PHP Payment Accounts System

[johnsmith153]

I need to create a system for storing online accounts of members.

 

My PHP skills should be good enough - or I should be able to get by eventually.

 

I just need some comments about how I would go about it.

 

User pays:

I would use a payment portal - for example PayPal. I imagine that PayPal may send a http message to a given url / or be some form of web service etc. - not looked at it. Either way the result would be me inserting a record into a database that would simply be "date", "amount-paid" etc.

 

Is that enough? Just a database record?

 

User is charged:

Insert another database record showing the charge. (different field of course)

 

Show account balance:

Display all records and add up the charges and payments.

 

Simple, I suppose. Is that how other people do it??

 

One thing for certain, you wouldn't want any errors in your code here - certainly if the error was to their advantage!

[ILMV]

Unless you have lots of time / cash to spend, leave it to the 'experts', so look at PayPal as a payment merchant thingy.

 

Its worth reading on how their service works, because I have not yet used it.

 

 

It is my assumption that you will have a specific landing page for PayPal, that returns the relevant information you require, payment successful, amount etc...

 

ILMV

[johnsmith153]

I'm not concerned about the payment portal - PayPal, Worldpay there are loads, and I will certainly not be looking at getting my own Credit Card Merchant Account with a bank.

 

My question is purely how you do the PHP side.

 

So the payment provider for example might send a http request to www.mysite.com?uniqueCustAccount=fhweyhitgtgryhrgtu&userid=345&paidAmount=20

 

I then pick up all this info, check security and credit user 345 with £20/$20 to their account.

 

It is how I store the fact they now have £20 added to their account AND when I then charge them how I would store this too.

 

Is my method mentioned in my first post suitable / secure enough?

[sloth456]

Each of the payment portals have different ways of communicating with them.

 

It is best to pick one (I suggest paypal as you have mentioned) and read up on the documentation they provide.

 

One simple way to do it with paypal is to create a paypal button that has variables such as "price" and "title of item being bought" and what the "thank you page" is.  When clicked the user is sent to paypal where they enter their details and pay and once the payment is complete they are sent to a thank you page that you specify, this can be a php file that creates records in databases etc.  You can either get paypal to pass data to the thank you page, such as what they bought, etc;  or you can setup a seperate thank you page for each item and in the paypal button you create just specify the appropiate thank you page.

 

There are of course much more secure ways of doing it, I was just giving a vague example.  Main thing is to go read up on the documentation provided at the payment portal.

[johnsmith153]

Again, it is not reallty what I am asking.

 

Forget the payment-provider.

 

Once payment is received, how should my database store payments, charges and then display a statement? (my first post explains)

 

I admit, I scan over forum posts, especially ones that are boring. So if you are able to help, then reading just the first post and agnoring all the others will give you enough information as to what I am looking for.

 

Sorry if I have typed so much that people don't want to read the entire post - I often get accused of typing too much detail.

[JasonLewis]

Yes that's how I would do it, or along those lines.

 

PayPal sends the data back and you can simply retrieve that data then store a statement in the database. Just get a vague idea of what a PayPal statement looks like so you can store yours as the same. You just want it as proof really, is that right? I'm sure PayPal would also store receipts and what not so don't worry to much. But if you just want it as proof or as a sort of "Buying History" then you only need to store the basics of the purchase.

[sloth456]

how should my database store payments, charges and then display a statement?

 

As per your requirements.  I don't understand why you're asking us?

[johnsmith153]

Thanks ProjectFear, it seems what I thought was obvious, probably is.

 

My concern would be if my code generated an error that benefitted the user financially - but I suppose that is my problem. I was thinking of some form of double-checking method. I am probably going to have some manual checks to ensure actual payments / charges inserted into the dbase match actuals.

 

My system is actually for membership at a physical event - where users will pay:

(1) cash in person

(2) using an online direct debit system (this may be UK only - it is just an automated bank withdrawal method)

(3) PayPal

(4) an online mobile phone payment method (user enters mobile number into system to pay)

(5) a method where someone can buy a voucher in a local shop and enter this number online creditting their account

 

As charging can also vary by amount:

(1) some will subscribe to certain things / some wont

(2) some will attend phsically / some wont

(3) initial joining fee

 

And the method of charging will also vary:

(1) Somebody based a long way away from the company head office will go on a web page, login and register various things from above (cash payments, attendance etc.)

(2) The system will also automatically charge people based on subscription services.

 

There are no cash tills / systems at the event. The two members of staff take the money, then use a computer at their home address to enter the data. (and pay cash into a bank etc. later)

 

So an accurate account is important. It is not just where someone pays £50 and we send them out a product etc. Accounts can run into the red, and can also contain large amounts on some occasions (if somebody paid monthly in advance etc.)

[sloth456]

I'm not an expert on making it all secure.  But certainly I would definately check payments recorded on your database against the reciepts generated in your paypal account to make absolutely sure the payment has come through.