Can I create an eCommerce site from scratch?

[jason]

Hi all. I am about to develop my first eCommerce site and I have a few questions. I come from a software development background, but with a good level of experience with web based systems and techniques. I wouldn't call myself an absolute expert with PHP, but I know when I understand the problem and the solution, I will be able to implement it in code successfully.

I have been looking at the likes of ZenCart and OSCommerce and I just don't like the hassle that goes with mashing my own design templates in to them. I would like to be able to create my own site (with strict markup), with a CMS driven catalog. That users could simply drop items in to a shopping cart (session), and when they go to the checkout I simply send the payment information to the likes of realex for processing.

Is this possible?, or is there tonnes of functionality in the likes of the above open source offerings that I would need to replicate. I would really like to do at least one site this way so I know I can do it myself.

So what's to it? What functionality would I need. My first client is only selling to customers in Ireland, so the Euro is the only currency I will be dealing with, along with Irish VAT rates, etc. Although I'm sure if that were to change it would be simple enough to add them in to the system (or am I being terrible naieve).

Also if I use something like Realex to process the payment data do I still need to host the actual site with a dedicated IP and SSL (+ certificate), or is all the privacy of sensitive data transmission taken care of by the payment processor. Of course I wouldn't store the customers payment details in the website database (just shipping information).

I appologise in advance if I am making jaws drop with my ignorance on the subject, but I am eager to make a start on this project and would prefer start with a blank screen and my own programming knowledge than have to force someone else's code work for me.

 

[mneylon]

Heh

Ok. That was a longish post with quite a few questions

Realex offers more than one integration option. In the "simpler" method (remote) you get redirected to Realex's servers to make payment and you (the developer) can customise the look and feel to fit in with your main site.

As for SSL or no SSL.. If you are going to store ANY personal info on users I'd recommend considering SSL regardless of how you handle payments. The feelgood / comfort factor should never be belittled / undervalued

 

[Forbairt]

From the programming point of view .. yes you can go your own way ...

Reasons not to do it ...

1: There are a number of commercial packages out there that will do what you want.

2: There are a number of OS packages out there that will do what you want.

3: between development / testing / bugs and so on ... you're taking on a LOT of responsibility doing it yourself. What if the site is hacked as a result of poor programming on your part ? How long will you support the system for ? When your end users require extra features who foots the bill ? When they say but there are these features already on oscommerce or similar .. I don't want to pay you more for this system.

4: Developing it is going to take a while ... are you able to market it to your clients as well ? (If you consider how many man years have gone into some of the products out there its crazy) Can you commit that sort of time to it all ?

For a list of the features / requirements ... why not talk a look at the various packages features. This is the OSCommerce feature list.

* General Functionality
o Compatible with all PHP 4 versions
o All features enabled by default for a complete out-of-the-box solution
o Object oriented backend (3.0)
o Completely multilingual with English, German, and Spanish provided by default
* Setup / Installation
o Automatic web-browser based installation and upgrade procedure
* Design / Layout
o Template struture implementation to:
+ allow layout changes to be adaptive, easy, and quickly to make (3.0)
+ allow easy integration into an existing site (3.0)
o Support for dynamic images
* Administration / Backend Functionality
o Supports unlimited products and categories
+ Products-to-categories structure
+ Categories-to-categories structure
o Add/Edit/Remove categories, products, manufacturers, customers, and reviews
o Support for physical (shippable) and virtual (downloadable) products
o Administration area secured with a username and password defined during installation
o Contact customers directly via email or newsletters
o Easily backup and restore the database
o Print invoices and packaging lists from the order screen
o Statistics for products and customers
o Multilingual support
o Multicurrency support
+ Automatically update currency exchange rates
o Select what to display, and in what order, in the product listing page
o Support for static and dynamic banners with full statistics
* Customer / Frontend Functionality
o All orders stored in the database for fast and efficient retrieval
o Customers can view their order history and order statuses
o Customers can maintain their accounts
+ Addressbook for multiple shipping and billing addresses
o Temporary shopping cart for guests and permanent shopping cart for customers
o Fast and friendly quick search and advanced search features
o Product reviews for an interactive shopping experience
o Forseen checkout procedure
o Secure transactions with SSL
o Number of products in each category can be shown or hidden
o Global and per-category bestseller lists
o Display what other customers have ordered with the current product shown
o Breadcrumb trail for easy site navigation
* Product Functionality
o Dynamic product attributes relationship
o HTML based product descriptions
o Automated display of specials
o Control if out of stock products can still be shown and are available for purchase
o Customers can subscribe to products to receive related emails/newsletters
* Payment Functionality
o Accept numerous offline payment processing (cheque, money orders, offline credit care processing, ..)
o Accept numerous online payment processing (PayPal, 2CheckOut, Authorize.net, iPayment, ..)
o Disable certain payment services based on a zone basis
* Shipping Functionality
o Weight, price, and destination based shipping modules
o Real-time quotes available (UPS, USPS, FedEx, ..)
o Free shipping based on amount and destination
o Disable certain shipping services based on a zone basis
* Tax Functionality
o Flexible tax implementation on a state and country basis
o Set different tax rates for different products
o Charge tax on shipping on a per shipping service basis

Some of these can be potentially ignored .. (tax / country stuff)

But what is essentially a fairly simple thing starts to get very complex very quickly. For example ... something pretty basic ... do you offer one level of categories ... or multiple levels ?. How many images do you allow per product ?

As was said there are a number of ways of integrating with realex payments ... as well as paypal and all the other systems.

SSL is really a must on a commercial site ... if I even have to enter my email address on your site I'll think twice if I don't see https yes realex or similar will handle the payment processing and details at their end but you'll no dout still want to keep some details on your end.

Just a few thoughts ...

 

[jason]

Reasons not to do it ...

1: There are a number of commercial packages out there that will do what you want.

2: There are a number of OS packages out there that will do what you want.

I would use them, but I am simply not happy with the level of integration that is involved. I feel like with these systems you are always shaving corners off a square to fit it in a round hole. Also the amount of time I vist sites and think to myself "Oh here we go!, another OSCommerce site". At the same time I hate the idea of re-inventing the wheel.

3: between development / testing / bugs and so on ... you're taking on a LOT of responsibility doing it yourself. What if the site is hacked as a result of poor programming on your part ? How long will you support the system for ?

Security is a massive concern of mine and something I generally don't skimp on. Although if designed with security in mind, while keeping the code as simple as possible then I should be able to at least develop something relatively secure. I have spent some time over the past few weeks looking at open source e-commerce and CMS systems and they just seem bloated and overly complex (and therfore more risky from a security perspective). At the same time I know if I write something myself, then I'm the only one responsible for supporting it, as opposed to a community.

4: Developing it is going to take a while ... are you able to market it to your clients as well ? (If you consider how many man years have gone into some of the products out there its crazy) Can you commit that sort of time to it all ?

At the moment I'm not really interested in creating another "packaged application" so to speak, but rather an e-commerce website. Yes as I design the system, I should be able to reuse components, but I'm definately seperating the business logic from the presentation code. I believe that the likes of what is available already just tries to do too much as opposed to the classic goals of open source software which was do something small and do it well. The problem is though that the likes of OSCommerce, etc, are designed to be accessible to non-programmers. There doesn't seem to be any middle ground. It's like you're either using vi or frontpage.

But what is essentially a fairly simple thing starts to get very complex very quickly. For example ... something pretty basic ... do you offer one level of categories ... or multiple levels ?. How many images do you allow per product ?

Yes I know exactly what you mean and I agree that the project scope can often get out of control, but if designed properly I believe can be managed. With regards your example above, I don't think developing such functionality would take much time as I'm certain I developed CMS functionality before which offered such flexibility.

As was said there are a number of ways of integrating with realex payments ... as well as paypal and all the other systems.

Any pointers as to how this works. I see the challenge of developing an e-commerce site broken up in to the following areas

1. Site presentation
2. CMS for adding/removing/updating the catalog (and anything else on the site that requires dynamic content)
3. Shopping Cart tracking (and sometimes saving), my experience with something like that to date would be coming from the J2EE (JSP, EJB) world, but I'm sure is straight forward in PHP also (for smaller projects).
4. User Account Management
5. Notification Services
6. Interactions with the respective payment gateway
7. Security

I see all of the above as discrete and very much not tied in together. Of course the presentation layer will appear to tie them all together, but from a design perspective I see them as seperate problems. Apologies if I'm missing something here. Listen I don't want to sound in any way arrogant in my posts on this subject. I can code, I have experience with web based systems. I believe I understand the popular problems (at least) associated with delivering such systems, but I am very much raising my hand as a newbie to this area of e-commerce. So feel free to wave your flags of experience, I very much appreciate any help offered and respect your opinons/advice.

SSL is really a must on a commercial site ... if I even have to enter my email address on your site I'll think twice if I don't see https yes realex or similar will handle the payment processing and details at their end but you'll no dout still want to keep some details on your end.

I am the very same, and furthermore would leave based on the grounds of the level of information being requested, regardless of how secure the session is. But on the subject of SSL, is there a 1:1 relationship between a fixed IP hosting plan and a SSL cert, or is it on a per website basis?. As well as securing the wire, by passing comms over SSL and verifying identities, what else from an infrastructure/hosting point of view do I need to be concerned with?

Just a few thoughts ...

I appreciate very much your time

 

[Forbairt]

Any pointers as to how this works.

The basics are ...

You have a website ... They have a payment processing website ....

Pass details to their website ... customer enters in details on their site a response is sent back to your site.

You'll transmit an ID ... a Hash of some sort based on a shared key between the two parties. Also an amount

Normally the hash will be something like and md5 of ... time + amount + shared key / password + ID ...

They'll pass a response back to you ... and you'll use your shared key to verify its a real message...

Thats the basics ...

Realex offers a lot ... just drop them a mail asking for details on their APIs available .. or have a look at their site ... (not sure if its publically listed) but they were pretty fast to respond when I was looking before...


SSL certs are normally ... on a domain basis and require a fixed IP address and will only work for that domain .... not a subdomain
www.domain.tld ... would be different to domain.tld ... and the cert wouldn't work for both.

The level of encryption you opt for is up to you (a lot of the cpanels from irish hosts have a simple process to get these)

 

[jason]

Thank you very much for your reply

customer enters in details on their site a response is sent back to your site

Are they redirected away from your site, or am I calling web service or something and then simply redirecting to a page in my own site. Basically is all this done with my site in front of the user or will they see who the payment processor is?

Many Thanks

I will contact some payment processors to see how their APIs work. Is Realex generally the best one?. I had a someone before mention that using paypal is a good idea for smaller sites with fewer transactions. Does the payment processing vary significantly from gateway to gateway?

 

[Forbairt]

Are they redirected away from your site, or am I calling web service or something and then simply redirecting to a page in my own site. Basically is all this done with my site in front of the user or will they see who the payment processor is?

Up to you ... I think there are a few options
1: use the API .. so it all happens through your site
2: use their site ... it directs them to the page which can have your branding on it ...

I will contact some payment processors to see how their APIs work. Is Realex generally the best one?. I had a someone before mention that using paypal is a good idea for smaller sites with fewer transactions. Does the payment processing vary significantly from gateway to gateway?

For Ireland yes .. Realex seems to be the standard if you talk to anyone ...

I know people who've had issues with Paypal

 

[jason]

I know people who've had issues with Paypal

Would you care to elaborate?

Also what considerations should one have, when looking for such services? (local & international).

Thanks a million, you're being a great help to me. I will surely endeavour to return the favour any chance I can

 

[Forbairt]

Would you care to elaborate?

Hmm.. they got badly stung by shipping stuff and then paypal not paying ... I'm unsure of the exact details .... I just know they were quite pissed off. I believe it involved international shipments ... I'll try finding out more if you want

Also what considerations should one have, when looking for such services? (local & international).

Realex ... ... international .. I'm unsure as I've not looked ...

 

[Tom]

I decided to do the same thing myself after using OSCommerce for a while. I've been working on a custom built shopping cart system made from scratch over the last few weeks. It certainly is quite a task but I think it will be worth it in the end. Trying to find and implement other peoples code/plugins into a shopping cart you're not 100% familiar with can be difficult and time consuming at times. I find with my own system it's much easier and quicker to add features/functionality because I understand how it all works and how it comes together in the bigger picture. I've also focused on making it easy to drop into existing website designs so it's flexible and doesn't have a tacked on feel. Of course there is lots of work and ironing out bugs initially, but as different people ask for different features/fixes the cart will develop, you don't need every conceivable feature initially, just focus on the important parts and build on it over time.

Security wise I think custom built carts have the potential of being more secure as they are less popular. I would imagine hackers would prefer to find weaknesses in popular carts so their efforts can be applied to many websites not just a few. Although indeed time needs to be spent making sure everything is as secure as possible.

Anyway it is something you can do and it is a rewarding experience to see your own cart it in action, it took me a few weeks to have a "fully" functional shopping cart system up and running, however there are so many little bits and pieces that need to be done you'll probably be fine tuning it for a long time after. I wouldn't recommend spending time developing a shopping cart from scratch for just one website but if you're going to use it on multiple websites it might be worth it.