I am tossing this one out there to see what kind of ideas people have on how best this could be accomplished, and I intend to hire someone to work on this shortly. Otherwise, given the suggestions I may take this to Elance.
I run a gameserver hosting company, and have been designing a client control center in my mind for quite some time. I will say right away I am no programmer.
I do not want to share too many details here, but here is what I have in mind:
-Customer places an order on our site
-That order is stored in a DB (mysql) and emailed to me for backup.
-Depending on what merchant service we go with, the order will either be processed by them or by us, encrypted via SSL and encrypted in the database.
-Along with that is an SSL-encrypted admin interface INTO the database where I can view orders, edit them, etc.. A simple editor, not anything like phpmyadmin.
Now for the kicker (Yeah that was easy):
I want automated setup on my servers. I want my servers to check the order database every hour, and if they have space grab an order and set it up. I am thinking of using perl/php binary on the server machines to connect to the database over SSL or SSH and grab the order info. With that info, servers will be setup in their proper DIRS, and certain configs will be edited accordingly. Simple bash programming for most of it.
So, my questions/needs:
1) Does this sound like a viable method for doing this? More importantly, do you have a better idea? Please PM me on this.
2) I had a developer start work on this, and then he decided that he wanted a contract stating he owns the code and I am licensing it. NOPE. I need to own this code, and it must not be distributed in its final form as I use it. I only intend to pay for it once. Thoughts?
3) No proprietary software needed to use this (with the exception of the SSL cert if we go that route). I run linux for a reason!
4) If this cant be made secure, I am not interested.
Future plans include a customer control panel where they can control and start/stop their servers, edit files in real time, etc.. 90% of that code is GPL'ed somewhere, I just need someone to make a pretty interface and tie it into the main DB for authentication.
Firstly, if you don't program it, you don't "own" the code. You don't understand the code, or how it works, sorry, but you don't "own" the code. The coder will always (always) retain rights to do as he (or she) wishes with code. That's a given.
Next, there's a few problems with your setup here:
Emailing (through php) can't be made secure. The only way to do this is to create an stunnel specifically for email, and that'd be rather time consuming, and I'm not even sure THAT would guarantee 100% email security.
You don't want to "encrypt" the order in the database, otherwise you wouldn't be able to read the data from it. The password, MAYBE, but once you encrypt something, you can't reverse the process. That's the whole point of encryption. I wouldn't encrypt the password, because you will (eventually) need to refer back to that.
Perhaps you meant automatically inserting this through asecure tunnel? That should be easily possible,but it'd still be a task.
I'd advise against using "automatic" procedures to enable these accounts, because problems could ensue : Customer's credit card isn't cleared, diskspace is there, but another customer has that quotad out and, woops, quotas from previous customers (plus new) add up to more than drivespace available.
Regardless, this is something that iS possible, but there's alot of things that have to be considered before really progressing with it.
WHMCS Guru - WHMCS addons, management, support and more. WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
Linux Problems? WHMCS Issues? +1-866-546-8914 (linux-14) or @whmcsguru on twitter!
The coders who made MS Office do not own that code.. MS does. They are not free to go and sell it to whomever they want. My gripe with my (now former) developer is that he demands that I license the code from him, for a monthly rate. Perhaps I am mixing up a few words, but I think my message is clear and understandable!
Basically, I need to pay for a project, get my code, and IF I choose, be done with the programmer as of there. No strings, no clauses. They develop this FOR ME, and when the product is delivered to both our our satisfaction our agreement is complete. That is what I intended to convey.
The emailing doesnt have to be secure! Email can never be counted that way (well maybe through a pgp-type tunnel, but anyway)...
I meant that my idea was to have the servers pull the order through an SSL-encrypted link to the web database using a php-binary script (no webserver on each game machine). No email.
I have considered your statement about automated setup.. but let me ask you this. Regardless of whether I attempt to manually make the servers do this or let cron do it, how will I know if their CC is good? It was my intention to have the affirmative/denial code from the CC processor determine if the order was valid or not. Ideally, the order wouldnt even be viewable TO the servers until they were successfully billed.
I purposely did not give all the details on a public forum.. but to address the disk space / old users concern.. I envision an admin control panel that can interface with the users database.. so when someone leaves (either I remove them or they do in their client control panel), their server is deleted and their info is removed from the game and web server like it never existed. I have thought of several ways to do this as well.
Its a rather complex idea I realize Thats why I am posting here and not buying books on php and perl
I do not see what would be the problem with the automated setup. If the setup script is done properly it will anticipate all possible errors and react accordingly.
The project would have to be broken in a few independent subprojects.
1. Signup and credit card processing.
(relatively simple and straight forward, get order, check for errors, dump in database, send to CC processor, wait for approval, update database).
Additionaly, approved orders are dumped in the file (pgp would be used here) and file is mailed to you.
2. On the game server hourly cron job runs script that does:
- scp (kinda ftp over ssh. ) to grab the order file
- parse file
- invoke bash script to do account setup.
- some kind of notification email should be sent here.
The idea is to prevent any usernames, passwords and CC numbers from flying around in a plain text. "Dedicated" user accounts would have to be created that have just sufficient premissions to handle these jobs.
3. Does game server needs to communicate with the database to confirm that the account was created? Is there some existing interface for the game server administration? Do you need to communicate chages that you make through this interface to the database that we dump orders in?
This sounds like fun project. If you wish to disscuss it further send mail to sasha AT goldnet.ca