E-Commerce: Designing And Creating An Online Store

Similar documents
Software Requirement Specification For Flea Market System

QUANTIFY INSTALLATION GUIDE

BackupAgent Management Console User Manual

Shop by Manufacturer Custom Module for Magento

EOP ASSIST: A Software Application for K 12 Schools and School Districts Installation Manual

Create e-commerce website Opencart. Prepared by : Reth Chantharoth Facebook : rtharoth@yahoo.

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

MAGENTO Migration Tools

About the Authors About the Technical Reviewer

Site Store Pro. INSTALLATION GUIDE WPCartPro Wordpress Plugin Version

Online Backup Management Console 3.8 User Manual

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

ECOMMERCE SITE LIKE- GRAINGER.COM

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Criteria for web application security check. Version

Secret Server Installation Windows Server 2012

Using SQL Server Management Studio

nopcommerce User Guide

Webmail Using the Hush Encryption Engine

Application note: Connecting the to a Database

Avatier Identity Management Suite

Content Management System

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

TABLE OF CONTENTS. ipay / Magento Implementation Guide 2 Copyright 2012 Planet Payment, Inc. All Rights Reserved.

Secret Server Installation Windows Server 2008 R2

COURSE CONTENT FOR WINTER TRAINING ON Web Development using PHP & MySql

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Installation Instructions

Installation Guide for contineo

CTIS 256 Web Technologies II. Week # 1 Serkan GENÇ

Visual COBOL ASP.NET Shopping Cart Demonstration

SecuritySpy Setting Up SecuritySpy Over SSL

Table of Contents SQL Server Option

Secure Message Center User Guide

UQC103S1 UFCE Systems Development. uqc103s/ufce PHP-mySQL 1

VP-ASP Shopping Cart QUICK START GUIDE Version th Feb 2010 Rocksalt International Pty Ltd

Gladinet Cloud Backup V3.0 User Guide

Chapter 5 Configuring the Remote Access Web Portal

Migrating helpdesk to a new server

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Web Plus Security Features and Recommendations

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

Online shopping store

Chapter 6 Virtual Private Networking Using SSL Connections

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

owncloud Architecture Overview

Your Question. Net Report Answer

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

FileMaker Server 14. FileMaker Server Help

Setting Up Scan to SMB on TaskALFA series MFP s.

RBackup Server Installation and Setup Instructions and Worksheet. Read and comply with Installation Prerequisites (In this document)

EntroWatch - Software Installation Troubleshooting Guide

WebStore Guide. The Uniform Solution

MassTransit 6.0 Enterprise Web Configuration For Windows

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Apache, SSL and Digital Signatures Using FreeBSD

LAMP [Linux. Apache. MySQL. PHP] Industrial Implementations Module Description

Web Development using PHP (WD_PHP) Duration 1.5 months

FileMaker Server 15. Custom Web Publishing Guide

Enterprise SSL Support

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Workflow Templates Library

Open Source Content Management System for content development: a comparative study

FileMaker Server 13. FileMaker Server Help

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

OpenEyes - Windows Server Setup. OpenEyes - Windows Server Setup

Xerox DocuShare Security Features. Security White Paper

Secure Traffic Inspection

Apache Security with SSL Using Ubuntu

Short notes on webpage programming languages

Implementing Secure Sockets Layer on iseries

Web Conferencing Version 8.3 Troubleshooting Guide

FileMaker 13. ODBC and JDBC Guide

Aradial Installation Guide

Ajera 8 Installation Guide

Security Policy Revision Date: 23 April 2009

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

enicq 5 System Administrator s Guide

FileMaker Server 14. Custom Web Publishing Guide

LICENSE4J LICENSE MANAGER USER GUIDE

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

umobilecam Setup Guide All-in-One Mobile Surveillance for Android, ios, Mac, Windows Webcam, IP camera (version 1.0)

RecoveryVault Express Client User Manual

OxyClassifieds Installation Handbook

SBClient SSL. Ehab AbuShmais

FileMaker Server 13. Custom Web Publishing with PHP

Equipment Room Database and Web-Based Inventory Management

Internet Banking User Guide

ISI ACADEMY Web applications Programming Diploma using PHP& MySQL

Configuring Secure Socket Layer (SSL)

CA Performance Center

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

SSL VPN Portal Options

SyncThru TM Web Admin Service Administrator Manual

Online Backup Linux Client User Manual

Thick Client Application Security

Transcription:

E-Commerce: Designing And Creating An Online Store

Introduction About Steve Green Ministries Solo Performance Artist for 19 Years. Released over 26 Records, Several Kids Movies, and Books. My History With Steve Green Ministries Started maintaining their existing site 5 years ago

Project Goals Goals: Develop a new website to coordinate with the release of Steve s new record, Somewhere Between. Create a fully functional online store. Set up a PHP, MySQL, Apache, and OpenSSL testing environment.

Building The New Site New Site Requirements: Use frames, so that content could be updated on one part of the page without reloading the entire page Use flash to design and animate menus All coding in HTML our current server does not support any dynamic content.

Building The New Site IFRAMES Example IFRAMES are virtual frames which allow you to position page content anywhere on the screen. IFRAME position is relative to the top and left side of the browser window. Problem Because the IFRAME is relative to the window size, it is very difficult to predict its position and design accordingly

Building The New Site Solution Create a frameset which would adjust according to the user s browser window. Relative Size IFRAME Fixed Size Relative Size

Building The New Site Building Flash Navigation Navigation Menu, Product Menu Using Action Script Like Visual Basic in the Microsoft Office environment, Action Script can be used to control almost every aspect of a Flash movie. Products Menu.fla

Building The New Site Old Steve Green Ministries Site: Old Site New Steve Green Ministries Site: New Site www.stevegreenministries.org

Setting Up A Testing Environment LAMP Linux (or Windows) Apache web server MySQL PHP

Setting Up A Testing Environment Apache Web Server Automatic Windows Install with basic configuration Modify the configuration file to load the PHP library and map.php extension to that library Create virtual hosts (Listen on port 80 and 443) Enable SSL using a dynamically loaded SSL library Configure SSL for port 443

Setting Up A Testing Environment PHP Automatic Installation of files with no configuration Modify the PATH to include the PHP library folder Modify php.ini to dynamically load the MCRYPT library (For encryption discussed later)

Setting Up A Testing Environment MySQL database server Automatic Windows Installation with minimal configuration Set up user accounts with desired privileges Problem PHP lacked the ability to connect to the version of MySQL I installed because the newest version created a new password system. Solution Install an older version of MySQL (less secure)

Setting Up A Testing Environment SSL Secure Sockets Layer SSL ensures the security of online transactions between the browser and the server When a browser requests a secured page, the server will send its public key and a certificate of validity. If the certificate is valid, the browser will then use the server s public key to generate a symmetric key. The browser uses the symmetric key to encrypt the information it sends to the server and decrypt the information it receives from the server.

Setting Up A Testing Environment SSL Installation OpenSSL A free, open source alternative Downloaded the source and compiled for Windows in Visual Studio Added the compiled source to the PATH and created an server certificate and a server key. Certificate Authorities such as Verisign charge around $2000.00 for a two year certificate and key. Apache Web Server Modified the configuration file to use the new certificate and key

Building The Store Create MySQL Tables Separate different types of information into different tables for security Enforce data integrity with the use of primary and foreign keys Research appropriate data types for each column

Building The Store Creating A Products Page Much easier than coding in HTML Created a recordset from an SQL query and populated a table with all the information Stored the file name of the picture in the database for ease of updating Stored the path of the detail page for drill down Categories displayed by a $_GET variable Products Page Code

Building The Store The Shopping Cart 4 Basic Functions of a Shopping Cart: Add an item Update item quantities Delete an item Display cart contents & calculate totals 2 Ways to Store User s Shopping Cart Use PHP Session Variables *Tie to a database

Building The Store The Shopping Cart The Database approach to a shopping cart allows for the cart to remain across visits. How to recognize an individual browser: PHP will assign a unique session id to each browser for every visit. To make this session id remain, I stored it into a cookie I simply associated the contents of each cart with the browser s session id. View Shopping Cart Code

Building The Store Adding Users When a customer is ready to checkout, they must either login to an existing account or create an account. To Protect Privacy: Browser caching is turned off. It is possible to gain personal information by reading a browser s cache. All communication between the browser and server is encrypted using SSL. All user data is encrypted before stored in the database. Passwords are irreversibly encrypted using MD5

Building The Store Adding Users Every user in put was validated using PHP Add User Code 1 2 3 Add User Check Code 1 2 3 User Authentication Once a user has either signed in or created an account, the user id associated with that account is stored in the browser s cookie. The user id stored in the cookie is encoded and a second variable is created to verify the cookie s integrity. setcookie("client_id", base64_encode($single_row), time() + (3600 * 24)) setcookie("chk", base64_encode($single_row.getcid()), time() + (3600 * 24))

Building The Store Checkout Process Sign in or create an account Verify cart contents Input Credit Card Display a printable invoice for client records

Building The Store MCRYPT Triple DES A revision of DES (Data Encryption Standard) It achieves 168bit encryption by incorporating 3 keys into the encryption process This is a 2 way encryption which utilizes a secret key to encode and decode data

Building The Store MCRYPT Problem: MCRYPT returns a random encrypted string. These strings often contain characters which would invalidate an SQL statement. Also, the data types I used in the database would remove trailing spaces on strings and ultimately truncate my encrypted string. Answer: PHP has a function called addslashes() which places slashes in front of each problematic character in a string. This makes keeps the encrypted values from causing errors in the SQL statement. Also, I changed the data type of the encrypted columns to blob which can store an unlimited amount of binary data.

Building The Store The Backend Requirements: View Unfilled Orders View Filled Orders Generate A Printable List Of All Unfilled Orders Delete Orders Clean The Shopping Cart Table View Site Statistics

Building The Store The Backend Design The backend must be secure It has the decryption key Separate Key for User Info and Credit Card Info Store the admin pages on the user s computer not on the remote server

Building The Store Visit The Store View Store Code

Overview Goals Met: Created a static site with flash navigation and frame linking Set up a testing environment with PHP, MySQL, Apache, and SSL Create an online store, complete with product listing, shopping cart, user accounts, and a backend Ensure information privacy with the use of SSL and data encryption

Sources Apache Reference: http://www.apache.org http://www.modssl.org PHP Reference: http://www.php.net MySQL Reference: http://www.mysql.com Shopping Cart Design: http://www.macromedia.com http://www.zend.com/zend/spotlight/php-shopping-cart1.php http://www.phpwebcommerce.com/ http://www.phpbuilder.com/columns/evert20000816.php3?page=1 OpenSSL: http://tud.at/programm/apache-ssl-win32-howto.php3 http://www.thompsonbd.com/chris/tutorials/apachessl.html http://www.tldp.org/howto/ssl-certificates-howto/ Mcrypt: http://www.phpmag.net/itr/online_artikel/psecom,id,667,nodeid,114.html http://www.edparrish.com/cis165/03f/lesson12.php http://www.linuxjournal.com/node/7237/print Triple DES: http://kingkong.me.berkeley.edu/~kenneth/courses/sims250/des.html

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information