iDomainCart README README v.1.2 iDomainCart™ - 'The ultimate domain shopping cart'   1. Introduction         1.1 Overview         1.2 Before you begin   2. Files   3. Configuration          3.1 Edit 'config.idc'         3.2 Edit 'tldinfo.idc'   4. Customisation         4.1 Creating Templates         4.2 Placeholders         4.3 Rules         4.4 Font Styles         4.5 Creating a Global Search Box 5. Order Processing         5.1 Via Payment Solution Providers         5.2 Via Your Own Secure Server         5.3 Via External Secure Server         5.4 Order Confirmation Page   6. Installation         6.1 Set Perl Path         6.2 Set File Permissions         6.3 Does it work?   7. Advanced Customisation         7.1 Rules   8. Security   9. Compatibility         9.1 Servers         9.2 HTML and WYSIWYG Editors         9.3 Browsers         9.4 Payment Solution Providers 10. Terms and Conditions 11. Troubleshooting 12. Support 1. INTRODUCTION Congratulations on purchasing iDomainCart, the premier solution for domain registration providers. We've designed iDomainCart with both you and your customer in mind. You'll find it easy to install and configure, whilst your customers will benefit from a smoother domain shopping experience. Just follow the simple instructions below. If you have any difficulties, make sure you check out our on-line FAQ > http://www.idomaincart.com/support/ 1.1 Overview The user logs onto a search page powered by iDomainCart. Domain Availability Search: User enters a domain name and selects the TLDs to be searched. The TLD list is configurable. Domain Availability Results: User views results of search (including WHOIS info, generated by 'rawwhois.cgi', if domain is taken) and can choose to add the name to their shopping cart. Each time a domain is added to the shopping cart, it's added to a cookie. Domain Shopping Cart: The shopping cart reads the cookie and shows a list of domains selected, including their prices. It also shows total price of domains, including the taxed price (if applicable). Both the prices of domains and the tax percentage are configurable. These elements are dynamically generated by 'idomain.cgi', within the same formatted template. Order Processing: When user presses 'Proceed to secure order form' button, the contents of their shopping cart is passed onto 'order.cgi', which in turn prints out a previously formatted order form template. This order form page prints the domains selected for purchase, pricing information as well previously specified form fields. These fields gather user information, which are then passed onto you, along with hidden data (such as the list of domains to be registered and pricing information), once the order is submitted. Order Confirmation: After order submission, the customer is re-directed to 'confirm.cgi' which deletes the 'list of domains' cookie and prints out a previously formatted confirmation page. 1.2 Before You Begin Make sure you have a text editor that doesn't distort UNIX line feeds (ie. do not use Windows Notepad) Decide where you're going to be uploading iDomainCart's files to and note the URL and path for this chosen folder Make sure CGI files are executable in your chosen iDomainCart folder Determine whether if your secure pages fall into one of the following categories: i) your secure pages are on a server provided by a automatic credit card processing provider ii) on your own secure server iii) on a different secure server (whereby the URL to your secure pages is not the same as the URL to your non-secure pages). Thinking about which category your secure pages fall into at this stage will make the rest of this README file more coherent. 2. FILES [Top] iDomainCart contains the following files:   File Name Description Instructions README.htm -> this README file, readable in any HTML browser       Script idomain.cgi -> the iDomainCart script itself   rawwhois.cgi -> a simple script to print raw output from a WHOIS server   order.cgi -> a script to print your customised checkout page   confirm.cgi -> a script which empties the shopping cart after an order has been processed       Configuration config.idc -> the main configuration file   tldinfo.idc -> the second configuration file, listing the top level domains you want to use   strings.idc -> the third configuration file, listing global WHOIS servers and the strings they return if a domain is available   errorlog.idc -> an error log for iDomainCart. Check this regularly to see if anything is configured wrongly     Example Templates search1.htm -> a very simple example template for iDomainCart   search2.htm -> a nicer-looking example template for iDomainCart   order.htm -> a sample template for an order form   thankyou.htm -> a simple thank you page 3. CONFIGURATION [Top] 3.1 Edit 'config.idc' We recommend that you don't use Windows Notepad to edit the configuration or CGI scripts as it does not understand the UNIX line feeds properly and can cause the script not to function. a) Open up a text editor and look at config.idc. First you need to change 'rootURL' to the URL of where you'll be placing iDomainCart. Don't forget to include the slash (/) at the end, or the script won't find its way around! Type: rootURL = http://<your domain>/<iDomainCart folder>/ b) If you rename your script, you must also change the value of 'scriptname'. c) You can also rename the other configuration file from 'tldinfo.idc' to something else if you want. (You can't rename "config.idc" without editing the script itself!) d) Set the path or name of 'errorlog', a file which records any errors in the script. You can use it to check for mistakes in the way the script is set up. You do not have to specify 'errorlog' and the script will work fine without it. However, if you do set it up, for security reasons, we recommend that you store the file in a non-web folder. Ask your server admin about giving you acccess to a non-web folder on the server if you don't already have one. e) Use 'template' to specify the name of your template file (please see 4.1 Creating Templates) f) 'orderURL' specifies what happens when the "proceed to secure order form" button is pressed. If your order form lies on a separate secure server, then you should include the URL to your order form on that server. The domains to buy will be passed to this URL using the GET method, as values of the variable 'shopping_cart' (Please see Order Processing: 5.3 Via External Secure Server). If you're using an order form hosted on your own secure server (where you have access to install CGI scripts), then set the path to 'order.cgi' on that server e.g. https://<your domain>/<iDomainCart folder>/order.cgi and define 'ordertemplate' below. Remember, if you rename 'order.cgi' you should change this value. g) If you use order.cgi, you will need to specify an HTML template for it by defining 'ordertemplate'. You can use our our example form, order.htm, and add your own design to it, or you can create your own from scratch (please see Order Processing: 5.2 Via Your Own Secure Server) h) After order submission, you must redirect users to the confirm.cgi script. This will then print out the file you specify as the 'confirmationfile' - do enter the URL to the file, just the path on the server. The default 'confirmationfile' is thankyou.htm, which is a simple thank you page. (please see Order Processing: 5.3 Confirmation Page) i) You might also want to change the value of 'currency' to $, DM or whatever. j) 'tax' is the percentage rate of tax (such as VAT or state tax etc.) that may apply to domains purchased via your site. If you don't charge tax, simply exclude the tax 'placeholder' in your templates (please see 4.2 Placeholders) h) You can customise exactly how you want the output of the script to appear. Specify sizes in points (12pt) or pixels (24px). Specify fonts as a comma-separated list of alternatives. Specify font weight as "normal" or "bold". Specify color as the HTML hexadecimal string (RRGGBB), e.g. black is 000000,white is FFFFFF, green is 00FF00. Don't include the "#" sign before the string, because this would be interpreted as a comment and ignored. 3.2 Edit 'tldinfo.idc' You need to specify two things: choose what top level domains you want the script to search for, and choose the price you want to charge for each domain. To do this, you will need to edit the tldinfo.idc file. a) The default setup searches among four top level domains - .com, .net, .org, .co.uk. If you want to use other top level domain(s), just remove the hash (#) from the start of the relevant line(s). Similarly, if you do not wish to use a particular top level domain, place a hash (#) at the start of the relevant line. b) To change prices, just edit the third column of the file. For example, to charge $39.99 for a .net domain, just change .net | whois.crsnic.net | 20.00 to net | whois.crsnic.net | 39.99 You can specify the right currency symbol in the config.idc file 4. CUSTOMISATION [Top] iDomainCart uses powerful, yet simple, templates for ultimate customisation. You have complete control over the appearance of your pages. 4.1 Creating the Search Page Template Two example templates have been included: search1.htm and search2.htm. Take a look at them to see how templates work. You may find it more convenient to use one of these existing files and simply adding your own header, footer, images etc. where necessary. Alternatively, you can create more sophisticated templates of your own from scratch. To create a template, you can use an HTML editor to write up raw code, or use your favourite WYSIWYG editor like Dreamweaver, Frontpage, or Homesite. Don't put in any input forms or checkboxes - just design the look, feel and layout of the page by adding your own headers, footers, images, tables and so on. When you are satisfied, you will need to add "placeholders" to your page. These will be replaced dynamically with HTML content by the script. 4.2 Placeholders To create a placeholder, just type two asterisks (**) followed by the placeholder name, then two more asterisks (**) in your raw code/page design. Note: placeholders are case sensitive ie. they should all be capitalized. You will need create all or some of following placeholders, depending on what information you want to appear on the page:   Placeholder Name Description Error Warnings **ERRORMSG** -> error messages, if any, will be printed here       Domain Search **INPUTFORM** -> this will be the text field where users can enter domains to search for   **INPUTCHECKBOXES** -> these checkboxes let users search under different top level domains, e.g. .com, .net, .co.uk   **INPUTBUTTON** -> users will click this button to search       Search Results **RESULTS** -> search results will be printed here. One result is printed on each line     If a domain is available, a checkbox will be printed so users can select it to add to the shopping basket   **RESULTSBUTTON** -> this button adds selected domains to the shopping basket users       Shopping Cart **SHOPPINGLIST** -> prints the name and price of all domains in the shopping basket. A second checkbox allows users to deselect domains before going to the checkout.   **SHOPPINGLISTREDO** -> this button removes unchecked domains from the shopping list and reloads the page   **TOTAL** -> here the total price of all domains in the shopping list will be printed   **TAXEDTOTAL** -> total price of all domains including tax   **CHECKOUT** -> this button takes users to the checkout with all domains in the shopping list. 4.3 Rules Note: placeholders do not have to be in the above order, but the following rules must be observed: All the placeholders starting with INPUT must be kept together. So must the RESULTS placeholders and the SHOPPINGLIST placeholders. No other placeholders should come between them. (Exception: you can put ERRORMSG and TOTAL anywhere.) INPUTFORM must come before INPUTCHECKBOXES and INPUTBUTTON must come after them both RESULTS must come before RESULTSBUTTON SHOPPINGLIST must come before SHOPPINGLISTREDO Placeholders are case sensitive ie. they should all be capitalized. For example, the following HTML would be wrong: <table> <tr><td>**INPUTFORM**</td></tr> <tr><td>**INPUTCHECKBOXES**</td></tr> <tr><td>**SHOPPINGLIST**</td></tr> <== SHOPPINGLIST placeholder within INPUT group <tr><td>**INPUTBUTTON**</td></tr> So would the following HTML: <tr><td>**INPUTCHECKBOXES**</td></tr> <== INPUTCHECKBOXES before INPUTFORM <tr><td>**INPUTFORM**</td></tr> <tr><td>**INPUTBUTTON**</td></tr> If this seems confusing, don't worry: just keep the placeholders in the order they are listed above. The reason is that some placeholders automatically include <form> tags, which can't be nested. (So also, please don't try and put other forms of your own around these placeholders!) When you have designed your template, name it what ever you wish and upload it to your iDomainCart folder, making sure it is readable (on Unix, type chmod 744 <templatename>). Then change the value of 'template' in your "config.idc" file to point to it. 4.4 Font Styles Once you have built an HTML template around the placeholders, you might want to change the look and feel of the results themselves. Maybe your site uses the Palatino font, and you don't want results in Times New Roman. You can do that too! Just edit the values in the STYLE CUSTOMISATION section of "config.idc". You can specify fonts, font sizes and colors for three a separate sections: - the list of top level domains (.com, .co.uk et cetera) - the list of results from a search - the list of domains in the users shopping cart. You can also specify for results to be bold by putting e.g."cartfontweight=bold" for a particular section. 4.5 Creating a Global Search Box You can place the global search anywhere on your site. Place this code where you wish the global search box to appear, on as many pages as you wish. The '.com' and '.net.au' are just examples. Include as many TLDs you wish in the same format. iDomainCart will only search TLDs you specify. The search results will appear on iDomainCart's template page. <form action="http://<your domain>/<iDomainCart folder>/idomain.cgi" method="post"> <input type="text" name="domain_root"> <!-- Add as many TLDs below as you wish. Create a new line for each TLD in the same format--> <input type="hidden" name="tlds_to_check" value=".com"> <input type="hidden" name="tlds_to_check" value=".net.au"> <!-- End of TLDs to be searched --> <input type="submit" value=" Go! " name="submit"> </form> Users can search for either a 'name' or 'name.com' using the same search box. For instance, if a user searches for 'mynewdomain', iDomainCart will list all available TLDs. If they search for 'mynewdomain.com', iDomainCart will show if 'mynewdomain.com' is taken or not. In addition, it automatically lists other available TLDs for 'mynewdomain'. 5. ORDER PROCESSING [Top] Once you have set up iDomainCart, you will need to connect it to your credit card processing system so you can start collecting orders. There are 3 options available, depending on how you process credit cards. 1. If you use an external credit card processor (we refer to them as payment solution providers) such as Authorize.net or WorldPay: you should use order.cgi and create an HTML template form to interact with your external processor. Example template forms for connecting with major credit card processors, such as Authorize.net, are available for download via our website. 2. If you process credit cards manually using an order form hosted on your own secure server, you should use order.cgi and write an HTML order form template. 3. If you process credit cards manually using an order form on a different secure server (the URL to the files on the secure server is different to the URL of your non-secure files, you will not use order.cgi. Instead, you can create an HTML order form which uses a few lines of Javascript. We assume that you process your orders via one of these methods. If you have a method which is not covered here, please drop us a line and we'll see if we can help you integrate iDomainCart into your system. 5.1 Via Payment Solutions Provider It's easy to connect to an external credit card processor like VeriSign, Authorize.net or WorldPay using our script. You will need to consult the documentation for your credit card processor to see how to create a suitable HTML form, but we have some sample templates on our website. These can be customised to suit your needs and used with order.cgi. If we don't have a template on our site to suit your requirements, then let us know. We'll contact your payment solutions provider to see how they require you to connect to their system and try to help you as much as possible. To understand how iDomainCart passes information via forms, we advise you to read the section below. 5.2 Via Your Own Secure Server Order.cgi makes life easy for you. Like idomain.cgi, it allows you to create simple HTML templates using your favourite HTML/WYSIWYG editor. First, you will need to make sure that order.cgi is in the same folder as iDomainCart's other .cgi files. Remember that orderURL in config.idc should point to it: orderURL = https://<your domain name>/<iDomainCart folder>/order.cgi Secondly, just open your HTML/WYSIWYG editor and create an order form. You can design your form to suit your requirements. There are six placeholders available for you to use. Note: placeholders are case sensitive ie. they should all be capitalized: Placeholder Name Description Error Warnings **ERRORMSG** -> prints out any error messages       Cart Contents **SHOPPINGCART** -> prints out the list of domains and prices       Form Placeholders **TOTALPRICE** -> prints the total price of all the domains in the cart **TAXEDPRICE** -> prints the total price, including tax, of all the domains in the cart **LISTINPUT** -> prints a comma-separated list of all the domains in the cart **HIDDENINPUTS** -> prints a series of hidden input values for each domain in the cart The first two placeholders are pretty simple, just like the placeholders for the main script: **ERRORMSG** prints out any error messages, while **SHOPPINGCART** prints out a list of items in the shopping cart and their prices. The four "Form Placeholders" are a little bit different. They are designed to help you build an order form. **TOTALPRICE** simply prints the total price of the domains in the shopping cart. You can use this to display the total price on the order form, like this: Total cost of items: **TOTALPRICE** You can also use it to send the total price to yourself as a value within a form: <form><input type="hidden" name="total_price" value="**TOTALPRICE**">...</form> Note: Remember to always check the total price of orders you receive, before you process them, as a malicious user may be able to alter the price that is sent you by altering the HTML form in his browser. If your domain prices have to include tax, then instead of **TOTALPRICE** you can use **TAXEDPRICE**, which prints out the price of the domains including the taxed amount - calculated by the percentage of tax specified in your 'config.idc' file. Similarly, you can also send the total taxed price to yourself: <form><input type="hidden" name="total_price" value="**TAXEDPRICE**">...</form> **LISTINPUT** prints a comma-separated list of all the domains in the shopping cart. For instance, if a user had hotmail.com, yahoo.com and amazon.com in her cart, **LISTINPUT** would print: hotmail.com,yahoo.com,amazon.com Again, this can be used to send information via a form: <input type="hidden" name="list_of_domains_bought" value="**LISTINPUT**"> Alternatively, **HIDDENINPUTS** prints a series of hidden <input> tags. Each of them has "name='shopping_cart'" and "value='<name of one domain>'". In the example above, **HIDDENINPUTS** would produce: <input type='hidden' name='shopping_cart' value='hotmail.com'> <input type='hidden' name='shopping_cart' value='yahoo.com'> <input type='hidden' name='shopping_cart' value='amazon.com'> If you send your information to a custom server script, it will be easier to use **HIDDENINPUTS** and put the response into an array using (in PERL): @domainsbought = param('shopping_cart'); On the other hand, if you want your information to be read by a human, it is probably easier to use **LISTINPUT** and send a comma-separated list. If all of the above sounds complicated or time consuming (it shouldnt' be if you are familiar with forms) then simply use order.htm, which is the example order form provided, and add your own headers, footers and input fields as required. 5.3 Via an External Secure Server If you have space on a different secure server (the URL to your secure files is different to the URL of your non-secure files) then you have two options: a) You can install 'order.cgi' on your normal server. Save your order form template in the same folder as 'order.cgi' . Then, simply post your order form via secure http (https://). For example: <form action='https://<the secure server>/formmail.pl' method='post'> Remember, whilst this option is secure, your customers won't see the 'padlock' icon at the bottom of their browsers on the order form. b) If you want to have your whole order form on the secure server, so that the padlock icon appears, you can use Javascript to prepare your order form. Change orderURL in 'config.idc' to point to your order form on the secure server. Then, cut and paste this snippet of Javascript into the <head> section of your order form. <script language="javascript"> <!-- function getdomains(){ var domainstring = location.search; var array = domainstring.split("?"); domainstring=array[1]; array = domainstring.split("&"); domainstring=""; for (i=0; i <array.length; i++) { var array2 = array[i].split("="); var domain = array2[1]; domainstring += domain + ","; } window.document.orderform.hiddeninput.value = domainstring; } //--> </script> and include in your <body> tag ' onLoad="getdomains;" ' so that it reads: <body ...onLoad="getdomains;"> Finally, make sure your <form> is named orderform: <form name="orderform" ... > and insert the following HTML into the form: <input type="hidden" name="domains" value=""> When the page is loaded, the different domains passed to it will be added to the value of the hidden input "domains" as a comma-separated list. This list will be passed on with the rest of the data when the form is submitted. 5.4 Confirmation Page After the order has been submitted, you should redirect users to the script "confirm.cgi". This will empty their shopping cart so that nothing can be ordered twice. The script will automatically print out the HTML file specified by 'confirmationfile' in the "config.idc" file. There are 3 options to follow: a. If you're using an external credit card processing service: Credit card processing websites often have an option to redirect customers to either i) a particular URL after the order is completed or ii) a 'Thank You'/confirmation page on their server. If they give you i) make sure the user is sent to "confirm.cgi" eg. http://<your domain>/<iDomainCart folder>/confirm.cgi . If it's ii) you need to include a link on the 'Thank You/confirmation' page to "confirm.cgi" e.g. http://<your domain>/<iDomainCart folder>/confirm.cgi and stress to your customers to click on the link. You could, for instance, name the link 'Click here to complete your order'. If your customers don't click on this link and go browsing elsewhere, don't worry. The point of "confirm.cgi" is to save your customers confusion when they return to your site ie. so that the shopping cart cookie is deleted automatically, and they aren't faced with the contents of their shopping carts from previous orders. b. If you process orders manually and have your own secure server: You will be able to redirect users yourself, for instance, by using <input type='hidden' name='redirect' value='https://<your domain>/<iDomainCart folder>/confirm.cgi'> in the form. Make sure that "confirm.cgi" is in the same folder as the rest of your iDomainCart files. This same folder should also include the page you specified as 'confirmationfile' in "config.idc". c. If you process orders manually and your order form is on a different secure server (the URL to the secure files is different from the URL of your non-secure site) then here's what you need to do. First create a 'redirection' file which has the following: <html> <head> <meta http-equiv='refresh' content='1;url=http://<your server>/<iDomainCart folder>/confirm.cgi'> </head> </html> Save this file on the secure server and point your order form redirection to it. For instance, if you saved this file as 'redirection.htm' then your order form redirection would be set to <input type='hidden' name='redirect' value='https://<secure server>/<your folder>/redirection.htm'> At this point, you may be asking, why do I need to create this redirection file? Answer: If you redirect customers directly to 'confirm.cgi' from the order form, they'll get a 'security warning' after the form is submitted. This is because they are being diretly sent to 'confirm.cgi' which is on a non-secure server, and hence, the browser will throw up a warning. Whilst this is no breach of security, it may trouble customers new to e-commerce. Therefore, the 'redirection.htm' file acts as an indirect link between the secure server and the non-secure server. Using this method, no error messages will be shown as the user is redirected within 1 second to 'confirm.cgi' on the non-secure server. 6. INSTALLATION [Top] 6.1 Set Perl Path Check that your PERL binary is in /usr/bin/perl. If it isn't, you will need to change the first line of all .cgi files point to your binary's correct location - for instance, you may need to change "#!/usr/bin/perl" to "#!/bin/perl". To find out your binary's location you can use the command 'whereis perl' If you have problems locating PERL, contact your server administrator. 6.2 Set File Permissions Place all the files in your chosen folder - make sure CGI files can be run in the folder. Now you need to set permissions on the files. First, make the scripts (files ending in .cgi) executable. On a Unix system, type: chmod 755 replacing <filename> with the name of each different file: chmod 755 <filename> Note: only the perl scripts idomain.cgi, order.cgi, confirm.cgi and rawwhois.cgi actually need to be executable; the other files just need to be readable. Then, make the configuration files (ending in .idc) readable: chmod 744 Also, make the error log file (errorlog.idc) writable. If you can, change it's ownership to that of the server on your machine, so that the server can write to it but noone else. Failing that, make it writable but not executable: chmod 766 errorlog.idc For extra security, you should place errorlog.idc, into a non-web folder. If you have access to a non-web folder (usually outside 'public_html' folder ), then you should also try to store all other config files (e.g. those ending in .idc) and template files there too (please see 8. Security). All .cgi files should remain in a CGI executable folder. 6.3 Does it Work? Test that your script is properly installed by opening a web browser and viewing the script at its URL: http://<your domain>/<iDomainCart folder>/idomain.cgi If an HTML form appears, congratulations - you're ready to go! 7. ADVANCED CUSTOMISATION [Top] At some point, you may wish to customise the look of your pages even more. For example, you might want to change the titles of some of the buttons, or to print a different message if domain is taken. This is not hard to do, but you will have to edit the script itself. Just open idomain.cgi in a text editor (we reccomend that you don't use Windows Notepad to edit the CGI scripts as it does not understand the UNIX line feeds properly and can cause the script not to function). Also, we suggest that you make a backup copy of the script, in case something goes wrong. 7.1 Rules The basic rule is, to change something, just edit the relevant $html{} value. For example, suppose you wanted to change the title of the checkout button. Change $html{'CHECKOUT'} .= "<input type='submit' name='submit' value='Proceed to checkout'></form>"; to $html{'CHECKOUT'} .= "<input type='submit' name='submit' value='Move along to the checkout!'></form>"; And remember, if you're going to add your own HTML, make sure that you replace double quotes (") in your code to single quotes ('), otherwise, the script won't work! For instance, <a href="mypage.htm"> should be entered as <a href='mypage.htm'> Or, if you want each TLD checkbox to be in a separate table row on its own, edit this line: $html{'INPUTCHECKBOXES'} .= " "; # <== add any html you want printed BEFORE each checkbox to read: $html{'INPUTCHECKBOXES'} .= "<tr><td> ";# <== add any html you want printed BEFORE each checkbox and this line: $html{'INPUTCHECKBOXES'} .= "<br>"; # <== add any html you want printed AFTER each checkbox to read: $html{'INPUTCHECKBOXES'} .= "</td></tr>";# <== add any html you want printed AFTER each checkbox If you wanted to have your own buttons instead of the standard grey ones, you would need to alter the lines which create buttons. For instance, change: $html{'CHECKOUT} = { "<input type='submit'' value='Go to secure order form' name='submit'>"; to: $html{'CHECKOUT'} = { "<inpute type='image' src='yourbuttonimage.gif' name='submit'>"; Just remember to keep the 'name' e.g. 'name='submit'' tags as they are. The second basic rule is, don't mess with the variables - that is, anything that starts with a dollar sign ($) should be left well alone. Finally, some don'ts: - don't alter <form> and </form> tags - don't alter the hidden inputs (<input type='hidden'...>) - don't use double quotes ("). Use single quotes (') instead, or the html code "&quot;" - and of course, don't touch anything that isn't HTML unless you know what you are doing! If you need help customising the scripts, feel free to ask on our website http://www.idomaincart.com/support/ 8. SECURITY [Top] Your iDomainCart script should be completely secure. There are no known security holes. This section exists to help you make doubly sure that security is watertight. - error log file The error log file "errorlog.idc" must be writable by the PERL script. The ideal way to do this is to make it owned by your server. Running Apache, this can be done by: chown nobody:nobody errorlog.idc if Apache's username is "nobody". Then make it writable only by apache and readable by others (chmod 744). However, you may not be able to change file ownership on your server, as this normally requires root access. The next best alternative is to make sure that the error log is in a non-web-readable file, and to make it world writable but not executable (chmod 766). For example, if your cgi-bin is at /home/httpd/cgi-bin, then you could put the error log in /home/<your home directory> and change the value of "errorlog" in config.idc to errorlog = ../../<your home directory>/errorlog.idc If you absolutely do not want a world writable file on your system at all, then you can just remove the error log and leave errorlog blank: errorlog = This will not affect how the script works. - config files and templates The config files and templates can be made world readable but not world writable (chmod 744). They should not therefore pose a security risk. If you want to avoid anyone being able to look at them, just put them in a non-web-readable directory and change the relevant values in config.idc. Config.idc itself ought to be in the same directory as the scripts, but if you are feeling really paranoid you could change the early lines of idomain.cgi, order.cgi and confirm.cgi to point to a non-web-readable directory and put config.idc there. 9. COMPATIBILITY [Top] 9.1 Servers - Any server that runs Perl or ActivePerl - Tested successfully on Windows NT running IIS4 9.2 HTML and WYSIWYG Editors - All HTML editors (used for editing the configuration and CGI files, as well as the HTML tempates) that are UNIX compatible, such as UltraEdit and TextPad in Windows or any text editor in Linux - All WYSIWYG editors (for editing or creating HTML templates), such as Macromedia Dreamweaver, FrontPage and Homesite. 9.3 Browsers - Windows: 3+ versions of Netscape and Internet Explorer - Linux: KFM, Mozilla, Netscape, Galeon and Konqueror. Please note: only some of these Linux browser versions may read secure documents. 9.4 Payment Solution Providers - Authorize.net, WorldPay Plc. For the latest list, please see http://www.idomaincart.com/support.htm 10. TERMS AND CONDITIONS [Top] YOU MUST READ AND AGREE TO THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT BEFORE THE SOFTWARE CAN BE DOWNLOADED OR INSTALLED OR USED. BY DOWNLOADING THE SOFTWARE, OR INSTALLING THE EXAMPLE CODE, OR USING THE SOFTWARE, YOU ARE AGREEING TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS SOFTWARE LICENSE AGREEMENT. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS. SOFTWARE LICENSE AGREEMENT, THEN YOU SHOULD NOT DOWNLOAD OR INSTALL OR USE THE SOFTWARE. BY DOING SO, YOU FOREGO ANY IMPLIED OR STATED RIGHTS TO DOWNLOAD OR INSTALL OR USE THE SOFTWARE. WARRANTY DISCLAIMER THE SOFTWARE IS PROVIDED ON AN "AS IS" BASIS. RED CUP AND ITS SUPPLIERS MAKE AND YOU RECEIVE NO OTHER WARRANTIES OR CONDITIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE OR IN ANY COMMUNICATION WITH YOU, AND RED CUP AND ITS SUPPLIERS SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTY OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT AND THEIR EQUIVALENTS. RED CUP DOES NOT WARRANT THAT THE SOFWARE BE ERROR FREE OR MEET YOUR SPECIFIC REQUIREMENTS. SOME STATES OR OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE AND JURISDICTION TO JURISDICTION. LIMITATION OF LIABILITY IN NO EVENT WILL RED CUP OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF OR CORRUPTION TO DATA, LOST PROFITS, LOSS OF CONTRACTS, COST OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR ANY OTHER DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR INDIRECT DAMAGES, LOSSES, COSTS OR EXPENSES OF ANY KIND ARISING FROM THE SUPPLY OR USE OF THE SOFTWARE, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY (INCLUDING WITHOUT LIMITATION NEGLIGENCE). THIS LIMITATION WILL APPLY EVEN IF RED CUP OR AN AUTHORIZED DISTRIBUTOR HAS BEEN ADVISED OF THEIR POSSIBILITY. THIS LIMITATION WILL NOT APPLY TO THE EXTENT THAT LIABILITY MAY NOT BY LAW BE LIMITED OR EXCLUDED.  For full text of the Software License, please see the file 'license.txt' included in this .zip file or visit http://www.idomaincart.com/license.php 11. Troubleshooting [Top] For the list of latest troubleshooting hints, please refer to our on-line FAQ 11. SUPPORT [Top] iDomainCart aims to be the best. If you have any suggestions, queries or need any help, feel free to ask a question on our support forum.