used paypal in the past for all money stuff and I have never worked on a site that saved credit card information.  I'm not super experienced with e-commerce type stuff.

 

I will tell you this, do NOT use GoEmerchant.com. They're terrible.

[cjbeck71081]

Thanks again for your advice, i'm already reading up on Zend.  Thanks

[nitation]

Observation: The poster asked about "paid subscription website" which i think we haven't answered. So far, a paid subscription website is entirely different from a merchant. This is how i figured the question right. An instance;

 

A user visit your website, click on one month subscription and paid for it. Then whatever service you rendering should be available for a duration of one month which is ($today + 30days). After which the product or service should be suspended.

 

Folks, I believe this is what the poster is requesting