I've done what you're describing and I can tell you how I did it.
2. Put the addresses (not the private keys) into a database on your web server. There should also be a column indicating whether or not the address has already been used. You probably also want a column indicating whether the payment has been received. I had a mysql table for all of this.
5. Here's the final and most problematic step. You should check for when the payment is made (with n>=0 confirmations) and mark it as paid in the database at that point. Here's how *not* to do it: Call a third party site like blockchain.info. If you call a third party, then you've leaked the address. You chould have bitcoind running on your server, but to watch an address you have to have the private key in the wallet. It's a terrible idea to have wallets with private keys on a web server (which is a real shame). You can encrypt the wallet with an extremely high entropy password and it's probably safe, but I wouldn't recommend it. I'll tell you what I did: I rented a separate server that only ran bitcoind (no apache), put the wallet in question with a very high entropy password on that server. I whitelisted that my webserver could ask about payments to certain addresses. (Well, what I did was a little more complicated, but I'm trying to give the idea.) You could also secretly just wait half an hour and then assume the payment was made. The buyer will probably assume you are waiting for confirmations. That's the technically easiest solution.
PS: I just saw your latest reply. I like money.
2. Put the addresses (not the private keys) into a database on your web server. There should also be a column indicating whether or not the address has already been used. You probably also want a column indicating whether the payment has been received. I had a mysql table for all of this.
5. Here's the final and most problematic step. You should check for when the payment is made (with n>=0 confirmations) and mark it as paid in the database at that point. Here's how *not* to do it: Call a third party site like blockchain.info. If you call a third party, then you've leaked the address. You chould have bitcoind running on your server, but to watch an address you have to have the private key in the wallet. It's a terrible idea to have wallets with private keys on a web server (which is a real shame). You can encrypt the wallet with an extremely high entropy password and it's probably safe, but I wouldn't recommend it. I'll tell you what I did: I rented a separate server that only ran bitcoind (no apache), put the wallet in question with a very high entropy password on that server. I whitelisted that my webserver could ask about payments to certain addresses. (Well, what I did was a little more complicated, but I'm trying to give the idea.) You could also secretly just wait half an hour and then assume the payment was made. The buyer will probably assume you are waiting for confirmations. That's the technically easiest solution.
PS: I just saw your latest reply. I like money.
with point 2&5 many people use their own home computers or another remote server, that does the checking and then sends a 'payment sent' to the database on customer facing website server. plus updating the customer facing website database with fresh public keys, making the home/remote server the brains of the operation and the customer facing webserver. just a GUI input viewer