Currently, I have a store running X-cart. And I'm tired of dealing with instability, bad patching, security issues, and messy code.

I have a budget of about $800.

Currently I purchased Pinnacle Cart, but it cannot support 2 separate tax codes based on the area. (Here in Canada we need to show 2 different taxes). It also has poor support for product variants.

I'm tired of modding carts and applying patches.

Requirements:
* Handle 1,000 products easily.
* Multiple tax codes shown separately.
* Good variants/options support. Example: have many options with say Width(1-5) and Size(10-20). And each variant will have a different price.
* Would like an active community and open source.
* Re-brand-able would be nice too.

My highest recommendations would be ProductCart (productcart.com) and Volusion (volusion.com). Both offer outstanding post-purchase support, and a stable platform with loads of features. ProductCart allows you to have access to the entire code, so you (any ASP programmer) can customize the system easily. It's extremely stable. Volusion also allows you to purchase the source code yourself, but they charge a lot more for it (around $10k).

// innov8

WTF. Just got a private message from Studio 57 Designs saying I should check out X-cart and if I need any assistance to contact them.

My highest recommendations would be ProductCart (productcart.com) and Volusion (volusion.com). Both offer outstanding post-purchase support, and a stable platform with loads of features. ProductCart allows you to have access to the entire code, so you (any ASP programmer) can customize the system easily. It's extremely stable. Volusion also allows you to purchase the source code yourself, but they charge a lot more for it (around $10k).

// innov8

Thanks.. Volution looks interesting. I wish ProductCart supported PHP as I stopped developing in ASP after the .com crash.

i would second the volusion reccomendation. Also you might want to look at netsuite.

zencart handles both levels of canadian taxes, as well as hst, very nicely. Thousands of products no problem. Very active user forums, with questions answered by the developers. Very simple to redesign the look using only css. Regular updates, immediate security patches (rarely needed). Oh wait, sorry, its free, you wanted to pay. Never mind.

I fail to understand why anyone would trust credit card information or any type of personally identifiable information to a free, community-supported cart product. It does not make sense that the same "community" supporting it is the one hacking at it.

Formpay, I was looking for some pricing information on Netsuite. How much is it? Is it a hosted service or can it be purchased and installed on private servers?

I fail to understand why anyone would trust credit card information or any type of personally identifiable information to a free, community-supported cart product. It does not make sense that the same "community" supporting it is the one hacking at it.

But yet you said you wanted open source? If zencart open source isn't secure, why would any other open source be secure? After all, its open for examination. If the zencart community can hack zencart, then the cubecart community can hack cubecart. What is the difference?

I personally don't use credit cards on any website using any kind of shopping cart. If they don't take paypal, they don't get my business.

But yet you said you wanted open source? If zencart open source isn't secure, why would any other open source be secure? After all, its open for examination. If the zencart community can hack zencart, then the cubecart community can hack cubecart. What is the difference?

I personally don't use credit cards on any website using any kind of shopping cart. If they don't take paypal, they don't get my business.

Not to hijack the thread...

I didnt say I wanted open source. I am not the OP. It is only an observation on my part. While some commercial software may be based on open source, it has a commercial team of developers that are responsible for the code. I just believe that customer privacy is more important than how cheap or free a cart is. To me, as a community project, I may as well count on pouring over all the code to make sure it was coded properly. Commercial publishers have a financial incentive to keep their code secure.

Actually zencart is not produced by a "community". There is a core of six developers who produce the code. Their work is rewarded by financial contributions from satisfied end-users, of which there are many.

Well it looks like Zen Cart can do pretty much everything. I'm impressed. But it still looks like a big mess.

Not that I really want to pay for it, but I need something that is a bit more refined out of the box. Do any companies "resell" Zen Cart with any improvements?

Have you looked at osCommerce? They have a strong community with many user contributions.

Well it looks like Zen Cart can do pretty much everything. I'm impressed. But it still looks like a big mess.
Amen. I have never understood why OSC/Zen hasn't been improved on the backend. I would never put that type of crap in front of my customers... how hard could it be?

Pinnacle has one of the better admin interfaces around (so far as low-cost cart products go)

I fail to understand why anyone would trust credit card information or any type of personally identifiable information to a free, community-supported cart product. It does not make sense that the same "community" supporting it is the one hacking at it.

I fail to understand why anyone would trust a black box, closed-source shopping cart system that could have secret back doors, loads of blatant security vulnerabilities, and a core team of developers that haven't the faintest clue how to write secure code. At least with an open source cart (that is popular) you know lots of eyeballs are looking at that code and using it on a regular basis. If there are security problems in an open source package they are hiding in plain sight and how hard they are to find is directly proportional to the size of the user/developer base.

Full Disclosure: I'm a security consultant (certified by the Payment Card Industry: PCI QSA) who regularly performs penetration testing and audits for large enterprises. I always find more security holes/problems in closed source products than I do with open source ones. The proof is in the pudding. Also, 9 times out of 10 the security problems I find in open source stuff has long since been fixed by the community--the company just wasn't keeping up-to-date (Note: This is also a problem with closed-source packages).

My highest recommendations would be ProductCart (productcart.com) and Volusion (volusion.com). Both offer outstanding post-purchase support, and a stable platform with loads of features. ProductCart allows you to have access to the entire code, so you (any ASP programmer) can customize the system easily. It's extremely stable. Volusion also allows you to purchase the source code yourself, but they charge a lot more for it (around $10k).

// innov8

I've got a client who is wanting to sell his Volusion source code. He went with a custom written solution. If anyone knows someone wanting the source code, we are willing to deal on the price. Yes, the source code did cost $10k. Volusion will have to approve the transfer but they have already agreed to do so if we contact them with the details of the sale/transfer.

Have you looked at eShox? It's like a commercial version of osCommerce. Nice GUI, and very easy to install and customize.

It is called Open Source. Commercial products are no better, no more secure, and often worse. You see here someone is complaining about a commercial product, not an open source one.
Personally I don't think anyone should handle or store credit-card information or social security numbers on their website. That should be left to the big boys who have millions of dollars to spend on a security budget like Paypal. I fail to understand why anyone would trust credit card information or any type of personally identifiable information to a free, community-supported cart product. It does not make sense that the same "community" supporting it is the one hacking at it.

There is one company in the USA that is in development with a ecommerce platform that pulls everything together for running a web store with back office, but it won't be available til September. It is going to be free, or "free" but I don't think it will work for Canada any time soon. Does Zoovy or anyone else from the US provide affordable ecommerce for Canada? Fastcommerce.... Solid Catus???

fastcommerce.com zoovy.com ????

I can say from personal experience that Volusion is not a good platform. We have experienced mysterious email losses (several weeks of email *poof*), a very extensive SPAM problem and on several occassions the store was simply innaccessible. Support from Volusion is marginal. They do respond quickly but are pretty defensive about their source code.

Essentially my biggest problem is with the closed source nature. I understand they have to turn a profit, but there is practically no flexibility with the product category listing and with the checkout page.

I am looking into ZenCart now, have tried OScommerce as well. I agree with the earlier comments that open source is probably more stable and more secure than closed source packages because so many have a vested interest in producing clean and secure code.