Direct payments between users on Django based website - django

I am building a website that should allow users to buy stuff from each other. I don't want to be involved in money transactions at all. It will be pretty much something like eBay. Card payments are not a must. Basically user views an item added by another user, clicks on a buy button and finishes the payment using third-party service.
The application will be based on Django and I was thinking of PayPal. I also do not want to pay for Premium accounts as I am not planning to charge users or earn money in any way. Could you please give me some advice on what is the best solution for this kind of project? I have been doing some research on the Internet but I am still quite confused.
Any help is much appreciated, thank you.

I am personally a huge fan of Stripe. It's much easier to work with than PayPal and also much easier to implement. It allows you to add transaction fees if you wish.
I'd read up on it, as it has quite a few solutions ranging from inclusion of a simple JavaScript file that creates Checkout/Pay buttons to designing a custom checkout flow.
Their documentation is extensive, highly geared toward developers, and worth the read.
Good luck!

Related

Django paypal checkout for WHOLE cart

I made a Django online-store site and I need to include paypal checkout system for the cart, but solutions I found online either just for one item only(Buy Now buttons) or something like django-paypal-cart, which is not well-documented and I can't figure out how to make it to the checkout.
Please, give me some hint, maybe good article about how to make your cart items go to the checkout, anything will be highly appreciated, I don't know what else to google now
There are numerous options for tying PayPal into your website or app. Depending on exactly what you're doing or how good you are with web service API's you may choose one or another.
If you want to keep things simple, you can stick with Payments Standard. This is basically what you're referring to about the one item only buy now button, but you can use the cart upload command method to build a form that includes multiple items and pass it all over to PayPal at once.
If you prefer web service API's I'd recommend using Express Checkout. This consists of SetExpressCheckout, GetExpressCheckoutDetails, and DoExpressCheckoutPayment. Read through that general EC documentation to get familiar with the calls and how it all flows.
Another thing I would highly recommend utilizing is Instant Payment Notification (IPN). This is a feature where PayPal will POST transaction data to a listener script that you have sitting on your server any time a transaction occurs on your PayPal account. This includes payments, refunds, disputes, cleared payments that were pending, etc. This allows you to automate tasks like updating your database, sending out custom email notifications, hitting 3rd party web services, etc. and it happens in real-time, so it's very powerful.

Easy Way for Non-Nerd to Manage Simple Site?

I'm not sure if this is an appropriate question for StackOverflow. I have a friend show wants a simple "Brochure Ware" web site. I could make it for him but it would be better if he could manage it himself. Are there any services out there that allow a non-technical person to create and maintain a very simple site? I'm thinking just a few pages - contact, about, home with some photos and general info. He also wants to sell some stuff but I'm going to suggest he does this using EBay but the web site would be a handy reference for potential customers who want to know more about him and his services.
Thanks a lot!
Cheers
Mark
You are looking for a Content Management System (CMS).
You can build your own software, try something open-source, or go the easy way, and go with SaaS: software as a service. Something that fits your needs (based on what you told us), is something like Shopify. It manages your products, orders, but also has functionality to manage static pages.
agreed with the CMS comment #Phil Hunt
if you are a true non-nerd go for the 5 minute install of wordpress
so simple. Shopify plugin?

Embeddable commenting systems comparison?

I need embeddable commenting system for web site where I can control posts. I want to delete posts I don't want to see and think that you can't do that if you use FB embeddable comments.
There is DISQUS, FB comments and many more solutions. What do you think is best? For me controlling comments, deletion of unwanted ones and banning users is priority n1.
Ideal solutions would be comment management that allows my users to login via numerous systems, like stackoverlow, and allow me to manage them, like stackoverflow does, but embeddable!
Opt out but possibility for posting to parent service is likeable feature
Looking for best solution! thx
I'd probably go with DISQUS, or if 'social' features aren't that important I'd choose IntenseDebate.
DISQUS has all the features you mentioned above (minus posting comments to another service, but 'likes' can be propagated to Facebook and Twitter).
IntenseDebate has probably better spam detection (it's managed by the same guys which run WordPress.com) but it lacks some features - you can login only with IntenseDebate account, WP.com account or by typing in OpenID URL (most of Facebook users probably don't realize they have one without so it's more or less useless without a 'Login with Facebook button'), but it has better customization features than DISQUS (easily modifiable CSS) and some sort of plugins you can install (haven't seen lot of those).
Also, there's Echo - it has all the features you need, but it's not free - price ranges from $10 to $100 per month.

Is there much of an anti-cookie movement anymore?

I'm not sure whether this belongs on StackOverflow or on ServerFault, so I've picked SO for as first go.
A number of years ago, there was a highly visible discussion about mis-use of HTTP cookies, leading to various cookie filtering proxys and eventually to active cookie filtering in browsers like Firefox and Opera. Even now, Google will admit that currently about 7% of end-users will reject their tracking cookies, which is quite a lot, actually.
I still vett all cookies that get set in my browser. I have for years. I personally do not know anyone else who does this, but it has given me a few interesting insights into web tracking. For instance, there are many many more sites using Google Analytics than there were even two years ago. And there are still sites (extremely few, fortunately) which malfunction hideously if you don't let them set cookies. But advertisers in particular are still setting cookies to track your way across the web.
So is there much of an anti-cookie movement anymore? Has anyone tried to take Google to task for setting so many with Analytics? Is anyone trying to vilify sites like Ebay and PayPal who use a dodgy cross-site cookie to let you login?
Or am I making too much of a stupidly small problem?
Nowadays, there are other ways to block these annoyances. Rick752's EasyList has the EasyPrivacy list, which blocks most of them with no work at all other than adding the subscription once to Adblock Plus. NoScript can (with a little configuration, mostly removing some misguided entries on the default whitelist) easily block the ones which depend on JavaScript.
That said, I set up my browser to empty all the cookies on logout. Then they can track you only for the duration of a session, which will be short unless you tend to keep your browser open for a long time (or use the session save/restore all the time).
If you use Flash, know that it also has a kind of cookies, and the interface to manage them is most probably poorer than your browser's.
There's always people who misunsderstand cookies - on both sides. Ultimatey, it's up to the browsers to properly identify the sites for cookies. As long as the site's being set properly and the browser's respecting that, it's just not much of a problem. I think thta, with the increased use of web toolkits that take care of the programmatic details (and better, slightly more security-conscious browsers), it's not much of an issue now for end-users.
Beyond that, the proliferation of DHTML and XML-based partial-page-loading mechanisms (as well as database-backends and similar), the need to track session between stateless pages is reduced now. Your web app can very easily keep state without the need for cookies, and that may well have partially been driven by the number of [generally misinformed] end-users who blocked cookies all together.
In shorter words: "IMHO, no".
I gave up both as user and developer.
As a user the convenience of staying logged into sites is just too tempting, the pain of some sites not working too annoying. And I'm not that sensitive about my privacy, so I stopped caring and let all cookies through.
As a developer I always try to be as RESTful as possible, but I don't know any decent way of handling authentication without cookies. HTTP Basic Auth is just too broken, I can't assume HTTPS all the time and mangling URLs is painful and inelegant. What's left is form-based authentication with cookies. So my applications have one auth cookie -- I don't need any more than that, but that by itself requires the user to have cookies on if they want to authenticate themselves. Maybe OpenID and other federated identity services might fix that one day, but at the moment I can't rely on any of these yet.
My biggest annoyance with cookies is that I want to block Analytics cookies but at the same time I need to login to analytics to manage some customer sites. As far as I can tell they are the same cookie (in fact it may be the same cookie across all google services).
I really don't trust the Google cookie. They were apparently one of the first large companies to set cookie expiration to 2038 (the maximum) and their business model is almost entirely advertising based (targeted advertising at that). I suspect they know more about the day-to-day online activities and interests of people than any other government or organisation on the planet.
That's not to say it's all evil or anything but that really is a lot of trust to be given one entity. They may claim it's all anonymised but I'm pretty sure that claim would be hard to verify. At any rate there is no guarantee that this data won't be stolen, legally acquired or otherwise misused at some future point for other purposes.
It isn't impossible that one day this kind of profiling could be used to target people for more serious things than ads. How hard would it be for some future Hitler to establish the IP addresses, bank accounts, schools, employers, club memberships etc of some arbitary class of person for incarceration or worse?
So my answer is that this is not a small problem and history has already taught us many times over what can happen when you start classifying and tracking people. Cookies are not the only means but they are certainly a part of the problem and I recommend blocking them and clearing at every convenient opportunity.
I am also one of the hold-outs who doesn't automatically accept cookies. I do appreciate sites that need fewer, and I am more likely to return to those sites and allow cookies from them in the future.
That said, I do think that being vigilant about cookies is not (rationally) worth the effort. (In other words, I expect I will keep doing what I'm doing because it makes me feel better, even though I don't have evidence of commensurate tangible benefit.)
Every now and again I clear all my cookies. It's a pain as I then have to login to sites again (or set preferences) but this is also a good test as to whether either me or my browser can remember the login details..

pushing content to cell phones

I am working on a photo site and one of more active users asked about pushing content to cell phones. The site is built on django, and I was wondering if anyone knows a good way of allowing users to download and store content (images) on their cell phones?
As a side question... is it possible to accept payment for the content via the cell phone or would that have to take place on the site?
The best way to serve content to a mobile user would be to forward them to a mobile specific site. A lot of places do this by forwarding the user to http://m.mydomain.com/. You can tell if they're using a cellphone by checking against their UserAgent string as Harold said. Find more at: Change Django Templates Based on User-Agent
In terms of downloading, this is pretty phone dependant. On my iphone, for instance, I don't know that I can save images directly from the internet. (This could just be my ignorance, however). I think you're going to run into a lot of discrepencies on the browsers between different mobile devices. How many offer photo downloads vs. not, etc.
For payment, I would suggest keeping it in browser. There is SOO much that could go crazy on a cell phone and money isn't one of those places where I like to take risk. That being said, you could likely look into some sort of sms micro payment system (sorry, I don't have any recommendations) or look at partnerships with carriers such as Verison. Beyond that, I'd say keep it in the App.
Hope it helps.
Check to see if the User Agent of the phone(s) you wish to support is in request.META['HTTP_USER_AGENT']. If so, render mobile friendly templates.