Is an custom field accesible via URL/Search query etc.? - wordpress

I'm going to set up a web shop that sells domain names.
Every domain is a single post, and every post contains about 10 custom fields.
My question is, are these custom fields accessible if I don't query them?
For example, you go to a single post (a domain overview in my case) and can you retrieve the values of my custom fields? Otherwise people can retrieve the code, without paying for it. Are those custom fields accessible if I don't query them, or not all of them?
Is it safe to keep the code's where you pay for in a custom field?
Thanks in advance!

You shouldn't be able to, but there's always the possibility of security holes in WP, or even something as simple as a brute force attack on the WP Admin area or your MySQL database.
I would err on the side of caution and keep any critical data in a separate system. Maybe after someone makes a purchase, you could have them log into a separate system to retrieve their activation codes.
Gumroad might be a decent end-to-end fulfillment system for you. Each of your domains would be a separate Gumroad product, and you could paste the shortlink into WordPress as a custom field. More info: https://gumroad.com/

Related

Intershop 7.10 - Affiliate Catalog View

Our client would like to be able to give out a preconfigued URL (URL with GET param, similar to affiliate partner URL) to their customers and for customers who visit the catalog through that URL to be able to see only a subset of products in that catalog.
I have noticed it is possible in ICM 7.10 to create affiliate partner and programs which generate specific URLs and it is also possible to define a catalog view which exclude certain products from the catalog for a targeted group of customers or customer segments but it is not possible to exclude products from the catalog for a partner.
Is there some other out-of-the-box platform functionality which would allow our client to assign a certain catalog view based on the URL which customer has used to visit the catalog or do we need to implement a fully customized solution to achieve this?
Yeah, this is not possible with affiliate links.
You'll need to write some custom code, but it might not be that difficult. The usergroups list (customer segments) that the user belongs to are kept in the session object (T_CurrentUserUserGroupKeys). See WebshopPGIDProvider it puts the user by default in the everyone group. You can write a pipeline that puts the customer in a segment by updating this list so that you can then use the segment for the catalog view. Just remember to do this before the pgid is generated.

Need some hints for my own WP Theme

After taking some online tutorials I am willing to create my own custom theme for my myself. This is going to be an online Contact Lense store! So far I have learned how to generate and use Custom Post Types, Custom Taxonamyies, Metaboxes , and Option pages.but there is still one confusing part left for me(hopefully not more! :-))
I need to get some user inputs through HTML Select Options like following image to finalize the users orders:
Now my question is:
1- Do I have to create some thing lik Metaboxes to manipulate these data from users?
2- can I handle these kind of data through simple Form ans Post function in PHP? If so where should I store these data? Do I have to create a table on my own to handle these things?
I really appreciate your time regrading this post,
What you're asking for carries a little more complexity than you think!
Let's break this down into its meaningful steps:
A user visits your shop, and decides that they like what they see and wants to make an order
The user fills out a form defining their exact eye requirements, quantity, as well as their contact information
Upon completing this form, a new order has been created
But wait.... how will you get paid? What happens if the user's computer explodes before the payment goes through? How will you know to send them their contacts without first knowing the payment even succeeded?
This is where things start to get tricky. You need to be able to keep a record of orders for the sake of your users, but you also need to look out for your own interests too. Your business is doomed to fail if you're sending out expensive products to people without the proper assurance that you're getting paid.
This is where you'll need to set up a Merchant Account with a service like PayPal or Google Checkout. As much as I despise PayPal, their Instant Payment Notification (IPN) System has been very reliable for me. What this does is automatically send a POST request to your server with all of the information you need to finalize the checkout process and alert your user that their payment has either succeeded or failed.
So with this in mind, how does this affect our step-by-step process?
A user visits your shop, and decides that they like what they see and wants to make an order
The user fills out a form defining their exact eye requirements, quantity, as well as their contact information
Upon completing this form, a new order has been created with a status of pending
The user is then sent to PayPal/Google Checkout to enter their Credit Card information to complete their purchase
PayPal/Google processes the payment
PayPal/Google sends your server the results of the processed payment
The corresponding order is updated with a status of Payment Received or Payment Failed for your own records
You send out the product to a very satisfied customer
So what will this mean from a Wordpress standpoint?
My first suggestion:
Check if a Plugin already exists that can handle this for you!!!
Seriously, this will make your life much easier. Handling people's money as well as your own stock is a nightmare all in itself, you don't want to be responsible for handling the code that drives it, or the possibility of security holes that you might not know about (that other plugins may have already addressed). WooCommerce is a popular one. See if that can handle what you need.
If a Plugin can't do it for you, then you'll need to:
Register a Custom Post Type for Orders
Create a new Order Post using wp_insert_post when a user submits the form with their POST data
Save the relevant POST data you need as metadata using update_post_meta
Send PayPal/Google/Whatever some Custom Information it needs to hang on to - in this case, the newly created Order Post ID - so that it can send it back to your own server
Set up a side-script to process the data sent by PayPal/Google Checkout/Whatever and send an email to the user detailing the status of their purchase and update the corresponding Order Post ID that was sent back by PayPal/Google Checkout/Whatever
(Optional) Set up a CRON Job to periodically scan all Pending orders in case a user's session was interrupted, or they bailed at the last second during checkout and send them an email notifying them about this and provide them a link to your website to reopen, reevaluate, and resend the order, or cancel and clear it from your database
Quite honestly, this would take even a seasoned Developer at least a few weeks worth of work just to get it in working condition. Presentation is a whole different animal.
Hopefully this will give you a step in the right direction. I doubt anybody here will give you the code to do what you need, because there's just too much to post. Entire libraries are built just for these kinds of things.
Good luck!

Google Analytics segmentation customvar vs uri

I want to be able segment analytics data by company once my customers have logged into my website. Being very new to analytics, it seems like there is a couple of ways I could do this.
Set a visitor level custom variable that would signify the company. For instance, _setCustomVar(1, 'customer', 'ABC Corp', 1)
Pass in a custom Url to my _trackPageview calls whose first segment would signify the company. For instance, _trackPageview('/ABCCorp/the rest of the document path, querystring, etc.')
It seems you can't filter on a custom variable so I could not create a view\profile for each company but I could use Segments and Custom Reports off an 'All Web Site Data' view to do that instead.
Going the custom url route seems to be more flexible since I could either filter or use segments.
Are there any other pitfalls or reasons to suggest using one of these two approaches over the other?
This use case is better suited for custom variables.
Changing the URL will make it more difficult to do things like "How many home page views did I get" or "What do clients usually do after they login".
Also, you can create custom reports based on the information you're passing back and include the custom variable information as the first key. Pretty easy to duplicate GA's current top reports in a custom report using the custom variable as the main dimension.
Agree with Tom that CustomVar is a much better and cleaner solution.
You might want to switch to new Universal Analytics and use Custom Dimenions instead. It's even better and you can set up property filters with Custom Dimenions too, so this should cover all your needs.

DotNetNuke Cart

Does anyone with DotNetNuke have experience with downloadable content with a shopping cart?
There is a client using CatalooK as their shopping cart. They sell user manuals for a range of car models (one car has multiple user manuals in different languages) but did some test and this is we found so far:
If we have all the downloadable manuals users in the ‘All Users’ role will have access to all the downloadable content by anyone
When a user registers (either from the Login page, or through purchasing a product from the cart), a user account is automatically created for them and are assigned the role as ‘Registered Users’. This solves the problem of having all users access to the content – can just change the permission for the downloadable items to only display for 'Registered User' only
However, anyone can register themselves on the website and automatically be assigned a ‘Registered Users’ role, therefore getting access to the manuals without having paid for them
A step further would be to require the manual adding of user accounts to a new role called ‘Downloads’ which would be the only users within the 'Downloads’ role to have access to the downloadable manuals
Problem here is, if a user purchases 1 downloadable item and they are added to the ‘Downloads’ role, they will also be given access to all of the other downloadable manuals – as they are in the same role
So I guess the workable solution would be to create a new role for every car model to allow people in each car model role access to the downloads – which would also mean manually adding the role of every group purchased to that user’s accounts.
Anyone have any experience or alternatives to this to make it more automated and secure?
Basically no body has access to the downloads unless you have purchased the products.
Upon purchasing some shopping carts send you an email with a unique link to the downloadable so they can access it that way. In your situation you also want them to be able to see the documents on the site at anytime after purchasing them, which makes sense.
Catalook has a 'Your Orders' module, does that show you the document or electronic item you purchased? That might be an option.
But worst case, I guess you can implement your 1 role per product. Sounds like a lot of work though! Or, do some custom :]coding.
Based on your situation the cart I use the most DNNspot (mine) - it would be similar to Catalook. Where you would need to create a role per product. Or use the orders module to show your previous orders which would link to your document you bought.
How good is your SQL? You could use the core DNN 'reports module' If you analyze the database and orders table - with a little bit of SQL you could setup a custom Report and maybe solve this.
This is very interesting an challenging. probably, this is not supported by catalook store module by default. If you are looking to implement a new simple module, there are some simple solutions to this.
Using personalization: you can use dnn's personalization provider to store user products. initially empty, and as user purchases the products, you can add comma separated list of productid to maintain it smartly. check that values back to validate downloads
Using custom user profile property and use it in same way as [1] above
Email option suggested by #Ryan is good option when you want to allow users to download manually only via email links. But again, you will still need to validate if a user is allowed to download that product or not that you can achieve via the above suggestions.
Let me know if you need more help with this, I have good experience to deal with catalook specific small modules for such extensions.
Happy coding

Drupal: Two-way communication between unregistered customer and admin

I need to setup a system where customers can choose to Request a Quote for a specific holiday package, where they will enter their personal details as well as their holiday requirements (number of rooms, etc.) and will then allow them to view a page which will have a threaded conversation between them and the admin (so the admin can reply to their quote request on the website).
The problem is that most customers won't be registered when they want to request a quote, so I was thinking that the Request a Quote page could silently register the customer as a user (using their personal details) on the same page where it asks for their holiday requirements.
The other option I can think of would be to not register them and just email them a unique URL where they can view their quote request and reply to the admin.
Could you point me in the right direction on how to do either of those?
To create a new user you can use the user_save. To create a random password you can use the use the user_password function. The all that is left is to send a mail. Either create your own or use the standard one when users are created.
Check out the Inline Registration module: it allows anonymous users to create a node and register as user at the same time, using a single form.
I think the best way would be to have a content type they fill out that looks like a form, but actually creates the node that is only visible to them and the administrators, comment enabled. Probably the quickest way. Then you have security in place so people can't see other peoples quotes.
Login Toboggan combined with Content Profile might work for this.

Resources