Dexterity Software's game order page
Turnkey Software's SimpleShop
Paypalhelper's example page
They're just one-page things where you enter your information and submit it to the payment system (paypal at first, probably a credit card processor later). Then the system will email you a download link when your payment is verified.
The turnkey one looks like the solution, but it doesn't do anything on the back-end. It just sends you the paypal transaction or the credit card number the person entered. You've gotta actually send the download link yourself. They make a much more expensive one with back-end processing, but it's a full shopping cart, which I don't want.
Or I could do something even more silly like have a "click the yellow rhombus 20 times in 60 seconds for 10% off" box in the form :)
Of course, I might be talking outta my ass here. What I'm talking about is. . .
1. User plays "baby" version of the game on my web site (remember, it's in Flash).
2. User says "zounds, this is fun" and clicks the "buy the full version" button.
3. Flash-based form on buy-page collects user and product data
4. Which is passed to a piece of PHP code on my site
5. Which verifies and massages that passed data into something Paypal will like
6. And then passes the data along to paypal and redirects the user to the paypal page where he verifies his ID and password
7. And then paypal puts the money in my account and runs my IPN
8. Which creates an ID in my database and generates a registration code
9. And then emails the user a www.thecodezone.com/download.php?ID=122349335 link and a registration code.
10. Which the user then clicks.
11. Thus causing download.php to look up the passed ID to see what product the user's downloading, sending the file to the user if it's there.
12. Then the user runs the install and enters the magical code sent in his email, thus unlocking the game.
13. User plays game and sends all of his friends to play the online version.
14. Return to step 1.
The possibility of fakery is strong, as it is with any Paypal IPN-based stuff. Since Paypal doesn't know about products and just passes on what it's given, it's not difficult to fake a post to paypal with whatever dollar-values you want for a product. That's also where the IPN comes in. In addition to verifying the transaction, Paypal sends you along everything that was passed to it, including part numbers and prices and taxes and such. It's then the job of your IPN to verify that these values are kosher before accepting 'em. So if it sees someone buying Duck Tiles for three cents, it's gotta be smart enough to notify me that something odd just happened rather than sending the user a download link.
Yes, I'm organizing my thoughts here. If anyone's got advice on this, please please please lemme know.
And "hey, paypal suxxorz" is not advice. I'll hook up with a real credit-card processor eventually so people can choose paypal or credit card. Paypal's actually setting that up now, but they're charging $20 a month for that, which is a touch steep for a pissant company like mine.