I have a Web client who runs an online store. This client has a merchant account and is using a self-hosted Web site and self-hosted ecommerce package/shopping cart called Zen Cart.
Unfortunately, Zen Cart sucks balls, for a number of reasons. It’s slow to be updated (it’s currently at version 1.5, the first update in two years; the progress report on Version 2.0, “Beta Release Postponed Indefinitely,” was made on May 27…of 2009.
My client has gotten fed up with the limitations of this shambling mound of shit and is looking for a new shopping cart solution. The requirements in a new shopping cart are:
– Open source and free or reasonably priced. Shopping carts such as Magento that are priced on a “you must pay this much per year” are not acceptable.
– Must be able to work with Authorize.net and Virtual Merchant as credit card transaction processors
– Must work with PayPal
– Must have a robust and easy-to-use templating system. A system where the template is a complete HTML file with special tags for “insert content here” is preferred. (Seriously, what’s up with all these Baroque, piecemeal templating systems that so many ecommerce and CMS packages use?)
– Must have a very flexible coupon code system that allows great versatility in coupons. For example, “This coupon takes $120 off Product A and/or $160 off Product B,” “This coupon gives you $50 off when you buy Product Z, Y, and W together,” and “This coupon gives you $50 off your total order plus free shipping if you buy Product K plus two accessories.”
– Should be background scriptable. For example, I should be able to click on an “Add one to basket” button on a static HTML page that is not part of the shopping cart, and have the product added to the user’s cart without leaving that HTML page.
– Should allow a user to check out without creating an account, if she desires.
– Must allow for a wide variety of shipping methods (including USPS and FedEx real-time shipping), shipping to many international zones, and by-unit or by-weight shipping prices.
– Must allow ease of updating. Here’s a tip for software designers who need to be smacked: If your upgrade instructions say “In order to update and preserve your customizations, first download a distribution copy of your version of the product and run diff on it to make a list of all the differences between your installed version and the distribution version. Then, open the files in the new version, and…” You. Suck. This is actually the reason so many OS Commerce storefronts are trivial to hack: installing security patches is a protracted nightmare that makes getting a double root canal without anesthesia sound downright attractive.
– Must pass PCI/DSS compliance.
– Edited to add: Integration with SugarCRM would be really, really nice too.
So, any takers? Anyone got a self-hosted cart you like? Shopping carts (other than Zen Cart and the wretched pile of hyena vomit called OS Commerce) to avoid?
Dear sweet tentacley cthulhu…
…when you find an answer, let me know.
‘Cuz I’ve been asking the same damn thing.
Dear sweet tentacley cthulhu…
…when you find an answer, let me know.
‘Cuz I’ve been asking the same damn thing.
Ya. Good luck. Been looking for a nice cart system two years. 🙁
Ya. Good luck. Been looking for a nice cart system two years. 🙁
I thought passing PCI compliance was a matter of overall business practices, rather than something a suite of software did. That is, you can buy all the “compliant” software in the world, but if I can, for example, walk into your data center and mess about with things, there’s still no compliance.
That said, I think the software end of it comes down to good network security and monitoring, plus crypto where appropriate.
Of course, this should be taken with a biggish grain of salt, as I’m a random on the internet.
I also agree that Zen Cart is a festering heap. Their patch management process is “check the forums”. If you can, check up on their server, your client may already be 0wned.
I thought passing PCI compliance was a matter of overall business practices, rather than something a suite of software did. That is, you can buy all the “compliant” software in the world, but if I can, for example, walk into your data center and mess about with things, there’s still no compliance.
That’s true. However, the software plays a role.
For example, Zen Cart version 1.2 is not PCI compliant. If you run it, you won’t pass compliance no matter what else you do.
Similarly, there’s a free limited version of Magento, but according to the Web site you won’t pass PCI compliance if you use it, which makes it rather worthless.
I thought passing PCI compliance was a matter of overall business practices, rather than something a suite of software did. That is, you can buy all the “compliant” software in the world, but if I can, for example, walk into your data center and mess about with things, there’s still no compliance.
That said, I think the software end of it comes down to good network security and monitoring, plus crypto where appropriate.
Of course, this should be taken with a biggish grain of salt, as I’m a random on the internet.
I also agree that Zen Cart is a festering heap. Their patch management process is “check the forums”. If you can, check up on their server, your client may already be 0wned.
I thought passing PCI compliance was a matter of overall business practices, rather than something a suite of software did. That is, you can buy all the “compliant” software in the world, but if I can, for example, walk into your data center and mess about with things, there’s still no compliance.
That’s true. However, the software plays a role.
For example, Zen Cart version 1.2 is not PCI compliant. If you run it, you won’t pass compliance no matter what else you do.
Similarly, there’s a free limited version of Magento, but according to the Web site you won’t pass PCI compliance if you use it, which makes it rather worthless.
I have been extremely happy with the eCommerce package for Concrete5.
I don’t know if it does EVERYTHING you are asking about, because I haven’t tried to do everything, but when I look at your unsorted list, most are things I’ve been able to do. The rest are things I haven’t tried.
However, I don’t know if it’s standalone. For me, that’s not a problem, because I’m really enjoying using C5.
I have been extremely happy with the eCommerce package for Concrete5.
I don’t know if it does EVERYTHING you are asking about, because I haven’t tried to do everything, but when I look at your unsorted list, most are things I’ve been able to do. The rest are things I haven’t tried.
However, I don’t know if it’s standalone. For me, that’s not a problem, because I’m really enjoying using C5.
Plans are available to build your own dildo rocker (like Monkey Rocker)
I just came across some plans to build one of these dildo rocker fucking machines. It looks like a Monkey Rocker solo, but they only sell the plans, not the actual rocker. It’s called Funky Rocker – the website is http://www.funkyrocker.com.
Looks fun. If I had the time, I think I’d try to build one of these for my wife.
🙂
Plans are available to build your own dildo rocker (like Monkey Rocker)
I just came across some plans to build one of these dildo rocker fucking machines. It looks like a Monkey Rocker solo, but they only sell the plans, not the actual rocker. It’s called Funky Rocker – the website is http://www.funkyrocker.com.
Looks fun. If I had the time, I think I’d try to build one of these for my wife.
🙂
This is a fantastic example of why I read your blog.
This is a fantastic example of why I read your blog.
Here, this is the thing I was telling you about: http://heroicimagination.org
Here, this is the thing I was telling you about: http://heroicimagination.org
I sort of agree with this.
Try to put it clearly…
Whilst you can’t succeed without trying; trying does not guarantee success.
For some people it is more comfortable to never try to get something they have a very low chance of getting than to suffer through repeated failure with a low chance of ever succeeding.
For instance I would like to have a much better paid job than the one I currently have. However it’s not very likely that I’ll get one (I’m not relevantly qualified/experienced) so just applying for all the interesting well paid jobs will not get me an interesting well paid job – it’ll just get me lots of rejections with “we said you needed 10 years experience” on them. But my current job is actually broadly OK, I’d rather keep the broadly OK job and do fun things in my spare time then spend loads of time/effort on trying to get jobs I have very little chance of ever getting.
I sort of agree with this.
Try to put it clearly…
Whilst you can’t succeed without trying; trying does not guarantee success.
For some people it is more comfortable to never try to get something they have a very low chance of getting than to suffer through repeated failure with a low chance of ever succeeding.
For instance I would like to have a much better paid job than the one I currently have. However it’s not very likely that I’ll get one (I’m not relevantly qualified/experienced) so just applying for all the interesting well paid jobs will not get me an interesting well paid job – it’ll just get me lots of rejections with “we said you needed 10 years experience” on them. But my current job is actually broadly OK, I’d rather keep the broadly OK job and do fun things in my spare time then spend loads of time/effort on trying to get jobs I have very little chance of ever getting.