|
Instant e-commerce
Getting started
You’ll find everything you need to get started on the main web site (osCommerce). Before you rush headlong into the installation process, take a moment to make sure you can run the software, as a PHP-enabled web server is a basic requirement. You’ll also need appropriate permissions to create an ODBC compliant database, but don’t worry if you have little or no experience of managing such databases, as you won’t be required to master MySQL or phpMyAdmin to create tables. osCommerce will do everything for you via a comprehensive and intuitive browser-based interface.
If this set of prerequisites has been met, unpack the file to reveal its contents and transfer the ‘Catalogue’ folder in its entirety to the public HTML root of your server or, if you are hosted by 1AHost, simply do this through your own control panel and everything you need will be installed automatically.
This may take some time to complete but, if your not hosted with 1AHOST. you’ll need to open the ‘http://[your site]/catalog/install’ page to associate the software with your database. Choose to install the store and opt to include the sample data, so you can see the basics of your new store in action. The remaining options should be fairly self-explanatory as you enter your database server information, but there’s plenty of help available along the way by clicking the question mark icons to expand contextual descriptions.
Once the connection has been made, you’ll be prompted to confirm additional information relating to things like cookies, as well as to enable an SSL connection if one is installed on your server. Assuming everything has been entered correctly, you’re finally given the option of either viewing your newly created store, or making changes to its settings through the ‘Administration’ pages.
If you choose to view, you’ll be presented with your basic store running off your server, and you’ll be free to click around and see how the whole thing operates using the sample content provided. You’ll also notice at least one warning message at the head of the store home page. Deleting the ‘Install’ directory from your server is a simple task to take care of, but if you see a dialogue informing you of write privileges to the ‘catalog/includes/configure.php’ file, you’ll need to change the ‘CHMOD’ properties of the file to 644 (or, failing this, 444) to alleviate security risks. Changing the settings to this is an important step, as it contains key information about your web server, including your database connection, user-name and password.
Stock control With such common problems resolved and the front end of our store now functional, we need to turn to the content management system that controls what we can offer for sale. By default, you’ll need to enter the osCommerce administration page by viewing the ‘http://[your site]/catalog/admin’ page. However, leaving this directory with its default name means that anyone with knowledge of osCommerce will also be able to access your administration pages by viewing the same page! To get around this, change the name of the ‘admin’ folder to something unique and secret to yourself. You’ll now be able to access your renamed folder to access the administration pages, but any links within them will still point back to the original ‘../catalog/admin’ location. To resolve this, edit the ‘configure.php’ file contained within the ‘includes’ folder. Look for the ...
define(‘DIR_WS_ADMIN’, ‘/PATH/admin/’); //
absolute path required
... entries and change the ‘admin’ location to mirror your revised directory name. Upload the file back to your server, and you should find you can now continue to start planning the content of your online store.
Playing shop
With everything now configured, you’re advised, at this point, to have a play around with your generated store. Create a user account and run a few test orders to see how it operates. You’ll be in a much better position to understand exactly how powerful the software is with all the features you’ll undoubtedly be familiar with from existing established e-commerce. sites.
You’ll also be better prepared to appreciate how much control is offered through the administration pages. Load this up by pointing your browser towards http://[your site]/catalog/[admin]. You’ll be greeted by an interface that enables you access to the key areas of the tool. Your first port of call should be the ‘Configuration’ area that enables you to enter core data over the site, including its name, your details and your location, in addition to a host of preferences as to how your store behaves and how it displays returned results.
Working your way through the ‘Configuration’ options shouldn’t present too many problems, though it will take some time to get right. Many of the options may not be overly apparent on first impression, but you’ll find that they make more sense once selected, as a brief description becomes available on the right-hand side (along with any editable fields) that should clarify any confusion.
The remaining options available through the administration pages cover more specific content of your store. They provide an overview of your customers and their orders, enable you to define tax and shipping rates, as well as run customer and product reports and back up your store. We’ll be looking more into the configuration of your new store in the next tutorial, when we stock our shelves with goodies and consider what kind of payment options you want to offer your customers.
Admin security
Keep your back-end administration secret with a little added security.
We’ve already discussed the importance of renaming the ‘admin’ folder. Although this goes some way to protecting your new store, there are other measures you’re advised to consider. You may be the only person who knows you’ve changed the ‘admin’ folder to ‘snoopy’, but should someone gain access to this folder, you’re compromising the security of your entire store.
Changing the folder name often may provide peace of mind, but it can become a tedious task and will require revision to the ‘../catalog/[admin]/includes/configure.php’ file to ensure you can continue to control the content of your store. Far better to check your site hosting control panel. Here, you’ll find measures that enable you to protect a specified directory with a user name and password combination. This will create an encrypted ‘htpasswd’ file that sits below the root of your public site, making it difficult to breach for unauthorised users.
If you have direct access to your Apache installation, you could choose to create such a file manually using the ‘htpasswd’ utility located in the bin directory of wherever you installed the server. To do this, type:
htpasswd -c /usr/local/apache/
passwd/passwords username
and follow the steps to define the username and password combination.
Once complete, you’ll need to make use of various directives which may be placed within the ‘.htaccess’ file in the directory being protected. Directives placed within the ‘.htaccess’ files take effect immediately since such files are parsed each time they’re served.
|
