Digital Vending Machine

a web vending machine which delivers digital products
Version 1•004
(An Iota Version)   (MD5 Checksum)

VirtualExtentDataAccess is a trademark of John G. Derrickson
Copyright © 2003 John G. Derrickson

Truth In Law Makes My Protected Rights Your Imposed Duties.
It bans abuse (unintended use for unintended benefits)
as violations of my work, in whole or in part, with or without payment.

This protected work describes a web-based vending machine which delivers digital products (and physical products too), uses the LAMP specification, is open-source, and handles the entire process, from product details, billing and shipping information to payment validation and product delivery.
    WORLDWIDE LEGAL NOTICE FOR USE: This protected work may be copied, even modified, used (but not abused) and/or published (even for financial gain). If published, modification(s) must be emailed to one month before publication to help protect copyright by original owner as derivative work. Otherwise your use becomes abuse (unintended use for unintended benefits).
    USERS ASSUME ANY AND ALL RISKS OF FREE USE: Your use (even abuse) is your acceptance that this is protected work, that it describes use of technologies in the public domain considered prior art not protected by law against free common use, that it may not be applicable to your purposes, and that it may be more secure and useful than other products because it is open-source being visible for inspection by technicians dedicated to the advancement of the art of programming.
    To help prevent violations, please email your claims of infringements by me, with proof, of your protected rights, if any, to within one month after such claimed infringement.

CONTRIBUTORS: • John G. Derrickson

Contributors will see their names added to the list at the bottom in the box above. Their contributions will be marked in the body of this work with a superscript @ symbol linked to their email address. So, when making modifications, be sure to indicate your changes.

  Notes about your changes appear in this column with a link like this(@) to your email address.

Version Numbering
    Iota versions are numbered (#•00#) with two zeroes next to the dot, (like 1•001), meaning it's incomplete. Nevertheless, it's still useful and I'm interested in seeing comments.
    Beta versions are numbered (#•0#) with one zero next to the dot (like 1•01), meaning it may have problems. I'm very interested in seeing comments.
    Zeta versions are numbered (#•#) with no zero next to the dot (like 1•1), meaning it's ready for trusted use. If there are problems, please tell me.


How do you design a web storefront without buying any software? Simple: Use free open source software; pick the best of breed even when compared to commercial software; and, most importantly, keep it safe and simple. That's the KISS formula - keep it safe and simple, or as usually stated, keep it simple, stupid!    
      Don't get the silly idea that you can just plug this in and you have a shopping cart. Get serious. What's your product? Where is it? How will you deliver it? You'll need forms. You'll need Web pages. You have some work to do. As an example demonstration, this implementation delivers online reports, printed reports, and physical products. Rest assured, a more serious implementation does exist. You can take this example, plug it in and prove it really works. But of course, you'll need to change some things - what'd I say about silly.   Art
BodyZTM T-shirts
Astrology reports
online and printed
      I decided to not use a database in the storefront application. However, the management application does use a database and controls the storefront application files. With this design, the storefront and management applications can run on separate servers.    
      Truth be told, extreme management (XM) required extreme programming (XP) to emphasize pragmatism over computer science. Every possible shortcut was employed and features not immediately needed were postponed. XP equals KISS. Incidentally, the extreme programmer and the extreme manager were in complete agreement throughout the project.    
      I designed the Digital Vending Machine to operate with PayPal and ECHO not only for the convenience of the customer but also to be useful to an enterprise without a credit card merchant account.    
      It's named a Vending Machine because it automatically delivers the product upon payment. The product, of course, is digital in form.   A vending machine that delivers a digital product.
      Although the Digital Vending Machine is free, and all needed support software is free, an enterprise must realize implementation is not free. There is always the cost of time, services and hardware, even if not money. So, be prepared for some programming effort or to hire a programmer.

To Database Or Not

Why not use a database? Speed and dependability. It's got to be faster to add a line to a flat file than a row to a database. The only bottleneck is the search for a pre-existing order. But, there, the search key is so large that a search through a flat file is at least as fast as a search on a database index. For dependability, the KISS principle applies: If you don't need it, don't use it, it's just one more thing that can break.    
      Another function that could benefit using a database is the unique receipt number generation. But even here, a simple flat file serves the purpose well, especially with the file locking feature of PHP4.    
      Well, there's another function one might think would benefit with use of a database. The fraud detection function searches for email address and credit card numbers used in fraudlent orders. But, here again, the search key is practically the entire contents of the flat file, so searching it is faster than searching a database index.
      Ah, there's one function that shouts for a database. The geo-positions search function uses a soundex index. To be implemented later.
      Finally, there are functions which benefit from use of a database: History, backup and reporting; basically, management functions. These are provided with ancillary programs. Although these programs aren't specifically part of the Digital Vending Machine, they are needed for proper business management and therefore are included in this package.


The Digital Vending Machine uses LAMP (Linux, Apache, MySQL, PHP/Perl).   LAMP
I built the Digital Vending Machine using PHP, MySQL, cURL (used only for the ECHO processing), Apache, Linux and SSL. It processes AmEx, Discover, MasterCard and Visa credit card payments using an ECHO merchant account. It can also process payments using PayPal.  

      PHP (recursive acronym for PHP: Hypertext Preprocessor) is an open-source server-side scripting language (freely downloadable from and for creating dynamic Web pages for e-commerce and other Web applications. Of course, Perl or some other programming language could be used instead of PHP. I chose PHP because the program code is embedded in the web page file and PHP is widely implemented.   Or,
Personal Home Page,
      MySQL is an open-source SQL relational database management system (freely downloadable from Of course, some other database management system could be used instead of MySQL. I chose MySQL because it is widely implemented.   I pronounce MySQL as my-sequel.

SQL = Structured Query Language
      Curl (cURL - a client that groks URLs) is a tool for transferring files with URL syntax, supporting FTP, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user/password authentication, file transfer resume, http proxy tunneling and a busload of other useful tricks. Binary archives of the curl package are available from the download page. I suppose one can program in Perl etc. the one function of cURL I use: HTTPS (used only for the ECHO processing). But, where possible, I try to minimize programming complexity (KISS). HTTPS support is expected in the next version of PHP.   Does anyone know of PHP or Perl code that does HTTPS?

HTTPS is expected in next PHP version.
      Apache, Linux and SSL should be familiar with most webmasters. Apache is a web server. Linux is an operating system. SSL is for security.   You could use Windows.
Why bother?
      ECHO (Electronic Clearing House, Inc.) provides credit and debit card processing, check guarantee, check verification, check conversion, inventory tracking services and various Internet services. Specifications are provided for the programming interface to authorized merchants.   Other services should be easy to interface.
      PayPal provides a way to send and receive money online, with the facility to be interfaced with a web based order process.   PayPal lets anyone accept credit cards, etc.
      You may want to play with the techniques described here on your own computer. If you need to install Apache, PHP and MySQL on your own system, you should first visit Installing Apache, PHP4 and MySQL on Win 98 if you're running Windows 98.   Soon I'll put Linux on my desktop computer.

Links to References
copyleft Curl cURL download ECHO Free Software Foundation GNU Free Software directory listing
Installing Apache, PHP4 and MySQL on Win 98 KISS (keep it simple, stupid) MySQL PayPal PHP PHP download PHP at Zend
PHPBuilder: HTTPS Transactions via PHP PX: PHP Code Exchange VEDA (Virtual Extent Data Access) XP (extreme programming)

documentation and program source code goes here
  Okay, so the program source isn't here. Yet. Will do when interest is expressed.

program structure:

  • order.php
  • includes config.php
  • includes either
    • report.php
    • print.php
    • a3d.php
    • art.php
    • bodyz.php
  • transfers
    • to PayPal
    • and thereby to either
      • deny.php
      • paid.php
  • or includes
    • bill.php
    • firm.php
  • as needed includes
    • cities.php
    • description.php
    • incomplete.php
    • location.php
    • prices.php
    • products.php
    • sounds.php
    • states.php
program modules
a3d.php   order form
art.php   order form
bill.php   billing form
bodyz.php   order form
config.php   configuration
deny.php   order denied
description.php   product displays
firm.php   confirmation form
incomplete.php   incomplete order
location.php   city search form
order.php   main program
paid.php   order approved
prices.php   product prices
print.php   order form
products.php   product codes
report.php   order form
states.php   state/country codes
data files
cities.php   geo-positions
echodown   pending charges
orders   order details
paypal   order details
recent   report details
sysfail   abuse prevention
log   log of activity
sounds.php   city soundex
unique   last receipt number
program-state flags in config.php
$MailFrom   email address
$MailSubject   email subject
$ReportPassword   access to report generation
$DatabasePassword   access to database
$ChargeBypass   email address to bypass charges

  • data files
    • program • usage
  • cities.php
    • order.php • read
  • echodown
    • paid.php • append
  • orders
    • paid.php • append
  • paypal
    • paid.php • append
  • recent
    • order.php • read/append
    • paid.php • read/append
  • sysfail
    • paid.php • read/append
  • log
    • order.php • append
    • deny.php • append
    • paid.php • append
  • sounds.php
    • location.php • read
  • unique
    • order.php • read/write
    • paid.php • read/write

BodyZ is a trademark of MOTTASIA Inc.
Other trademarked names are trademarks of their respective owners.

page modified 9:28 PM EST Tuesday, January 4, 2005