Open Source

E-commerce for idiots: A shopping cart anyone can install

Take advantage of the holiday shopping rush by outfitting your company's Web site with an e-commerce solution. Jack Wallen, Jr. shows you how to do it quickly and painlessly with the open-sourced RediCommerce.


I've shopped around for quite some time for a good shopping cart/e-commerce solution to highlight. The criteria for this search were simple: The tool had to be inexpensive, reliable, and simple to set up. I found this solution in a Linux e-commerce application called RediCommerce.

This shopping cart application blends seamlessly with Apache and OpenSSL to form an outstanding solution that will allow you to have real-time credit card processing, stock your online store with hundreds of items, and manage your store from any browser. In this Daily Feature, I’ll show you how to install this tool and configure RediCommerce so you’ll be ready to set up your first shopping cart. It's quick, it's painless, and it's Linux.

Take note that the installation of RediCommerce must take place on a Linux server. The configuration of the shopping cart (which I’ll deal with in another Daily Feature) can be done from any browser on any platform.

What you'll need, or "Just use the latest distro!"
For my installation, I used Red Hat 7.2 as my operating system. All the tools I needed (Apache, OpenSSL, Perl 5) were already in place. If you’re using another distribution, please make sure you have these three required tools.

More information on requirements
If you need more information on these tools, take a look at the following TechProGuild articles, "E-commerce on the e-cheap: Apache and OpenSSL" and "Creating passkeys and certificates for secure Web servers in Linux," and this TechRepublic article, “Installing Apache Web server on Linux.”

Installation, or "Where do these images go?"
With the requirements met, you can begin by snagging the source to the application. To download the file, you have to fill out a download request form, which asks for your name, e-mail address, and any comments you’d like to make. Once you’ve submitted the form, you’ll be sent an e-mail with instructions on how to get your copy of the file. The file will be in .zip form and will be named redicommerceVERSION.zip (where VERSION is the release number).

The installation of this application is fairly simple, but I did find that some steps must be followed that, to be honest, shouldn't have to be taken. First, you’ll su to root and run the command unzip redicommerceVERSION.zip, which will unpack a directory named store. This newly created directory must now be moved in Apache'scgi-bin directory. With Red Hat >= 7.0, Apache's cgi-bin is located in /var/www. To move the store directory, issue the command mv redicommerceVERSION.zip /var/www/ from the directory to which the .zip file was downloaded.

With the store directory in place, you have only a few more steps, but they’re critical. The last steps focus on the security of the shopping cart, so pay close attention.

First, you’ll want to make sure that the necessary images (and any images you’ll be using later) will actually show up in the user’s browser. The installation of the application doesn’t help you with this step and the documentation is a bit lacking on the subject. I sat around thinking "Where do these images go?" I quickly remembered good old document root.

For the images to show up correctly in RediCommerce, they must be contained with the document root of the Apache browser. To do this, create a new directory (called images or whatever) within the document root with the command mkdir /var/www/html/images. With the new directory in place, change to the /var/www/cgi-bin/store/html/images directory and issue the command cp * /var/www/html/images/. Now that you have all the default images in place (you'll add others later), you’re ready to deal with some security.

Permissions, or "chmod 744, 755, hut hut!"
After quite awhile of running permission changes on the various directories (and consequently mucking up an installation), I was severely frustrated. Fortunately, you won’t have to endure such pain.

Here are the exact permissions settings you’ll need within the store directory:
  • 777 on the /store/admin_files directory and all files within
  • 777 on the /store/data_files directory and all files within
  • 777 on the /store/log_files directory
  • 777 on the /store/protected/files directory
  • 755 on the /store/protected/manager.cgi file
  • 777 on the /store/shopping_carts directory
  • 755 on the /store/redicommerce.cgi file

You may also want to lock down the Store Manager access with the following permissions later on:
  • 744 on the /store/admin_files directory
  • 644 on all files within the /store/admin_files directory
  • 744 on the /store/data_files directory
  • 644 on the /store/data_files/data file

This can be done once installation is complete and you've set up your shopping cart. If you do it before you set up shop, you won’t be able to access the Store Manager.

Password protection, or "Avoiding Error 500"
It is absolutely critical that you password-protect the /var/ww/cgi-bin/store directory. If you don’t, you run the risk of releasing cookies, orders, and other must-not-disclose information into the wild.

A plethora of sites will instruct you on how to password-protect the directories within. However, stick with the following steps or you may be seeing Error Code 500 far more than you like.

As root, change to the /var/www/cgi-bin/store/protected directory and open (in your favorite text editor, of course) the htaccess file. At line 36, you’ll see the following:
#AuthUserFile /home/carey/.passwd

You’re going to uncomment this line and change it to the following:
AuthUserFile /var/www/cgi-bin/store/protected/

Once you have made the edits to this file, you need to change it to a hidden file by running the following command from within the /var/www/cgi-bin/store/protected directory:
mv htaccess .htaccess

The next step is to run this command, again as root (where USER_NAME is the name of the user who will be accessing the Store Manager; he or she must have an account on the machine serving up the tool):
htpasswd manager.access USER_NAME

You’ll then be asked twice for a new password, and (once the password is given the second time) the file manager.access will be created with an encrypted form of the user's password you just entered.

Before you can actually log in to the Store Manager, you’ll have to edit one last file. In the /var/www/cgi-bin/store/protected directory, open the manager.cgi file and change the following to the username and password you added with the htpasswd command above:
$username="redi";
$password="1234";


For example, if I added the user Tootsie with a password Katta, the above entry would look like this:
$username="Tootsie";
$password="Katta";


You’re now ready to log in to the Store Manager with your new username (Tootsie) and password (Katta).

Conclusion
I bet you never thought e-commerce could be so simple. Now that you have the server set up and ready to go, you’re ready to put together that first shopping cart. Stayed tuned until next time when I'll go through all the configurations possible for the RediCommerce Store Manager from any client Web browser.

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks