Results 1 to 17 of 17
  1. #1

    Is This Possible?

    I am just a web designer/programmer and don't know a whole lot about server management and hosting. So, I can here to ask the pros a question.

    I have several clients interested in a shopping cart software I designed. However, I don't want to actually sell it to client for them to upload to their own hosting company - we all know how quickly scripts/software get cracked and released free on forums.

    Is this possible: I have a cPanel/WHM server. I want to set it up so when someone signs up through WHMCS it creates their hosting account automatically just like WHMCS normally does. However, when there account is create I want my shopping cart to be automatically on their website and ready for them to use. It does require one MySQL database. Does anyone know how I could set this up?

  2. #2
    Join Date
    Jun 2003
    Location
    New Zealand
    Posts
    129
    cPanel has a thing called "Skeleton Directory" which is the directory that gets copied for all new accounts.

    You could put the cart software in there - the only thing is creating mysql databases, I'm not sure how you would go about that.

  3. #3
    Join Date
    May 2008
    Location
    Citrus Heights, CA
    Posts
    1,716
    you will also have the issue of the config files that contain the mysql passwords, you would probably want it to generate a new mysql database password for each install.

    maybe try a skeleton directory to duplicate most of the files, then some sort of cron that will check for new users and then will create the database with a random password, fill it from an .sql file, and would then upload the config file to the new account.
    Best Regards,

    Mark

  4. #4
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,913
    It surely must be possible. I'd talk with the guys over at say Installatron.com for some pointers. You never know, they might be willing to set this thing up for you for a (hopefully small) fee.

    However, from my understanding you would not be giving customers any sort of access to the cPanel account. That makes keeping a reliable set of backups for your customers a very important thing. I don't suppose they would take losing their data lightly, and such an incident might ruin your reputation.

  5. #5
    Join Date
    Apr 2009
    Location
    New York City
    Posts
    5,054
    Tell you what, If i was in that postion I would create the account then go in my self and install the script for them, You could do that.

  6. #6
    I suppose you will need additional script for this task. Maybe that is ready solution (check hotscripts) or you will simple need to hire the programmer

  7. #7
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,482
    I am not sure on the technicalities, I know having what you require is possible. Though someone more technically minded may be able to assist with this
    l Dedigeeks (Twitter) Shared Reseller Cloud VPS Since 2010
    l Leading AU Hosting Provider Multiple locations - around the globe!
    l cPanel/WHM R1Soft Backups 24/7/365 Support 99.9% Uptime Guarantee
    l www.yourcompanynamehere.com Customer Service Rep. Superior Service Guarantee

  8. #8
    Join Date
    Jun 2009
    Location
    UK: Oxford
    Posts
    1,256
    Make a retrieve script, and set conditions.

    Such as the script will retrieve "Index.php" if "style.CSS" is "in public_html" folder? I have read about it somewhere but I cant remember exactly what the script looked like or where i saw it.

    Hope this helps though.
    Garbott Ltd - Professional web development & consultancy services
    Oxford.Hosting - Prestigious shared, cloud, dedicated and gaming hosting solutions.

  9. #9
    Join Date
    Apr 2009
    Location
    Tamilnadu, India.
    Posts
    227
    I'm not sure, i think it needs some custom script
    WebHost18.com - Domains | Shared Hosting | Reseller Hosting | VPS Server
    Bravo Technologies - Complete Network and Security Solutions Provider

  10. #10
    Join Date
    Sep 2009
    Posts
    103
    As I guess you also want your script to be updated on all accounts as soon as you release an update, therefore using an cron task that checks each account for the installed files and creates them or updates them to the latest revision if necessary.

    Nevertheless I do not understand how this is going to make your software more secure (in terms of being uncrackable) because clients can still down load the files from your server to start hacking them. And even if you locate certain parts of the script in an directory which is only accessible via php than that is no protecting either as there are several php based file-browsers.

  11. #11
    why dont you encrypt the script? at least it will not be copied so easily.

  12. #12
    Join Date
    Jun 2001
    Location
    Gotham City
    Posts
    1,849
    If you want to keep it 'central' and if this script gains popularity, you'll need to provide the infrastructure well for it. You'll have to be careful about uptime etc since it is basically eCommerce. Not to mention PCI compliance if you're collecting credit card info on your server.

    The better option would probably be to encrypt the script with Zend or IonCube and make a "call home" licensing system to go with it.
    [[ Reyox Communications / USA based cloud servers & support / 9 years of hosting websites ]]
    [[ Affordable ASP.NET4, ColdFusion, PHP & MS-SQL, MySQL, cPanel/WHM & Windows Reseller Hosting + Virtual Private Servers ]]
    (www.reyox.com) - Mention WHT and get a discount on your first month!

  13. #13
    Quote Originally Posted by Cylestyne View Post
    If you want to keep it 'central' and if this script gains popularity, you'll need to provide the infrastructure well for it. You'll have to be careful about uptime etc since it is basically eCommerce. Not to mention PCI compliance if you're collecting credit card info on your server.

    The better option would probably be to encrypt the script with Zend or IonCube and make a "call home" licensing system to go with it.
    yes yes encrypt it and make a call home to your own server where you will keep domains and IP of the people who buy the script. of course there is a way around it but it becomes much more difficult.
    also offer unlimted support, free updates, etc, so a hosting company will prefer to buy the script directly from you.
    Last edited by visio; 09-05-2009 at 08:05 PM.

  14. #14
    Join Date
    Jun 2001
    Location
    Gotham City
    Posts
    1,849
    <<snipped>>

    There are however ways around that too, and that is to use IP addresses directly, though thats a bad practice-- other ways, are, to use a revolving list of host names downloaded off a discreet server on multiple IPs.

    You can also further your key request/response routine with 128bit encryption, timestamps, or maybe a portion of the code is just downloaded off the server once a day. There are dozens of ways I could go on about how to protect code but thats another thread
    Last edited by bear; 09-05-2009 at 08:51 PM.
    [[ Reyox Communications / USA based cloud servers & support / 9 years of hosting websites ]]
    [[ Affordable ASP.NET4, ColdFusion, PHP & MS-SQL, MySQL, cPanel/WHM & Windows Reseller Hosting + Virtual Private Servers ]]
    (www.reyox.com) - Mention WHT and get a discount on your first month!

  15. #15
    Join Date
    Apr 2009
    Location
    OnTheWeb
    Posts
    2,024
    This would most definitely require a custom script. It may cost you a great penny as well but once implemented it will save you lots of headache in the long run.
    If you're the smartest person in the room then you're in the wrong room

  16. #16
    Join Date
    Mar 2005
    Location
    Labrador, Canada
    Posts
    951
    Encrypting the cart won't necessarily stop people from taking it.

    What you could do (for example) is install your cart in /usr/local/mycart and then in the Apache configuration alias that directory to 'cart', so users would browse to example.com/cart/ to access it. The cart could be designed to look for and load a local configuration file located in the client's home directory.

    This way, your programming is completely inaccessible to clients. They have full use of the programming but cannot access the files to view or download them (assuming of course that clients are chrooted to their home directories for FTP.)

    As an added benefit, you'd have only one set of scripts to maintain. Simply update /usr/local/mycart and all clients are updated.

    I doubt if you could take this approach with shared hosting, but you certainly could with a VPS. That's one of the benefits of a VPS, the ability to completely manage your server environment.

  17. #17
    Join Date
    Sep 2009
    Location
    Austin, TX
    Posts
    17
    Everything "sleddog" just wrote is the best answer given so far in my opinion. Creating a way where the files are impossible to access is a sure way to stop this from happening.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •