Credit system

[slj90]

What is the best practise for websites that use a credit system? For example a website that allows a user to purcahse credits and spend them on the website. Is it as simple as increasing/decreasing their user data in the mysql table? How would more security be added to that process to avoid users editing how many credits they have etc.

 

Thanks,

[mac_gyver]

it as simple as increasing/decreasing their user data in the mysql table?

 

 

no it's not that simple. you would do this like your bank or credit-card company does it, by storing a record for each transaction that lists the date, amount (credits are +amounts, debits are -amounts), and information about the transaction (confirmation number for payments, name/reason for each debit).

 

to avoid users editing how many credits they have etc

 

 

why would you have any code in place that would allow a user to directly affect these amounts? the user should only have 'permission', through your code, to display the amounts and cause events to occur that enter a transaction for that user. for credit (+) transactions, you would verify with the payment gateway that the user made a payment before entering a row in the database table with the amount. for debit (-) transactions, you would only enter those if you know who the user is and if this is dealing in real money, you would re-verify who the user is by having him/her re-enter their username/password.

[QuickOldCar]

Can look into stripe or paypal as a payment gateway.

 

So that is just the part them purchasing credit packages x amounts.

Check request and verify they actually paid, once get that add the credits to their account.

 

As for on site is a matter of doing a -1 for their credits upon usage.

When out of credits a reminder or link to purchase more credits.