Web Programming with Perl5
- Shopping Cart Applications
- Implementation Issues
- MiniVend Package
- Installation and Configuration
- Overview of Features
- Use and Customization
- Listing 13.1. The main catalog page.
- Listing 13.2. The search page.
- Listing 13.3. The browse page.
- Listing 13.4. The results display page.
- Listing 13.5. The order page.
- A Few Words About Security
- Implementation Issues
- MiniVend Package
- Installation and Configuration
- Overview of Features
- Use and Customization
- A Few Words About Security
The idea of shopping on the World Wide Web is an intriguing one. Imagine the convenience of purchasing items with a simple point-and-click operation. This chapter covers the details of what are called shopping cart applications. It also describes the MiniVend package, which was written by Mike Heins and based on the Vend package written by Andrew Wilcox.
Several issues need discussion before diving right into the example. I first describe
a few basic problems with CGI and the ways around these problems. I also describe
some of the advantages of CGI over static HTML pages. Of course, security is of major
concern, especially when talking about Internet commerce. I attempt to address some
of these issues and then analyze the MiniVend package and how you can use it to set
up your virtual store quickly.
One of the biggest drawbacks of HTTP and CGI is the lack of a persistent state.
The nature of the HTTP protocol is such that each request made on a server is a separate
and distinct connection that ends when the server responds with a result. This approach
is perfect for the concept of surfing the Web but not so perfect for the concept
of a session consisting of multiple requests. When you're shopping for an item at
a Web site, you most likely want to "surf " around in the site's product
catalogs and choose what you want to buy as you're going along. Doing so requires
several separate and distinct requests from the browser to the server. However, you still want to maintain information such as the products selected, the running subtotal, and so on.
This lack of a persistent state can be solved in a few different ways. One way
is to use hidden form fields (see Chapter 5, "Putting It All Together").
Another is for the server to keep some file
associated with the session for the duration of the session. Yet another is to use what are known as cookies; this approach is a client-based persistence solution.
One of the major strengths of the CGI approach over static HTML is, of course, the ability to dynamically generate the contents of a page. The best approach to setting up a list of products for sale is to define a database that contains the product information such as the price, whether it's in stock, and a brief description of the item. Because this information is dynamic, you want the ability to generate your pages based on the current state of your products. If something is out of stock, you would like to be able to tell the shoppers and provide them with an estimated date of when it may be available again.
Rather than constantly update static HTML pages with this information, it makes much more sense to store the information in a database and have a script retrieve the information and generate the pages on request. After all, dynamic content retrieval is one of the intents of CGI, and Perl is one of the best languages for doing this type of work. Several database modules that work using standard ASCII formatted files are available with Perl. You see one of these database interfaces in the MiniVend example. Another strength of Perl is the powerful regular expression capabilities for reformatting text and global substitution of strings.
I've already touched briefly on the need for storing information in a database. The database interface modules available in Perl are a good start. As your product inventory grows, you may want to store your data in a large commercial relational database. Other database modules are available for Perl to use with some of the popular database systems.
Last but certainly not least among the implementation issues is the issue of security. The standard HTTP protocol does not define any means of encryption and decryption when transferring data. You may have seen a dialog box in your browser warning you of this situation whenever you press a Submit button in a form. This warning essentially tells you that, when you send this data through the Net, anyone can see the data that you are transmitting. This lack of security can lead to a lot of worries when that data includes your credit card number and other personal information about yourself.
One solution to this security problem is Netscape's Secure Socket Layer (SSL) protocol. This protocol is discussed briefly in Chapter 3, "Security on the Web." You can also find more information on this at Netscape's Web site with the following URL:
I strongly suggest that anyone setting up an electronic store should thoroughly understand where the holes are and how to prevent surreptitious use of your and your customer's data.
The MiniVend package addresses the issue of security in several ways. You look more deeply into this important issue at the end of the example.
MiniVend, a package available through the Perl CPAN, enables you to set up an electronic store easily. Mike Heins developed the package based on Vend from Andrew Wilcox. Some of its features (direct from the MiniVend README file) are as follow:
- Users maintain a "shopping cart" for ordered items.
- SSL support means secure and practical credit card ordering.
- Catalogs can be of almost unlimited size with excellent performance.
- It provides a powerful search capability, including a complete Glimpse interface,
one-click search profile capability, and independent field-search selection.
- It provides multi-server mode for very high capacity on systems with sufficient
- It provides forked searches for consistent response time in single-server mode.
- Cookie support allows browsers to leave a catalog and come back without losing
the session state.
- It provides full frames support.
- Catalog pages are automatically selected--either built "on the fly"
from the database or premade for popular items.
- It works well with all browsers.
- It provides complete addressable database support with virtually unlimited rows
- It provides fully configurable quantity pricing.
- It provides easy back-end order entry.
- It provides full client-side imagemap support, including frame targets and form
- It provides automatic installation and configuration.
- It provides remote administration via the Web using mat.
- It runs under Perl5 and almost any UNIX platform.
- It is designed to be secure and runs with taint checking enabled.
- It includes a built-in online help capability.
- It calculates sales tax, with fully independent nontaxable item and taxed shipping.
- It calculates shipping (quantity and/or weight).
In the following sections, I explain how to install and configure the MiniVend
your system and emphasize the importance of some of the features in the preceding list. You can find complete and up-to-date information on this package in the CPAN as well as at the following URL:
Installation of the MiniVend package is simple. First download the mvend103.tar.gz file to a new directory, and then run the following commands:
gzip -d mvend103.tar.gz tar -xvf mvend103.tar
Fortunately, Mike has made it easy for you to configure the package for your Web server as well. Before you begin the configuration process, you must obtain the following information:
- The directory of your server's document root. The default value with NCSA and
Apache is /usr/local/etc/httpd/htdocs.
- The directory of your server's CGI executables. The default value with NCSA and
Apache is /usr/local/etc/httpd/cgi-bin.
- The directory of your server's protected CGI executables. "Protected"
in this case means that it requires a user to log in for access. Refer to Chapter
3 for more information.
- The directory of your MiniVend installation. Normally, this directory is the
one in which you untar the file.
- The user ID number under which your Web server is run. It defaults to the user ID number for nobody.
The easiest way to configure MiniVend straight out of the tar file is to run the configure script, which is located in the MiniVend directory. It asks you several questions about your system, and it also figures out some information on its own such as where Perl is installed and whether or not you have installed all the necessary modules. The configure script is quite user-friendly and will prompt you for all the information it needs to know. In addition to setting up your configuration files, it also builds three executables: svend, vlink, and mat. Finally, it puts all the necessary items in the proper place, optionally installs the demo system, and starts the minivend.pl server.
MiniVend can run in two different modes. In static mode, each CGI catalog request loads the database to generate the catalog page. In server mode, you start up a MiniVend server process that loads the product database once and serves the remaining CGI requests with the product information. As you can well imagine, server mode is much faster and is recommended. When you run in server mode, and your server goes down for some reason, one nice feature causes an automatic e-mail notification when someone attempts to access your catalog but cannot do so because the server is down.
Almost all your catalog pages are stored in a directory outside your usual Web server document root. The only pages that need to be visible to your Web server are the base HTML files. All other pages contain MiniVend tags and are stored in the directory specified by the PageDir directive in the minivend.cfg configuration file.
A remote administration tool that runs as a CGI script is put into a protected CGI executable directory. It enables you to administer your MiniVend site from any platform using your favorite browser. I describe this tool, called mat, in more detail later in the chapter.
The best way to start using MiniVend is to look at the demo files and tailor them to your own needs. You need to complete the following steps to get your site up and running:
- Design and create your base HTML document(s) and images.
- Set up your product catalog.
- Set up your minivend.cfg file.
- Set up your catalog search pages.
- Set up your search result pages.
- Set up your order page.
- Set up other miscellaneous pages.
The demo sample catalog contains examples of all these items; using it is also a great way to get started. All accesses into your catalog besides your base HTML files are through the vlink CGI executable. This program looks for the MiniVend tags within your catalog pages and substitutes items for sale according to your product database and MiniVend configuration file.
Your base HTML document and images can be designed without any knowledge of the MiniVend package. This will simply be your virtual storefront window, and it will be the attraction that brings the user into your store. The links on this page will be to your MiniVend catalog and search pages described a bit later. Before I get into those pages, however, you should understand more about how the product catalogs are designed.
First, you need to set up your product catalog. The product catalog is contained in a database file called products.asc, which is an ASCII text file in which each row is a product item whose fields are delimited using TAB, PIPE, or CSV. The field names are contained on the first line of the file. These names must consist entirely of the characters hyphen, underscore, the digits 0 through 9 and the letters A through Z in upper- or lowercase form; they are case sensitive, and they must match the field names of the [in_field] tags in your catalog HTML files.
The default TAB delimiter says to separate each field using a hard tab character ^I. For example,
code description price image HA_001 Stereo 150.95 stereo.jpg HV_001 Television 500.95 tv.jpg
The PIPE delimiter separates each field using the pipe character |. For example,
code|description|price|image HA_001|Stereo|150.95|stereo.jpg HV_001|Television|500.95|tv.jpg
And the CSV delimiter specifies fields enclosed in quotation marks and separated by commas. For example,
"code","description","price","image" "HA_001","Stereo","150.95","stereo.jpg" "HV_001","Television","500.95","tv.jpg"
You must set the delimiter directive appropriately for the delimiter format you choose. A set of fields such as code, description, and price is required. You may define as many additional fields as you need; however, the product code must be the first field in the line. You can extract customized field values using the [data] tag in your catalog pages.
You also need to set up your minivend.cfg configuration file. Some of this file is set up for you when you run configure; however, you may want to tailor some variables manually.
The important two variables in this file are VendURL and SecureURL. They specify the CGI program used for all links within the catalog. The only difference between these two variables normally is that VendURL uses the HTTP protocol where SecureURL uses the HTTPS protocol. Both variables need to specify the URL at which MiniVend can find the vlink executable, which is normally your cgi-bin directory. This value is set for you during configuration.
Another important set of variables is PageDir, ProductDir, and DataDir. These variables specify where to find HTML files, product database files, and other database files. You normally want to separate at least your HTML pages from your database files. You can separate your product database files from your extra database files, although doing so is unnecessary. The directories specified for these variables are relative to the MiniVend installation directory unless they begin with the / character.
The last variable is the Database variable. You can have as many instances of this variable as you like. The format for the value of this variable is
database_name database_file delimiter_type
database_name is a name you choose for the database that is specified when you use the [data] tag in your HTML files. database_file is an ASCII database file, as described in the preceding section, which resides in the DataDir directory. delimiter_type was also explained in the preceding section; the values are as follow:
- Type 1: Defaults to the same as the products database file.
- Type 2: Each field contained on its own line, where blank lines delimit records.
- Type 3: Each field separated by \n%%\n combination and records separated by \n%%%\n
- Type 4: CSV
- Type 5: PIPE
- Type 6: TAB
The minivend.cfg file also contains many other variables. I suggest you look over the MiniVend documentation for a more detailed and up-to-date reference. You can configure the values in these files by using the mat administrative CGI tool, which I describe later in this chapter.
Catalog pages are simply HTML files with some additional markup. The additional markup consists of MiniVend tags that are enclosed in square brackets  rather than HTML's angle brackets <>. The page flow under normal circumstances consists of catalog.html to order.html to confirmation.html. The catalog page can be as simple or as complex as you like. I suggest that you start out simple and then add features as you become more familiar with the capabilities. The catalog page for the example in this chapter will remain simple. Here, you provide a search page and a browse-by-category page. The HTML with additional MiniVend markup is shown in Listing 13.1, and the resulting page is shown in Figure 13.1.
<HTML><HEAD> <TITLE>The Web Shopping Network Home Page</TITLE> </HEAD> <BODY> <H1>Welcome to the Web Shopping Network</H1> <P> Our store carries the latest products in home electronics. Please feel free to [page browse] browse [/page] through our collection or [page descsrch] search [/page] for a particular item. <P> As you see an item you would like to purchase, simply add it to your virtual shopping cart and continue through our catalog. When you're ready to place your order you can go to our [page order] order [/page] form to submit the order. <P> </BODY></HTML>
You're going to use the [page] tag quite a bit. This tag is similar to
the <A HREF=> HTML tag. You use it to navigate within your MiniVend
Figure 13.1. The main catalog page as it will appear in your browser.
Take a closer look now at the browse and descsrch pages. They are a bit more interesting because they interact with your product database. These pages actually contain HTML forms, as shown in Listing 13.2, so they have some additional MiniVend tags to accommodate these forms.
<HTML><HEAD> <TITLE>Search the Web Shopping Network</TITLE> </HEAD> <BODY> <H1> Search our Product Catalog </H1> <P> <FORM ACTION="[process-search]" METHOD=POST> <STRONG>Product Keywords</STRONG><BR> <INPUT TYPE=text NAME="mv_searchspec" SIZE=20> <BR> <TABLE> <TR><TD> <INPUT TYPE="submit" NAME="mv_todo" VALUE="Search"> <INPUT TYPE="hidden" NAME="mv_doit" VALUE="search"> <INPUT TYPE="hidden" NAME="mv_search_page" VALUE="results"> <P>[finish-order]<BR> <TD> Matches per page: <SELECT NAME="mv_matchlimit"> <OPTION>1 <OPTION>5 <OPTION>10 <OPTION SELECTED>25 <OPTION>50 </SELECT><BR> <INPUT TYPE="radio" NAME="mv_orsearch" VALUE="no" CHECKED>Match all<BR> <INPUT TYPE="radio" NAME="mv_orsearch" VALUE="yes">Match any<BR> <INPUT TYPE="checkbox" NAME="mv_case" VALUE="yes">Case sensitive<BR> </TABLE> </FORM> </BODY></HTML>
This page contains some interesting MiniVend tags that you should be aware of.
The first you come across is [process-search], which defines the post action
for the form. It tells MiniVend to perform a database search using the criteria entered
by the user. The rest of the MiniVend tags support the search program with the appropriate
criteria. mv_searchspec specifies the text for which to search. mv_matchlimit
specifies the maximum number of matches to allow being returned. mv_orsearch
enables the user to specify searches that match all words entered or one or more
of the words entered. mv_case enables the user to specify case-sensitive
searches. In addition to these tags are several other field types that support searching,
as you can see in the resulting form shown in Figure 13.2. For more information on
these field types, refer to the MiniVend documentation, which is included with the
Figure 13.2. The description search page.
The next page to look at is the browse page. The code for it is shown in Listing 13.3. This page is similar to the descsrch page except that it gives the user some categories from which to choose. Many of the MiniVend tags may look familiar to you after seeing the search page.
<HTML><HEAD> <TITLE>Browse the Web Shopping Network by Category</TITLE> </HEAD> <BODY> <H1> Browse the Web Shopping Network by Category </H1> <P> <FORM ACTION="[process-search]" METHOD=POST> <STRONG>Category</STRONG><BR> <SELECT NAME="mv_searchspec"> <OPTION VALUE="HomeAudio$"> Home Audio <OPTION VALUE="HomeVideo$"> Home Video <OPTION VALUE="CarAudio$"> Car Audio <OPTION VALUE="Computers$"> Computers <OPTION VALUE="Accessories$"> Accessories </SELECT> <INPUT TYPE=HIDDEN NAME="mv_case" VALUE="yes"> <INPUT TYPE=HIDDEN NAME="mv_orsearch" VALUE="yes"> <INPUT TYPE="hidden" NAME="mv_search_page" VALUE="results"> <P> <INPUT TYPE="submit" NAME="mv_todo" VALUE="Search"> <INPUT TYPE="hidden" NAME="mv_doit" VALUE="search"><BR> <P> [finish-order] Matches per page: <SELECT NAME="mv_matchlimit"> <OPTION>5 <OPTION>10 <OPTION SELECTED>25 <OPTION>50 </SELECT><BR> </FORM> Just select one or more categories you wish to browse, then press the <B>Search</B> button. <P> </BODY> </HTML>
As you see, the only real difference with this page is the mv_searchspec
field. Rather than provide an empty text field here, you assist the user by providing
a list of categories from which to choose, as you can see in Figure 13.3. You might
be curious about the [finish-order] MiniVend tag in these last two HTML
files. I explain this tag in the next section on displaying the search results.
Figure 13.3. The Browse by Category page.
Now that you've seen how to set up the search pages, you need to figure out how to display the results from the search operation. To display results, you need a few more MiniVend tags that enable you to display a list of items. This page, coded in Listing 13.4, can be kept fairly generic as you will see. Most of the text on the page is filled in by MiniVend based on the contents of your product database.
<HTML><HEAD> <TITLE>Search Results</TITLE> </HEAD> <BODY> <H1> Search Results </H1> <P> [finish-order] <P> <H2> [more-list] Matches [matches] of [/more-list] [value mv_search_match_count] items found</H2> <P> <TABLE BORDER> <TR> <TH>Item #</TH><TH>Description</TH><TH></TH><TH></TH><TH>Everyday Low Price</TH> </TR> [search-list] <TR> <TD><B>[item_increment]</B></TD> <TD>[item-description]<BR></TD> <TD>[item-link]</TD> <TD>[order [item-code]]<STRONG>Order</STRONG>[/order]</TD> <TD><B>Our Everyday Low Price $[item-price]</B><p></TD> </TR> [/search-list] </TABLE> <HR> [more-list] <B>There's even more to choose from!:</B><BR> [more] <HR> [/more-list] <TABLE> <TR> <TD>[page browse]Browse by Category[/page]</TD> <TD>[page search]Search[/page]</TD> <TD>[page catalog]Home[/page]</TD> </TR> </TABLE> <P> </BODY></HTML>
The first tag that needs explanation here is the [finish-order] tag. This tag inserts a link to the order page, giving the customer a quick way to place his or her order. If no items are in the customer's shopping cart, this tag is ignored. Another interesting tag in this page is [more-list]. This tag directly relates to the mv_matchlimit of the previous page. It provides the user with a scrollable list of items. Of course, this list comes into play only if the mv_matchlimit value is exceeded. The [matches] tag displays the current range the customer is viewing. If you've done any kind of Web searching, you should already be familiar with this concept.
After displaying the number of items found using the [value] tag along
with the mv_search_match_count variable, you begin listing the items by
using the [search-list] tag. Once inside the [search-list], you
can represent each item in any way that HTML allows. One of the best ways to display
this type of list is to use a table, as done in Listing 13.4. [item-increment]
specifies the index number of the item within the search results. [item-description]
displays the item's Description field value from your product database. [item-link]
provides a quick link to more information about that item. The way this link works
is pretty cool. You can create a page called flypage.html, which will be
the template for generating this page on the fly from the information in your database.
The next column gives the user a link to be able to order the item. It uses the [order]
tag together with the [item-code] tag. The [order] tag provides
a link to the order page, enabling the user to place his or her order. The [item-code]
is a necessary parameter to the [order] tag, which is extracted from the
product database. This parameter tells MiniVend which item is being ordered. The
last tag within the search list is [item-price], which, of course, displays
the price of the item as listed in the product database. Figure 13.4 shows search
results using a textual search on the database, and Figure 13.5 shows results using
a category search.
Figure 13.4. The search results from a textual search.
Figure 13.5. The search results from a category search.
You are now close to finished with your shopping site. The last major page to define is your order page. On this page, you specify what information you want to obtain from the customers when they place their orders and get information about items in their virtual shopping carts.
The order page probably has the most raw HTML code. This page defines all the fields pertaining to customer information, as well as a list of items to be ordered. Fortunately, MiniVend maintains the item list for you, and you can extract it by using a few simple MiniVend tags. You define the customer input fields, which are contained in your order reports. You can maintain persistent values for these fields by using the [value] tag. This means that when a user fills out the order form page, leaves it to find another item, and then comes back to the order page, all the information he or she originally entered is not lost. The order page code is shown in Listing 13.5.
<HTML><HEAD> <TITLE>Place an Order</TITLE> </HEAD> <BODY> <H1>Place an Order</H1> <FORM ACTION="[process-order]" METHOD=POST> <H2>Items to be ordered</H2> <PRE> [item-list] [row 80] [col 10] [item-code] [/col] [col align=i width=10 gutter=1] <input type="text" name=[quantity-name] value="[item-quantity]" size=4> [/col] [col 40] [item-description] [/col] [col 16 align=r] $[item-price] [/col] [/row] [/item-list] [row 80] [col 10][/col] [col 10][/col] [col width=40 align=r wrap=no] SUBTOTAL [/col] [col width=16 align=r] [subtotal] [/col] [/row] [row 80] [col 10][/col] [col 10][/col] [col width=40 align=r wrap=no] Sales Tax [/col] [col width=16 align=r] [salestax] [/col] [/row] [row 80] [col 10][/col] [col 10][/col] [col width=40 align=r wrap=no] Shipping [/col] [col width=16 align=r] [shipping] [/col] [/row] [row 80] [col 10][/col] [col 10][/col] [col width=40 align=r wrap=no] TOTAL [/col] [col width=16 align=r] [total-cost] [/col] [/row] </PRE> <I>(If you wish to cancel the order on an item, simply enter "0" in the quantity field of that item.)</I> <P> <I> (If you change the quantity field of an item, you can recalculate the new total by selecting "Refresh" below). </I> <P> <B>Shipping via</B> <INPUT TYPE=RADIO NAME=mv_shipmode VALUE=UPSG [checked mv_shipmode UPSG]> UPS Ground <INPUT TYPE=RADIO NAME=mv_shipmode VALUE=UPSB [checked mv_shipmode UPSB]> UPS Blue <INPUT TYPE=RADIO NAME=mv_shipmode VALUE=UPSR [checked mv_shipmode UPSR]> UPS Red <P> <CENTER> <input type="hidden" name="mv_doit" value="refresh"> <input type="hidden" name="mv_order_report" value="report"> <input type="submit" name="mv_todo" value="Submit Order"> <input type="submit" name="mv_todo" value="Refresh"> <input type="submit" name="mv_todo" value="Cancel"> </CENTER> <H2>Shipping and Billing Information</H2> <PRE> * Name <input type="text" name="name" value="[value name]" size=40> Company Name <input type="text" name="company" value="[value company]" size=40> Email Address <input type="text" name="email" value="[value email]" size=40> * Billing address <input type="text" name="address" value="[value address]" size=40> * City <input type="text" name="city" value="[value city]" size=20> * State/Province <input type="text" name="state" value="[value state]" size=10> * Zip/Postal Code <input type="text" name="zip" value="[value zip]" size=10> * Country <input type="text" name="country" value="[value country]" size=20> Daytime Phone <input type="text" name="phone_day" value="[value phone_day]" size=16> Evening Phone <input type="text" name="phone_night" value="[value phone_night]" size=16> </PRE> <P> <B>*</B> <I> These fields are required for us to be able to place your order </I> <P> <HR> <CENTER> <H2> Shipping Address</H2> <I>(if different than the billing address)</I> </CENTER> <PRE> Address <input type="text" name="s_address" value="[value s_address]" size=40> City <input type="text" name="s_city" value="[value s_city]" size=20> State/Province <input type="text" name="s_state" value="[value s_state]" size=10> Zip/Postal Code <input type="text" name="s_zip" value="[value s_zip]" size=10> Country <input type="text" name="s_country" value="[value s_country]" size=20><p> </PRE> <P> <CENTER> <input type="submit" name="mv_todo" value="Submit Order" checked> <input type="submit" name="mv_todo" value="Refresh Page"> <input type="submit" name="mv_todo" value="Cancel"> </CENTER> </FORM> <P> </BODY></HTML>
As you can see, this page contains the most information of all the MiniVend pages. The page starts with a list of items that are being ordered. This list is specified using the [item-list], which is similar to the [search-list] tag you saw earlier. The difference is that this list contains those items the customer has placed in his or her shopping cart rather than a list obtained from searching the database. The semantics of how this tag works are the same. Within the [item-list], you again see the [item-code], [item-description], and [item-price] tags. One new tag contained within this list is [item-quantity], which is a user-specified value. To cancel the order of an item, the user must enter a zero in this field as the informational text describes.
You might be curious about the [row] and [col] tags. They are general formatting tags provided by MiniVend for displaying a table look within a preformatted text <PRE> section of your HTML. The value specified in the [row] tag tells the number of total columns in the row. Each column can then be given a certain size and alignment. For more detailed information, refer to the MiniVend documentation.
Of more importance are the [subtotal], [salestax], [shipping], and [total-cost] tags. These tags demonstrate the power and simplicity of MiniVend. A large part of the MiniVend package deals with the dynamic creation of HTML based on your product database; the other, perhaps even more useful, part deals with maintaining the running subtotals, tax, and shipping costs. The subtotal is a fairly easy one to figure out by simply adding up the item prices while taking quantity into account. The tax is figured using a special database file called salestax.asc. Tax percentage is looked up using the state or optionally the zip code. A default percentage, which is normally 0, also is supplied. You can even designate certain items to be tax exempt by specifying a NonTaxableField in your minivend.cfg file and setting that field value to true for the tax-exempt item.
Shipping can be determined based on a field designated with the CustomShipping variable in the minivend.cfg file. In this example, you use the weight field. This field value is then used in conjunction with the shipping cost database, which is another ASCII database file with the following fields:
- code: A unique identifier for the shipping method.
- description: Description of the shipping method, accessed using the [shipping_description]
- criteria: The criteria for shipping charge (for example, weight, quantity, or
country). This field is for information only; it is not used by MiniVend for any
- minimum: The low bound of quantity or weight to which this entry applies.
- maximum: The high bound of quantity or weight to which this entry applies.
- cost: The total shipping cost (specified as a formula if it begins with "f" or as a multiplier if it begins with "x").
The customer chooses the shipping method by using the radio buttons listed in
this example under Shipping Via. You can specify a default shipping by using the
DefaultShipping variable in the minivend.cfg file. The [total-cost]
is then calculated by adding up all these values. Figure 13.6 shows the section of
the form containing a list of items that have been ordered.
Figure 13.6. The ordered items part of the order form.
The remaining HTML in this example is simply the order form for gathering information from the customer. The only MiniVend tag used within this text is the [value] tag, which was described previously. This form is contained within a preformatted text <PRE> section for better alignment. Figure 13.7 shows this form as it appears in your Web browser. Again, you can include as many fields as you find necessary. MiniVend imposes no restrictions on the kind of data you can request from your customers.
Figure 13.7. The customer information part of the order form.
To complete your MiniVend site, you should create a few other pages. To display the order confirmation to the user, you can use confirmation.html. Nothing about this page is complicated. You may want to use [page] link tags to allow the customer to navigate back into your store to buy more. Another useful page is notfound.html. This page is shown when vlink is unable to locate a certain page. This page is useful as a catch-all so that customers aren't subjected to any nasty default error pages. Another page you may want to create is flypage.html. This page enables you to display a complete description of a particular item. A page is constructed on the fly using information in your product database.
You also should create a few pages such as badsearch.html and nomatch.html to catch certain conditions. badsearch.html handles cases in which invalid search data is passed into the search engine. nomatch.html handles conditions in which no items are found with the given search criteria. You might also want to create special pages. For example, you might be having a close-out sale. You can then link to these pages by using the [page] tag.
Using MiniVend, you also can use frames for your shopping site. Some special minivend.cfg variables such as FrameOrderPage and FrameSearchPage enable you to specify special pages for use with frames. Frames are given names for specifying the TARGET value of an <A HREF> tag. There are also the special frame names _top, _blank, _parent, and _self. To tell MiniVend that frames are in use, you should use the [frames_on] tag in the first page that the customer accesses to enter the store. The [framebase] tag sets the base target for a page.
Some demo pages that enable the use of frames are contained within the MiniVend package. If you're interested in this feature, I encourage you to take a look at the sample shopping site.
Also included with MiniVend are a few tools for the administration of your shopping cart site, which you learned about earlier. In the following sections, I describe two of the tools that might make your life easier as the caretaker of your online store. vendpage One of the administrative tools available for you to use is the vendpage program. This tool takes existing HTML files and converts them to MiniVend pages, redefining links in the format used by MiniVend. It follows a few simple rules:
- Any link that starts at the root or with a protocol specification is left as
- All relative links are changed relative to the PageDir directory specified in
the configuration file.
- Links to names in the same document remain unchanged.
- Image specifications that are relative are changed such that they must be placed
in the images directory relative to the HTTP servers DocumentRoot.
- Comments that begin and end with [vend] and [/vend] are stripped and passed on as vend tags.
For more information on this tool, refer to the vendpage documentation,
which is contained in the MiniVend package. mat Another useful tool
is the mat program, as shown in Figure 13.8. It enables you to modify the
current configuration remotely through a standard Web interface. With this tool,
a user from any platform (that has a Web browser available) can start the MiniVend
server, view error logs, and even modify the configuration settings. You will obviously
want to put this tool into a protected CGI executable directory so that ordinary
users cannot modify your store. Refer to Chapter 3 for more information on how to
create a protected directory.
Figure 13.8. The mat remote administration tool from within the browser.
Security is a great concern to your customers when they are asked to transmit their credit card numbers across an insecure protocol to an unknown target. You can deal with this concern in several ways. The first addresses the issue of the insecure protocol. HTTP by definition is an insecure protocol; however, Netscape has introduced the Secure Sockets Layer, which allows data to be encrypted before it is sent over the wire. If you have a commerce server that supports this protocol, you can inform MiniVend by using the SecureURL variable in the minivend.cfg file.
Another issue with credit card numbers is that form information is generally stored to disk unbeknownst to the user. MiniVend adds additional security by checking forms for field names that have the string credit_card in their names and, if so, encrypts the value before storing the information to disk.
To find out more about the security features of MiniVend, again refer to the MiniVend documentation. To learn more about security as it pertains to the World Wide Web in general, you should review Chapter 3.
There is a lot more to the MiniVend package than I can write about in a single
chapter. If you are interested in setting up a Web-based shopping center, I highly
recommend using the MiniVend package. I would also suggest reading through the documentation
that comes with the latest version of the package. You may also want to read up on
how to address the security issues as they may concern your shoppers. Web shopping
is becoming quite popular, and thanks to the work of Andrew Wilcox and Mike Heins,
setting up a Web store can be much easier than it otherwise would be.