API Access Based Secure Members Area Script

**PROJECT OVERVIEW:** ======================== I sell downloadable products through an ecommerce system which has an API that can be used by third party scripts and software to determine if a customer has a valid purchase of a particular product. With my current setup the ecommerce system provides a customer with their downloadable purchase through an expiring link at the end of the checkout process. The problem with this setup is that it is not possible for customers to get the download file again if they loose it at a later date because they are unable to access the download link without re-ordering the product again or contacting our support desk to ask for another link upon which we have to verify their purchase manually. This wastes our time and the customer's time. The solution I'm looking for is a re-usable script that I can use to create a 'secure membership area' for each of my products on their domains in a 'members' subfolder. The script must use the ecommerce systems API to allow or deny access based on a customer account's purchase history. I've fully detailed how this works with a flow chart in the attached pdf file (Secure Membership Area Concept Flow [login to view URL]) - use this pdf file to base the scripts functionality on. Also attached is another PDF (Fantasos API Gate [login to view URL]) which is the manual on how the ecommerce systems API works (this pdf has been taken directly from the ecommerce system's help files). Thank you for looking at my bid request. Please fully read all material as well as the attached pdf's before you bid. It is imperative you understand the project before placing your bid because I will be choosing the winning bidder based on your proposed solutions. Feel free to ask me any questions you wish and I will get back to you as soon as possible. Thank you for your time and I look forward to reading your proposal. Kind regards, Michael Grzywacz (London, England) ## Deliverables **FULL PROJECT DESCRIPTION:** ============================ I sell downloadable products through an ecommerce system which has an API that can be used by third party scripts and software to determine if a customer has a valid purchase of a particular product. With my current setup the ecommerce system provides a customer with their downloadable purchase through an expiring link at the end of the checkout process. The problem with this setup is that it is not possible for customers to get the download file again if they loose it at a later date because they are unable to access the download link without re-ordering the product again or contacting our support desk to ask for another link upon which we have to verify their purchase manually. This wastes our time and the customer's time. The solution I'm looking for is a re-usable script that I can use to create a 'secure membership area' for each of my products on their domains in a 'members' subfolder. The script must use the ecommerce systems API to allow or deny access based on a customer account's purchase history. I've fully detailed how this works with a flow chart in the attached pdf file (*Secure Membership Area Concept Flow [login to view URL]*) - use this pdf file to base the scripts functionality on. Also attached is another PDF (*Fantasos API Gate [login to view URL]*) which is the manual on how the ecommerce systems API works (this pdf has been taken directly from the ecommerce system's help files). Preferably the script to be created needs to be done in PHP so that I can slip the code quickly and easily in to the php pages that I create inside the various secure member areas for my products. (However, if you know of a better way than using PHP to achieve this project I am open to suggestions). The script needs to be domain independent as I will be creating a separate members area for each product in a subfolder on their own domains (i.e. [login to view URL], [login to view URL], etc.) The ecommerce system's API is used to provide authentication to the members area pages, however, I would like to stress that I do not want the API to be accessed on every page refresh as I want to prevent hammering the server that hosts the ecommerce system. If possible the API should only be accessed once during the initial login of a session inside a members area. One very important area I am not sure how best to handle is the download links of files inside the members area. I have tested creating PHP Amazon S3 download links that expire but the problem with this is user experience when the link expires (they then see the S3 access denied page) and also that while a download link is valid it can still be shared and used to access the files outside of the secure members area. In your bid I would like you to tell me how you propose to make the internal members area download links to files secure, user friendly and not prone to being useable outside of the members area. Please note that before I can pick a coder I will need you to post your proposed solution for this secure members area script along with details how you propose to make the internal file download links secure. I need to know what technologies and techniques you will use and why. This is very important to ensure we are both on the same page before we proceed with the project. This is essentially a simple script project, however, I need it to work flawlessly as it will be guarding my products from unauthorised downloads as well as aiding in user experience with my brand. Please also note before payment can be released a contract will need to be signed and returned to me. This contract places all copyright and ownership of the script over to my company. The script you create will become the property of my company and you cannot use or publish the code elsewhere. **ATTACHED DOC's:** ============================ **Secure Membership Area Concept Flow [login to view URL]** This is the flow chart diagram detailing exactly how I wish for the secure members area's to operate. Please refer to this pdf to ensure you are creating the script to the exact requirements of this project. (This flow chart can be provided in other formats such as jpg if required). **Fantasos API Gate [login to view URL]** This is the API Gate manual for the ecommerce solution we use. This pdf document will show you how the API is used. Please note that the API can return data in either text or XML format (this project requires the XML format as it returns more data from the ecommerce system). **TERMS AND CONDITIONS:** ============================= 1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done. 2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables): a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment. b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request. 3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement). ## Platform The script needs to be able to run on a standard Linux based hosting environment with PHP5 (MySQL is available if required). The script needs to be created in PHP (unless you can prove a better solution) and work when placed in both static html/php pages and in the php template of a CMS (i.e. WordPress and Joomla). The reason is I may need a members area to be more complex than simply a few static pages that I edit manually, therefore a CMS would be required. If CMS template compatibility is a problem please mention this and we will work something out. The design and content of a secure members area is NOT part of this project. At this time I simply need a solid working solution for creating a reliable and secure members area that can be easily replicated on each of my products domains. The script needs to be compatible with the following browsers: IE6, IE7, IE8. FireFox 2, FireFox 3+. Safari 3. Google Chrome 3. Opera 9, Opera 10.