WordPress.org

Plugin Directory

EZ PayPal

EZ PayPal gets you started with your online business. Use PayPal IPN, sell digital goods with instant download, and no carts. Official PayPal Partner.

This program is quite complex. Do you have more documentation?

You will find a help button on almost every admin screen of EZ PayPal near the top right side of every panel. Clicking on it will bring up a nice dialog box with context-sensitive help.

To get started, you might want to use the admin menu item "Tour and Help." The tour will walk you through the features, and the help text on the page will give you everything you need to get started.

Can I use this plugin to ship physical goods?

Although EZ PayPal is designed to handle downloadable digital goods or virtual services, I have implemented basic support for physical goods in the Pro version. To use it, add meta-data to the product. 1. Click on the Products menu item. 2. Add a new product or edit an existing one. 3. Click on the Edit Meta Data button to bring up the meta-data editor. 4. Create a new key-value pair with key (entry in the fist column) as shipping and the value (entry in the second column) to be the shipping charges. Also, ensure that you have defined the product to require the buyers to give their shipping address.

I have trouble uploading my products. What do I do?

Your product files are uploaded into a directory with a random name (so that a potential hacker will have hard time guessing it). It is likely that your web server doesn't have the privileges to create or modify this folder and files within. Click on the Show button on your Admin Control Panel to see what the directory name is. Then create the directory with that name, and apply chmod 777 to make it writeable.

How do I manage products?

To edit your products, use the menu item Products. It will list your products in an editable table. You can click on any value in the table and edit it in place. If you would like to see all the attributes of the product, click on the edit button in the last column.

In order to add a new product, click on the green "Add New Product" button and type in your values in the product creation screen.

Why do I get error message saying something about direct access to plugin files?

This plugin admin interface is designed with a loosely coupled architecture, which means it interacts with the WordPress core only for certain essential services (login check, plugin activation status, database access etc). Loosely coupled systems tend to be more robust and flexible than tightly integrated ones because they make fewer assumptions about each other. My plugin admin pages are fairly independent, and do not pollute the global scope or leak the style directives or JavaScript functions. In order to achieve this, they are loaded in iFrames within the WordPress admin interface.

Your web server needs direct access to the plugin files to load anything in an iFrame. Some aggressive security settings block this kind of access, usually through an .htaccess file in your wp-content or plugins folders, which is why this plugin gives a corresponding error message if it detects inability to access the files (checked through a file_get_contents call on a plugin file URL). But some systems implement further blocks specifically on file_get_contents or on iFrames with specific styles (using mod_securty rules, for instance), which is why the plugin provides a means to override this auto-detection and force the admin page.

Is the direct access to plugin files a security hole?

Note that it is only your own webserver that needs direct access to the PHP files. The reason for preventing such access is that a hacker might be able to upload a malicious PHP (or other executable script) to your web host, which your webserver will run if asked to. Such a concern is valid only on systems where you explicitly permit unchecked file uploads. For instance, if anyone can upload any file to your media folder, and your media folder is not protected against direct access and script execution, you have given the potential hacker an attack vector.

In this plugin, its media/banner upload folder has a multiple layers protection: 1. Only users logged in as admin can ever see the upload interface. 2. The upload script accepts only media file types. 3. The backend AJAX handler also checks for safe file types. 4. The media storage locations are protected against script execution.

So allowing your webserver to serve the plugin admin files in an iFrame is completely safe, in my judgement.

Requires: 3.3 or higher
Compatible up to: 4.3
Last Updated: 2015-8-27
Active Installs: 1,000+

Ratings

4 out of 5 stars

Support

1 of 3 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

0,1,0
100,1,1 100,1,1
100,1,1
100,1,1 50,2,1 100,1,1 100,1,1 100,1,1 67,3,2 100,1,1 100,1,1 100,1,1
0,1,0
100,1,1