E-Commerce with ProcessWire?

[diogo]

I finally installed the module, and everything is working fine. This is great Apeisa!

Back to the other eCommerce solutions... As anyone worked with osCommerce or Zen Cart?

[spoetnik]

This is the stacktrace of the error I get. I dont' understand what's wrong:

[24-Feb-2012 16:29:13] PHP Warning:  Cannot modify header information - headers already sent by (output started at /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:2) in /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Session.php on line 258
[24-Feb-2012 16:29:13] PHP Stack trace:
[24-Feb-2012 16:29:13] PHP   1. {main}() /DATA/www-root/proc.wainmanhawaii.nl/index.php:0
[24-Feb-2012 16:29:13] PHP   2. ProcessWire->__construct() /DATA/www-root/proc.wainmanhawaii.nl/index.php:183
[24-Feb-2012 16:29:13] PHP   3. ProcessWire->load() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/ProcessWire.php:46
[24-Feb-2012 16:29:13] PHP   4. Modules->triggerInit() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/ProcessWire.php:134
[24-Feb-2012 16:29:13] PHP   5. ShoppingCart->init() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Modules.php:126
[24-Feb-2012 16:29:13] PHP   6. Session->redirect() /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:35
[24-Feb-2012 16:29:13] PHP   7. Wire->__call() /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:35
[24-Feb-2012 16:29:13] PHP   8. Wire->runHooks() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:229
[24-Feb-2012 16:29:13] PHP   9. call_user_func_array() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:269
[24-Feb-2012 16:29:13] PHP  10. Session->___redirect() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:269
[24-Feb-2012 16:29:13] PHP  11. header() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Session.php:258
[24-Feb-2012 16:29:13] PHP Warning:  Cannot modify header information - headers already sent by (output started at /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:2) in /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Session.php on line 259
[24-Feb-2012 16:29:13] PHP Stack trace:
[24-Feb-2012 16:29:13] PHP   1. {main}() /DATA/www-root/proc.wainmanhawaii.nl/index.php:0
[24-Feb-2012 16:29:13] PHP   2. ProcessWire->__construct() /DATA/www-root/proc.wainmanhawaii.nl/index.php:183
[24-Feb-2012 16:29:13] PHP   3. ProcessWire->load() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/ProcessWire.php:46
[24-Feb-2012 16:29:13] PHP   4. Modules->triggerInit() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/ProcessWire.php:134
[24-Feb-2012 16:29:13] PHP   5. ShoppingCart->init() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Modules.php:126
[24-Feb-2012 16:29:13] PHP   6. Session->redirect() /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:35
[24-Feb-2012 16:29:13] PHP   7. Wire->__call() /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:35
[24-Feb-2012 16:29:13] PHP   8. Wire->runHooks() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:229
[24-Feb-2012 16:29:13] PHP   9. call_user_func_array() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:269
[24-Feb-2012 16:29:13] PHP  10. Session->___redirect() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:269
[24-Feb-2012 16:29:13] PHP  11. header() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Session.php:259
[24-Feb-2012 16:29:13] PHP Warning:  Cannot modify header information - headers already sent by (output started at /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:2) in /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Session.php on line 260
[24-Feb-2012 16:29:13] PHP Stack trace:
[24-Feb-2012 16:29:13] PHP   1. {main}() /DATA/www-root/proc.wainmanhawaii.nl/index.php:0
[24-Feb-2012 16:29:13] PHP   2. ProcessWire->__construct() /DATA/www-root/proc.wainmanhawaii.nl/index.php:183
[24-Feb-2012 16:29:13] PHP   3. ProcessWire->load() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/ProcessWire.php:46
[24-Feb-2012 16:29:13] PHP   4. Modules->triggerInit() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/ProcessWire.php:134
[24-Feb-2012 16:29:13] PHP   5. ShoppingCart->init() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Modules.php:126
[24-Feb-2012 16:29:13] PHP   6. Session->redirect() /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:35
[24-Feb-2012 16:29:13] PHP   7. Wire->__call() /DATA/www-root/proc.wainmanhawaii.nl/site-wainmanhawaii.nl/modules/Shop/ShoppingCart.module:35
[24-Feb-2012 16:29:13] PHP   8. Wire->runHooks() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:229
[24-Feb-2012 16:29:13] PHP   9. call_user_func_array() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:269
[24-Feb-2012 16:29:13] PHP  10. Session->___redirect() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Wire.php:269
[24-Feb-2012 16:29:13] PHP  11. header() /DATA/www-root/proc.wainmanhawaii.nl/wire/core/Session.php:260

[ryan]

As anyone worked with osCommerce or Zen Cart?

Yes--they are actually both OSCommerce (ZenCart is an upgraded fork). My opinion is I would avoid OSCommerce and the forks. I have had a lot of experience with OSCommerce, but very little with ZenCart. However, my experience with OSCommerce left me feeling that I probably would not want to use a fork of it.

[ryan]

This is the stacktrace of the error I get. I dont' understand what's wrong:

Looks like there is a blank line at the top of /stie/modules/Shop/ShoppingCart.module. Delete that blank line (so that <?php is the first thing in the file) and that should fix it.

[diogo]

my experience with OSCommerce left me feeling that I probably would not want to use a fork of it

Fair enough

[spoetnik]

Looks like there is a blank line at the top of /stie/modules/Shop/ShoppingCart.module. Delete that blank line (so that <?php is the first thing in the file) and that should fix it.

Thanks!! That fixed it!!

[thetuningspoon]

I would have to advise against Magento. I used it on a small ecommerce project and it was just a beast. Unnecessarily complex templating and a confusing back end. I had to upgrade my server to a VPS just to get it to run at all, and even then it was slow. 3/4 of the way into the project I made the decision to drop it and look for something else. I found OpenCart. Working with it was like a dream in comparison. So I'll throw my hat in for OpenCart.

Some of my more coding proficient friends have since told me that Magento is very inefficient under the hood. So, unfortunately, my experience with it is not unique.

[ryan]

I tried Magento as well before going with Drupal UberCart. I felt like there is probably a lot of great stuff there, but wasn't accessible for me to learn it in the time I had to setup a store for the client. I contacted Magento to assist, and they wanted $30k USD to get the basics going. Perhaps that's a good deal for some, but it was out of reach for me. It made me think that Magento was probably too complex and expensive for me. After successfully getting Drupal and UberCart setup and running (which is somewhat complex in its own right) I was glad that I didn't continue with trying to get Magento going.

[spoetnik]

I don't want to drive people away trying something else, but the new Drupal Commerce is also a nice flexible E-commerce framework. I love the framework, but really hat the theming part of Drupal.

[charliez]

While this is in development, I will vote for OpenCart.

I starte using ZenCart (but it is old), then went to Magento at the beginning

(but it turned into a behemoth) and lately I checked LemmonStand, Interspire and

OpenCart.

Both Lemmon and OpenCart are really good. Lemmon is commercial and its modules

do add up and thus the cost, but I found it very well developed. OpenCart is really good

for what it makes, simple ecommerce shops.

[spoetnik]

Any progress on the development of an e-commerce module??

[apeisa]

I started building our first shop week ago and I was pretty happy how well this functioned. Probably will add few commits while developing this further. It is pretty basic shop and I am not sure if that will require much feature wise. But at least after that we will have first live shop using 100% pw as a commerce solution.

But what I think that will come in "near" future are things like:

• Taxes
  
• Reporting (monthly sales etc)
  
• Different shipping methods
  
• Cleaner code with hookable methods
  
• Product variations (I will probably wait for repeater to go stable)
  
• Better documentation
  

[tinacious]

This tool looks great, I can't wait for it to be fully developed. I am looking to get started with e-commerce and would love to use ProcessWire because I love it, so this module seems ideal. I would be looking for Paypal integration—is this something that will be coming down the pipeline?

[apeisa]

I will implement paypal integration for sure. But that is something that we don't need at our company, so I need to do that on my own time. But I don't think that will take more than few hours at best.

I just implemented possibility to add multiple shipping options. Yesterday I build small markup module which renders the shopping steps (1. cart, 2. information, 3. confirmation, 4. payment, 5. order complete). Also some minor tweaks here and there. I will also add option to choose currency (I am not planning to support multiple currencies, but possibility to choose what currency the shop uses will be there). Hopefully I get today all wrapped up and can commit it.

[onjegolders]

Sounds good Apeisa!

[ryan]

What are your thoughts about PCI compliance and is that even an issue in this case? I'm just learning more about it here and have been wondering how that affects the gateway approach for something non-PayPal. I'm having to move away from self hosted Drupal UberCart because PCI compliance is a darn near impossible to achieve in a self-run/hosted environment as far as I can tell. PCI compliance is now a requirement (at least in the US). Those that don't meet it have to pay much higher fees, and pretty soon won't be allowed to perform transactions at all (I think we're in some kind of grace period now). The self questionnaire is thousands of unintelligible questions, even for someone that knows their way around web servers. Then they repeatedly slam your site TrustKeeper bots and always find thousands of things that don't really matter (like not running PHP 5.4, heh), but allow them to call you non-PCI compliant. So there is a real incentive to host online stores with a provider that handles the PCI compliance or at least has some deal going with the PCI inspector. I think it can also be accomplished by delegating all your customer forms and transactions to a merchant/gateway-hosted page, even if the actual cart is self hosted. But I don't know much about it yet, just learning and trying to move a client's store to a PCI compliant environment, and finding it kind of frustrating.

[apeisa]

Ryan: I do not know - I have always thought that PCI compliance is more about shops that directly accept or even store credit card information. And not sure what requirements that gives to shopping cart software. After reading more from wikipedia (http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) I am not much wiser, just that it seems to be more like another way of doing money for cc companies than actually making better security.

In Finland there are very few sellers (only the biggest) who store credit card information. Usually we pay directly from our bank account and that payment process is always done in bank's website. And if it is credit card payment it is usually processed on Luottokunta website (they have monopoly like position in Finland afaik, threatened only by paypal and likes). They have quick guide for merchants about PCI compliance: http://www.luottokunta.fi/en/industry/pci_data_security_standard/quick_guide_for_merchants (I didn't come much wiser after reading that either...)

[DaveP]

Ryan's account is very accurate and very familiar! Trying to achieve and then maintain PCI compliance is a nightmare. In my previous job I wrote and maintained an on-line shop. Because I knew the codebase intimately, fixing problems there was easy, but (even though we were on a VPS) there was a great deal that the hosting company had to do as well, even as far as arguing about false positives and really trivial stuff.

I don't miss it! However, I did come across an interesting bit of reading on the subject, regarding taking a web business outside PCI scope, which may be relevant to this discussion.

[netcarver]

Thank you DaveP.

[apeisa]

Just pushed big update on shop module. I don't even remember everything, but here are few details:

• Shipping options, with additional payment costs (currently only fixed cost shipping option available, but it would be pretty trivial to build more advanced ones also)
  
• Uses cookies instead of session - I settled for 7 day cookie
  
• ShoppingStepsMarkup.module, which renders 1-5 steps to completed order
  
• Bunch of bug fixes (and probably lots of new ones introduced)
  
• Most of the fields created are now system fields, so installing this will not pollute your fields & templates. (This doesn't mean you should install this on your favourite live site - don't do that [with any module])
  
• Updated the readme with few (well.. 12 actually) simple steps how to get this baby up and running
  

Get it while it's hot: https://github.com/apeisa/Shop-for-ProcessWire

All the feedback and testing is greatly appreciated. Thanks.

[ryan]

just that it seems to be more like another way of doing money for cc companies than actually making better security.

This has been my impression as well.

I have always thought that PCI compliance is more about shops that directly accept or even store credit card information.

That's my understanding as well. I think it's rare nowadays to actually store any CC info on a web server (I don't know of any merchant account that allows that). But usually interfacing with any merchant gateway requires your PHP code coming in contact with the CC info at some point. Like preparing it in an array that gets POSTed to the gateway. The data is in memory for the request (1/100 of a second), and never touches a disk or anything like that. And that's the only thing that happens. Yet, it means we are subject to the whole insanity of everything PCI.

However, I did come across an interesting bit of reading on the subject, regarding taking a web business outside PCI scope, which may be relevant to this discussion.

Such a simple thing, but it sounds like this solves the issue I mentioned above. Though I'm a little surprised, as it doesn't seem like the data would be much more secure. In either case, the biggest concern is a hacker silently logging the posted CC data before it gets sent to the gateway. It seems like that could still be achieved with the direct post, even with just a little JS. Given that, I would think the only way to truly clean yourself of responsibility for the CC data would be to let all financial transaction forms be delivered by and processed by the merchant/gateway.

[raydale]

Great to see this progressing Apeisa.

I have been promising myself to test the modules when I get a chance. As soon as you have a PayPal module working I'll be over it like a rash as I have an eCommerce site that I would migrate over to PW.

Just pushed big update on shop module. I don't even remember everything, but here are few details:

• Shipping options, with additional payment costs (currently only fixed cost shipping option available, but it would be pretty trivial to build more advanced ones also)
  
• Uses cookies instead of session - I settled for 7 day cookie
  
• ShoppingStepsMarkup.module, which renders 1-5 steps to completed order
  
• Bunch of bug fixes (and probably lots of new ones introduced)
  
• Most of the fields created are now system fields, so installing this will not pollute your fields & templates. (This doesn't mean you should install this on your favourite live site - don't do that [with any module])
  
• Updated the readme with few (well.. 12 actually) simple steps how to get this baby up and running
  

Get it while it's hot: https://github.com/a...for-ProcessWire

All the feedback and testing is greatly appreciated. Thanks.

[tinacious]

I'm definitely with raydale on this one. I, too, anxiously await PayPal integration. I will be all up on it like a fat kid on cake. I'd be first in line like an Apple fanboy or fangirl at the new iPhone launch. If I had a genie in a magic lamp I would use my first wish on this. Well, you get it.

I will definitely help with testing once PayPal is integrated! I don't want to start testing now and get excited about something that isn't a sure thing yet, but once it's there, you can count me in for testing!

[apeisa]

I try to implement it soon.

Btw we already published our first shop using this module: http://www.martanpuoti.fi

[raydale]

I try to implement it soon.

Btw we already published our first shop using this module: http://www.martanpuoti.fi

Wow, I'm having a tough time getting onto these forums lately, busy, busy.

Apeisa - that's really nice work with both the site and the shopping cart which seems a very clean and simple process. I'm really itching to test this now.

Do I detect a case study coming on for this site???