Hi all,

As some of you already know, I have been working on developing a new shopping cart software for webhosts. I thought I could use this thread to ask questions and see how you (my future customers hopefully :D) feel and think about different parts of this shopping cart.

The shopping cart is being programmed in PHP4 with MySQL database.

Here is a rough idea on how this cart is planned to look like and work (can change).

There will be 4 types of users:

Administrator: is the server owner who can create/delete/edit groups (permissions, features) and site owner accounts. (and more..)
Site owners: can totally customize their shopping cart. They can add/delete/edit categories and products to their cart. They will also be able to manage their resellers and customer database. (and more..)
Resellers: will be able to choose what products they want to sell. (and more..)
Customers: will have the option (or be forced) to register and keep their data in the site owners private database. (and more..)


There will be tons of options that will let your site owners fully customize their shopping cart. There is a support for multilanguage coded in already and I will release the first version with at least 2 languages (English and Swedish). There are tons of other features I have planned to include.

Now, I have a question for you all. Would you mind if the administration part of the shopping cart could not be fully customized? This means that it will be using whatever design we decide and can but should not be customized except for the logo (you can put your own logo there). There will only be a small text at the bottom of the page saying "Powered by CartName.com". Keep in mind that the administration section will not be viewable to customers, only admin and site owners! Why you ask? Well, in the administration part there will be tons of links and messages and notes that might end up wrong if customized.

Thank you in advance for all of your replies. Feel free to post/PM/email new ideas or suggestion to us.

Email: ssarvi@pocketmail.com

If you are developing this under PHP and using mySQL - and you intend to support deployment in shared server environments, how do you plan to keep the database secure?

Most shared server environments require that all files on the server regardless of whose file they are be readable by the web server process. This means anyone else on the same server as you can read your files using any CGI application.

If the mySQL username and password are stored in a config file that is easily determined (standard location per installation, etc) I can read your mySQL username and password from my server cgi program, and now I can "become" you from my shared space on the same server as you.

Any thoughts on how you plan to get around this issue?

-t

Originally posted by zolbian
support for multilanguage coded in already and I will release the first version with at least 2 languages (English and Swedish).


Aaah, at last someone who was intelligent and supports multiple languages! Congrats! Maybe I could do translation to German for you, let's see...

Originally posted by thewitt
If you are developing this under PHP and using mySQL - and you intend to support deployment in shared server environments, how do you plan to keep the database secure?

Most shared server environments require that all files on the server regardless of whose file they are be readable by the web server process. This means anyone else on the same server as you can read your files using any CGI application.

If the mySQL username and password are stored in a config file that is easily determined (standard location per installation, etc) I can read your mySQL username and password from my server cgi program, and now I can "become" you from my shared space on the same server as you.

Any thoughts on how you plan to get around this issue?

-t

We will have to look a little deeper into this, but this is what I was thinking so far..

The cart application will be installed in a directory hidden somewhere only the server admin knows where. The directory will then be set to chmod 750 and chgrp nogroup so that only apache can access this directory. Then the admin types in Alias /cart /path/to/cart in the httpd.conf file and this will make it look like the users have the cart installed under their own domain name (www.domain.com/cart/).

I know this is not a bullet proof plan, but we're still working on it.

If you have any suggestions on how to better this, please let us know.

Thank you.

Originally posted by Walter



Aaah, at last someone who was intelligent and supports multiple languages! Congrats! Maybe I could do translation to German for you, let's see...

Yeah, and the good part is that whenever we release a new language file, you just download it and copy it to the cart directory and you're done. The language file is installed.

It would be nice if you could help translate when the cart is done. There is not that much text.

I've been looking around for a product like this....please contact us once it is released.

Originally posted by successful
I've been looking around for a product like this....please contact us once it is released.

When the product is done, I will most likely post a message in this forum to let everyon know.

With what merchant facilities will it be compatible with?

Could it be module based so we can use diiferent merchants?

To secure your files, you can use PHP-CGI-WRAP and have the PHP files owned by a different user than nobody, although you will have to run PHP as a CGI, which is slower.

The other alternative is to have a different instane of apache running on a different username.



Cedric
http://inetflex.com/

Originally posted by eddie
With what merchant facilities will it be compatible with?

Could it be module based so we can use diiferent merchants?

We have not reached that part of the cart yet. But if you all let us know which ones you would like included, then we can look into it and add as many as possible.

I will soon give you an URL where you can beta test the administration part of this cart.

NEW FEATURE:

A feature that we have included that we think host will love, is that with our shopping cart, you can give different features with your different packages!!!

This means that you can limit number of categories, products, etc.. You can also allow, dissalow and limit resellers, product reviews, user database and more.

To give you an example.. You can with your basic package offer a shopping cart with maximum of 10 categories and 100 products, while with your gold package you can offer 50 categories, 1000 products and also allow resellers and user database feature..

regards,
Saeed