| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Help For Newbies from a newbie | |||
|
|
Thread Tools | Search this Thread |
#1
|
|||||||||
|
|||||||||
Help For Newbies from a newbie
Hi All
Here is my gift to you all - a step by step installation for V4.0.5 that I have written. It is how I did my installation and notes some of the issues I had while installing. I hope it helps the newcomers. You still need to read all of the x-cart manuals, and you need to develop a lot of knowledge of how internet/software interacts. I am still learning too. This document is draft, and any additions and suggestions accepted. Maybe we can create good documentation for X-Cart so that their product improves in that respect and higlights any issues for newbies. I am still working on the upgrade side with the tricks I have learnt. ************************************************** ************ ************************************************** ************ ************************************************** ************ X-Cart Installation Manual By Stephen Hatton Tools required: Essential: Access to your site using an FTP program. I use CuteFTP. Essential: Backup programs for your site (ask your host provider for backup options in Linux - I have cPanel - it takes only minutes to backup and restore at the site - 10 hours via FTP program file by file) Recommended: Backup files for your PC's. I burn important files to CD and make ghost images. Recommended: Editor for editing .tpl (template), css (common style sheets) and .php files. It must work like a unix editor where it only puts LF characters at the end of lines (Msdos programs put CRLF at the end of each line and the MAC puts CR at the end of lines). The scripts may not work properly if lines are not terminated incorrectly. I use ULTRAEDIT Recommended: A HTML editor to edit pages WYSIWYG outside the shopping cart. Essential: A lot of patience (and coffee). As with all computer programs, things don't always go as they should because there are too many environmental variables between every shopping X-Cart (no two are alike because they are totally configurable), host provider and browser. Ask questions when you are stuck - either X-Cart Help or X-Cart Forum. Essential: Firewall protection Essential: Uptodate Virus checker. Recommended: File comparing programs to identify changed files. I use Duplic8. Recommended: Byte file comparing program. I use DLSupCBT to do byte by byte compares of file (handy to find annoying CRLF characters that stop things working and other discrepancies). Essential: Good file managing programs to manipulate files on the local PC. I use ZTREE , others use Commander. The programs recommended are the ones I use on the IBM windows platform. There are probably many alternatives - do your research. I have listed them just in case you can't find one that suits your system. If you have another programs that you would recommend (for Linux and MAC and more for the IBM) - then post them at the X-Cart Forums. Note: all programs are worth their weight in gold in protecting you and identifying problems in a troubled system. I use Lunarpages as a host. They cost a little ~ US$60 per month (probably a lot more than the cheapest), but the extras provided (bandwidth, storage, cPanel, backup utilities) are worth it. Foreword: Welcome to the new world of shopping where all products are available online 24 hours, customers are country and world wide and your products are delivered to their door. It gives power back to small business and allows you to avoid monopolies like shopping malls and distribution chains. It is the new cheese (I highly recommend that you hunt an interesting book down in the library and read it. It is called "Who Moved My Cheese" by author Dr Spencer Johnson.) It takes a lot of knowledge and manhours to set-up and maintain any shopping cart. X-Cart is extremely powerful and configurable and will fulfill all your dreams if you persist. Just remember - buying the software is only the keys to the new car. You need to pay for the petrol and maintenance. All of these other costs are low compared to setting up a store on a main street or in a shopping mall. As time progresses software will become more stable and will be more integrated and give less headaches, but keep the momentum up and ask questions if you get stumped. Installing X-Cart 1. BACKUP YOUR SITE FILES and X-Cart MySQL Database through the administration panel and also via cPanel (or having Linux command line access and tar/gzip the directories). 2. Download the backups to your local PC. 3. Have you setup your MySQL database on the host server (in cPanel)? If not, you need to create a database, a user account and password and allow the user to access the database (ie give permission for that user to access the database). Record this information so that it can be entered into X-Cart when the installation script asks for it. 4. If you have an existing shopping cart - make a temporary directory (eg. "/temp") on the server. 5. Copy the x-cart gzip file to the temporary directory. 6. Extract the files in the directory with the full directory structure. 7. Read the install file in the "/temp/xcart" directory with a text viewer - note there is no file extension with this file. 8. Copy any of the other shopping cart add-ons (gzipped) to the "/temp/xcart" 9. Extract these files with the full directory structure. They will install additional files all across the xcart directory structure and leave the install_xxxxxx.php files in the /temp/xcart directory. 10. Rename the /temp/xcart directory name to the final name eg. "/temp/myshop" 11. Backup your old shopping cart directories - VERY IMPORTANT IF THINGS GO WRONG!!!!@!! (using cPanel or having Linux command line access and tar/gzip the directories). 12. Delete/Remove the old shopping cart directories. 13. Move the new directory "/myshop" with the extracted files from the temporary directory "/temp/" to the new location on your site. Eg. Move "www.yoursite.com/public_html/temp/myshop" directory down to "www.yoursite.com/public_html/myshop" with all the subdirectories in place. 14. Change the file and directory permissions as per install instructions: > cd xcart (or your directory name "myshop") > chmod 777 . (change all the file permissions in the root directory to 777 - ie. /myshop/. - NOTE: I had problems with this - I had to use 755 because my host Apache linux would not allow .php files to run under 777 permissions - that includes the directories). > chmod 666 config.php > chmod 755 admin/spam.sh > chmod 755 payment/*.pl (change all the file permissions that have .pl extensions) 15. Open a browser window and execute the installation php script files from the navigation bar. Eg: http://www.yoursite.com/myshop/install.php 16. Follow the installation procedure entering the authorisation code and database information. 17. Configure your shop into a 2 or 3 column format depending on your style. 18. Add the demo database if you are learning how to use the shopping cart. Otherwise leave the cart blank with no products. Note: The install will drop the existing database if you say yes to installing the demo database and the demo items will be added. 19. Add any modules to the shopping cart by placing the tar/gzip file into the xcart working directory Eg: http://www.yoursite.com/myshop/install-xxxx.php 20. Backup your site files again (using cPanel or having Linux command line access and tar/gzip the directories) Changing Salt Variable to secure information in X-Cart MySQL database 21. If this is a first time installation change your SALT variables to encrypt your data to be safe from hacking (ie. to have a non-standard x-cart released encryption key). Record your salt numbers for future reinstalls. Note: changing your salt number after the database is created will lose all customer data and will require major work re-covering the data. Here's the easiest and most fool-proof way of changing your salt codes (from the xcart forum): 22. Enter the admin area http://www.yoursite.com/myshop/admin/main.php and login using 'master' 'master' defaults (or current password) 23. MAKE SURE YOU REMAIN LOGGED IN! 24. Using an FTP client, download your existing /myshop/config.php file 25. Modify your salt codes: in /myshop/config.php search for the following lists and change the values. $CRYPT_SALT = 85; # 85 can be any number ranging 1-255 $START_CHAR_CODE = 100; # "D" letter Save the file in linux format (LF only - not MSDOS with CRLF) 26. Using an FTP client, delete your existing config file, then upload your modified one 27. While still logged in as admin, modify your profile 28. Change your password. 29. Log out. 30. Log in with the new password - If you follow these steps, your new password should be assigned to the admin account under the new encryption settings. No database modifications, no password recovery, no head-aches. 31. If you cannot login again - read the forum posts for help or delete the xcart install and re-install (from the backup or from the tar/gzip files) and try again. Securing up your site with file permissions 32. Access your site with the FTP program and change the permission of files to the following settings: Here are the recommended permissions for files in X-Cart for the various operating modes LIVE SITE ************************************************** **** .php 644 .tpl 644 .pl 755 .sh 755 /myshop/VERSION 600 (one file only - it has the X-Cart version information in it) .css 644 .gif 644 .js 644 .ini 644 .conf 644 .sql 644 (default was 644 do we need 666?) .html 755 payment/bin/. 755 payment/lib/. 755 all other files 666 FOLDERS ************************************************** **** templates_c - 777 Always set to 777 for this directory. It is a work area used by the smarty engine to generate new templates when the .tpl have been modified (the internet html power behind the php scripts). catalog - 777 while updating catalog (ie. writing catalog from administration), then set to 755 once catalog has been written. files - 777 To allow/be able to write or upload new files and pictures to the folder (etc) log - 777 The log directory records all shopping cart errors and customer shopping cart movements. admin/newsletter - 777 The news needs to be available for writing to. skin1 - 777 The shopping cart skin pictures and other menu items. Other directories 755 All other directories and subdirectories can be set to set to this higher security level. 33. You can also use .htaccess files (hidden access control files in each directory of a Linux system) to protect certain directories for extra security on a live site. X-Cart already have .htaccess files embedded in the tar/gzip files. The recommended script for the root "http://www.yoursite.com/public_html/.htaccess" file is: 34. If you have X-Cart Gold, then login as the provider http://www.yoursite.com/myshop/provider/ or http://www.yoursite.com/myshop/admin/ for later versions. 35. Change your administration access names and passwords from default. 36. Change payment system files if there are any custom requirements. (eg. My site requires ".com.au" in cc_verisign.php to function) Security Issues for Newbies: 1. Do not record important information in files (eg. Site and database passwords) on an Internet connected PC. It is too easy for backdoor trojans programs and viruses to collect and forward personal information. Even printed on paper in a locked cabinet is more secure!!! 2. Have an up-todate virus checker installed on your PC's. 3. Install a firewall on your PC connected to the internet to minimise the chance of hacking your PC for information. 4. Also make sure that your php scripts have 0644 permissions and directories have 0755 except for some special directories like: admin/newsletter and templates_c. 5. Make sure that SQL connections are allowed only from the local machine. 6. Protect the installation script install.php with new Auth code or delete it completely or rename it and move them away from the public_html directories. Change the file permissions to 600. 7. Protect the installation script for the addon module install scripts too by delete it completely or rename it and move them away from the public_html directories. Change the file permissions to 600. 8. Remove any tar files that are no longer needed. 9. For extra security you may want to disable trans_sid PHP feature. 10. Try to access your admin interface only via HTTPS protocol (start your URL with https://). 11. If you have a SSL certificate, you can make the whole website secure by enabling it in the shopping cart. If you have SSL sertificate you can setup x-cart to run at HTTPS. Open Administration -> General settings -> General options Here you can find the following options: 1. Use HTTPS for users login and registration 2. Use secure login form on a separate page 12. You can also setup secure payment submission at Administration -> Payment methods This will redirect customers to secure site on checkout page. 13. Do not keep any unnecessary files in your web directory (for example X-cart distribution archive) delete it completely or move them away from the public_html directories. Change the file permissions to 400. 14. Forbid directory listing in your web server, so no one can browse through your script directories. 15. Print customer personal information from your emails when received and store in a secure filing cabinet. Then remove personal details from each email or delete the emails entirely ( then empty the rubbish / trash, and compact your email folders to make finally sure the information is gone). 16. BACKUP, BACKUP, BACKUP regularly - IT IS NOT A WASTE OF TIME. Do it to all your PC's and the Site files and the site databases (eg. On the site use say cPanel, for your PC's Norton's Ghost is excellent, download the site backups and burn to a cd -and keep physically secure). Every now and again make sure your backup restore procedure works!!! Otherwise you will learn the hard way and you will have to start from scratch and THAT IS A WASTE OF TIME. 17. 18. 19. Upgrading Your Site 1. Upload your upgrade files to : 2. Change your file and directory permissions as per following settings: Here are the recommended permissions for files in X-Cart for the upgrade procedure DEVELOPMENT SITE / UPGRADING ************************************************** **** .php - 666 (change all the file permissions in the root directory to 666 - ie. /myshop/. - NOTE: I had problems with this - I had to use 755 because my host Apache linux would not allow .php files to run under 666 permissions - that includes the directories). .tpl - 666 .pl - 777 .sh - 777 /myshop/VERSION - 666 FOLDERS ************************************************** **** templates_c - 777 Always set to 777 for this directory. It is a work area used by the smarty engine to generate new templates when the .tpl have been modified (the internet html power behind the php scripts). catalog - 777 while updating catalog (ie. writing catalog from administration), then set to 755 once catalog has been written. files - 777 To allow/be able to write or upload new files and pictures to the folder (etc) log - 777 The log directory records all shopping cart errors and customer shopping cart movements. admin/newsletter - 777 The news needs to be available for writing to. skin1 - 777 The shopping cart skin pictures and other menu items. Other directories 755 All other directories and subdirectories can be set to set to this higher security level. 3. Copy the upgrade patch gzip file to the root directory of your shopping cart "/myshop/" and extract the files with the full directory structure using cPanel or by the linux command prompt. If these methods are not available - then extract files on your PC and use your FTP program to copy the files and the structure up to the site. The files and directories should have extracted into the /myshop/upgrade/ directory. 4. Read the UPGRADE.readme file in the /myshop/ root directory. 5. Log into the administration area of your site and go to select "Administration :: Patch/Upgrade" menu. The version of currently installed X-Cart is shown in the "Upgrade" tab. If you uncompress the upgrade archive into /myshop/upgrade/ folder successfully you will see the target version number ( the version number to upgrade X-Cart upto) and "Apply" button. (note: I had difficulty because I moved the patch.pl script away from the /myshop/ directory for security - just move it back for the install procedure). 6. Click "Apply" button to start upgrading X-Cart. 7. Take note of the files that cannot be patched because they have been manually changed in your customising of your store. It is upto you whether or not you allow the upgrade script to try to patch the modified files. 8. Manually patch the files that couldn't be automatically patched. (read all the readme files and any help that you can find in x-cart and on the web to learn how to manually patch the files). 9. 10. 11. "www.yoursite.com/public_html/myshop" 12. For security reasons it is highly recommended to restore the original permissions on patched files. After you have restored the original permissions or restored X-Cart and X-Cart database from backup, remove all the files with ".php" and ".rej" extensions from the /templates_c/upgrade/ folder. These temporary files are used by the X-Cart patch/upgrade subsystem during the upgrade procedure. 13. 14. 15. 16. 17. 18. 19. 20. Access your site with the FTP program and change the permission of files to the following settings: DEVELOPMENT SITE / UPGRADING ************************************************** **** .php - 666 .tpl - 666 .pl - 777 .sh - 777 /myshop/VERSION - 666 FOLDERS ************************************************** **** templates_c - 777 Always set to 777 for this directory. It is a work area used by the smarty engine to generate new templates when the .tpl have been modified (the internet html power behind the php scripts). catalog - 777 while updating catalog (ie. writing catalog from administration), then set to 755 once catalog has been written. files - 777 To allow/be able to write or upload new files and pictures to the folder (etc) log - 777 The log directory records all shopping cart errors and customer shopping cart movements. admin/newsletter - 777 The news needs to be available for writing to. skin1 - 777 The shopping cart skin pictures and other menu items. Other directories 755 All other directories and subdirectories can be set to set to this higher security level. ************************************************** ************ ************************************************** ************ ************************************************** ************ Enjoy Regards Ing. Stephen Hatton If somebody wants to ask questions they can contact me at: stephen_hatton1959@yahoo.com.au If you want a word formatted version - contact me and I will send you a copy. PS. Help others by posting solutions when you get them.. It saves a lot of frustration.
__________________
Apache Linux V1.3.33 PERL version: 5.8.0 PHP version: 4.3.11 MySQL version: 4.0.22-standard X-cart V4.0.17: Addons: X-PConfig, X-Giftreg, X-Fancycat, X-AOM |
|||||||||
#2
|
|||||||
|
|||||||
Thanks, it has a lot of good info :P
__________________
X-Cart 4.19 |
|||||||
#3
|
|||||||||
|
|||||||||
moved to faq
__________________
Looking for a reliable X-cart host ? You wont go wrong with either of these. EWD Hosting Hands On Hosting |
|||||||||
|
|||
X-Cart forums © 2001-2020
|