Post Installation of PHP-eSeller PHP Shopping Cart Solution

This section describes what to do after you have installed the application on your web server. At this point the application should be working so that you can log on to the admin section and click through the displays.

The following is not meant to replace the full explanation of each administration display, but provides a quick test to check operation.

Log on to the administration displays of eSeller and click on Global Setup in the main menu which will take you to the global set up page.

The only required entries are :

• the installation url where eSeller has been installed - for example http://www.yourservername.com/eseller/
• the default location where your digital files will be placed which for a Linux server this will be something like /server1/root/files/ or in the case of a Windows server this will look something like c:\inetpub\files\. The application checks that this folder exists before it is saved. Note that entering a url will not work.

The digital files are normally protected with an htaccess file to stop anyone directly accessing the files with the url.

Now click on the PayPal Setup in the main menu, which will take you to the PayPal specific set up page.

The only required entries are :

• your PayPal email address - this should be the primary email address you have registered with PayPal

Other entries can be left for now and filled in later.

Note that you do not have to make any changes to you PayPal account to identify the PayPal IPN or anything like that.

To be able to test if the system is working, you need to create a new product :

* Click on Product list in the main menu which will allow you to create a new product item.

* Click on the Create button and fill in the required fields.

At this stage enter any test data into the fields.

* Click on Save when finished.

In the Product list, you will see the newly created item. Now click on the File Download link. This is where you enter your file details. You need to enter a valid file name.

* Click on PayPal Testing in the main menu. This will display a list of products that you have created. To test a particular product, click on Select Local Test.

This will display a page with a number of entries. You only need to enter the payer email address as all other fields have been filled in by the system.

* Enter a valid email address.

* Press Perform Test and you should see a page which displays the details of the sent emails. If you go to your email accounts you should see these emails.

* Login to the download area with the given username and password and download the test file.

If this has been successful, it indicates that the application, emails and database are all working correctly. It does not check the operation with PayPal as this is a local test which bypasses PayPal. To fully test the system with PayPal perform the following test.

The best method to do a test with PayPal is with a second PayPal account or purchase using a credit card which is not already being used on a PayPal account. You cannot make a purchase from your own account.

* Create a product with a small value of say $0.01

* Click on the File Download link for the product and enter a filename.

* Go to http://www.yourservername.com/eseller/ and display the shopping.

You should see a button for the product you have created.

* Click on the button and it should take you to PayPal where you can purchase the item using your second PayPal account.

* You should receive an email from PayPal detailing the payment and an email from eSeller with your login details.

* Login to the site using the given username and password and download the test file.

* Correct completion of this test indicates the system is working correctly with your PayPal account.

Now that you know the application is installed and working correctly with PayPal, you can decide on how you will display your product items.

There should be no problems with the security of the application but you may want to follow a few of the following points if you want to further improve the security :

(1) Change the name of admin folder to something like admin123 so that a casual web surfer user will not know its name.

(2) If you feel that (1) above is not sufficient then, put an .htaccess / .htpasswd to protect the admin area as described below.

(3) Make sure that the database user has the minimum permissions of select, update, insert and delete.

(4) Remove folders that are not needed by the application. Which folders you remove depends on which shopping cart system you are going to use. You can remove the store, cart and shop folders if you are not using those methods to display your products.

(1) Create an .htaccess file

Go to http://www.htaccesstools.com/htaccess-authentication/

In the first box enter some optional text which gets displayed in the login box

In the second box you need to enter the file path name to a second file htpasswd file. The htpasswd file is where the list of users / passwords are to be located.

Click on the button, copy the text and place it into a text file. Name this file .htaccess and upload it to the folder that you want to protect. In this case this would be the /admin/ folder.

(2) Create the .htpasswd username / password file

Go to http://www.htaccesstools.com/htpasswd-generator/

In the first box enter the username.

In the second box enter the password.

Click the button, copy the text and place it into a text file. Name this file .htpasswd and upload it to a suitable location on your server. This can be anywhere on your server, but usually in a defined folder. The location is the same location as was entered in (1) above.

The folder as defined in (1) should now be protected by the username / password as defined in (2)