tags:

views:

97

answers:

5
+1  Q: 

creating a fully functioned e-commerce website

hi

I have created about 4 e-commerce websites during the last few year. But they were all dommy sites whereby when the users checked out their items, they did not get to give their account detailes therefore, there wasn't any transactions made (though, i was about to keep stock and count of what was purched)

now, i recieved a real project, where the client wants a small shopping cart to sell few items. now i am confident that im able to meet all his requirements, though now i'm thinking about the transactions, I have never had the opertunity, to create that (ending)

So, is there any resource or anything way that i can learn how to create this transaction to allow users to security use their creadit carts and therefore, creating this proccess in a secure and profesional standarts.

the allocated time frame is about one month to finish the website in question

I would realy apreciate it if you could give me some advice on how to create this

thanks a lot

+1  A: 

Here is a good article for you:

Its good to use existing and trusted open source shopping cart source:

NAVEED  2010-10-21 18:21:44
I quickly read the article and it does sound helpfull (i will read it in more detail) if i use the paypal system, would i have to take care of any recurity issues (would i need to store any of the users details in my database) - also, to you knowladge would one month me enough to comple a project like this
aurel  2010-10-21 18:32:46
If you use paypal then definitely. All you pass them is a form and they do the rest. check out nickleninja.com, add 2 items to cart, then view the cart popup source. you will see how a form is built up and sent to them. Only problem here is they don't have a callback to let you know to reduce your stock, but you can keep track of that off site
Kai Qing  2010-10-21 18:44:53
NAVEED  2010-10-22 03:48:08
+1  A: 

I agree with jnpcl - you probably should not do this yourself if you have never done it AND have a 1 month deadline AND it is not YOUR site initially. You should have a decent amount of time to test it yourself and in real cases if you are learning.

However, if you have a reasonable client and some decent flex time, then maybe you should begin by looking into ssl certificates and the whole encryption concept. Comodo SSL is good. Never pass credit card data through cookies, never store them in your database, never pass them as hidden form field elements. By this I mean multi-part checkout where the user enters card data then gets taken to another page on your site before the real processing begins. Your card data form should be the last in the chain before sending the request to the payment gateway, which will likely be handled via cURL if you are using a payment gateway and not something like paypal.

http://www.authorize.net has reasonable rates and a fairly easy API to get you processing cards in no time. If you follow their examples, they explain the security end of the API in their documentation.

If you intend to plug in a third party cart, then something like magento might work for you. But with a 1 month deadline, I would say the learning curve for skinning magento alone is enough to consume your production time. It does have a robust option selection and most of my clients love it. I think it is slow though.

Alternatively, if the goal of this post is just to find a solution to your predicament, then I suggest using something like http://www.e-junkie.com to handle your cart needs. If I recall, they handle variations and stock - like shirt colors, and quantity, etc - and take all major payment types while also handling the security for you since the user pays via paypal or google checkout and maybe some others.

In the end, it will serve you well to know how to do it yourself, so the path I suggest, if possible, is to get a SSL, then set up an account with authorize.net and follow the code they provide you with. Look it over, figure out what the software is doing, and integrate it. It took me about 2 weeks in my spare time when I was first getting into e-commerce many years ago.

Kai Qing  2010-10-21 18:42:10
i am getting a feeling that I have agree to more than i can deliver, these suggestions that you (all) are sugesting, i have never heard before. The only phrase that sound familiar is paypal - from a theory course that i have undertaken some time a go the SSL authentication, did sound realy hard to get used to using So if I were to use paypal (which is sounding the easiest) would i be able to keep stock on my database, so once I pass the detailes to paypal i could run a code to reduce the stock level - this morning in the meeting, i was very happy, and now i'm very scared :(
aurel  2010-10-21 19:07:06
A: 

Payment gateways tend to provide pretty good documentation themselves - this is where you need to start. However the PCI DSS requirements are a much bigger nightmare than the actual code.

Nico Burns  2010-10-21 19:07:56
thanks a lot for the help. the bottom line .. would i be able to acomplish this with a paymant gateway, within one month (the employer is flexible but is this is the first job for me on web dev, i would like to meet the one month deadline) - you've all been a great help
aurel  2010-10-21 19:38:26
With no experience - unfortunately probably not. I would either suggest being upfront with your employer and saying you've bitten off more than you can chew, or go with a hosted solution, with minimal work done directly by you. Possibly both. Whatever you do make sure you do not build an insecure site!
Nico Burns  2010-10-22 15:18:36
+1  A: 

Why not use an existing solution like osCommerce?

Since this is a site for a client, they should make the choice on which payment gateways to use. osCommerce supports every major one out of the box so integration should be trivial/

cinseattle  2010-10-21 22:31:49
the client does not know which is the best one, infact, he told me that he is relying on me even for finding the domain and so on (which is not ideal for a first project - but I will speak to him about these things, unfortunately, I was so exited at the meeting that I forgot about these issues, which now seem to be the core issues
aurel  2010-10-21 23:02:35
+1  A: 

We had this question just about a month ago, and we started from 8 best open source shopping cart solutions

We chose Magento, because we needed flexibility and extensibility. For your concern, it provides interfacing with Paypal, authorize.net, credit card verification services and moneybookers.

One can also find extensions for Magento, some are free, others cost. One down-side is that it has a steep learning curve. But, since you seem to be in the business it seems that it will be useful for you in the long run.

Just in case, Magento also has a list of hosting partners. You can host it anywhere but we have had good experience from nexcess

Ozair Kafray  2010-10-22 05:11:55

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases