I have a client who rents indoor soccer fields and wants to put their rental contracts online. Curently they simply have a .pdf of their contract on-line and customers print-out and fax in the contract. The client then calls the customer and takes credit card info over the phone to pay for the field rental.
My client would like customers to fill out the contract online and include credit card info. The credit card charge would be processed manually (as it is now) after the submitted contract was approved.
My plan was to create an SSL .html form that feeds a PHP handler. The PHP handler would write the form data into an .html document that looks like the rental contract. The document would be stored in a password protected directory. The PHP handler would send an email to the client with an SSL link to the document. The client can then view the document and print it out locally.
2 questions –
1) Is this a sensible approach?
2) Submitted field rental contacts with credit card info will collect in this password protected directory … which is accessible to the client AND the server provider (since they have root access). Should I be concerned that the server provider could access these .html contracts? I have no reason to distrust the server provider — maybe I’m being paranoid.
Thanks for the insight.
Saratoga Sam