Shopping Cart Advice, Please.

fasterisbest

Hello,

I'm about to build and e commerce site. I plan on using PayPal's "Website Payments Pro". The site is for a medium sized business.

I can see that there are hundreds of shopping carts out there for sale. I have been looking at SunShop and X-Cart Gold as they both integrate with PayPal and use PHP/MySQL.

Can anyone give me some advice on these two carts OR recommend a different one?

Can anyone give me any extra added advice?

Thanks in advance.

amy_damnit

My advice is...

1.) Build your own cart and checkout process

2.) Make sure you accept credit cards as well if you want to be a "real" e-commerce site

Amy

etully

fasterisbest: I agree with Amy about building your own. It might sound silly but once you build your own, you realize that no cart on the market will ever be flexible enough for you. I bought X-Cart Gold, tried to modify it to meet my needs, then I bought Shop-Script Pro and tried to modify it... neither one was as perfect for me as the one I wrote for myself.

Amy: don't mistake Pay Pal Web Site Payments Pro with plain old Pay Pal. They are two completely different services. PPWSPP is what you used to know of as Pay Flow Pro. Not only does PPWSPP take real credit cards right on your own web site but I don't even think you can use Pay Pay with it. As I understand it, PPWSPP feels like a regular CC Merchant account in every way except for a few contractual differences that let the owner use a regular checking account instead of applying for a merchant account.

knowj

I'm sorry but I don't completely agree with build your own. It all depends on the required implementation.

Ask yourself:
What are the system requirements?
Do any of the available systems meet the requirements?
Are you capable or building a SECURE, stable and reliable store system in the required time?
Are you comfortable integrating with a payment system ensuring all errors and possible situations are accounted for?

I have worked with and integrated different payment systems both API and gateway and neither have been a straight forward process (badly written documentation is a major problem)

http://www.magentocommerce.com/ is one of the most welcomed developments over the past few years in open source e-commerce.

On the other hand I have developed an e-commerce system which we have/continue to implement for clients. You just have to be prepared to pull long hours to develop additional functionality which you can most likely just download a plugin/module for with an open source/out of the box system

amy_damnit

etully;10921361 wrote:
fasterisbest: I agree with Amy about building your own. It might sound silly but once you build your own, you realize that no cart on the market will ever be flexible enough for you. I bought X-Cart Gold, tried to modify it to meet my needs, then I bought Shop-Script Pro and tried to modify it... neither one was as perfect for me as the one I wrote for myself.

Wow, someone agreed with me for once?! 🙂

I personally think most things homegrown are better than stuff you buy, but then I am a PIONEER! 🆒 (In fact, I am typing on a laptop - that I built - from my log cabin - which I built - that is powered by the windmill farm - I threw together - this Spring! LOL)

Amy: don't mistake Pay Pal Web Site Payments Pro with plain old Pay Pal. They are two completely different services. PPWSPP is what you used to know of as Pay Flow Pro. Not only does PPWSPP take real credit cards right on your own web site but I don't even think you can use Pay Pay with it. As I understand it, PPWSPP feels like a regular CC Merchant account in every way except for a few contractual differences that let the owner use a regular checking account instead of applying for a merchant account.

Interesting.

I'll have to research that, although I still probably wouldn't like it since I think PayPal is just another mega, take-over-the-world corporation. But that's just me.

Personally, I would recommend Authorize.net which seemed fairly evil-less as of a year or so ago, and great for a beginner.

But what do I know?!

Amy

amy_damnit

knowj;10921393 wrote:
I'm sorry but I don't completely agree with build your own. It all depends on the required implementation.

Ask yourself:
What are the system requirements?
Do any of the available systems meet the requirements?
Are you capable or building a SECURE, stable and reliable store system in the required time?
Are you comfortable integrating with a payment system ensuring all errors and possible situations are accounted for?

He has a point. Personally, I just think most "shopping cart solutions" look rinky-dink and I don't trust them.

(Handling other people's money is not an area where I would be quick to outsource things.)

I have worked with and integrated different payment systems both API and gateway
and neither have been a straight forward process (badly written documentation is a
major problem)

I can believe that.

http://www.magentocommerce.com/ is one of the most welcomed developments over the past few years in open source e-commerce.

Yes, you should check this out.

I am actually trying to learn PHP to build my own first e-commerce site. I feel your pains, but have decided to tackle this one myself and use a payment gateway like Authorize.net which seems very doable once I learn PHP, MySQL and OOP.

But I'm just a newbie...

Amy

knowj

I seriously wouldn't recommend building a e-commerce system if its going to be your first real project.

I wrote some pretty dire code when I started out. Very insecure and badly managed. Even now I look back at recent stuff and think why the hell did I do that.

If you are going to do this I seriously recommend you don't use an api integration with a payment system. there are too many variables which need experience to be able to handle in the correct manner. I still check the logs on all implementations of my work that contain API integrations just to ensure the data is being handled correctly and nothing is being abused.

Use a gateway integration which usually consists of posting form data to the payment gateway -> the user then enters their details on the secure gateway interface (worldpay, paypal, protex etc....) and a response is then generated which you capture and interoperate into a failed/accepted transaction.

This also saves you the hassle of integrating with 3D secure authorization which has been a ball ake for many developers over the past few months.

Start small and work your way up.

amy_damnit

knowj;10921447 wrote:
I seriously wouldn't recommend building a e-commerce system if its going to be your first real project.

I wrote some pretty dire code when I started out. Very insecure and badly managed. Even now I look back at recent stuff and think why the hell did I do that.

Good advice, but I am not new to programming - just new to PHP - and I am confident I can do a good job if I am methodical and get lots of help from people who do know what they are doing.

If you are going to do this I seriously recommend you don't use an api integration with a payment system. there are too many variables which need experience to be able to handle in the correct manner. I still check the logs on all implementations of my work that contain API integrations just to ensure the data is being handled correctly and nothing is being abused.

I'm not sure what you mean by "api integration"?

Use a gateway integration which usually consists of posting form data to the payment gateway -> the user then enters their details on the secure gateway interface (worldpay, paypal, protex etc....) and a response is then generated which you capture and interoperate into a failed/accepted transaction.

Well, Authorize.net - which I recommended to the original poster - falls in that category. You collect checkout info, submit it over a secure connection, you get back a pass/fail message, and you are ready for procurement! (That is why I feel comfortable I can porgam something that is secure.)

This also saves you the hassle of integrating with 3D secure authorization which has been a ball ake for many developers over the past few months.

Again, not sure what this is.

Start small and work your way up.

I agree, but again, I think I have enough background that my bigger challenge is mastering secure PHP.

Regardless, I am always open to suggestions and experiecnes from others - especially when they have already done what I am trying to do!

Amy
🙂

fasterisbest

Well, looks like people have a few different ideas.

I'm not ready to build a shopping cart system on my own just yet. I have looked at X-Cart and SunShop shopping cart software. I need it to integrate well into my own custom HTML/CSS design. I like them both because they are built on PHP/MySQL. I am intermediate in those languages. Does any one have anything GOOD or BAD to say about these carts?

So, I will use Website Payment Pro (PayPal) as the payment gateway using one of these two carts. Does this make sense?

Am I on the right track or is there something I really should know?

Also It seems like most "out of the box" carts are deployed to the server and then the design is built around the cart. Is this usually the case?

fasterisbest

knowj;10921447 wrote:
Use a gateway integration which usually consists of posting form data to the payment gateway -> the user then enters their details on the secure gateway interface (worldpay, paypal, protex etc....) and a response is then generated which you capture and interoperate into a failed/accepted transaction.

Can I achieve this with PayPal Website Payments Pro and a SunShop cart?

amy_damnit

One more thought - now wearing my customer hat...

If I go to any e-comemrce site, go to checkout, and I see that the website is re-routed to another site to handle the payment, I am outta there!!!

Whatever solution you implement - and I don't know how this applies to what everyone is talking about - it is my strong advice that you avoid the whole funky URL/re-routing thing.

THAT is why I plan on building a home-grown solution and working directly with the payment gateway (e.g. Authorize.net) - I don't want something that looks like it was built by a teenager.

That is my opinion, of course.

Whatever path you choose, best of luck! 🙂

Amy

fasterisbest

Amy,

What you speak of is exactly how PayPal Website Payments Pro (the payment gateway) works. You never leave the site where you are purchasing a product. Information is taken and then sent to PayPal and accepted/denied.

You appear to be very strong and confident. I admire this. However, be sure not to let your confidence supersede your experience.

I appreciate your comments. But, please be careful of your tone when you talk to others in the thread in which I have started.

etully

I appreciate your comments. But, please be careful of your tone when you talk to others in the thread in which I have started.

Amy, I like your tone just as it is.

I suspect that your confidence does indeed match your experience and people would do well to listen to your advice. If I am wrong, the burden is on the Internet audience to consider the source and what they paid for your advice.

amy_damnit

fasterisbest;10921459 wrote:
What you speak of is exactly how PayPal Website Payments Pro (the payment gateway) works. You never leave the site where you are purchasing a product. Information is taken and then sent to PayPal and accepted/denied.

Then that sounds like a good option since it sounds like a professional looking transaction.

You appear to be very strong and confident. I admire this. However, be sure not to let your confidence supersede your experience.

If I was overly confident, I wouldn't be here!

Amy

amy_damnit

etully;10921463 wrote:
Amy, I like your tone just as it is.

LOL Well, thank you.

Nonetheless, fasterisbest, I apologize if I temporarily highjacked your thread or was too strong. (I have just researched this topic for years and obviously have some strong opinions.)

I suspect that your confidence does indeed match your experience and people would do well to listen to your advice.

I've been around for a lot longer than most would think - especially in IT - however I am very humbled being on this site, as there are clearly people more knowledgeable/experienced than I am.

In the end, though, I am a perfectionist and I say "Do it right or don't do it at all!" (Of course, my goals may be different than others.)

If I am wrong, the burden is on the Internet audience to consider the source and what they paid for your advice.

LOL Yah, that is a good reminder - even for myself! 🙂

Anyways, fasterisbest, I hope you find a good solution and if you do the PayPal ProFlow whatever thingy, do let us know how it goes.

Sincerely,

Amy

knowj

amy.damnit;10921458 wrote:
One more thought - now wearing my customer hat...

If I go to any e-comemrce site, go to checkout, and I see that the website is re-routed to another site to handle the payment, I am outta there!!!

Whatever solution you implement - and I don't know how this applies to what everyone is talking about - it is my strong advice that you avoid the whole funky URL/re-routing thing.

THAT is why I plan on building a home-grown solution and working directly with the payment gateway (e.g. Authorize.net) - I don't want something that looks like it was built by a teenager.

That is my opinion, of course.

Whatever path you choose, best of luck! 🙂

Amy

An API integration works in the way that you never leave the URL but that downside is you have to:
A: purchase an ssl certificate
B: you are responsible for all security relating to accepting and handling the customers card details
C: any security changes that are made you have to adapt your system (3d secure being one of the most recent)
D: if your server is compromised card details can easily be farmed by simply editing either your payment class, card input file

However it does look pretty and gives you the option of holding customer card details for easier/faster checkout.

A gateway integration uses a simple web form in which all the data is put into hidden inputs (usually with an MD5 hash for security) the user or JS then submits the form and the user it taken to the merchants payment gateway (worldpay.com, paypal.com etc...) they fill in their details on the payment gateways website and a response is triggered which posts data to a specified file/uri on your server which will process the post data and allow you to intemperate if the users payment has been accepted.

From a customers point of view if you are a trusted company paying on the websites URL is comforting however if you are buying off a smaller website/comany that you haven't dealt with before I personally wouldn't feel comfortable giving them my card details directly for payment if i couldn't find substantial information on the company before. However if the payment is handled by a reputable payment gateway where you can research into the gateways history etc... you have a point of contact to address the issue if something goes wrong.

ALOT of large multinational companies/services use payment gateways over API payment integrations many with online turnover in the millions.

I know on the systems I have implemented using a payment gateway over an api defiantly hasn't had a negative impact on the sales figures its all about choosing the right tool for the job.

3D secure: Mastercard and Maestro have recently made it compulsory to authenticate "cardholder not present" transactions via "Mastercard SecureCode" (visa has "Verified by Visa" they are basically a branded up login and password. The user registers their card with their email address when first confronted with the 3d secure interface. From then on every time they use their card they enter their email and their chosen password to verify that they are the person using the card and not someone with a stolen card.

What this means for API integrations with Paypal Website Payments Pro, Authorize.net etc... is that developers had to write a whole new process into the payment system with ALOT more variables. Anyone who doesn't support 3D secure cannot technically process mastercard/maestro and possible now even visa.

In the end, though, I am a perfectionist and I say "Do it right or don't do it at all!" (Of course, my goals may be different than others.)

To be the devils advocate what is right! If at the end of the day, it works for the desired implementation, its secure, manageable and scalable who can criticise how you built/implemented your system.

On the point of web payments pro depending on your desired implementation. On a new project I would start off with a gateway implementation then as the project grew expand to an API integrations (web payments pro) when it feels required. There is also the added financial benefit of a gateway implentation

amy_damnit

knowj,

WOW!!! You must be an e-commerce god!!!

I am blown away by your responses, and have to say that you make things sound much more complicated (yet somewhat easier too) than I could have ever guessed.

It sounds like things have changed a lot since I was looking at Authorize.net a few years ago.

Gee, and I thought getting my cookie and session examples in my PHP book were challenging?! LOL

Well, when I get closer to doing the e-commerce part, I hope you are still around and can answer some questions via forums or PM.

You are definitely a super-stud in this area. I am impressed!! ⭕o

Amy

fasterisbest

Thanks Knowj,

That was clear and followed by an excellent conclusion.