?

Log in

Previous Entry | Next Entry

I have a Web client who runs an online store. This client has a merchant account and is using a self-hosted Web site and self-hosted ecommerce package/shopping cart called Zen Cart.

Unfortunately, Zen Cart sucks balls, for a number of reasons. It's slow to be updated (it's currently at version 1.5, the first update in two years; the progress report on Version 2.0, "Beta Release Postponed Indefinitely," was made on May 27...of 2009.

My client has gotten fed up with the limitations of this shambling mound of shit and is looking for a new shopping cart solution. The requirements in a new shopping cart are:

- Open source and free or reasonably priced. Shopping carts such as Magento that are priced on a "you must pay this much per year" are not acceptable.

- Must be able to work with Authorize.net and Virtual Merchant as credit card transaction processors

- Must work with PayPal

- Must have a robust and easy-to-use templating system. A system where the template is a complete HTML file with special tags for "insert content here" is preferred. (Seriously, what's up with all these Baroque, piecemeal templating systems that so many ecommerce and CMS packages use?)

- Must have a very flexible coupon code system that allows great versatility in coupons. For example, "This coupon takes $120 off Product A and/or $160 off Product B," "This coupon gives you $50 off when you buy Product Z, Y, and W together," and "This coupon gives you $50 off your total order plus free shipping if you buy Product K plus two accessories."

- Should be background scriptable. For example, I should be able to click on an "Add one to basket" button on a static HTML page that is not part of the shopping cart, and have the product added to the user's cart without leaving that HTML page.

- Should allow a user to check out without creating an account, if she desires.

- Must allow for a wide variety of shipping methods (including USPS and FedEx real-time shipping), shipping to many international zones, and by-unit or by-weight shipping prices.

- Must allow ease of updating. Here's a tip for software designers who need to be smacked: If your upgrade instructions say "In order to update and preserve your customizations, first download a distribution copy of your version of the product and run diff on it to make a list of all the differences between your installed version and the distribution version. Then, open the files in the new version, and..." You. Suck. This is actually the reason so many OS Commerce storefronts are trivial to hack: installing security patches is a protracted nightmare that makes getting a double root canal without anesthesia sound downright attractive.

- Must pass PCI/DSS compliance.

- Edited to add: Integration with SugarCRM would be really, really nice too.

So, any takers? Anyone got a self-hosted cart you like? Shopping carts (other than Zen Cart and the wretched pile of hyena vomit called OS Commerce) to avoid?


Comments

( 6 comments — Leave a comment )
(Deleted comment)
aagblog
Jan. 27th, 2012 01:55 am (UTC)
Dear sweet tentacley cthulhu...
...when you find an answer, let me know.

'Cuz I've been asking the same damn thing.
redhotlips
Jan. 27th, 2012 05:08 am (UTC)
Ya. Good luck. Been looking for a nice cart system two years. :(
ab3nd
Jan. 27th, 2012 03:47 pm (UTC)
I thought passing PCI compliance was a matter of overall business practices, rather than something a suite of software did. That is, you can buy all the "compliant" software in the world, but if I can, for example, walk into your data center and mess about with things, there's still no compliance.

That said, I think the software end of it comes down to good network security and monitoring, plus crypto where appropriate.

Of course, this should be taken with a biggish grain of salt, as I'm a random on the internet.

I also agree that Zen Cart is a festering heap. Their patch management process is "check the forums". If you can, check up on their server, your client may already be 0wned.
tacit
Jan. 27th, 2012 06:29 pm (UTC)
I thought passing PCI compliance was a matter of overall business practices, rather than something a suite of software did. That is, you can buy all the "compliant" software in the world, but if I can, for example, walk into your data center and mess about with things, there's still no compliance.

That's true. However, the software plays a role.

For example, Zen Cart version 1.2 is not PCI compliant. If you run it, you won't pass compliance no matter what else you do.

Similarly, there's a free limited version of Magento, but according to the Web site you won't pass PCI compliance if you use it, which makes it rather worthless.
edwardmartiniii
Feb. 1st, 2012 02:33 pm (UTC)
I have been extremely happy with the eCommerce package for Concrete5.

I don't know if it does EVERYTHING you are asking about, because I haven't tried to do everything, but when I look at your unsorted list, most are things I've been able to do. The rest are things I haven't tried.

However, I don't know if it's standalone. For me, that's not a problem, because I'm really enjoying using C5.
( 6 comments — Leave a comment )