To program, or not to program that is the question

If you have spent any time on this site or on LOCCs you will have some idea of the projects I’m involved with. I developed BadgeTracker about 5 years ago, Sign-Up-Sheet.com followed about a year or two later accompanied most recently by myScoutPath and ScoutMailer. Contrary to most entrepreneurs I actually found my niche after I had developed a product. BadgeTracker was developed quickly and gained a following and after a little research I determined that the scouting industry was an attractive market to compete in so I selected it as my niche. The products that followed were aimed at scouts first and other groups second and I saw that as having great potential.

The problem here, that I didn’t realize until just recently, is that I had taken on too much. While I do outsource some work to contractors I am the only programmer, support person and business administrator I got. That means that while I’m answering support e-mails development stops. While I’m following up on overdue invoices no one is following up with the sales leads. While I’m programming no one is marketing. This lead to having 3 or 4 mediocre projects/products that were moving forward at a snails pace.

I had jumped head first into any idea that popped into my head, investing time and money to get it online and then ran out of resources to sustain, support and grow them. This lead to a great deal of frustration on my part because I was unable to work on the things I wanted to work on, investigate new ideas and opportunities or even write on my blog because I was stuck in the muck.

Wait… where’s the money?

Some of you may be wondering why I didn’t hire a staff or assistants to help maintain some of this. The short answer is the money wasn’t there. While the scouting industry may have looked like an attractive market at first, I have found over the years that working with non-profits is somewhat complicated and making a sale is difficult needle to thread. So while I was making some money it wasn’t enough to hire help or even leave my day job to dedicate more time. All of this of course contributed to more frustration on my part which is a very unproductive mind set to be in.

Recovery

What this all boils down to is not having a good vision and plan in place for the business. I should have slowed things down and investigated new ideas a bit more before jumping in a starting development and I should have finished one thing before starting another. I’m sick and tired of being sick and tired so I think it’s time for a new plan.

The one thing that all great businesses have in common is  great products. There are plenty of businesses out there with mediocre products and they come and go each year along with whatever is “in” at the time. I have decided that I’m not content with creating mediocre products… I’m out to create a great product and doing that requires focus. So I’ve come to the conclusion that I need to “reboot” and start 2010 with a new plan/vision. I think Dr. Charles Emerson Winchester III, from M.A.S.H, put it best when he said “I do one thing at a time, I do it very well and then I move on.” This probably means some of my many projects and ideas may be discontinued or abandoned to drift with the current but I’m confident that this is a better approach than what I have been trying.

No related posts.

One of the difficulties when selling software that needs to be installed is making sure the software is compatible with the users computer/system. I know this is supposed to be a responsibility of the user, but if they make a mistake they will be contacting you for support. Fever takes a unique approach to confirming users are installing the software on compatible machines. Shaun has created a process that links a compatibility check with his checkout/licensing process so that users can only purchase a license if they are installing the program on a compatible machine.

Before you can purchase a license you first download a small package that you upload to the location where you intend on installing the program. From there the package checks your systems compatibility and asks for database information (shown in the image above). Once entered, and after privileges have been checked, you are provided with a link back to the Fever site that populates the purchase form with a unique ID. This ID, I assume, matches your site with the compatibility check performed and then you continue with purchasing the license.

This process is genius! It allows the developer to prove the user is going to be installing the software on a compatible machine before selling them a license. I can image this process greatly reduces, if not eliminates, the support requests having to do with system compatibility and installation issues. Very cool idea!

No related posts.

For those viewers following along at home, if you look at the configuration page, I’m going to cover each section in reverse order wrapping up with setting up your subscription plans.

Site Details

The site details section is where, you guess it, you enter the details of the site you are going to be integrating with Spreedly. The information requested on this form is pretty straight forward so I’m just going to touch on 2 parts.

URLs

About half way through the form they ask for 3 URLs:

1. Subscriber Changed Notification URL

   Since you are using a system that is external to your application to handle payment processing you will have to work out some way to sync the two so your sure people have only those accounts they have paid for. That’s where the subscribers changed notification URL comes into play. When subscriber data within Spreedly changes, the service will POST a comma separated value list of subscriber IDs to the address you specify here. It then becomes your responsibility to process those changes and sync them with your application.

2. Individual user URL on your site

   This is the address that users visit to view their specific information in your program. Spreedly uses this address to redirect users back to your program from their update screen.

3. Subscription selection URL on your site

   This is that place in your program where users can upgrade/downgrade their account. Again, Spreedly uses this address to redirect users back to your program from their system.

I will come back to these URLs later in the series so go ahead and leave them blank for now.

API Authentication Token

At the bottom of the site details form you will find your sites API Authentication Token. This is the token you will use when interacting with the Spreedly API. Be sure to handle with care and keep it a secret… you can always generate a new one if you need to. Make note of this because we will be using it in the posts to come.

Manage Site Users

One of the really nice things about Spreedly is that you can add as many users to your account as you wish without hitting any limits. So, if your organization has a 10 person support/accounting team (wishful thinking perhaps) you can add them all with their own access information from the Manage Site Users section.

Payment Gateway

The Payment Gateway section is where you will go when you’re ready to take your site out of testing and into production. You will have to upgrade your Spreedly account from a test site to a production site and either sign-up for the monthly pricing option or bite the bullet and get a Kickstart package. For the time being, the page just displays some example CC numbers you can use to generate different errors.

Subscription Plans

Now to the important stuff! The Subscription Plans section is where you setup your applications different subscription plans and pricing. By default, Spreedly has setup one example plan to give you an idea how things work. I will issue one word of caution here, you CANNOT delete subscription plans. I hope this is coming soon, because I have made a mess out of my other account, but for right now it can’t be done. Just keep this in mind as you enter your plans.

I want to draw your attention to 2 pieces on this form:

Feature Level

The feature level is the name with which you will refer to the subscription plan through the API. You want to keep this simple yet specific so you can easily match it up with a subscription type. I typically just repeat the plan name as one word lowercase just to keep it easy.

Plan Type

The type of plan is where you can specify if this is a regular subscription, gift subscription or free trial. This really gives you a lot of options when setting up your applications pricing structure. You can set the amount of time each plan is valid for before charging the user again (number of days or months). You can also specify if you want to require auto-recurring purchases (you only accept auto-recurring payments) or not. The sky’s the limit!

That’s it!

After you play around with your settings and subscription types a little bit you will have a configured Spreedly test account ready to accept subscribers. In the next post I’m going to take a break from the Spreedly specific stuff for a little while and talk about planning your sign-up/checkout process and determining how that’s going to work with your newly configured Spreedly account.

Related posts:

1. Speedy Subscriptions Using Spreedly (Part 1) – Overview & Account Setup
2. Building Applications using CodeIgniter (Part 2) – Configuration

What is Spreedly?

Aside from the best thing since sliced bread… Spreedly is a service that takes the hassle out of collecting subscription fees for web based services/applications. Developing applications that use 3rd party payment gateways and that sell recurring subscriptions is a difficult and often expensive undertaking. Spreedly simplifies the process by handling the complex task of subscription management and payment processing for you so you can focus your time and money on your product.

After configuring your Spreedly account and entering your subscription types and pricing scheme, the service will handle all the payment gateway interaction and user subscription management for you… no muss no fuss. Accepting payments literally becomes as easy as redirecting your user to a Spreedly URL and having them enter their credit card information. That’s it!!

Supported Gateways

It’s important to understand that Spreedly is not a payment gateway. Spreedly simply acts as the middle man between your application and your selected gateway using APIs. This means you will still need to find a payment gateway and merchant account (if necessary). The simplest, and cheapest, option is probably PayPal because it’s a gateway and merchant account all-in-one. But if that doesn’t work for you, Spreedly currently supports the following gateways:

• Authorize.net (Only US dollars)
• Beanstream (Only Canadian dollars)
• eWAY (Only Australian dollars)
• PayPal Website Payments Pro (also UK)
• PayPal Express Checkout (also UK)
  (does not currently support automatically recurring subscriptions)
• Sage Pay (formerly Protx)
• USA ePay (Only US dollars)

They are constantly adding new gateways to the service so be sure to visit their site for the most updated list. If you don’t see your gateway listed above the odds are good that they can add it for you. Just contact their support team and they will research what’s involved.

Pricing

Accepting credit cards online is an expensive proposition… that’s why I have avoided it up until now. There are bank fees for merchant accounts, fees for each transaction, monthly fees for the payment gateway, etc… not to mention the percentage of each transaction that certain parities take just because they can. It’s enough to make you dizzy!

The pricing for Spreedly is pretty straight forward:

$19 per month + transaction fees

• 3% on the first 50 transactions per month
• 2% on transactions 51 through 5000
• 1% on all transactions after 5000

The thing to point out here is that the Spreedly fees will be on top of whatever your payment gateway charges. In the end you are still probably looking at a decent sum of money… but odds are it’s still cheaper (programming included) than if you went it alone or with another service.

If there are too many monthly fees for you to handle, Spreedly also has another pricing option called the Kickstart package. For one single payment of $699.00 you can get a Spreedly account for life with:

• a frozen per-transaction fee of 1%
• no monthly fees
• and it never expires!!

It pays to keep an eye on the Spreedly site (and maybe follow their Twitter account) for special offers because when they first launched Kickstart the price was $499.00 for a limited time. So there are opportunities for picking up deals if you pay attention.

Account Setup

Now that you have a basic understanding of what Spreedly is, let’s go ahead and create a test account. Spreedly makes it super easy to get your bearings and see how the system works without spending any money. You can sign-up for a free test account (which gives you access to everything you need) and see if it will work for you. To create your account, visit https://www.spreedly.com/signup and fill out the form.

After signing-up you will be directed to your test site overview page (shown above). The overview page gives you a summary of your account in terms of transactions and subscribers. You can click around the interface if you like but it’s going to be pretty empty until we start submitting transactions (which we’ll get to later in this series).

That’s a wrap

That does it for the Spreedly intro. In the next post I will review how to configure your account and setup your subscription plans/pricing scheme.

I’m just getting started with Spreedly so stay tuned!

Related posts:

1. Speedy Subscriptions Using Spreedly (Part 2) – Account Configuration

Related posts:

1. Implementing Facebook Connect (Part 1) – What is Facebook Connect?
2. Implementing Facebook Connect (Part 3) – Accessing Data from Facebook
3. CI Inferno

When submitting sensitive information over the web it’s important to ensure that the requested page is being accessed via an HTTPS encrypted connection. I’ve come across some forms that don’t check whether a secure connection has been made or not. In other words, you can delete the S from HTTP and instead of redirecting the user back to the HTTPS connection the form is just displayed unsecured. This is a BIG NO NO… as a programmer you cannot rely on the visitor, or even other developers who would be linking to the form, to request a form securely. In this post I will review how you can ensure that your users are accessing certain pages using a secure connection.

The Server Superglobal

How can you tell if your user is requesting a certain page using a secure connection (HTTPS)? Enter the PHP server surperglobal.

“$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.”
- PHP Manual (http://www.php.net)

There are 2 elements within this array that you can check that will tell you whether the user has made a secure request or not: https and server_port.

Programmer Beware

Something to keep in mind is that each web server will provide or not provide certain information in the $_SERVER array depending on their configuration. The PHP manual also points this out:

“There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here.”
- PHP Manual (http://www.php.net)

So I guess that brings us back to the original question: how can you tell if your user is requesting a certain page using a secure connection (HTTPS)? Of the 2 elements mentioned above, server_port is part of the CGI 1.1 specification so the chances are good that element will be available in most servers. You can check for the availability of the https element if you wish but you should also include a check of the server_port as a fallback.

The Code

There is a good code example in the comments of the PHP manual of a function that checks whether or not the user has made a secure request:

<?php
function isSSL(){

if($_SERVER['https'] == 1) /* Apache */ {
return TRUE;
} elseif ($_SERVER['https'] == 'on') /* IIS */ {
return TRUE;
} elseif ($_SERVER['SERVER_PORT'] == 443) /* others */ {
return TRUE;
} else {
return FALSE; /* just using http */
}

}
?>

This example function makes use of both the https and server_port elements of the superglobal array and also takes into account the different values that might be provided based on the web server. The only thing I will mention about using the server_port element is to make sure you know what port your server is using for HTTPS connections. I believe 443 is the standard, but ports can be changed so you just want to make sure you are checking the correct port for your server.

What about CodeIgniter (CI)?

If your programming using CI, you could certainly put the function above in a helper and call it whenever necessary. Or, a technique I’ve used successfully in the past, is to put the check in a custom library and auto load it. When you do it this way the connection is tested every time a page is loaded automatically without you having to make any additional function calls. And instead of returning TRUE or FALSE you can simply redirect the user to the requested page using HTTPS instead of HTTP which truly automates the process.

One thing that can trip you up when making secure connections using CI is the address you’ve entered on line 14 of application/config/config.php. If you enter just a static address starting with HTTP then HTTP will be used when calling any URL helper function like site_url() or anchor(). To avoid this issue,  you can replace line 14 with the following code from the CI wiki:

$config['base_url'] = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http");
$config['base_url'] .= "://".$_SERVER['HTTP_HOST'];
$config['base_url'] .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']); 

This code will automatically set the base_url config element so you don’t have to. This also comes in real handy when writing portable code that you want to distribute to other users or clients for installation on their own servers.

That’s a wrap

That does it for making sure your files are being accessed securely. If you have any questions or use a different technique for checking secure connections please share them by posting a comment.

Related posts:

1. Customizing Domains With Wildcard DNS
2. Implementing Facebook Connect (Part 3) – Accessing Data from Facebook
3. Generating PDF files using CodeIgniter

If you are considering getting certified I would deffinitly recommend it. I can’t speak on the impact it will have on your ability to get a job or anything like that, but I can tell you that it’s a nice accomplishment just for yourself. If there was one thing I learned while studying for the test it’s how much I didn’t know about PHP. 5 years of programming still left some large gaps in my knowledge which this process has helped me realize and reduce. If your not certified give it a shot, you’ve got nothing to loose.

Related posts:

1. Zend PHP Certification: Necessary or Not?

I have to start this post out with a quick apology for the lack of recent posts. There is a lot going on right now: working on ScoutPath (which launches in June), putting out fires in BadgeTracker and working full time at my day job. All of this leaves little time for blogging (or anything else for that matter). Another thing I’m working on is getting my Zend PHP 5 certification and that brings me to this post. A couple of years ago when Zend first announced the certification I was determined to get certified but just haven’t put my mind to it until recently. However, after studying for the last couple of weeks and taking the practice tests I am left wondering what this certification proves and whether it’s truly worth it.

The Test

For those of you not familiar with the test let me break it down for you:

• 70 questions
• a combination of multiple choice (with multiple answers) and short answer
• you get 90 minutes to complete

The test is taken on a computer in true Who Want’s to be a Millionaire fashion, just without Regis. When done you are told whether you have passed or failed. Now the whole computer test thing is bugging me a little because I had an incident back in college where my laptop shit the bed during a programming final and I was only able to complete part of the test. But I’m sure the test producers have thought of all that .

What does it prove?

If I displayed a big long code block here with 2 or 3 lines blanked out with question marks and then asked you to tell me what code should replace the question marks to achieve some final result, could you do it? That’s just one example of the questions asked on this test and I’m racking my brain trying to figure out what knowing the answer to that question proves. Does it show that I know PHP or that I just know the subject matter of that particular script? Or that I can understand confusing questions?

I think the question of what a particular certification really proves pops up now and then within the professional community when people try to put a weight to a specific accomplishment. Is it the difference maker between getting the job or being shown the door? I don’t necessarily think so but that’s a determination each person or company needs to make for themselves.

Is it worth it?

The test costs $125 and your free to spend anything above that on various preparation methods but all considered it’s a pretty cheap proposition. When you pass you are added to the Zend Yellow Pages and you get access to the Zend Certified Engineers LinkedIn group. You can also download a nifty badge to put on your blog and resume but overall these are nice perks. These are in addition to putting it on your resume and such as well which helps you get noticed by employers and bosses and such too.

So, is it worth it? I think so, but that’s a determination you will have to make for yourself.

Wrap up

Becoming PHP certified is a nice feather to put in your cap to differentiate you from the thousands of other PHP programmers out and about. What the questions actually prove is still up for debate but overall I think it will be a good thing. I’m taking the test on Friday so I’ll be sure to post a follow-up on the whole certification process next week.

Stay tuned!

Related posts:

1. I’m a Zend Certified Engineer (ZCE)
2. What does your code say about you?

XFBML

Once you’ve established your connection to Facebook you now have access to a wide array of information, but to display this information you need to get familiar with Facebook Markup Language (FBML), an extension to HTML. The cool thing with FBML is that you can access a lot of information without a lot of code. All you need is the FBML tag in your HTML document and that’s that.

Rendering XFBML

In order to render XFBML tags on your page you first need to add the appropriate doctype and HTML attribute to your document.

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” xmlns:fb=”http://www.facebook.com/2008/fbml”>

The above mark-up is a standard doctype declaration. The only thing to note here is the XML namespace attributes added to the HTML tag. These are necessary in order to IE to render things appropriately so you don’t want to leave them out.

After you have the appropriate doctype declared you need to initialize the JavaScript Client Library from the Facebook site. This script basically contacts Facebook servers and tells them that you want to display FBML on the page in question and it’s up to Facebook to provide all the necessary tools to do so.

<script src="http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>

Finllay you need to send them your API key using the following script (which should be placed right after the above JavaScript include).

<script type="text/javascript">
FB_RequireFeatures(["XFBML"], function(){
FB.Facebook.init("YOUR_API_KEY_HERE", "<relative path from root>/xd_receiver.htm");
});
</script>

The Tags

OK, so now that we have the environment setup to recognize and render FBML we can review some of the tags and what they do.

<fb:login-button></fb:login-button>

The login-button tag should be familar from my last post. This tag renders a Facebook Connect log-in button on your site. When a user clicks the button they are presented with the Facebook log-in form in a pop-up window. When they log-in your application is added to their list of approved applications.

<fb:name uid=”user_id”>

The name tag does just what it’s mark-up would suggest, it displays the users name. This tag has one required attribute called uid where you need to provide a user id. You can also use this tag with Facebook Pages as well by passing the page id instead of the user id in the uid attribute. For more information about the name tag, visit the Developers Wiki.

<fb:pronoun uid=”user_id”>

The pronoun tag displays a pronoun for a specified user. Again, this tag has one required attribute uid for the user id. For more information about the pronoun tag, visit the Developers Wiki.

<fb:profile-pic uid=”user_id”>

The profile-pic tag can display a users Facebook profile picture in a number of different ways. After providing a user id for the uid attribute you can also specify a size (like thumb, small, pic_square, etc.). For more information about the profile-pic tag, visit the Developers Wiki.

<fb:grouplink gid=”group_id”>

The grouplink tag gives you the ability to display group page links using FBML.  Simply provide the group id for the gid attribute and your all set. For more information about the grouplink tag, visit the Developers Wiki.

<fb:eventlink eid=”event_id”>

The eventlink tag is similar to the grouplink tag except for events. Fed an event id for the eid attribute it will render a link to the specified events page within Facebook. For more information about the grouplink tag, visit the Developers Wiki.

<fb:serverfbml>

The serverfbml tag is a very powerful tag that allows you to render FBML on Facebooks servers within an iFrame on your page. Using this tag you can interact with Facebook data through forms and such and it all takes place on Facebooks servers for security reasons. For more information about the grouplink tag, visit the Developers Wiki.

Try it yourself!

For additional information about the tags mentioned here and others I would recommend checking out the Facebook Developers Wiki. You can try things out on your own, or Facebook provides a number of demo files available for download which use the tags mentioned above and others to help you get a better idea of what’s possible.

There is one post left in this series and I promise it won’t take me a month to post it. In this post we looked at accessing information from Facebook; in the final post we will look at sending information back to Facebook so stay tuned!

Related posts:

1. Implementing Facebook Connect (Part 1) – What is Facebook Connect?
2. Implementing Facebook Connect (Part 2) – Establishing a Connection
3. Facebook Connect Library for CodeIgniter

Getting Started

In order to use FC with your own application you first need to set your application up within Facebook so you can get your hands on an API key. As is the case when working with any API your API key will be used throughout your FC integration code for authentication purposes.

Step 1 – Add Facebook Developers to Your Applications

The first thing you need to do in order to set your application up within Facebook is add the Facebook Developers Application to your approved applications list. To do this, visit http://www.facebook.com/developers/. Once you have added the developers application to your authorized applications list you will have access to all the developer resources that Facebook has to offer as well as a discussion board for questions and issues.

Step 2 – Setup Your Application

Now that you have added the developers application to your authorized applications list you can now proceed with setting your application up.

Navigate back to the Facebook Developers application by visiting http://www.facebook.com/developers/ and click the Set Up New Application button at the top right of the window.

Now comes the fun part… setting up an application in Facebook involves a mega-form full of options and other required pieces of information. The form is fairly self-explanitory so I won’t take the time to go through it all with you. The only thing I will point out is the Connect tab. This section of the form concerns all the FC settings as they relate to your application. The only thing you need to concern yourself with at this point is the Base Domain field. “Specifying a base domain allows you to make calls using the PHP and JavaScript client libraries as well as get and store session information for any subdomain of the base domain.” Enter all the necessary information about your application and click Save Changes.

Establishing a Connection

Now that we have our API keys we can put the files in place that will help us establish a connection between our application and Facebook. I am having problems displaying code in my blog posts so for this post I’m just going to refer you to the FC getting started guide for the actual code to use. If any of you have any recommendations for tools to use to display code in Wordpress blog posts I would love to hear them.

Step 1 – First the CCC File

The first thing we want to do is create something called the cross-domain channel communication (CCC) file. That’s an awfully big name for such a little file. Basically this file provides the Facebook JavaScript Client Library with what it needs in order to function properly.

Copy the code from the FC getting started guide located under #2 and paste it into a new file named xd_receiver.htm. This file needs to be placed in a directory that’s relative to the callback URL that you entered when setting up your application in the mega-form above. For those of you following along using CodeIgniter, you should be able to get away with placing this file in the root of your CI application. That’s where everything is really referenced from anyway regardless of the search engine friendly URLs.

Step 2 – Now the Test File

Now that we have the CCC file we can begin writing the file we are going to use to establish our connection. Since we are only testing things in this post we will just make a simple file that displays the Facebook log-in button and adds the application to the users approved applications list. Go ahead and create a new file named test.htm and then follow along with the getting started guide starting with #3 for the necessary markup. Again, for those CI users you can place this markup in a view file and load it using whatever template your program is using.

Before running the script you want to be sure to replace YOUR_API_KEY_HERE with your API key and <path from web root> with the appropriate path to the CCC file. Once you have done that you can upload the two files we’ve created and test.

That’s it!

When viewing your test file in a browser all you should see is a Connect button displayed. When you click the button you should see a pop-up window prompting you to either login to your Facebook account or give your application permission to access your profile like in the screen shot below:

Once you either login or give your application permission you can now go back to your Facebook account and look at the list of your authorized applications and you should now see your own application in the list.

What’s next?

We didn’t get into much of the real nitty gritty in this post but we did lay the ground work for what is to come. In the next post I will begin looking at how we can access information about our users from Facebook and how we can send data back. Stay tuned!

Related posts:

1. Implementing Facebook Connect (Part 3) – Accessing Data from Facebook
2. Implementing Facebook Connect (Part 1) – What is Facebook Connect?
3. Facebook Connect Library for CodeIgniter