Home Page
   Articles
       links
About Us    
Traders        
Recipes            
Latest Articles
Which web shop?

 
Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters
Author 
 Message
sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Thu Jun 11, 15 7:13 am    Post subject: Which web shop? Reply with quote
    

My old/current webshop was oscommerce, which is now horribly out of date and with some lingering problems from a hacking episode ages ago. Its time for a new one.

Any recommendations for something that isn't too expensive (don't mind paying a bit for the service, just not the 'your entire income per month' fees some seem to demand). It can be pretty straightforwards, but it does have to allow for shipping options based both on weight and different end countries. Being able to have different colour or size options on some products will be important too.

Mustn't be too scary to install either, I can probably get some help configuring it initially if it needs more than my feeble abilities, but if it needs a degree in coding its probably not realistic for me.

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Thu Jun 11, 15 7:19 am    Post subject: Reply with quote
    

I've already DM'ed you. As you're using Wordpress I highly recommend Woo Commerce. It's free and has really good 3rd party support.

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Thu Jun 11, 15 7:27 am    Post subject: Reply with quote
    

Just looking at that now, the postage options may be the sticking point there but I'm looking at their add-on options and its looks like the Royal mail add-on at $79 a year(!) is the most likely to work. Still if thats the main cost to make it work, thats probably not too horrible.

Will explore further, thanks for suggesting it!

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Thu Jun 11, 15 7:29 am    Post subject: Reply with quote
    

You can often get around the add-ons by entering the lookup data yourself. It's flexible.

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Thu Jun 11, 15 7:33 am    Post subject: Reply with quote
    

vegplot wrote:
You can often get around the add-ons by entering the lookup data yourself. It's flexible.


thats sounding very sensible. Ok, I'll read up on all that during tea breaks, then after the weekend when I've got a few spare minutes and you've had a chance to finish your rescue mission on the site and we've decided whether its all going to a new host or not, I'll have a bash at installing it with the most often bought items initially, then if all goes well, when we move to a new hosting plan we can completely scrap the old shop at the same time and hopefully do away with some of the problems

henchard



Joined: 23 Aug 2012
Posts: 232
Location: Carmarthenshire
PostPosted: Thu Jun 11, 15 4:10 pm    Post subject: Reply with quote
    

I still highly rate Mals Shopping cart for simplicity

https://www.mals-e.com

very easy to set up for small businesses and has been around for years. The free model is all that many small businesses need and you can set variable postage rates and discounts etc.

I've integrated it for a friend on this site if you want to see a working example (click through to the cart by all means but obviously don't buy anything as it is live!)

https://marymacnamara.net/shop.html

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Thu Jun 11, 15 7:27 pm    Post subject: Reply with quote
    

henchard wrote:
I still highly rate Mals Shopping cart for simplicity

https://www.mals-e.com

very easy to set up for small businesses and has been around for years. The free model is all that many small businesses need and you can set variable postage rates and discounts etc.

I've integrated it for a friend on this site if you want to see a working example (click through to the cart by all means but obviously don't buy anything as it is live!)

https://marymacnamara.net/shop.html


Isn't that one basically just 'buy it now' buttons though? I need to be able to offer drop down choices for fit and sizing and colours, potentially a number of different choices on a single product when its things like hats or stockings, I didn't think that sort of cart software supported multi choice options like that? I'll have another look at it though if you think it does cover that type of thing

henchard



Joined: 23 Aug 2012
Posts: 232
Location: Carmarthenshire
PostPosted: Thu Jun 11, 15 10:05 pm    Post subject: Reply with quote
    

sally_in_wales wrote:
I need to be able to offer drop down choices for fit and sizing and colours, potentially a number of different choices on a single product when its things like hats or stockings, I didn't think that sort of cart software supported multi choice options like that? I'll have another look at it though if you think it does cover that type of thing


You can do all that in Mals

See

https://www.mals-e.com/tpv.php?tp=6

Heres some examples of the different forms you can make (and adapt)

https://www.malsforms.com/other-forms.html

I only mention Mals because I've used it a lot over the years; found it very simple and easy to use. I have no training in HTML or anything and just find it very easy to implement as it all operates on their servers.

In another example I use it here on another site for a festival in Ireland where it is used in their shop for both purchases

https://www.feaklefestival.ie/shop.html

and for donations to the Festival

https://www.feaklefestival.ie/friends.html

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Thu Jun 11, 15 11:55 pm    Post subject: Reply with quote
    

Mals doesn't look very secure. The item price is an attribute and the post method is to an external site and there's no anti-forgery token set. If you know the user id (which you can get simply by examining the HTML) you can place order for items using any price you like from any source.

Code:

<form action="http://secure.aitsafe.com/cf/add.cfm" method="post">
                  <div align="left">
                <input type="hidden" name="userid" value="3744681">
                   <input type="hidden" name="product" value="In Time In Tune DVD">
                   <input type="hidden" name="price" value="15.00">
                   <input type="hidden" name="return" value="http://www.feaklefestival.ie/shop.html">
                   <input type="hidden" name="units" value="1">
                   <input type="hidden" name="qty" value="1">
                   <input type="submit" value="Buy 'In Time, In Tune' DVD">
                  </div>
                  </form>

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Fri Jun 12, 15 6:20 am    Post subject: Reply with quote
    

security is going to be a big factor in whatever option comes out on top, getting very fed up with trying to do damage limitation on stuff thats too easy to hack.

henchard



Joined: 23 Aug 2012
Posts: 232
Location: Carmarthenshire
PostPosted: Fri Jun 12, 15 8:26 am    Post subject: Reply with quote
    

vegplot wrote:
Mals doesn't look very secure. The item price is an attribute and the post method is to an external site and there's no anti-forgery token set. If you know the user id (which you can get simply by examining the HTML) you can place order for items using any price you like from any source.


And the point of that would be exactly what? As any small business is going to check each order it is never going to be a problem. In probably 15 years of using Mals I've never had an issue.

If anyone is seriously concerned you can use an encrypted key

https://www.mals-e.com/tpv.php?tp=27

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Fri Jun 12, 15 10:02 am    Post subject: Reply with quote
    

henchard wrote:
vegplot wrote:
Mals doesn't look very secure. The item price is an attribute and the post method is to an external site and there's no anti-forgery token set. If you know the user id (which you can get simply by examining the HTML) you can place order for items using any price you like from any source.


And the point of that would be exactly what? As any small business is going to check each order it is never going to be a problem. In probably 15 years of using Mals I've never had an issue.

If anyone is seriously concerned you can use an encrypted key

https://www.mals-e.com/tpv.php?tp=27


It fails to implement even basic HTTP encryption and allows a 3rd party to post variable information. It's lax about security that's good enough for me to avoid and I certainly wouldn't recommend it.

henchard



Joined: 23 Aug 2012
Posts: 232
Location: Carmarthenshire
PostPosted: Fri Jun 12, 15 11:08 am    Post subject: Reply with quote
    

vegplot wrote:
henchard wrote:
vegplot wrote:
Mals doesn't look very secure. The item price is an attribute and the post method is to an external site and there's no anti-forgery token set. If you know the user id (which you can get simply by examining the HTML) you can place order for items using any price you like from any source.


And the point of that would be exactly what? As any small business is going to check each order it is never going to be a problem. In probably 15 years of using Mals I've never had an issue.

If anyone is seriously concerned you can use an encrypted key

https://www.mals-e.com/tpv.php?tp=27


It fails to implement even basic HTTP encryption and allows a 3rd party to post variable information. It's lax about security that's good enough for me to avoid and I certainly wouldn't recommend it.


I pointed out that you can encrypt it if you feel you need to. However, the OP as I understand it was looking for a solution that is fairly easy to get up and running. Mals cart does just that.

As I said changing the price or description is not an issue for a small business where the proprietor will check each order. There is no point anyone doing that; so no need to over complicate (but you can if you wish)

After many years of using Mals I can highly recomend it for small businesses who want to get a simple online shop up and running with very little coding knowledge. The fact that it has been around so long (since around 1998) in a world of 'here today and gone tomorrow' internet products is testament to what a good simple product it is.

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Fri Jun 12, 15 11:30 am    Post subject: Reply with quote
    

It's a security risk. You're not doing them any favours.

Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters All times are GMT
Page 1 of 1
View Latest Posts View Latest Posts

 

Archive
Powered by php-BB © 2001, 2005 php-BB Group
Style by marsjupiter.com, released under GNU (GNU/GPL) license.
Copyright © 2004 marsjupiter.com