Posts from — June 2009

What is Open Commerce?

From oscommerce.com: “osCommerce is the leading Open Source online shop e-commerce solution that is available for free under the GNU General Public License. It features a rich set of out-of-the-box online shopping cart functionality that allows store owners to setup, run, and maintain their online stores with minimum effort and with no costs, license fees, or limitations involved.

The goal of the osCommerce project is to continually evolve by attracting a community that supports the ongoing development of the project at its core level and extensively through contributions to provide additional functionality to the already existing rich feature set.”

Why Shouldn’t I use it?

1) no separation of logic and presentation

Smaller applications can be created without separating logic and presentation, but when an application gets as large as oscommerce, there needs to be some kind of templating system in place.
A templating system can also be used to cache dynamic pages and improve the overall performance.A good, scalable system needs to be engineered from the ground up. It looks to me like it was hacked together with pieces of code here and there

2) difficult to integrate into an existing design

out of the box, the cart works fairly well. If you want to make any drastic design changes, you will run into major issues.

Although it is free, and this may be intising to many companies, the time and labor cost of updating the cart to suit your needs ends up being more than many of the commerical carts available.

3) security

a) Although it is updated, #1 makes it very difficult to make updates without having to manually open up each .php file and make the changes yourself.

b) By default, there is no password protection in the admin section. If you are not familiar with apache or basic authentication (which isn’t that secure), anyone can edit/remove/delete your product information.

c) When oscommerce was first built, the latest version of PHP was 3.0. Because of this, old and insecure practices were used to build the core of the system. An example is register_globals. I found a great guide here to run oscommerce without register_globals.

4) cannot have multiple sizes of image previews

5) admin navigation issues

a) hard to do shipping cost per item (with different items having different costs) per country
b) editing product descriptions seems a little awkward. overall, it looks like it was developed for a programmer, rather than a store owner.

commercial

cubecart – http://www.cubecart.com/
sunshop – http://www.turnkeywebtools.com/
miva mercant – http://www.miva.com

open source

interchange – http://www.icdevgroup.com/
magento – http://www.magentocommerce.com/

Another alternative to Oscommerce is a fork of the original project called Zen Cart.

Although it is based on Oscommerce, Zen cart fixes some of the issues above:

• The admin interface is secured with a username/password, which is encrypted in the database (SSL can also be used for further security)
• It runs without register_globals by default (no modifications necessary)
• XHTML template system
• A more advanced product management system

It is freely available and can be downloaded here: http://www.zen-cart.com/.

Google recently released a document on how to improve PHP performance here. Most of the tips listed here will not help you improve performance by any significant amount. The following is a list of things that you can do that will improve the performance of your web apps significantly.

1) object code caching

Each time a request comes to your server for a php script, it has to go through the compiler and then execute the object code. If this is cached, the 1st step is skipped and you end up with a faster and more responsive script.

There are many object code caching packages available on the Internet:

A) Ioncube: http://www.ioncube.com/

B) Zend Encoder: http://www.zend.com/products/zend_safeguard

2) Template systems

Template systems provide a different type of caching. Content caching. Template systems work well in a situation where there is static data on one or many of your pages that doesn’t have to be reloaded. Caching systems also provide a separation of code and html, which will not only improve completion time of the overall project, but make it easier for future improvments. Most template systems for php are available for free:

A) Smarty Templates: http://smarty.php.net/

B) Pear Templates: http://pear.php.net/package/html_template_it/redirected

C) PHP savant: http://phpsavant.com/yawiki/

3) Distributed object caching systems

The most widely used system of this type is memcached (http://www.danga.com/memcached/).

This type of system makes your overall site faster by caching the majority of your database data into a large memory pool.

more on memcached:

“Danga Interactive developed memcached to enhance the speed of LiveJournal.com, a site which was already doing 20 million+ dynamic page views per day for 1 million users with a bunch of webservers and a bunch of database servers. memcached dropped the database load to almost nothing, yielding faster page load times for users, better resource utilization, and faster access to the databases on a memcache miss.”

4) PHP variables that can be set

variables_order = ‘GPC’
register_argc_argv = ‘Off’
register_globals = ‘Off’ (this is a good idea to keep off for security purposes as well)
always_populate_raw_post_data = ‘Off’
magic_quotes_gpc = ‘Off’

Disable Error Logging. This is a good idea to keep on when you are developing your scripts, but it has been known to decrease overall performance.

Use IP addresses, rather than host names to access your database. Although this is sometimes not possible, you will get a slight boost in lookup speed if the IP address is used to access your database rather than its hostname.

5) Output Compression

Almost all browsers these days support something called gzip compression. Gzip compression can decrease the overall size of your output by up to 80%, but with a tradeoff: cpu usage will go up by around 10%. The benefit of using this compression type is the fact that not only will your bandwidth be decreased, but your pages will load faster.

enabling it in php (add the following lines to php.ini):

zlib.output_compression = On
zlib.output_compression_level = (level) (where level is 1-9. Youy may want to try different values to see what is best for your system).

if you are using apache, you can also enable the mod_gzip module. It is highly configurable, with the ability to modify output based on MIME types, files, or browser settings.

6) Other things that may help

when using a database, only retrieve the data that you are actually going to use. This may sound like a no-brainer, but I have often times worked on projects where the original programmer used (select * from mytable) when they could have used (select fieldIneed from mytable).

index database tables whenever possible

Learn more about this Here

What is authorize.net?

The Authorize.Net Payment Gateway is a secure Internet bridge between merchant businesses and the credit card and electronic check payment processing networks. We provide merchants with fast, reliable and secure passage for transaction data via a 128-bit Secure Sockets Layer (SSL) Internet Protocol (IP) connection, and manage the complex routing of payment information to the appropriate credit card processors. See a diagram that illustrates a typical Authorize.Net credit card transaction.

The Authorize.Net Payment Gateway is available to merchants seven days a week, 24 hours a day. The payment gateway offers many features and options that can be tailored to specific merchant business models.

Where do I start?

The first thing that you need to do, is signup with a test account. This will allow you to test out transactions to make sure your scripts are interfacing properly with their API. Here is the URL for getting your account:

http://developer.authorize.net/testaccount

API documentation can also be found here:

http://www.authorize.net/support/AIM_guide.pdf

after signing up, you should receive your new account info within 48 hours.

The Code

I have a library available here. It is originally written by Micah Carrick and is under the GPL/GNU public license. I have made some important additions to the main library, which are needed for it to function properly.

Requirements: PHP version 4 and above with the CURL extensions enabled

The following 3 files are contained in the above .zip download:

authorizenet.class.php – main class library for connecting to the authorize.net gateway
demo.php – an example driver file that shows how to use the library file. A test transaction is made to the main gateway.
ca-bundle.crt – main certificate file required by CURL for SSL transactions (windows users can place this in c:\windows\system32)

Important Variables that you need to change

Location: authorizenet.class.php

change the 3rd parameter “c:\\windows\\system32\\ca-bundle.crt” to the location of your CRT file.

Location: authorizenet.class.php

it currently points to the authorize.net gateway for test accounts. If you have an account that is performing real transactions, change this variable to the following value: “”https://secure.authorize.net/gateway/transact.dll”

Location: demo.php

change x_login to your Login ID (not partner ID)
and x_password to your password

You should have received both of these in an email from authorize.net

The following is a library that allows you to generate zip file archives using php.

This script will dynamically create a zip archive using the files specified with zl_add_file and output it to the browser (the final zip file will be named: testfile.zip).

Options

zl_add_file allows you to specify the compression level of the file file that will be added to the archive.

• n (none)
• b (bzip)
• g (gzip)

Download

The php zip library can be downloaded Here

Microsoft recently announced a new program (called BizSpark) for startups that allows them to get a MSDN for free. This is a great deal, because msdn subscriptions normally cost over $1000/year (depending on the type plan that you buy). You can also renew for up to 3 years (unless your comapny goes public or is acquired by a company that does not itself qualify for BizSpark).

How do you qualify?

Your statup is:

• Developing Software
• Privately held
• Less than three years old
• Making less than US $1M annually

What kind of free software do you get?

Visual Studio Team System 2008:
- Visual Studio Team System 2008: Team Suite
- Visual Studio Team System 2008: Development Edition
- Visual Studio Team System 2008: Architecture Edition
- Visual Studio Team System 2008: Test Edition
- Visual Studio Team System 2008: Database Edition
- Visual Studio Team System 2008: Team Foundation Server Standard Edition
- Visual Studio 2008 Professional
- Visual Studio Team System 2005:
- Visual Studio 2005 Team Suite
- Visual Studio 2005 Team Edition for Software Developers
- Visual Studio 2005 Team Edition for Software Architects
- Visual Studio 2005 Team Edition for Software Testers
- Visual Studio 2005 Team Edition for Database Professionals
- Visual Studio 2005 Professional
- Visual Studio 2005 Tools for Microsoft Office System
- Visual SourceSafe 2005
- Previous versions of Visual Studio

SQL server – all versions

Windows Vista
- Ultimate/Enterprise/Business/Home Premium/Home Basic
Windows XP
- Professional/Home/Media Center Edition/Tablet PC Edition
Windows Server 2008 (all versions)
Windows Server 2003 R2
Windows Compute Cluster
Windows SharePoint Service

Office Ultimate/Enterprise/Professional Plus/Professional 2007
- Office Word, Office Excel, Office PowerPoint, Office Outlook & Business Contact
Manager, Office Access
- Office Publisher, Office InfoPath, Office OneNote, Office Communicator, Office
Groove, Office SharePoint Designer, Office Visio Professional, Office Project
Standard
- Office Accounting, Office Business Scorecard Manager, MapPoint, Office
FrontPage
- Office Project Professional
- Office Project Server, Office Project Portfolio Server

If your startup qualifies, you can signup here