The e-commerce system (ECS)
The e-commerce system is, like the content management system, a sockets (TCP/IP) based client/server application. On the web server the ECS runs as a background service. On the client machine the application resembles something like a simple spreadsheet.
The ECS inherits the same secure user management capabilities used by the CMS, previously described. In an extension to the security over the CMS, all transactions with the ECS take place securely using the same private encryption scheme as the CMS. This ensures that no aspect of the ECS, beyond information about products available for purchase, is available to anyone other than those with registered user accounts on the ECS.
The ECS has the capacity to define product groups and product configurations, within those product groups. Each product configuration has an associated price, and postage for each of a local and international destination. In addition the configuration can specify either or both of a virtual (i.e. e-mail) or physical shipment method.
The physical shipment method is largely self explanatory, but the virtual shipment method has the capacity to automatically generate electronic licences which are integrated with my applications. The ECS has an application global capacity to work with variable national taxation rates, and can apply them on the basis of the shipping address, where international purchases do not attract national taxation rates.
The ECS interfaces with PHP as a PECL module which can then be called natively from within the PHP environment. The interfaces provide for the creation and management of shopping basket information, although the actual basket pages as seen on the website are defined and templated using the PHP scripting language.
Checkout is implemented though any of the main credit card providers in PHP and secured using a commercially available website security certificate. Such a certificate allows use of secure http (https). I prefer that actual credit card information is handled offsite, with my credit card service provider, but since all of this is implemented in PHP, there is no reason why this capability could not be adjusted to suit any of the schemes that are available.
Ultimately credit card validation information is passed back to the website and assuming it is found to be satisfactory, the ECS system is triggered to generate a transaction. The ECS takes the basket information from PHP through the PECL interface and builds all invoice, dispatch and licence information necessary to satisfy the order. It calculates taxes and maintains running totals for the credit card account, and the tax office.
Through the client side application it is possible to manually update the server with details of actual transactions with the tax office, and any private accounts, in order to keep the running totals in order. It also deals with the implications of refunds and regeneration of lost licences. Once the order has been fulfilled in the ECS, it has the capacity to format e-mail messages and send them by SMTP to the customer, and where a physical shipment takes place, to a dedicated dispatch e-mail address.
Periodically, the ECS automatically archives off it's record data, encrypts it, and sends it by email (SMTP) to a dedicated accounting e-mail address. Key management for this encrypted data is handled through ECS client side application.
Where the majority of products for sale are electronic in nature, and can be licenced through an e-mail based licence file, this scheme represents a low overhead way to sell products, ideally suited to the small company with limited manpower. Clearly, where products are purely software based, the overhead is smallest. The overall scheme would have similar benefit were it to be used with some kind of physical product that then requires an ongoing licence commitment to cover costs for service provision.