User Name
Password
AppleNova Forums » Programmer's Nook »

Secure Cart Cookbook: PHP & MySQL


Register Members List Calendar Search FAQ Posting Guidelines
Secure Cart Cookbook: PHP & MySQL
Thread Tools
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-19, 20:11

I've been researching, attempting and failing to make headway with various pre-packaged shopping carts like osCommerce (which is PHP based), MIVA (which is proprietary crap-code gone haywire) and other solutions. All without success. Part of my problem stems from not knowing PHP very well and part of it stems from the fact that many of these shopping carts integrate very poorly with existing web sites. You basically have to re-make your site in the canned layout of the cart or else security, cart sessions or other important factors go down the toilet during use.

My question is for the PHP / MySQL genii in here, and it is basically this: is there any reason why I couldn't create a secure "one page checkout" form using PHP, a shared SSL cert / address on my site and a mySQL database to store accounts? I basically want to design one or two pages that look just like the rest of my site, only with form fields, and which is tied into my gateway provider. I mean, isn't a shopping cart basically a glorified CGI form that has more security and is tied into a database? I am selling services anyway right now, not products, so I wonder if banging my head into a wall for the last 10 days trying to get these canned carts to work (tonight's episode is Zen Cart - seems they think they're more about "Design Flexibility" - we'll see) is just a waste of time?

Better to get a couple PHP and MySQL books (already have MAMP installed) and just build the pages that way? I thought these carts would be easy to set up via their admin control panels but they are a royal pain in the ass so far.

...into the light of a dark black night.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2007-06-19, 20:24

Quote:
Originally Posted by Moogs View Post
My question is for the PHP / MySQL genii in here, and it is basically this: is there any reason why I couldn't create a secure "one page checkout" form using PHP, a shared SSL cert / address on my site and a mySQL database to store accounts?
Nope. If you have the drive and desire to do it, there's nothing stopping you on the technology side.

Quote:
Originally Posted by Moogs View Post
I mean, isn't a shopping cart basically a glorified CGI form that has more security and is tied into a database?
Pretty much.

Quote:
Originally Posted by Moogs View Post
Better to get a couple PHP and MySQL books (already have MAMP installed) and just build the pages that way?
If nothing else, it would give you a much better understanding of how ecommerce works.

(And it's usually not as complex as you may be led to believe.)

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Gargoyle
http://ga.rgoyle.com
 
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
 
2007-06-20, 07:03

Drop back anytime if you get stuck. Some of us have been bashing away at PHP for 1 or 2 lunar cycles - give or take a few years!
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-20, 09:45

Glad to see I have some options. Still tinkering with Zen Cart right now but I have a suspicion I'm going to run into the same problems I ran into with osCommerce. Inflexible design contraints.

Getting back to the roll your own theory, if the form is PHP, should the rest of the site also be PHP? If yes, how do you take existing XHTML documents (with linked CSS, text, images, JS, etc) and re-purpose them as PHP? Is it possible to re-work the headers and a few of the tags and resave as well-formed PHP?

...into the light of a dark black night.
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2007-06-20, 09:59

I thought MySQL now has some support for working with XML files as of 5.1?
  quote
kretara
Cynical Old Bastard
 
Join Date: May 2004
Location: The Hot, Hazey, Humid South
Send a message via AIM to kretara Send a message via Yahoo to kretara  
2007-06-20, 10:36

Quote:
Originally Posted by Moogs View Post
Getting back to the roll your own theory, if the form is PHP, should the rest of the site also be PHP? If yes, how do you take existing XHTML documents (with linked CSS, text, images, JS, etc) and re-purpose them as PHP? Is it possible to re-work the headers and a few of the tags and resave as well-formed PHP?
Nope. Much like having a cgi form written in perl. The remainder of the site does not have to be written in perl.

PHP can help greatly in setting up a framework for your site (includes are nice) so there is a benefit to having your pages with php includes in them. You can intersperse PHP code within your HTML file at will. Just because you are using PHP does not mean that every part of the file MUST be written in PHP format.

If you have control of your web server, it is trivial (at least in Apache) to have all web pages parse as php (kind of like a SSI -- server side include). By doing this you do not need to worry about using the .php ending. You can use .wtf if you want and have the page parse any PHP in the page.

If you don't have control of the web server you can still intersperse PHP code in your HTML at will, you will just need to name the file .php (or whatever convention your web server forces on you).

You're looking at eons of repression getting purged. If only they'd let us jerk off.

Beware the man of one book. ~ Saint Thomas Aquinas
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-20, 10:38

BTW my question above is regarding pages that have no form inputs -- they're just informational pages that already exist, describing the services, etc. I want to figure out how to get the entire site working as PHP, from one directory, then link the existing (re-purposed) pages into the cart pages when they're done. What I don't want to do is re-create the whole damn site from scratch, on account of the shopping cart software adhering to a specific template, etc.

[Kretara: as far as "control" I have a control panel with file manager, etc. I have access to phpMyAdmin and other common tools. The server is Linux-based I believe (it's a vps). What I have been told is that if you try to take something like osCommerce or ZenCart, and just hyperlink it to other, pre-existing pages, your cart sessions, security and everything else go out the window. According to them, the cart has to become the site, so all my existing content has to be re-fit into that world.

I can't believe there isn't a way to make the existing XHTML pages work with the cart (PHP) pages, without re-doing everything... so what are some actual steps. What kind of code editing do I have to do with my existing pages to get them to parse as PHP and what settings do I have to look for / find in my control panel to get the server to parse in that way?

If I have something like this

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title></title> <link href="css/containers.css" rel="stylesheet" type="text/css" media="screen" /> <meta name="Description" content="" /> <script type="text/javascript"> <!-- function MM_preloadImages() { //v3.0 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } //--> </script> </head> <body> <div id="container"> <div id="header"></div> <div id="navigate"> <ul> <li>Home</li> <li><a href="page1.html">Page 1</a></li> <li><a href="page2.html">Page 2</a></li> <li><a href="etc.html">Etc</a></li> </ul> </div> <div id="sidebar"> <p class="infotext">Welcome! </p> <p class="infotext">blah blah blah</p> </div> <div id="main content"> <p class="questions">Q: Will Moogs Succeed?<br /> <br /> A: Magic Eight Ball says "uncertain".</p> </div> <div id="usefirefox"></div> </div> </body> </html>
...what kind of PHP would I intersperse to make things work as you are describing?

Really my goal is to take those DIV sections you see up there, and apply that design to a cart (or more precisely to cram bits and pieces of a cart into those sections), so that everything looks consistent. I can't believe what a giant PITA this has become. I should've been done a week ago but seems there's always another road-block to getting it done. I know too, as soon as I say "Screw it" and redo everything, someone would drop the "oh no, all you had to do was this and everything would've worked perfectly"... hence my thread idea.

...into the light of a dark black night.

Last edited by Moogs : 2007-06-20 at 10:54.
  quote
kretara
Cynical Old Bastard
 
Join Date: May 2004
Location: The Hot, Hazey, Humid South
Send a message via AIM to kretara Send a message via Yahoo to kretara  
2007-06-20, 10:53

Quote:
Originally Posted by Moogs View Post
BTW my question above is regarding pages that have no form inputs -- they're just informational pages that already exist, describing the services, etc. I want to figure out how to get the entire site working as PHP, from one directory, then link the existing (re-purposed) pages into the cart pages when they're done. What I don't want to do is re-create the whole damn site from scratch, on account of the shopping cart software adhering to a specific template, etc.
The shopping cart software (at least in the instances that I have delt with) was essentially a stand-along app that you linked to when you wanted to do anything cart related. The cart software did not dictate the layout of your site. You may have to hack the cart code to make the cart pages look like your site or not...that is up to you.

The is only 1 global changes that you might have to make.
1) adding a cart link to all your web pages if that is what you want.
Other than the above, you are simply pointing a form to a php script.

You're looking at eons of repression getting purged. If only they'd let us jerk off.

Beware the man of one book. ~ Saint Thomas Aquinas
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-20, 10:56

See additions to previous post (I didn't want to become thread-merge's bitch again).

PS - if I have a cart that uses MySql as the database engine (such as osCommerce or ZenCart), are all of the settings you choose in the admin panel (all the min/max values, true-false values, etc) stored in the database vs. the PHP files? IOW, I could remove the PHP folders from the server, and the values I've input thus far will still remain in the database for the next time I log in to the admin panel, right?

...into the light of a dark black night.

Last edited by Moogs : 2007-06-20 at 11:42.
  quote
kretara
Cynical Old Bastard
 
Join Date: May 2004
Location: The Hot, Hazey, Humid South
Send a message via AIM to kretara Send a message via Yahoo to kretara  
2007-06-20, 11:48

Quote:
Originally Posted by Moogs View Post
[Kretara: as far as "control" I have a control panel with file manager, etc. I have access to phpMyAdmin and other common tools. The server is Linux-based I believe (it's a vps). What I have been told is that if you try to take something like osCommerce or ZenCart, and just hyperlink it to other, pre-existing pages, your cart sessions, security and everything else go out the window. According to them, the cart has to become the site, so all my existing content has to be re-fit into that world.
Hum...OK. I have not run into this with a cart before, but it is doable. Then again, I have mostly used home-brewed carts.

Quote:
Originally Posted by Moogs View Post
I can't believe there isn't a way to make the existing XHTML pages work with the cart (PHP) pages, without re-doing everything... so what are some actual steps. What kind of code editing do I have to do with my existing pages to get them to parse as PHP and what settings do I have to look for / find in my control panel to get the server to parse in that way?
You have 2 options:
1. rename all your pages to xxx.php
2. modify apache (will cause all html files to be parsed for PHP -- this WILL add to the CPU load but it is not bad at all)
a. if you can access apache directly:
Edit /etc/httpd/httpd.conf. Look for a line that says
AddType application/x-httpd-php .php .php3 .phtml
Add ".html" to that line.
Restart the server.
b. if you only have access to .htaccess
edit the .htaccess file to add this
AddType application/x-httpd-php .html





Quote:
Originally Posted by Moogs View Post
...what kind of PHP would I intersperse to make things work as you are describing?

Really my goal is to take those DIV sections you see up there, and apply that design to a cart (or more precisely to cram bits and pieces of a cart into those sections), so that everything looks consistent. I can't believe what a giant PITA this has become. I should've been done a week ago but seems there's always another road-block to getting it done. I know too, as soon as I say "Screw it" and redo everything, someone would drop the "oh no, all you had to do was this and everything would've worked perfectly"... hence my thread idea.
Very quick example below. What you want is more than likely more complicated.


If you need more individual site help (not published on a public forum for the world to see) just PM me. I will help out if I can.

Code:
<?php // THIS IS AN EXAMPLE OF EMBEDDED PHP // I WOULD ASSUME THAT THIS IS WHERE YOU WOULD INSERT PART OF YOUR CART CODE // WITH MORE IN THE FOOTER ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title></title> <link href="css/containers.css" rel="stylesheet" type="text/css" media="screen" /> <meta name="Description" content="" /> <script type="text/javascript"> <!-- function MM_preloadImages() { //v3.0 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } //--> </script> </head> <body> <div id="container"> <div id="header"></div> <div id="navigate"> <ul> <li>Home</li> <li><a href="page1.html">Page 1</a></li> <li><a href="page2.html">Page 2</a></li> <li><a href="etc.html">Etc</a></li> </ul> </div> <?php // do some other php type stuff here ?> <div id="sidebar"> <p class="infotext">Welcome! </p> <p class="infotext">blah blah blah</p> </div> <div id="main content"> <p class="questions">Q: Will Moogs Succeed?<br /> <br /> A: Magic Eight Ball says "uncertain".</p> </div> <div id="usefirefox"></div> </div> <?php // CART FOOTER???? ?> </body> </html>

You're looking at eons of repression getting purged. If only they'd let us jerk off.

Beware the man of one book. ~ Saint Thomas Aquinas
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-20, 14:05

Yah maybe I'll PM you when I get the chance... basically these carts all work on the same principle, where every page is broken into generic sections. Each section is then filled with various PHP files to create the functionality of the cart. What's in the PHP files, content-wise is defined by what you do in the admin panel (how things are listed, sorted, omitted, etc).

What I have run into, is that it's difficult for me to locate all the files that control what each section looks like and how it behaves relative to other sections (width, spacing, etc). I end up with a blocky looking POS, instead of a cart that was embedded into a real design. Everything in osCommerce / Zen Cart looks like a Yahoo shop, more or less and I don't a)need that level of complexity, and b) want a nuts and bolts design on my shop, when the rest of my site looks like a real design.

...into the light of a dark black night.
  quote
Gargoyle
http://ga.rgoyle.com
 
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
 
2007-06-20, 17:32

How's your JavaScript?

You could keep your layout as pure HTML / Javascript and then use PHP and AJAX to do the cart bits in the background.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2007-06-20, 17:54

If you consider going the AJAX way, do be exceedingly careful and make everything degrade gracefully to plain HTML. Getting paid is one place you don't want to lose people just because they don't have the latest and greatest (read: compatible) web browser.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Majost
monkey with a tiny cymbal
 
Join Date: Nov 2004
Location: Lost
 
2007-06-20, 18:55

Quote:
Originally Posted by Brad View Post
If you consider going the AJAX way, do be exceedingly careful and make everything degrade gracefully to plain HTML. Getting paid is one place you don't want to lose people just because they don't have the latest and greatest (read: compatible) web browser.
And remember that people can inject and run their own code.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2007-06-20, 19:59

Quote:
Originally Posted by Majost View Post
And remember that people can inject and run their own code.
Well, people can "inject and run" their own values with plain old vanilla HTML forms as well.

There's nothing inherently less secure about AJAX. If anything, the additional layers of abstraction make it more difficult for the typical lazy attacker to pull off a stunt.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-20, 20:54

Thanks for the additional responses guys. I just had a nice long post ready to submit and Firefox friggin crashed my G5. DOH. Anyway I am thinking PHP is probably the way for me to do this, if for no other reason than I can build a valuable skill into my toolbox. Even the canned stuff like osCommerce and ZenCart are PHP-based so I could learn some stuff and go back to fix the canned solutions if I have to.

Still, I'm trying to decide what the best use of my time is (or I should say the least waste of time) between customizing a canned cart to look like a real site, or building a one page checkout cart from scratch. Worse still I'm starting to feel like my design sucks compared to some of the better CSS stuff out there like Apple's Final Cut Studio page, and

http://www.45royale.com/

and

http://www.activate-p-s.com/index.html

and

http://www.bartelme.at/showroom

and

http://www.cramersolutions.com/

and about a 1002 others. In which case just design the whole damn thing over. There's also this Shopify thing that seems kind of intruiging as a cart solution but the information provided is kind of sparse. I might sign up for a free account to see what their control panel thing looks like. At least the designs look elegant compared to the blocky POS osCommerce stuff.

...into the light of a dark black night.
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-21, 10:45

Hey I was just checking Google Checkout and it looks pretty sweet. Anyone use the "Buy Now Button" variant where the button links out from your site to your Google Checkout site, user logs in or registers for their Google Checkout account, and then goes back to your site after the transaction? This looks like it could be exactly what I need in the short run (maybe long run depending on how flexible it is), because l wouldn't get the empty cart syndrome of osCommerce, where if they jumped from a page in teh catalog, to a regular page on my existing site, everything would (apparently) get fucked up.

...into the light of a dark black night.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2007-06-26, 14:13

Quote:
Originally Posted by Moogs View Post
Hey I was just checking Google Checkout and it looks pretty sweet. Anyone use the "Buy Now Button" variant where the button links out from your site to your Google Checkout site, user logs in or registers for their Google Checkout account, and then goes back to your site after the transaction?
Honestly, if I had a personal store online, I'd probably integrate with Google Checkout on some level. PayPal offers similar functionality, but PayPal is evil.

I actually was reminded of this thread because today at work I was thinking of a way to implement a new piece of functionality to checkout and I had to make myself a little flow chart to wrap my brain around the complexity of the process. As your store grows bigger and you offer more features to users, you'll likely end up with something like this too.


The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2007-06-30, 23:15

Holy mother of God. Brad... do you uh, give special developer discounts to friends of the Nova? If you can keep my true identity secret (despite what people say I am not Bruce Wayne), I may have to hire you. I can do pretty well with some CSS and maybe even PHP if I really worked at it but as a business man it becomes obvious at a point that it's a waste of money to do anything other than hire someone who is really good at this shit to get it done with a few days work... and BE done with it.

...into the light of a dark black night.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Best way of using PHP & MySQL within Mac OS X? MagSafe Programmer's Nook 3 2007-04-21 20:32
IE sucks and PHP isn't working Kraetos Programmer's Nook 12 2006-09-01 15:39
Apache, PHP, MySQL without interference Gargoyle Programmer's Nook 2 2006-01-25 14:03
Using PHP for e-mail hytechpro Programmer's Nook 4 2005-11-29 10:48
Basic PHP / mySQL question Moogs Programmer's Nook 15 2005-11-19 16:56


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 05:51.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova