Looking at studying for a php eCommerce solution

misheck

I know it might be silly question but I am hoping to pickup a php Open source eCommerce solution to study and I am looking at ideas on which one to choose. At times with many choices of php eCommerce its like choosing a car everyone has their favorite choice.

I had gone for Magento but looking through some of its reviews they say it needs a dedicated hosting solution and tweaking the server when it comes to hosting it online I have decided to leave it (also issues when upgrading i.e not as easy as wordpress just pressing the upgrade button and hope everything else still works) . OSCommerce and Zen Cart does not have any books and I am book person when learning something new but they look to be good choices.

Which one will be the best choice Ecommerce to study and I am mainly going to be developing small websites with less than 1000 items and max 50 categories?

steamPunk

I've tried PrestaShop and it was relatively painless and quite straightforward to use - though it was a 1-click install by the hosting company

Bonesnap

You could try WP eCommerce for WordPress, though I find it to be quite buggy at times.

misheck

Thanks for the replies, I might opt for PrestaShop if wordpress can be a bit buggy. I am not really sure that wordpress will make an easy back end like some of the ecommerce solutions but its worth looking at though.

Bonesnap

WordPress has won awards for its ease-of-use. I haven't worked with Drupal before, but between WordPress and Joomla, WordPress beats it hands-down for usability (I'm referring to the back-end, of course).

The WP eCommerce plugin works, there's just a lot of bugs because it's so huge.

bradgrafelman

Bonesnap;10991332 wrote:
WordPress has won awards for its ease-of-use.

It's also won awards (from me) for number of security exploits/vulnerabilities over time. :p

Bonesnap

bradgrafelman;10991354 wrote:
It's also won awards (from me) for number of security exploits/vulnerabilities over time. :p

In older versions, yes. But there hasn't been a reported vulnerability (a serious one, anyway) for nearly three years (since version 2.7).

bradgrafelman

Bonesnap;10991379 wrote:
In older versions, yes. But there hasn't been a reported vulnerability (a serious one, anyway) for nearly three years (since version 2.7).

I guess that depends on what your definition of "serious" is. To me, seeing a vulnerability like this is pretty darned serious, and that came from a post in August of this year. Searching news feeds for "WordPress vulnerability" articles posted even more recently turn up articles with titles like this one: Thousands of WordPress blogs hijacked to deploy malicious code (posted 3 November 2011, 13:37).

I guess one of the major security improvements taken since version 2.7 was to simply redefine how much damage a vulnerability must do before it is given the label "serious." :p

Bonesnap

bradgrafelman;10991380 wrote:
I guess that depends on what your definition of "serious" is. To me, seeing a vulnerability like this is pretty darned serious, and that came from a post in August of this year.

To be honest I'm not quite sure what's going on here, but from what I can understand it looks like it has more to do with server permissions being set incorrectly rather than an issue with WordPress itself. I've had two clients who had malicious code injected into some of their WordPress files which ended up taking down their sites. After removing the code and changing some file permissions, it was smooth sailing.

bradgrafelman;10991380 wrote:
Searching news feeds for "WordPress vulnerability" articles posted even more recently turn up articles with titles like this one: Thousands of WordPress blogs hijacked to deploy malicious code (posted 3 November 2011, 13:37).

That's a vulnerability to a WordPress add-on, which exploits a user's browser and/or plug-ins. I don't consider that to be a vulnerability of WordPress itself (also many themes may not use TimThumb).

bradgrafelman;10991380 wrote:
I guess one of the major security improvements taken since version 2.7 was to simply redefine how much damage a vulnerability must do before it is given the label "serious." :p

All I know is since 2.7, all the version increments have been about improving WordPress in terms of speed, size, features, etc. and haven't heard about any major vulnerabilities being patched. I may have just missed the memo, though.

Weedpacket

Alerts in the last three months:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3818
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3130
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3129
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3128
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3127
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3126
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3125
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3122

That's limiting the list to those in Wordpress itself, and not those relating to third-party plugins or themes (and yes, links to the memo are included).

Bonesnap

Whoops, turns out the list was looking at was incomplete. I completely forgot about the 3.1.x line. :o

"I'll go ahead a get you another copy of that memo..."

misheck

Thanks for the info on Wordpress, I have never looked at the ecommerce plugin but will have to look at it a bit more. I have come to use wordpress in most of my web development work so maybe it will be best to stick to it.

MattEvans

Are the ecommerce plug in very reliable?