I'm wondering how's the best way to handle full version downloads (including free updates downloads). I've been thinking about this for quite some time now, and did a few searches in the forums, but still didn't came up with a magic solution.

I can think of three ways to do that:

(1) Identify customers by their email address.

If I suppose that each customer can be identified by his/her email address, then I can build a customers table with the email as primary key, and another table to associate a game with a customer so that my system knows which customer has bought which game(s).

That way, I just have to give each customer a password on his/her first purchase so that he/she can access the download zone on my web site.

Since the password and/or download link are sent by email after the purchase, I am sure that the email is correct.

However, what happens when a customer changes his email address? I can think of several problems and solutions... but it's not that easy I think.

(2) Make customers create an account before/while buying, so that they can access their download zone just like in 1), but this time they choose their login/password instead of using the email.

Problem: I think that's a (small) obstacle to the sale, and more importantly I'm not sure if I can do that easily with Share-It.

(3) For each purchase, give the customer a different keycode or login/password that lets him/her download only this particular game.

Problems: I can't tell if someone bought several games, nor offer the customers a download zone that let them download all the games they bought.


Hum... As I write this I realise that maybe some "problems" aren't really problematic :)... But I think some of you who use full version downloads could help me a lot by telling the system they chose and their experience.

Thanks a lot for any advice/info!

(1) Identify customers by their email address.


From what I read on this forum, people claim that you can't assume the email address you get from a customer is valid.

Here's what I did on CustomBar (http://www.custombar.net) after a lot of thinking:

Customer purchases CB through order form. Receives an e-mail with a serial that is tied to their e-mail address (I chose e-mail rather than name since people have a tendency to not remember exactly how they spelled their name). The customer also gets a randomly generated customer login (username is based on their name for easy remembering). To download full version, free updates, betas, bonuses, etc they can login to customer area.

So far it has worked better than I expected. People seem pleased at having a special login and it greatly simplifies getting updates out to registered users, and giving them test versions to play with. I can also regularly check if someone hasn't logged in after purchasing, and then contact them to see if there's a problem.

Thats actually somewhat odd reasoning ;)

Very few customers forget if they put "Alex" instead of "Alexander"....but when it comes to email addresses, its a mess. Emails are usually tied with an assortment of letters, numbers, underscores, dashes, different domains, etc. - not to mention that emails are changed often, your name is not.

Just struck me as strange.

Alex

I don't know exactly what's your problem... the vendor stores all those infos for you. With plimus I can do a search for example for people who bought UBM win, UBM mac, USM, etc. etc.
If I do an update I notify ALL people with the next newsletter: so the one who bought the game are informed and the others see another message talking about that game (and who knows maybe they could consider buying it! :)

There seem to be a lot of e-commerce vendors out there that are not necessarily game related that use the email address as the username.

I would think that for most people an email address is something that they would keep for a reasonable amount of time and even if they changed it would not forget it. I suspect it would be easier to remember than a random username they may pick when buying the game. If they can log in to an account and change their email address and password then they can migrate their account to a new email address easily.

I'm by no means ready for primetime, but I am looking closely at how non-game e-vendors have their sites set up. I know there isn't an overall internet standard for this sort of thing, but I'd like my customers to use something that they are familiar with.

Very few customers forget if they put "Alex" instead of "Alexander"....but when it comes to email addresses, its a mess. Emails are usually tied with an assortment of letters, numbers, underscores, dashes, different domains, etc. - not to mention that emails are changed often, your name is not.

I know a lot of people that spell their names differently, and a lot of this has to do with how it's on their CC versuses how they usually write it. For example William G. Gamer versues Bill Gamer versues Willam Gamer (CC spelling mistake). Then there's people that have foreign names with English equivelents (such as myself).

On the other hand, an e-mail address can only be spelled one way. The e-mail doesn't have to be valid anytime after the initial order, so people changing their e-mails is irrelevant as long as they have printed and kept their user/serial info (if not then they have lost their serial as well and will need to contact support either way). I also see it as a deterent - people are less likely to share registration info if that part of that info is their e-mail address.

Additionally, while this may not be a realistic concern, common names (such as John Smith) would result in the same serial being owned by multiple people. To me that opens up some piracy loop holes.

So that's my story and I'm sticking to it :)

@entell:
"From what I read on this forum, people claim that you can't assume the email address you get from a customer is valid."

That's right, I guess, but since the login/pw would be sent by email anyway, well, err... if someone mis-types his email, then he wouldn't get the game, and would contact me rapidly I suppose :). Or he might have typed the email of someone else... Either way, I don't think much can be done about that, especially when using a third party payment processor.

@Jack Norton:
"I don't know exactly what's your problem... the vendor stores all those infos for you."

My problem is not how to tell people that a new version is available, but how to restrict the full version download to people who bought the game.

I could send a (temporary) link by email to all registered users when a new version is available, but someone who lost his/her installer would still need to contact me "manually" to get the file again.

So as I see it, the only choice is to implement a login system to access a download area on my web site. (I'm also planning to add network play some day, so it's nice if all registered players get a login/pw to access the game server).

I'm just wondering about the best way to implement this, so that 1) it works, 2) it's convenient for the users, 3) it scales well for when I have several games selling...

@Lizardsoft:
So you send 2 different login/pw to your customers? One for unlocking the app, and another one for downloading updates?

I was planning to use the same for both. By introducing some random number in the password (serial), it ensures that even if someone figures out the keygen by looking at the exe, they can't guess the password associated to a particular username.

Also, if you were selling several apps, each customer would get a different customer area for each app, right?


Thanks to all who answered, that's really helpful :)

That's another motivation for which I switched to serials. When doing an update people just need to redownload the demo :)
Quick and easy ;)

I quite like the idea of a login / password system.

It might be worthwhile to have the customer log in / register at the point of sale. The customer will not pull out at this stage as he / she has already paid and is demanding the game. On the other hand, a friendly message could be displayed explaining the benefits of the customer account e.g. with regards to the ability to re-download the executable, get patches etc. etc.

I think that in actual fact it solves the problem of re-issuing the download X number of times because the customer has to authenticate himself / herself with the credentials provided on registration and in an email on every download.

Coupled with keeping track of what software was purchased by the customer, only the games purchased and any subsequent patches would available for download.

If implemented properly, I think the system in itself provides an excellent means of safeguarding the software download repository while providing a reasonably good service to the customer.

After I pay my hard earned money, I want to download the full game via a link in an email, or enter a serial from an email. The last thing I want to do is mess about creating accounts, logging into places. Preferably I want a game which knows when an update is available, and downloads it, no messing about logging in places involved.

Just my 2 cents, I have bought games from most of you on here.

I'm wondering how's the best way to handle full version downloads (including free updates downloads). I've been thinking about this for quite some time now, and did a few searches in the forums, but still didn't came up with a magic solution.

FileKicker has a feature that allows developers to create limited use download links from a script. When the customer orders, a full version download link is created and sent to them via email. Very slick.

The update process can be very simple, but still very secure. When the user downloads the full version, he is asked to register the product in order to qualify for updates. The registration code is the order ID, email address or other unique identifier along with a keyed MD5 hash. It would look something like this:

johndoe@somedomain.com
9637d37b963f422f4ec5efde3b1efae1

When the user clicks the "check for updates" button inside the app, a browser windows is launched. The unique ID, keyed MD5 hash, and version number is passed through the URL to a webpage that validates that the keyed MD5 hash matches the unique ID. The webpage then checks the current version number against the passed version number. If the customer needs to update, a limited use download link is generated and displayed.

The benefits of this system are that users aren't required to enter or remember a username and password to get updates, users keep coming back to your site to check for updates, and there isn't any need to maintain a customer username and password system.

Michael
FileKicker Support
support@filekicker.com
http://www.filekicker.com/

@Lizardsoft:
So you send 2 different login/pw to your customers? One for unlocking the app, and another one for downloading updates?

Sort of. I wouldn't call the registration code a login. It's just the number that they type, along with their e-mail address, into the registered version to unlock it.

The logic behind separating registration from site login has to do with dealing with people that purchase multiple licenses (I want to be able to provide separate registration codes for each license if requested, but not create 50 unnecessary logins). In the future this will also allow me to add some sort of license management online system, should CustomBar ever catch on as a tool used by companies and maybe even add some sort of automated key retrievel tool (unlikely though as it opens the system to hackers too much).

Thread migrated here: http://69.30.208.127/forums/showthread.php?t=28

Thread migrated here: http://69.30.208.127/forums/showthread.php?t=28


Whose forum is this? IndieGamer?
Does it have anything to do with dexterity?

Thanks a lot again, Filekicker and Lizardsoft!

Whose forum is this? IndieGamer?
Yes; the Dexterity forums are going to "close" in a few days (they will stay online to be read, but posting will be impossible).
Three of the moderators teamed up to offer replacement forums.
See this thread (http://www.dexterity.com/forums/showthread.php?goto=newpost&t=3781) for more info.