Setting up a Privatesite - or Members-Only area using IPN and .htaccess

Let us assume you are selling an infoproduct "Stealthmailer", and that
the file that you want to deliver is "stealthmailer.zip".

If you wanted to set up a Members-Only password protected area for downloading
this product, and you also wanted to assign unique passwords in real time to paying
customers, then it is quite simple to set this up using IPN.

A typical scenario to set this up involves a PHP script, and a web site with .htaccess capability
(this is Apache's folder level authentication feature. In all probability, your web site is powered by Apache.
:

1. You put your "StealthMailer.zip" in a folder by name products.
   
   
2. You add a file called ".htaccess" to it.
   
   The moment you add this file to the products folder, the folder becomes password protected
   and when you try to access your "StealthMailer.zip" file by typing in:
   
   http://www.YourSite.com/products/StealthMailer.zip
   
   it pops up a window alerting you to enter a user name and password.
   
   
3. Let's say that all usernames and passwords are stored in a passwords file called ".htpasswd" in the same directory.
   
   
4. You then set up the Paypal Download Protector which basically does the following:
   
   When someone successfully pays you for your StealthMailer product through Paypal,
   Paypal activates the Paypal Download Protector, which then creates a login name (the buyer's Paypal email address)
   and a random password (Paypal Payment Transaction Number for the successful payment),
   writes the login and password into your "password" directory (.htpasswd), and then
   sends your buyer an email stating the url for the download (http://YourSite.com/products/StealthMailer.zip),
   the login (his Paypal email that he used for paying you) and the password (transaction number) -
   all in one shot, and then exits, and hands control back to Paypal.
   
   
5. Paypal then displays your "Thank You" page that you specified in the "return_url" field
   on your sales page.
   
   
6. This page contains nothing but a message that states :
   
   Thank you for buying the StealthMailer.
   
   Please check your email associated with your Paypal account
   for details about how to download the StealthMailer.
   
   
7. Thus, even for someone who tries to visit your 'Thank-you' page without
   paying you first, will see only the above message, which really is of no good
   to them, because they CAN"T lay their hands on your StealthMailer!
   
   

You can use the same script - the Paypal Download Protector - to deliver
any number of products, using the exact same IPN notification url, simply by
adding a custom variable to your sales pages, as shown below.

Adding a Custom variable to your Sales page (Paypal "Buy" button)

Being a paypal seller, you obviously already know how to setup a
buy button.

Here's a sample sales page containing the code for your "Buy" button:

<html>
<head>
<title>Stealth Mailer Sales Page</title>
</head>

<body bgcolor="#FFFFFF" text="#000000">

Click here to pay and download your ebook:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="ravi@cyberconnexions.com">
<input type="hidden" name="item_name" value="1">
<input type="hidden" name="custom" value="stealthmailer">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="$19.99">
<input type="image" src="https://www.paypal.com/images/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="return" value="http://www.WebmasterInABox.net/thankyou.html">
<input type="hidden" name="notify_url" value="http://www.WebmasterInABox.net/ipnscript.php">
</form>

</body>
</html>

The form is pretty straight forward - this is the one that
Paypal generated for me when I put in an item name, item number and price
of the product that I want to sell.

However, there are 3 items in this form (highlighted in blue)
that I want you to pay attention to:

1. <input type="hidden" name="custom" value="stealthmailer">
This is the only extra field that you would have to add to your buy button
forms, if you already have any. Using the variable "custom", you will need
to pass to Paypal the name of the folder where your e-product is available
on your site.

The paypal download notify script that we have will then pre-pend the text
"http://www.YourSite.com/products/" to it, to make the resulting url as:

http://www.YourSite.com/products/stealthmailer

This is the url which will be emailed to your buyer from the notify script,
along with his username (his paypal email id) and password (which is the unique
transaction id generated by Paypal for that transaction.)

When they arrive at this url, they will be presented with a login prompt.
If they enter the correct login and password, they are then logged in
and they then see index.html which talks about your e-product, and
also has a link to it (make sure that the info product is also within
the same "products/stealthmailer" directory, as this directory is
password protected by default.

2. <input type="hidden" name="return" value="http://www.WebmasterInABox.net/thankyou.html">

Make sure your thank you page does not have any secure
information. Even if somebody visits this page, all it will say
is "Thank you for your purchase. Please check your paypal email
account for information on how to access the product that
you just bought."

You may also use this page to display any support or contact
information, in case they have any post-purchase questions
or concerns.

3. <input type="hidden" name="notify_url" value="http://www.WebmasterInABox.net/ipnscript.php">

The script is written in such a way that even if someone tried to visit the above download notify url,
they will only get a blank screen, and also an email message notifying you of the illegal attempt
to access the page, sent to your admin email account that you've specified in the Paypal Download
Protector's configuration file.

Testing the whole flow:

This is the last, but definitely not the least of the whole process.

To test the whole flow, you will have to send yourself a payment.

Now, if you're already selling through Paypal, then obviously you
have a verified premium account.

Now, Paypal allows you to have two accounts - a personal account
and a premium (or business) account. So, you will need to sign up
for a free personal account and then add a credit card to this account.

Once that is done, then this new personal account will act as your "Payer" account
and your existing premium account will be the "Seller" account.

The buy button needs to be setup with information about your "Seller" account.
See sample form above.

<input type="hidden" name="business" value="ravi@cyberconnexions.com">

Once that is done, simply publish the page containing the button to your
web site, visit your web site just like your visitor would, click on the buy
button, and make a successful payment by logging into your "buyer" account.

Do you have a ready-made script that can help me set up IPN on my web site?