Building Online Stores with osCommerce 146
Stephanie Brain writes "Have you ever considered building your own online store and entering into the booming e-commerce arena? If you have, you may have come across some of the many open-source software available for downloading from the Internet. One of the most popular of these is OsCommerce which has been developed since March 2000 and has a full team of staff dedicated to its development. It is overseen by the founder, Harald Ponce de Leon and today there are around 6000 live, registered OsCommerce sites and 70000 registered community members, many of whom are active on the OSC forum you can log on to. This forum can provide a wealth of information when you come up against any obstacle when developing your own OsCommerce website." Read the rest of Stephanie's review.
| Building Online Stores with osCommerce: Professional Edition | |
| author | David Mercer |
| pages | 372 |
| publisher | Packt Publishing |
| rating | 9 |
| reviewer | Stephanie Brain |
| ISBN | 1-904811-14-0 |
| summary | Practical guide to building online stores with osCommerce |
Back in October I started working with someone who had already downloaded the OSC software and had the basis of an online store installed. I will be running the store, however my first task was to change the whole look of the site and make improvements to it before launching NetTechShop properly. Having read the OsCommerce blurb which promotes the simplicity of using OSC, I felt sure that I could quickly get to grips with the "simple" programming language of PhP and HTML and have the site ready in a month or two. I was sadly disappointed! By the end of November last year I was getting desperate, having spent hours making modifications to the coding on the database only to either break the site completely or find it had not made one jot of difference to the look of the site. I searched in vain for OsCommerce For Dummies.
My pain was somewhat relieved when I discovered that a book was going to be published on OsCommerce by Packt Publishing and I put my order in immediately and breathed a great sigh of relief.
Strangely such a book has been lacking until now. You can find plenty of books about Php programming and MySQL or HTML, but try to find a book which is easy to understand for someone with less than a University or College IT qualification background and about OsCommerce in particular and you will search long and hard.
David Mercer's book is the book you have been looking for and is available in either a beginner's or professional edition. It is written in a straightforward, easy to understand manner, yet does not compromise on technical knowledge and provides all the essentials of getting your website up and running with OsCommerce.
The book covers: installing MySQL, PHP, Apache and OsCommerce and testing them, configuration and customization of your store, working with data, taxes, payment and shipping, securing your store, installing more advanced feature using contributions from the OsCommerce website and deployment and maintenance of your site.
Before going onto the technical aspects and explanation of OsCommerce, Mercer explores the whole area of e-Commerce, what is required of a website store to make it a success, the arguments for using an open-source solution such as OsCommerce and the decision making issues any business faces when deciding if OsCommerce is right for them.
This manual was everything I hoped it would be and with its many illustrations, including screenshots of the files you will be changing on an OsC website, I found that anyone with even the most basic understanding of website design, would be able to get to grips with designing a website store using OsCommerce. I had the professional edition and found it really easy to just dip into when I needed to know some aspect of the design process. The book's content is well laid out, in manageable chunks with bold headings, which are clear about the content and the index is comprehensive.
One of the things I really liked about the book was that it addressed the problems, error messages and frustrations you are likely to come up against in the process of building your OsCommerce site. Those were the things that made my head spin the most before I got the book and although you should be able to find out about many of your error messages and problems on the OsCommerce forums, it can take quite a time to search and plough through all the replies. It is much better to find the most common problems in one place with practical solutions.
Another important chapter which is covered in depth is the installation and testing of a payment module. The most popular of these, Paypal is covered in the book and detailed instructions are given on how to get it working correctly, again something which sounds easy on paper, but can cause endless problems if you do it wrong. There are other payment providers and gateways which can be integrated onto your OsCommerce site by installing other so-called "contributions" from the OsCommerce website and Mercer explains fully how to download these contributions and get them functioning correctly.
I am sure that this book will prove to be an essential resource for anyone contemplating starting an online business with open-source OsCommerce software and hopefully will avoid them spending wasted energy in the initial stages just trying to figure it all out. After I received my book, the only wasted energy I spent was wondering why the front cover was emblazoned with juicy oranges!"
You can purchase Building Online Stores with osCommerce from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Perhaps it's changed... (Score:5, Informative)
Then I discovered http://www.rubyonrails.org/ [rubyonrails.org] and life is now good!
There are easier options (Score:3, Informative)
Re:Perhaps it's changed... (Score:2, Informative)
Link... (Score:3, Informative)
Re:Perhaps it's changed... (Score:5, Informative)
osCommerce, bad for developers (Score:4, Informative)
Interchange (Score:3, Informative)
osCommerce to me has always seemed to me like a "Your Mom can set it up and maintain it" type of application. And therefore has many issues when you try to do more advanced types of layout and flow.
You've got to be kidding me (Score:3, Informative)
Re:PCI Compliancy (Score:2, Informative)
If you're entire site uses a separate service, such as PayPal, then it's PayPal's responsibility to be PCI Compliant (and they are). But if you accept credit cards on your own web page, even if you're shuffling it off through a gateway behind the scenes, this is something that affects you. It's not optional. Unfortunately.
Some of the requirements include the types of passwords that can be use, force-changing on a regular basis, the requirement to review logs regularly, your database and web server must be separated with a hardware firewall between them, unused services should be disabled, you can't use FTP and Telnet (insecure) without very good (and documented) reason, you have to sanitize all credit card info and you can *never* store CVS/CV2 or magstripe data... the list is huge.
If you accept credit cards at your website and you're not already certified as PCI compliant, technically Visa and Mastercard can shut you down (stop you from taking credit cards at your web site). They can also fine you in large amounts (thousands of dollars), although I'm told this doesn't generally happen unless there is actually a security breach.
Here's some more info:
http://www.solidcactus.com/pci.html [solidcactus.com]
Re:PCI Compliancy (Score:3, Informative)
I run osC and I hate it (Score:4, Informative)
A store with no ability to do coupon codes? (Without massive modification, which can't easily be done if your store is already running)
I find it loses orders sometimes
I've never gotten shipping to work right - hard to do shipping cost per item (with different items having different costs) per country (or even, just North America v. International, per item).
Admin panel navigation is... strange, to say the least. Once you go into the pending orders, and leave, you can't then go back to just pending orders - you have to go to all orders (unless yous tart back on
Generally it's just inflexible, even with all the plugins you can put in.
OSCommerce = Spaghetti - Eeew!! (Score:5, Informative)
Current version (2.2MS2) is worthy of being designed by the Flying Spaghetti Monster: There are no tiers, SQL queries are embedded in the middle of HTML output - and there are tons of similar queries around different modules - so if you want to change one SQL, you'd have to SEARCH FOR and change ALL OF THEM. I'd recommend you to start using printf with the thing.
Also, the same php file is used for both displaying and validating input fields, and there are tons of duplicated functions across the whole thing.
OSCommerce apparently doesn't know that there is something called "associative arrays", and there is very little OOP in there, but most of it is used to implement very primitive data objects (which, btw, could be replaced with a single associative array).
If that wasn't enough, you can't search and modify input fields or tags, you have to use the predefined functions tep_draw_input_field, which aren't very user friendly either.
Some of the configuration variables aren't defined in PHP, but stored in SQL tables so you'd have to modify the original SQL or add new configuration variable manually if you want to add a field to a table.
The input fields for the admin section aren't stored in associative arrays, but are hardwired among the HTML code (which makes the html output functions a hinderance rather than a help).
So if you want a version that looks *JUST EXACTLY* like your typical OSCommerce site, and don't plan to add ANY NEW features, sure, go ahead, use the prefabricated store. But if you plan to add any field, table, or whatever,
I strongly advise to wait for v3, or to rewrite the whole thing using your favorite multi-tier framework.
Want to change the HTML? Good luck! The thing isn't standards compliant, and was written when nested tables were the norm. For spaces, there's the classical spacer gif consuming your bandwidth.
OSCommerce, is, IMHO, an example of "Open Source gone wrong". Instead of being the work of a community, with strategic planning and all that, it's the work of one man who did it his way, and later open sourced it.
As for security, the credit card info is stored unencrypted in SQL tables, and the admin section can only be secured via htaccess. That means the password is sent unencrypted unless you really know apache security and know to implement it the right way.
Thanks, but no thanks.
State of OSC / Zencart (Score:3, Informative)
We recently (five weeks ago) switched to a Zencart based storefront. For those who don't know, Zencart is an OSC fork.
Apparently Zencart is much cleaner than OSC, which makes me shudder in fear at the idea of OSC's source code.
I like nice, clean, documented, tested code.
Zencart is a mess. The documentation is close to non-existent, there are no comments, there's no MVC distinctions, we found several major security holes in a code audit before going live, weird little UI bugs abound (e.g. in the admin interface when you edit a customer's addr, you're *forced* to specify his phone number, or you can not proceed), there are places where code chunk A generates SQL, then passes it to code chunk B, which passes it to C, which *LOOKS AT THE SQL* and edits it, then executes it.
With code like this, try editing an SQL query just a little bit, and you get a complaint on a web page with error messages pointing to an entirely different place.
On the "security" topic, I note that once we got a demo of Zencart installed on a testing machine, with the tell-tale URL (<machinename>/catalog), I started noticing that a lot of the phishing spam I was receiving directed folks to <domainname>/catalog...yes, the phishers were using hacked OSC accounts, which they had (presumably) gotten into through SQL injection attacks on OSC.
This is not to minimize the work of the OSC and Zencart developers - either package is a huge improvement over nothing...but if you want to do surgery on the code, it's a disaster. At Technical Video Rental, we need to track individual serial numbers of copies as they go in and out, and we needed to present sets of videos in a certain way.
This work took two pretty darned good software engineers (me and the CTO of the company) about four man weeks.
I'm not going to say something inflammatory and stupid like "I could have written an operating system in less time", but four man weeks is a pretty major investment of time to do something fairly simple like this.
We're doing a lot of interesting stuff with the code base: we've spliced in WordPress for the corporate blog, I'm writing some AJAX stuff right now to allow customers to report problems with their orders from the order status page, etc.
There's a good chance that over the next 6-9 months we'll end up preserving the OSC/Zencart db schema and data (for continuity with the running site), and dumping major components of the package.
To boil it down: I give OSC / Zencart a grade of "C minus". It's like a decent looking house with a lot of rot inside the walls. As long as you're content to never look inside the cabinets or crawlspaces, you're OK, but once you do some poking, or decide to add an addition, you'll realize how much work you've got in store, and you'll start to wonder if you should just buy a new house.
Re:Perhaps it's changed... (Score:2, Informative)