Embed Size (px)
DESCRIPTION
Bilguun Ginjbaatar | Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store | Thesis Project completed in December 2007. Edinboro University of Pennsylvania
Citation preview
Creating an Online Shopping Portal Website for Chinguun-Tulga Office Supply Store
Created by
Bilguun Ginjbaatar
Thesis Committee:
Professor Ellen Zimmer
Professor John Onderko
Professor David Tucker
Page | i
AbstractIn today’s competitive Mongolian office supplies’ market, it is vital for retailers to have a
website where products can be sold online. For this master’s project, an e-commerce website has
been created for Chinguun-Tulga, a company which operates in Ulaanbaatar, Mongolia. The
main requirement of this project is to create the website in the least expensive yet in a
professional way – thus, an open-source solution known as OSCommerce is utilized to develop
the e-commerce system. The final version of the website has a front-end site for public viewers
and a back-end site for the store owner so that she could maintain the website.
In addition, this website is accompanied by documents which cover topics such as
intended website audience, design decision, competitive analysis, website contents, website
structure, database elements, security aspects, payment methods, marketing approaches, website
maintenance guide, management and user requirements, costs and benefits analysis, alternative
development strategies, and project schedule.
Table of Content
Page | ii
s
Foreword..................................................................................................................1Project SummarySteps taken to complete the projectSWOT analysis of Chinguun-TulgaInternet users of MongoliaTools usedWeb hosting providerEvaluation of projectConclusion
Bibliography............................................................................................................16
Design Document...................................................................................................18I. Introduction........................................................................................................................19II. Website Goals.....................................................................................................................20III. User Experience.................................................................................................................20IV. Competitive Analysis..........................................................................................................23V. Site Content........................................................................................................................29VI. Payment Methods..............................................................................................................40VII. Marketing Approaches......................................................................................................41VIII. Security............................................................................................................................ 46
Site Maintenance Document..................................................................................621. Configuration...................................................................................................................... 632. Catalog................................................................................................................................ 673. Modules.............................................................................................................................. 714. Customers ..........................................................................................................................725. Locations/Taxes...................................................................................................................746. Localization......................................................................................................................... 757. Reports................................................................................................................................768. Tools....................................................................................................................................779. Cascading Style Sheet (CSS).................................................................................................80
Systems Requirements Document..........................................................................85Executive Summary.................................................................................................................86
Page | iii
I. Information Systems Background........................................................................................87II. Functional Requirements....................................................................................................88III. Environmental Requirements..........................................................................................102IV. Alternatives......................................................................................................................103V. Recommendation..............................................................................................................107VI. Project Schedule..............................................................................................................108
Appendix A............................................................................................................109Website Architecture
Appendix B............................................................................................................114ERD and Database Tables
Page | iv
ForewordMy name is Bilguun Ginjbaatar. For my master’s thesis project, an e-commerce website
has been created for Chinguun-Tulga, a company which operates in Ulaanbaatar, Mongolia. This
project took about six months to complete. Currently available open-source solutions were
researched for two months and a software called OSCommerce is utilized to develop Chinguun-
Tulga’s e-commerce system. OSCommerce is an online store management software program that
can be used on any web server that has PHP and MySQL installed, and it is available as a free
software under GNU General Public License. For the remainder of the six months, the website is
designed and documentations are produced. The website for Chinguun-Tulga is created to help
increase its sales as well as to acquire more customers in the Mongolian office supplies market.
The website has a front-end for public users and a back-end for the administrator(s). In the front-
end, all inventories are displayed in a categorized order, and customers can search products by
name, keywords, product codes, and prices. Customers are asked to create an account in order to
be able to checkout at the front-end. The back-end provides a configuration panel that is used to
input products, remove products, put products on special sale, setup payment gateways, manage
customers’ accounts, manage orders; and access to it requires a username and password. The
back-end site is going to be a very useful tool because the administrator can maintain the front-
end site without having troubles editing complex PHP, HTML, and Java script files.
Also, this website is accompanied by documents which cover topics such as intended
website audience, design decision, competitive analysis, website contents, website structure,
database elements, security aspects, payment methods, marketing approaches, website
maintenance guide, management and user requirements, costs and benefits analysis, alternative
development strategies, and project schedule.
Page | 1
Project Summary
This project started under the guidance of Professor Ellen Zimmer at the end of the spring
2007 semester. The goal of this project is to create an e-commerce system for Chinguun-Tulga,
where Mongolian customers would use the Internet to make their purchases. The deliverables of
this project are:
- Front-end website (http://www.chinguun-tulga.com/catalog)
- Back-end website (http://www.chinguun-tulga.com/catalog/admin)
- Design Document
- Website Maintenance Document
- Systems Requirements Document
In the Design Document, the elements related to the website design are discussed. In the
introduction, Chinguun-Tulga Company’s background and mission are stated. The goal of the
website is to provide customers a dynamic e-commerce website displaying the inventory at
Chinguun-Tulga office supplies store. User experience, the third section, basically talks about the
audience definition and shows numerous scenarios why customers would visit Chinguun-Tulga’s
website. The fourth section, competitive analysis compares and contrasts four independent
websites that sell office supplies. These included websites are www.OfficeMax.mn,
www.Asuult.net/beleg, www.Staples.com, and www.OffceDepot.com. Following this, the design
decision, front-end site content, back-end site content, database elements, entity relationship
diagram, and available payment options are discussed. A section on security aspects as well as
the methods used to measure the website traffic is also addressed. Google Analytics is used to
measure the traffic of the website as well as visitor’s behavior.
The Website Maintenance Document basically describes the functions of the back-end
site and is intended for the store owner. It gives the store owner instructions on maintaining the
website, adding new products, and what to do when an online transaction takes place. The back-
end site updates the front-end contents by inputting data into the database, which the front-end
site retrieves from the database. There are nine things to know about the maintenance, and these
are: configuration, catalog, modules, customers, locations/taxes, localization, reports, tools, and
cascading style sheet (CSS). The configuration section will setup the entire basic configuration
Page | 2
such as assigning administrators, product listing options, customer details, e-mail options etc.
The catalog section is very important and it inputs all products, category folders, and product
attributes to the store front. Here, step-by-step instructions on adding new products (ex: copying
a new product, moving a category folder to a different location, etc.) are specified. In the
modules section, the payment modules and options for shipping rates are described. In the
customers section, descriptive guides such as how customers can be edited, deleted, and e-mailed
as well as how reports for invoices can be generated are given. Both the invoice and the packing
slip are created in this section. Also, the tax rates can be set up in the locations/taxes section. In
the localization section, the currencies, languages, and orders status can be viewed. Mongolian
language files are created here by copying the files from the English language folder to a new
folder named Mongol. The reports section displays the products that were most viewed, products
that have been purchased the most, and the total orders from all customers. A tools section
allows database backup (or restore), define language, file manager, newsletter e-mail manager,
and “who is online” features. Last but not least is the cascading style sheet (CSS). There are over
50 different styles, and most of the colors, text fonts, text sizes, tables, cell attributes that are
used in the front-end website can be changed in the style sheet definition page in the
catalog/stylesheet.css file. The cascading style sheet can be accessed by going to ToolsFile
Manager links.
The Website Maintenance Document should also be written in Mongolian language
because the store owner does not know English fluently. Because of the given time constraint,
this document is written only in English, and in the near future the Mongolian version will be
written, so that the store owner can run the website without any further assistance from me.
In the Systems Requirement Document (SRD), the management and user requirements,
costs and benefits, and the alternative development strategies for Chinguun-Tulga’s website are
discussed. There are four options that can be chosen for Chinguun-Tulga’s new e-commerce
information system. The first scenario is “Ready-To-Use: 1&1 eShops”, the second is “Ready-
To-Use: Network Solution”, the third is “E-commerce software: VP-ASP”, and the last is “Open-
source solution: OS Commerce.” The first three scenarios involve high initial and maintenance
costs, thus considering the cost as the main factor the OSCommerce solution is implemented. In
the SRD, Chinguun-Tulga’s business background and the types of products currently sold at
Page | 3
Chinguun-Tulga’ retail store are addressed. By creating data flow diagrams such as context
diagram and diagram zero, one, two, and three the functional requirements of this project are
explained. Context diagram is a very general diagram, requiring it to be further decomposed into
the diagram zero. In the diagram zero, there are three sub-processes, and they are: Process Order,
Generate Report, and Backup/Restore. Diagram zero is further decomposed to illustrate these
three processes and each is named “Diagram 1: Process Order”, “Diagram 2: Process Generate
Report”, and “Diagram 3: Process Backup/Restore.” All entities, data, and flows are described in
the Data Dictionary. Also, in the Data Store Design section, the simplest level of the entity
relationship diagram (ERD) along with the un-normalized database schema is provided. (Further
decomposed ERD and normalized database along with its tables are in the Appendix B.)
Furthermore, the environmental requirement is discussed, and in order for Chinguun-Tulga to
implement this e-commerce system, it needs a purchase of a desktop computer (or laptop),
Internet connection, domain name, and a reliable web server to host the website. In the last page
of SRD, a Gantt chart of the project schedule is provided.
Steps taken to complete the project
The knowledge from the Project Management class helped me construct a step-by-step
approach for this project. The project is divided into four steps: planning, analysis, design, and
implementation.
Planning: In the planning stage, research was done for e-commerce solutions for Chinguun-
Tulga. There were many different solutions available from various vendors. Once a
decision to utilize OSCommerce was made, the other solutions were no longer in the
plan. A work schedule was also created and it describes the work break down structure
by each month, starting in May and ending in December of 2007. In the planning, it is
important to create a Systems Requirement Document, design a detailed work plan
(Gantt chart), and prepare an analysis on feasibility.
Analysis: Mrs. Chuluunbaatar was interviewed over the phone, and she gave information about
her company’s operations. After examining Chinguun-Tulga’s current system, I
proposed my e-commerce website project to her. A work flow process diagrams such
as DFDs and alternative options were studied in the Systems Requirements Document.
After explaining the possibility of selling her products online, she agreed to be the
Page | 4
project sponsor. The work on the project is continued by searching for different web
hosting providers. After analyzing several solutions, 1and1 Internet Inc., is chosen
(www.1and1.com) as the web hosting provider because they provided high quality
service for a reasonable monthly fee.
Design: Chinguun-Tulga’s e-commerce website is designed based on the OSCommerce model.
Designing the front-end website was quite demanding and required a lot of time in
different combinations regarding the site design and color matching. The last version
of the website has a white background and is positioned in the center; and its elements
are integrated in a table with a border that equals zero. While designing the front-end,
the designing of the back-end was also started based on the OSCommerce model. In
addition, the front-end has a dual language feature: English and Mongolian. It allows
Mongolian visitors to view the website in their native language, and my thesis
committee can view the site in English.
Implementation: After completing the design stage, the website is put into production phase.
Several tests were implemented to see if the transactions were working as they were
supposed to. If there was anything that needed to be debugged, it was fixed in this
stage. The documentations such as Design Document and Website Maintenance
Documents were revised and finalized in this stage, too. The final step in this stage is
to present the system to the thesis committee.
SWOT analysis of Chinguun-Tulga
It was quite interesting to see Chinguun-Tulga’s long-term strategic planning, rather than
its day-to-day business operations. Strategic planning is the process of identifying long-term
goals, strategies, and resources. To map out the strategic planning, firms create series of
questions which are in combination called a SWOT analysis. SWOT analysis examines
company’s strengths (S), weaknesses (W), opportunities (O), and threats (T). The related
questions were:
- What are Chinguun-Tulga’s major strengths, and how can it maximize them in the
future?
- What are Chinguun-Tulga’s major weaknesses, and how can it overcome them?
Page | 5
- What are Chinguun-Tulga’s major opportunities, and how can it take full advantage of
them? What IT plans does it have to support business opportunities?
- What major threats does Chinguun-Tulga face and what can it do about them?
By creating this SWOT analysis, I aimed to contribute to the strategic planning process
for Chinguun-Tulga. The main possible strengths are loyal customers who repeatedly purchase
from Chinguun-Tulga, sales associates with great people skills, best store location, ability to
order custom-products from the suppliers at a customer’s request, and an IT graduate who has
web development knowledge. The possible weaknesses are use of legacy systems, incomplete or
old-fashioned financial statements, and limited budgets on marketing.
On the possible threat side, three major risks are identified. First, there are many other
competing firms who specialize in selling office supplies, and this number is increasing. This
tough competition will eventually result in a “price war”, and if that happens, it will have a
negative impact on Chinguun-Tulga’s revenue. Also, some firms (ex: www.OfficeMax.mn) that
do not even have a physical store are starting to sell products exclusively online. Lastly, there is
a possibility that Chinguun-Tulga may not secure another 5-year-contract on its building lease.
However, there are some possible opportunities. First, Chinguun-Tulga is well-positioned
for expansion. The store is run by a very experienced person who knows what sells well and
Page | 6
POSSIBLE WEAKNESSES-Still using several legacy systems-Some documentation need updating-Limited or budget on marketing
POSSIBLE OPPORTUNITIES-Well-positioned for expansion-Can be the first Ulaanbaatar's office supplies store with both e-commerce system and retail store-High Potential for B2B (business-to-business) growth
POSSIBLE THREATS-The number of competing stores are growing -New competeition via web (ex: www.OfficeMax.mn)-Possibility of not securing another 5-year-contract on the building's lease
C h i n g u u n - T u l g aS W O T A n a l y s i s
what does not. Moreover, there is a high potential for B2B (business-to-business) growth,
meaning that Chinguun-Tulga could sell products in bulk to other businesses. The most
important opportunity that was discovered for Chinguun-Tulga is an e-commerce system that
allows customers to buy online. After their new e-commerce system is in operation, Chinguun-
Tulga will gain a competitive advantage to offer services in both retail and online environment in
the Mongolian office supply market.
Internet users of Mongolia
As I started working on this project, it was important to find out how many people really
use the Internet in Mongolia. The complete internet users’ data was not readily available from
the Mongolian National Statistical Office. The Mongolian National Statistics Office,
International Telecommunication Union, UNDP, the World Bank, and the Central Intelligence
Agency of U.S. websites were mainly used to gather the data. Estimated data for 1998, 1999,
2000, 2001, 2002, 2003, 2004, and 2005 were collected, but 2006 and 2007 data were
unavailable at the moment. The data is tabulated in the following chart:
YearNumber of Internet
Users Percentage of
populationSources
1998 3,400 0.13% NSO1
1999 4,200 0.16% NSO2
2000 30,000 1.10% The World Bank3
2001 35,000 1.35% Report on E-Readiness4
2002 140,000 5.18% UNDP5
2003 157,027 5.81% The World Bank
2004 220,000 8.00% The World Factbook6
2005 268,300 10.30% C.I.A.7
1 Statistical Yearbook of 1998. Accessed on Nov 27, 2007. <http://202.131.5.91/yearbook/1998/yearbook98.chm>2 Statistical Yearbook of 1999. Accessed on Nov 27, 2007. <http://202.131.5.91/yearbook/1999/yearbook1999.pdf>3 Results: Ongoing Progress in Mongolia. Accessed on Nov 27, 2007. < http://go.worldbank.org/EVB1INU220>4 E-Readiness Assessment Report of Mongolia for the Networked World. p.22 < www.mongolia-gateway.mn/downloads/mdg/ERA.pdf >5 National Report. Accessed on Nov 27, 2007. <http://mirror.undp.org/mongolia/publications/NMDGR_Mongolia_eng_Goal8.pdf>6 Mongolia Facts. Accessed on Dec 1, 2007. < http://www.umsl.edu/services/govdocs/wofact2005/geos/mg.html>7 Mongolia Profile. Accessed on Nov 27, 2007. < https://www.cia.gov/library/publications/the-world-factbook/geos/mg.html>
Page | 7
It is remarkable to notice that Mongolian Internet users have been increasing fast in the
last eight years. In 1998, there were only about 3,400 Internet users, but eight years later this
number reached 268,300, an increase by 78 times. It means that 10.3 (or more) in every 100
people are using the Internet now a days.
Internet services were first introduced in early 1996 by Datacom, a data communication
systems company. At present, there are seven ISPs in Mongolia; five of the ISPs are private
companies, with an additional two subsidized and established by direct involvement of the
Mongolian government. There are more than 70 Internet cafes and 10 Public Internet centers
operating in Ulaanbaatar. The Internet cafes offer shared access to the Internet, fax over IP and
Internet phone services to the public.
In the Systems Requirements Document, estimation is made based on the fact that ten
percent of Mongolians use the Internet in their daily lives. (This number was used only to
calculate the quantity of benefits in the costs-and-benefits analysis.) Thus, the online sales are
estimated to bring an additional five to ten percent increase to Chinguun-Tulga’s revenue. It
means that through its e-commerce online system, Chinguun-Tulga will earn at least $1,000 (5
percent of $20,000 in revenue) a year, or perhaps even more. This may not happen right away
but again the number was used to derive the amount of benefits so that the comparisons among
different scenarios become possible.
Tools used
The following applications are used for this project: Dream Weaver MX, Photoshop CS3,
PhotoFiltre Studio, Adobe Kuler, and EmFTP.
Created by Macromedia, DreamWeaver MX is a powerful WYSIWYG (What You See Is
What You Get) tool that helps edit HTML, PHP, CSS, and Java Script files. It has great
functionalities, such that while you work on the source code window, it allows you to view the
site directly in the design window. DreamWeaver has been practiced for over two years, and I
feel very comfortable using it. A great feature of DreamWeaver MX is the file
transferring/synchronizing tool. Once you provide DreamWeaver MX with your web server’s
username and password, the file transferring feature will start working. For example, if I need to
put (or receive) a file from my system to the web server, I would open the desired file and click
Page | 8
on PUT (or GET) from the site menu on the top. DreamWeaver MX is also used to gather the
color names with its six digit hexadecimal names for the website.
Photoshop CS3 is also used in this project. The product images were received in a digital
format via e-mail from Mrs. Chuluunbaatar. There were a lot of problems with the product
images, and most of the photos needed to be edited and cropped. All the product photos were
taken by an amateur Mongolian photographer and they did not meet my expectations. Ideally,
each image should have been taken on a clear white background with lights shining directly onto
it. Since the images were on blue or dark backgrounds, the Photoshop CS3 was used for editing.
Photoshop CS3 was also used to create the logo of Chinguun-Tulga.
Also, an application called PhotoFiltre Studio is used, and it is quite similar to Photoshop
CS3. PhotoFiltre Studio is utilized to create a 16 x 16 pixels icon image. This icon appears on the
left side of Chinguun-Tulga’s URL address in the web browser. Compared to Photoshop CS3,
the PhotoFiltre Studio uses less memory and resources, and it loads to the computer quicker than
Photoshop CS3.
Adobe Kuler is used to choose the colors in the website. Deciding what combination of
colors to use for Chinguun-Tulga’s website was a challenging task in this project. To come up
with appealing colors, I researched on the Internet and found out about many useful color
matching tools. One of the best freely available color matching tools was Adobe Kuler (available
at http://www.adobe.com/kuler) from Adobe. It allows webmasters to visualize what colors
would go well with others; in fact, one can create a color-based theme from a combination of
five web safe colors that match the best. For the purpose of this project, I set the base colors as
light blue and light green. The other three colors are automatically selected by Adobe Kuler, and
those were white beige, white, and oceanic blue.
EmFTP is utilized to facilitate file transferring between the local machine and the web
server. Although DreamWeaver MX took care of most of the file transferring, there were image
files that needed to be transferred using the EmFTP. Not only EmFTP transfers files, but it also
can change file permissions to read, write, and execute.
Page | 9
Web hosting provider
The 1and1 Internet, Inc. (www.1and1.com) is chosen as Chinguun-Tulga’s web hosting
provider. 1and1 Internet is located in Chesterbrook, PA in the United States. I did not choose a
Mongolian web hosting provider because of the high webhosting costs. 1and1 Internet is
considered as a better choice because of the additional services it provides. If you sign up on the
six-month-contract with 1and1 Internet, they will give you a free domain name, and you can
choose from .com, .net, .us, .org top level domains. The web space is 10GB, and the monthly
transfer volume must be within 300GB. Not only they offer one free domain name, but give ten
MySQL databases and a user friendly control panel for configuring domain, sub-domain,
webmail, and FTP access. The best of all, their monthly fee for web hosting is very reasonable -
$3.99 a month.
There are reasons for not choosing a Mongolian host at the moment. First, it costs at least
$50 to register a domain name8, and the web hosting fees range from $8 to $20 per month9; and
the given web space is very limited compared to what 1and1 Internet offers. If Chinguun-Tulga’s
website was hosted in Mongolia, it will cost about three times more than that of 1and1 Internet’s.
Considering the cost as the main factor for this project, Mongolian hosts were not selected.
Another reason why a Mongolian host was not preferred is because of frequent power failure
incidents in Ulaanbaatar; thus Mongolian web hosting providers will not guarantee a 100 percent
up-time for Chinguun-Tulga’s website. In the future, as hosting fees and the domain name
service fees go down with Mongolian web hosting providers, Chinguun-Tulga’s website should
be moved to a Mongolian web hosting provider for efficiency purposes. But for now, going with
1and1 Internet is the ideal solution.
While working on this project, I realized that it is impossible to use GoDaddy’s 256-bit
Turbo SSL certificate on 1and1’s web server. GoDaddy.com, in the present SSL market (as of
September 2007), offers the least expensive SSL certificate, such as Turbo SSL, for only
$19.99/year. This Turbo SSL certificate verifies the domain control and secures your site; and
GoDaddy also issues a seal that can go on your website. Unfortunately, GoDaddy’s certificate
could not be installed on 1and1’s server due to 1and1’s policy. In order for the GoDaddy’s
8 The current largest .mn domain name registrar www.domain.mn charges $49.95/year for a single .mn domain.9 MagicNet, the ISP company in Mongolia currently charges $8 per month for 30 mb webspace. <http://www.magicnet.mn/webhosting/index.htm>
Page | 10
Standard SSL to work, I needed to obtain a Certificate Signing Request (CSR) from 1and1, and
when contacted 1and1’s Technical Support Department, they refused to sign the request. Instead,
they offered 1and1’s SSL certificate that is originated by GeoTrust for $49/year. As a result,
my costs-and-benefits analysis in the Systems Requirements Document needed to be revised.
Using GoDaddy’s Turbo SSL certificate (available for $20), I originally came up with $477 for
the total initial cost, and $428 for the annual maintenance cost. Since GoDaddy’s SSL certificate
was no longer an option, the costs-and-benefits analysis had to be re-calculated using 1and1’s
SSL offer. By choosing 1and1’s SSL certificate (available for $49), the total initial cost came to
$506, and $457 for the annual maintenance cost. The Systems Requirement Document has been
updated with this new information.
Page | 11
Evaluation of Project
When the project began, I used the materials from the classes I took in my master’s
program courses. After completing research on creating an e-commerce website using open-
source technology, the following is the final outline:
Design Document:
IntroductionWebsite GoalsUser Experience
Audience Definition Scenarios
Competitive AnalysisOnline Shopping Site Content
Front-End/Public Viewers’ Site Contents Back-End/Database Administrator’s Contents
Database Elements (Database tables are located in Appendix B)Payment MethodsMarketing Approaches
Keywords Tell-A-Friend Feature Affiliate Program Measuring the Traffic
Security Types of Security Threats Securing www.Chinguun-Tulga.com Payment Gateway Security SSL for Chinguun-Tulga Hosting Server Security Database Security Risk Analysis Business Continuity Plan
Website Maintenance Document :
ConfigurationCatalogModulesCustomers
Page | 12
Locations/TaxesLocalizationReportsToolsCascading Style Sheets (CSS)
Systems Requirements Document:
Executive SummaryInformation Systems BackgroundFunctional Requirements
Dataflow Diagrams Process Descriptions Data Dictionary Flows Data Store Design Database Schema Form
Environmental RequirementsAlternatives
Scenario 1: Ready-To-Use Package: 1&1 eShops Scenario 2: Ready-To-Use Package: Network Solutions Scenario 3: E-commerce software: VP-ASP Shopping Cart Scenario 4: Open-Source Solution: OS Commerce
RecommendationProject Schedule (Gantt chart)
As mentioned before, this e-commerce website is created for a Mongolian company and
the target audiences are Mongolian customers. I believe the e-commerce system that I created for
Chinguun-Tulga will generate more revenues. The best way to market this website is to ask other
Mongolian websites to list Chinguun-Tulga’s URL on their websites. Also, Chinguun-Tulga’s
website has been submitted to Google, the largest search engine in the world.
The necessary changes were made in the material based on Professor Zimmer’s
suggestions. Professor Zimmer teaches both undergraduate and graduate level web system design
and development courses at Edinboro University of Pennsylvania. During the course of my thesis
project, she constantly gave feedbacks on the work that I have done. Professor Zimmer and I
Page | 13
tested Chinguun-Tulga’s e-commerce system both from the perspective of a store owner and a
customer.
Given the time constraint, a few things I wish I could have done for this project are:
At http://www.chinguun-tulga.com:
Flash or dynamic banners which display products randomly so that it attracts
customers
At http://www.chinguun-tulga.com/catalog, below the header section:
Testimonial information from customers who actually purchased from Chinguun-
Tulga’s e-commerce system
Mongolian version of the Website Maintenance Document
Paper catalog of products
Improve product images by re-taking all pictures on a white background
Exchange links with Mongolian websites that attract large volumes of Mongolian visitors
Page | 14
Conclusion
After completing the entire website, my understanding is that creating an e-commerce
system for a retail company may be a complex project for one person to develop, but it can be
done if more time is invested and further research is done. OSCommerce is one of the freely
available technologies for online store management system. OSCommerce does not profess to be
the “ultimate” e-commerce solution. Rather than attempt to be all things to all people, it provides
a basic set of functionality that meets the common needs of almost all online businesses. In its
website, it has community-supplied add-ons meaning that it can be customized to meet the
specific needs of any business. Visual aesthetic is very important in a web development project,
thus an advanced knowledge of Photoshop CS3 or PhotoFiltre Studio application can help create
better graphic images. Also, choosing colors is imperative because colors give the general look
and feel for any type of website.
Systems analysis, information technology, web system development and design,
electronic security, and documentation are very important components of a web development
project of any size. Knowing the principles of project management will help with the planning of
a project and outlining of the necessary steps. To produce a good and successful e-commerce
website, one should integrate all the knowledge acquired from the courses mentioned above and
dedicate oneself by investing an adequate amount of time in the project.
Page | 15
Bibliography1. Adobe Kuler. 10 October 2007 <http://kuler.adobe.com>.
2. Day, Kevin. Inside the Security Mind: Making the Tough Decisions. Upper Saddle River:
Prentice Hall, 2003.
3. Dowla, Rafi. "Web System Deisgn and Development Using Open Source Technology."
Technical Report 06-03. 2006.
4. "Network Security." FitzGerald, Jerry and Alan Dennis. Business Data Communications
and Networking. 8th. Danvers: FitzGerald & Associates, 2005. 356-406.
5. ITU. International Telecommunication Union. <http://www.itu.int>.
6. Leon, Harold Ponce. Welcome to osCommerce. May 2007 <http://oscommerce.com/>.
7. Mongolian National Statistical Office. September 2007 <http://www.nso.mn>.
8. Mookhey, K. K. Common Security Vulnerabilities in e-commerce Systems. 26 April
2004. 25 October 2007 <http://www.securityfocus.com/infocus/1775>.
9. Morochove, Richard. "Measure Your E-Commerce Site's Performance." PC World 15
October 2007.
10. osCommerce. "osCommerce 2.2 Milestone 2 Update 051112 Documentation."
http://www.oscommerce.com.
11. OSCommerce. Security and Privacy Proposal. 7 April 2005.
<http://www.oscommerce.info/kb/osCommerce/Developers_Section/Implementatio
ns/4>.
12. Pfleeger, Charles P and Shari Lawrence Pfleeger. Security in Computing. 3rd. Upper
Saddle River: Prentice-Hall, 2003.
13. "The Risk Register." Schwalbe, Kathy. Information Technology Project Management.
4th. Thomson Course Technology, n.d.
Page | 16
14. Shelly, B Gary, Thomas J Cashman and J Harry Rosenblatt. "Strategic Planning
Overview." Systems Analysis and Design. 6th edition. Thomson Course
Technology, n.d.
15. Sklar, David. Learning PHP 5. 1st edition. O'Reilly Media, July 2004.
16. The World Factbook: Mongolia. 18 October 2007.
<https://www.cia.gov/library/publications/the-world-factbook/geos/mg.html>.
17. Turban, Efraim. Electronic Commerce: A Managerial Perspective. Upper Saddle River:
Prentice Hall, 2006.
18. UNICEF. At a glance: Mongolia. September 2007
<http://www.unicef.org/infobycountry/mongolia_statistics.html>.
19. W3C. W3C main page. <http://www.w3c.org>.
20. W3Schools, free web development information. <http://www.w3schools.com>.
21. Welling, Luke and Laura Thompson. PHP and MySQL Web Development. 3rd edition.
Sams, 2004.
22. Wikipedia, Community managed encyclopedia. <http://www.wikipedia.org>.
23. World Bank. <http://www.worldbank.org>.
24. Zimmer, Ellen. Professor Zimmer's Home Page. September 2007
<http://cslab103.cs.edinboro.edu/~zimmer/web/it660.html>.
Page | 17
Design DocumentThis document describes the project goal and scope, Chinguun-Tulga Company’s background and mission, intended website audience, design decision, front-end site content, back-end site content, database elements, security, payment options, and the methods that used to measure the website traffic. In the appendix section, the website maintenance document and the systems requirements document are included.
Page | 18
I. Introduction
Chinguun-Tulga, established in 1999, is a small B2C (business-to-customers) company that sells office supplies through its retail store. Most products are imported from China, and once a month, new inventories are shipped from Beijing. The retail store is conveniently located in a busy district at the heart of Ulaanbaatar.
The store operates Monday through Friday from 9:00 am to 8:00 pm, and from 9:00 am to 6:00 pm on Saturdays. It is closed on Sundays and during the major holidays such as Independence Day and Mongolian Lunar New Years days. The owner of Chinguun-Tulga, Mrs. Sarangerel Chuluunbaatar, hired three sales people who assist customers at the store with the checkout process.
Mission Statement
Chinguun-Tulga’s mission is to provide high quality service to all its customers with a professional, kind, and supportive manner. Chinguun-Tulga is committed to being the best in all areas of its business. Chinguun-Tulga’s vision is to:
Treat every supplier, employee, and customer with honesty, dignity and respect. Impress our customers, current and prospective, to encourage future business. Improve all aspects of service delivery to our customers, our employees and our
community. Provide a safe and convenient environment to shop.
Statistics:
- Chinguun-Tulga carries about 150 different types of office products in categories such as binders/ document organizers, punchers/staplers, pens and pencils, papers and note cards, paper clips and pins, calculators, rulers, erasers, document shredders, and desk accessories.
- Average weekly sales range from ₮500,000 – ₮1,500,000 Mongolian Tugriks ($500 - $1,500 in U.S. Dollars)
Goals and Deliverables of the Project
The goal of this project is to increase sales by creating an e-commerce website for Chinguun-Tulga, where customers will be using the Internet to make their purchases. The deliverables of this project will be:
- Front-end website (http://www.chinguun-tulga.com/catalog) - Back-end website (http://www.chinguun-tulga.com/catalog/admin)- Design Document- Website Maintenance Document- Systems Requirements Document
Page | 19
II. Website Goals
Chinguun-Tulga Office Supply Store will provide product information and service for customers through their online store, at www.Chinguun-Tulga.com. Customers will be able to access information through the website for services such as product listings, product pricing, product descriptions, upcoming products, best selling products, and special product discounts. After browsing, customers can conveniently purchase the products using the online shopping cart. If customers have any questions or concerns, they may fill out a form on “contact us” page on the website.
The secondary goal of the website is to increase sales by attracting more customers. On their website, Chinguun-Tulga will provide up-to-date information both to the customers and the employees. New visitors will be able to see the new products, while the employees can keep track of inventory by logging on to the back-end of the website.
III. User Experience
Audience Definition
I spoke with Mrs. Sarangerel Chuluunbaatar, Director of Chinguun-Tulga Office Supply Store, on June 7, 2007 to discuss the development and structure of the website. One of the key questions addressed was the intended audience. Below is a list of the intended audience that was discussed in the conversation along with definitions for further clarity.
New Customers – customers that are considering buying at www.chinguun-tulga.com, and want to inquire about products offered.
Current Customers – established customers who have already purchased from the retail store and want to find out about additional services online.
Referred Customers – friends or someone who knows the current customers that are considering buying office products, and want to learn about the products and services being offered.
Chinguun-Tulga Staff – employees who work for Chinguun-Tulga, who may need to keep track of inventory, arrangements for shipping, and want to check for accuracy of product description and price.
Chinguun-Tulga Director – Mrs. Chuluunbaatar will be adding new products on the website, and will review products that were sold, orders that are pending, processed orders, and the status of payments.
Page | 20
Scenarios
Scenario 1
Character: New Customer
Jojo works as an administrative assistant at a prestigious cosmetics company in Ulaanbaatar and loves shopping online. Her supervisor told her to buy a document shredder, three boxes of A4 format paper, and some desk accessories for the company. Jojo usually goes to a nearby office supply store, but this time, she really wants to shop online and explore more online stores in the Ulaanbaatar city area. So, Jojo finds out about Chinguun-Tulga’s online store, and she needs to know if Chinguun-Tulga offers what she is looking for.
Purpose:
Jojo visits Chinguun-Tulga’s website and searches for a document shredder, papers, and desk accessories. She looks at the category list on the left side of the website, and clicks on the corresponding categories. To make her search even easier, she could simply use the “search by keyword” tool located on the top area of the website. She may also want to find out about the available payment methods. To find out about it, she clicks on the “conditions of use” link and reads all about payments. Once she finds the answers, she feels happy to be shopping online!
Scenario 2
Character: Current Customer
Enn is a 23 year old recent college graduate that that shops at Chinguun-Tulga Office Supply Store on a frequent basis. This time he wants to purchase school supplies that are on special sale.
Purpose:
Enn visits Chinguun-Tulga’s website and sees some of the special products on the very first page. To find out about more he clicks on the specials link. This page displays all items that are currently on sale. From here, Enn adds the items he wants on his shopping cart, and when he is ready to checkout, he simply clicks on the checkout link.
Scenario 3
Character: Customer Who Wishes to Contact Chinguun-Tulga
Phil is an Art teacher who works at an elementary school in Ulaanbaatar. Phil is looking for water colors for his third grade students and wants to know if Chinguun-Tulga carries what he is looking for. He finds that the website offers water colors from three different vendors. He needs to contact Chinguun-Tulga to find out if there is any more water colors they carry.
Page | 21
Purpose:
He goes to Chinguun-Tulga’s website and locates the link to the contact us page. The contact us page has a form that allows visitors to send e-mail message conveniently. Phil fills out the form and submits his message to Chinguun-Tulga, and he receives a reply in an hour!
Scenario 4
Character: Store Owner
Mrs. Chuluunbaatar wishes to do the following:
-To keep track of her online customers and the receipt of their orders. She needs this information as soon as it becomes available.
-She also wants add new products on the website and put some products on special discount or clearance.
There are two ways for her to know whether she sold goods online or not. The first way is receiving an individual e-mail after each successful online transaction. After the payment has been processed, the system will automatically generate an e-mail and send it to [email protected] with the transaction details. The other way to know about online sales will be to login to the administrative side of the website. To do that, Mrs. Chuluunbaatar will use her administrator’s username and password. The first upcoming page will display all completed and pending orders with the date and time.
Mrs. Chuluunbaatar will use the administrator’s website to add new products. As stated earlier, each month the store receives inventories from Beijing, and new products that are not listed on the website need to be added. Also, Mrs. Sarangerel needs to be able to add products, reduce inventories, or offer special discounts without any difficulty.
Page | 22
IV. Competitive Analysis
The competitive analysis is divided into two sections. One section will be devoted to analyzing stores in Ulaanbaatar:
www.officemax.mn (Store that sells electronic and office supplies online) www.asuult.net/beleg (Store specializing in hand-delivering gifts and greetings in the
Ulaanbaatar area)
The second section will be devoted to analyzing big office supply stores in the United States:
www.staples.com (Store specializing in office products and electronic appliances) www.officedepot.com (Office supply and furniture store)
These websites were compared based on the following features:
- Site Design (10 points)- Site Navigation (10 points)- Overall Look and Feel (10 points)- Consistency throughout the Website (10 points)- Up-to-Date Information (10 points)- Security (10 points)- Payment Options (10 points)
Each website is thoroughly reviewed, and the comments and ratings are given for each website on the following pages. The highest possible score for a website is 70 points, and each feature as listed above are measured on a scale from zero to ten, ten being the highest, and zero being the lowest.
Page | 23
Store 1: www.OfficeMax.mn
General Site FeaturesScore Comments
Site Design 10Centered and has a repeating gray photo in the background. Used only primary colors such as red, black, and white. Products are displayed in three columns. Has dual language feature.
Site Navigation 10Excellent navigation. All menus are visible on each page and located mainly on the top and the left side. Products are divided in technology, furniture, electronics, and office supplies categories.
Overall Look and Feel 10Professional and very clean. Has a welcoming feel, but it would be nicer if they had a dynamic ad that displays savings, discounts, and weekly ads etc. Also, the name seems to be borrowed from a U.S. based store.
Consistency throughout the Website
8 About us page seems to be using 100% table width. The links to company introduction, logistics, and investment are dead.
Up-to-Date Information 8 The website has a copyright logo and year. The date is not up-to-date.
Security 5 SSL seems to be unknown. Officemax.mn does not allow customers to create an account, thus the checkout process was impossible for new shoppers.
Payment Options 10 Bank transfer; Zoos, Capitron, Khas bank credit cards; Visa, Master Card,
Page | 24
Total: 61
Store 2: www.Asuult.net/beleg
General Site FeaturesScore
Comments
Site Design 7 Centered design, flash banner on top; Choice of only few colors, looks busy, hard to focus, and not enough empty space.
Site Navigation 9 Global navigation should have more than two links. The left side has categories: menu and special gifts. There is no search feature.
Overall Look and Feel 8 The choice of text font is not good. Images of the products are nice, however, buttons such as "Add to Cart" and "Checkout" are too big.
Consistency throughout the Website
10 All pages stay consistent with one another.
Up-to-Date Information 5 There are no weekly specials or sales announced on a regular basis. No category such as NEW PRODUCTS
Security 10 Connection encrypted with AES-256 bit high grade encryption. SSL certificate issued by www.UserTrust.com expires on 5/25/2008.
Payment Options 10 Visa, Master Card, Paypal, Pay-by-phone, Money Transfer: Money Gram and Western Union
Total: 59
Page | 25
Store 3: www.Staples.com
General Site FeaturesScore
Comments
Site Design 9Entire website is aligned to the left. The background color is combination of green and light green, and the main body is on a white background. Too many colors are used.
Site Navigation 10
Excellent navigation. All office products are listed under OFFICE SUPPLIES menu. Product pages display product details, and also show a considerable product in a blue box. If more information is needed, the links are provided within the same page. Shoppers do not have to click on the back button.
Overall Look and Feel 9 Overall look is professional, but it could have been improved if fewer colors were used. The dynamic ad is not professional enough.
Consistency throughout the Website
10 All information is provided in the section that is aligned to the left. Everything stays consistent.
Up-to-Date Information 10 Just like OfficeDepot, they have weekly specials, and offer great savings on a regular basis.
Security 10 Connection encrypted with AES-256 bit high grade encryption. SSL certificate issued by RSA Data Security, Inc, expires on 10/17/2007.
Payment Options 10 American Express, Discover Network, Master Card, Visa, Office Depot Credit Card
Page | 26
Total: 68
Store 4: www.OfficeDepot.com
General Site FeaturesScore
Comments
Site Design 10Clean, crystal, and the centered style gives a focused and professional look to the website. Bright red color distinguishes the horizontal menu from other sub menus on the bottom.
Site Navigation 10
Excellent navigation. All office products are listed under OFFICE SUPPLIES menu. Product pages display product details, and other related products. If more information is needed, the links are provided within the same page. Shoppers do not have to click on the back button.
Overall Look and Feel 10 Well organized! Not busy and has a welcoming feel. The dynamic ad on top is very informative.
Consistency throughout the Website
10 Menu on the left side stays consistent with the entire website.
Up-to-Date Information 10 Weekly specials are announced frequently.
Security 10 Connection encrypted with AES-256 bit high grade encryption. SSL certificate issued by RSA Data Security, Inc, expires on 10/21/2008.
Page | 27
Payment Options 10 American Express, Discover Network, Master Card, Visa, Office Depot Credit Card
Total: 70
After reviewing each website based on the criteria, I found that the best website for online shopping was OfficeDepot, with a total score of 70. OfficeDepot’s website breaks down the various office products into many categories, making the navigation to desirable information much easier. OfficeDepot has a global horizontal menu that makes navigation less time consuming, and provided an abundant information about their products and services in a format that is very easy to read. The content was well structured with great product images. For instance, if binders and accessories was selected from the horizontal “office supplies” menu, a shopper would see images of binders with the corresponding prices as well as exclusive brand products and the best selling products in the category. The search of products can also be narrowed down by keywords, item numbers, brand, and price.
Staples’s website is very well organized and provides the products’ information in three main categories: office products, technology, and furniture. The site design is good, but everything is aligned to the left, making the website look busy and hard to read. Although the overall look and feel is very welcoming, there seems to be many different mismatching colors. For instance, the yellow frame on each product box does not match with the other main colors such as red and green. Moreover, their dynamic ad on the index page should be created in a more professional way. Accordingly, based on the information above, I gave them a total score of 68.
The next best website was www.Asuult.net/beleg, and this one earned a total score of 59. Asuult.net is one of the most visited sites in Mongolia, and it provides information in the areas of computer programming, website listings, Mongolian songs, entertainment, and dictionary etc. They recently launched their gift delivering services in Ulaanbaatar, and most orders come from people who are living and working outside of Mongolia. In terms of site design, there seems to be too much empty space and usage of large font size to fill it. No information is provided regarding terms of use, payment methods, and security. In fact, to find out about their SSL and payment options, I had to create a testing account and went through the entire checkout process. Information regarding security and payments should be readily available in a Condition of Use section. Even though the navigation was easy, they could add more things such as testimonials, special discounts, and weekly ads.
In the Ulaanbaatar city, www.OfficeMax.mn would be my choice. Their office products were listed in a very professional and easily readable way. Plus, the design is very comprehensive and the entire site has a welcoming feel to it. Not only the site navigation was easy, but the site also provides a lot of information for shoppers interested in buying from them. In reference to consistency, some links were dead, and in the About Us page, the organization chart caused the website to display disproportionally. Another issue with this site is the difficulty to checkout. To purchase from them, a shopper must be a previous customer or must send a request to be their customer to Officemax.mn. This feature might give a wrong impression to customers by not allowing them to instantly create an account and to checkout. Thus, based on this information, I gave them a total score of 61.
Page | 28
V. Site Content
The website of Chinguun-Tulga Office Supply Store has two sides: front-end website for public viewers and a back-end website for the administrator(s). Please refer to Appendix A to view the site architecture.
Front-End/ Public Viewers’ Site Content
A. The front-end homepage will contain information about the products that are offered at Chinguun-Tulga in different categories, an option to select products by manufacturers, new products that were recently added, shopping cart contents of the customer, best selling products, and special items that are on sale. There are also links to such information as - shipping and returns, privacy notice, conditions of use, contact us, - as well as a search tool.
B. The front-end site connects directly to the MySQL database to retrieve data from the database. The basic data exchanging scheme is described as follows:
C. The navigation tabs are located on the top and left side of each page and have links to the following main sections:
1) My Account (Allows customers to see an overview of their account)2) Cart (Cart displays items currently in the shopping cart)3) Checkout (Checkout allows shopper to complete their online purchase)4) Categories
i. Bindersii. Staplers
iii. Hole Punchersiv. Tapes
1. Tape holders2. Tapes
v. Paper Clips and Pinsvi. Notepads
vii. Document Organizersviii. Calculators
ix. Document Shredders
Page | 29
x. Desk Accessories1. Correction Tapes and Pens2. Desktop Document Holder3. Glue Sticks4. Rulers5. Pencil Basket6. Waste Basket
xi. Markersxii. Magnifying Glasses
xiii. Erasers and Lead Refills1. Erasers2. Pencil Lead Refills3. Pen Refills
xiv. Pens and Pencils1. Pens2. Pencils
5) Manufacturers (It is a drop down menu of Manufacturers)6) What’s New (A box that randomly shows new products with each new click)7) Quick Find (A search box that allows shoppers to search for products)8) Information Box
i. Shipping and Returnsii. Privacy Notice
iii. Conditions of Useiv. Contact Us
9) Order History (If a customer is logged in, his/her order history will be shown)10) Bestsellers (A box that shows a list of five best selling products)11) Specials (A box that displays an item that is currently on sale)12) Languages (Language box allows shoppers to select their preferred language:
either English or Mongolian)
Functional Requirements
1. The main goal of the website is to provide an up-to-date, complete list of the products carried by Chinguun-Tulga Office Supply Store in a professional manner.
2. When a user visits the site, they should be able to locate the information they seek in a timely fashion.
3. It is also important for the website’s default language to be set in Mongolian. The English version of the website is created for the thesis committee members.
4. The website must be easily updatable and user-friendly to Mrs.Chuluunbaatar and the employees of Chinguun-Tulga.
Page | 30
Front-End Site Design
Each page on Chinguun-Tulga’s website has three basic components: header, body, and footer; and the pages are based on the following design:
Header
Menu1 | Menu 2 | Menu 3 | Search box
BodyBreadcrumb
Column Left
Categories Category 1Category 2Category 3…
Manufacturers
What’s New
Quick Find
Information
Shipping & ReturnsPrivacy NoticeCondition of UseContact Us
Personalized Greeting
New Products
Product Aprice
Product Bprice
Product Cprice
Product Dprice
Product Eprice
Product Fprice
Product Gprice
Product Hprice
…
Column Right
Shopping Cart n items
Order History
Bestsellers
Specials
Languages
[Current Date] Number of Request Since [Date Created]
FooterPayment Option Logos Copyright Date
Store Name
Page | 31
950 pixels
Site Creator’s Name
Page | 32
Designing the front-end website was quite demanding and required a lot of time on different combinations regarding the site design and color matching. The last version of the website has a white background and is positioned in the center; and its elements are included in a table with a border that equals zero. There is no specific value assigned to the height in the tables because when different quantities of products are displayed, it will stretch the website in the vertical aspect. Therefore, limiting the height will display the website improperly. On the other hand, the widths of tables are no greater than 950 pixels. 950 pixels was a great choice because most computers at present have screen resolutions of 1024 x 960, 1280 x 960, 1280 x 1024 and higher. As mentioned earlier, in each page, there are three main parts: header, body, and footer.
The header section is positioned at the absolute top of each page. The table that houses the header codes has a border that equals zero, making the table look invisible to viewers. Also, it is divided into two sub-columns. Dividing the table into two columns was necessary because I wanted to position the logo of Chinguun-Tulga to the left and the navigation menu links along with the search feature to the right.
The body lies right below the header and starts with breadcrumbs. Breadcrumb navigation provided at the top of the page indicates the route and location of the current page. Below the breadcrumbs, there is a table that has three sub-columns. The first column is named Column Right, the left column is Column Left, and the column in between contains the product information, new products for each current month, etc. In the Column Left the following items are included in a box style:
Categories – a box containing all available categories: binders, staplers, etc. The number of products in each category is shown in brackets. For example: Binders (4), Staplers (5) – it means there are 4 items in binders, and 5 items in staplers category.
Manufacturers – a drop down menu that allows a shopper to select products by manufacturers
What’s New? – a box that displays a new single item along with the price on the bottom
Quick Find – This box has a form field that allows a shopper to search items by keywords, for example: pen OR eraser. (OR operator is allowed). Beneath the form field, there is a link to the Advanced Search option. A shopper will be able to search products by specifying more fields such as categories (a dropdown menu), manufacturers (a dropdown menu), minimum price, maximum price, date from (mm/dd/yyyy), and date to (mm/dd/yyyy).
Information – This box contains links to shipping and returns, privacy notice, conditions of use, and contacts us pages. If a shopper clicked on each link, the corresponding information will be displayed in the column between Column Left and Column Right.
On the opposite side, in the Column Left section, the following information is available:
Shopping Cart - a box that displays what and how many items currently in the cart. Visitor’s cart items are transferred to a customer’s cart once the visitor creates an account at Chinguun-Tulga’s website.
Page | 33
Bestsellers – a box that displays a list of five best selling items. Specials – a box that displays products that currently have reduced prices.
Product’s image, old price, and the new price are shown in this box. Languages – this box simply shows a flag of England and Mongolia. If a shopper
wants to view the website in English, the English flag should be clicked, and for Mongolian, the Mongolian flag should be clicked.
The footer follows the body column. The footer starts with a table consisting of two sub-columns with a border that equals zero, making the table invisible to viewers. The sub-column in the left contains the current date in the following format: Wednesday, 10 October, 2007. On the right side sub-column, the number of hits is shown along with the date that site was created. It will display something like this: 4825 requests since Monday 03 September, 2007. Below these, there is another table that has two sub columns with a border that equals zero. Here, the left sub-column has an image of available payment options. The visual aspect is a great way to let customers know of what payments are available in order to purchase from Chinguun-Tulga’s website. The right sub-column displays some texts such as the copyright date, copyright logo, the name of the store, and the creator of the site.
Colors Used
The most utilized five colors in the front-end website are:
light green (#99cc00) used in the box header, lighter green (#99cc33) used in the logo, light blue (#ccccff) used as cell background, white (#ffffff) used as general background, black (#000000) used for text color.
Macromedia DreamWeaver MX is the main software that was used to complete this project. DreamWeaver MX has a feature that displays all the colors used in the website. The figure on the left shows the various colors used within all the elements throughout the whole site such as - the text, table border, table background color, and images.
Deciding what combination of colors to use for Chinguun-Tulga’s website was another challenging task in this project. To
come up with appealing colors, I researched on the Internet and found out about many useful color matching tools. One of the best freely available color matching tools was Adobe Kuler (available at: http://kuler.adobe.com) from Adobe. It allows webmasters to visualize what colors would go well with other; in fact, one can create a color-based theme from a combination of five independent colors that match the best. For the purpose of this project, I set the base colors as light blue (#ccccff) and light green (#99cc00). The other three colors are automatically selected and those were: white beige (#fff4e6), white (#ffffff), and oceanic blue (#6ae8c7). The figure on the next page displays the exact choice of colors that were input.
Page | 34
It should also be noted that the colors used for the main text, titles, table background, and cell background can be modified by making changes in the cascading style sheet in the catalog folder. To find out more about what each class in the style sheet is responsible for, please refer to the CSS section in the Site Maintenance Document.
Page | 35
Back-End/ Administrator’s Site Content
A. The main goal of the back-end site is to allow store owner to update the front-end website without having troubles editing the source codes of the web pages. Rather, she will use the back-end site to easily alter any information that she feels necessary - at anytime from anywhere!
B. The access to the back-end requires a username and password, and the administrator(s) should always keep this information in a secure place.
C. The back-end homepage will contain important information regarding updating the front-end contents and other configurable contents such as: the administrator’s configurations, products in the catalog, payment and shipping options, customers’ list, reports, and tools to configure database backup/restoration, etc.
D. The navigation tabs are located on the left side of each page and have links to the following main sections:
1) Administration (index page of back-end)2) Online Catalog (a link to the store page)3) Configuration
i. Administratorsii. My Store
iii. Minimum Valuesiv. Maximum Valuesv. Images
vi. Customer Detailsvii. Shipping and Packaging
viii. Product Listingix. Stockx. Logging
xi. Cachexii. E-mail Options
xiii. Sessions4) Catalog
i. Categories/Productsii. Products Attributes
iii. Manufacturersiv. Reviewsv. Specials
vi. Products Expected5) Modules
i. Paymentii. Shipping
iii. Order Total6) Customers
i. Customers
Page | 36
ii. Orders7) Locations Taxes
i. Countriesii. Zones
iii. Tax Zonesiv. Tax Classesv. Tax Rates
8) Localizationi. Currencies
ii. Languagesiii. Orders Status
9) Reportsi. Products Viewed
ii. Products Purchasediii. Customer Orders Total
10) Toolsi. Database Backup
ii. Banner Manageriii. Cache Controliv. Define Languagesv. File Manager
vi. Send E-mailvii. Newsletter Manager
viii. Server Infoix. Who’s Online
Functional Requirements
1. The main goal of the back-end website is to provide a list of complete configuration management files to Mrs. Chuluunbaatar.
2. When Mrs. Chuluunbaatar logs in to the back-end site, she should be able to locate the links to the pages that alter front-end information.
3. The navigation in the back-end should be easy.
Page | 37
Back-End Site Design
Each page on the back-end site has three basic components: header, body, and footer; and the pages are based on the following design:
Header
BodyLink to Index | Link to Online Catalog
Column Left Body
Navigation ConfigurationCatalogModulesCustomersLocations/TaxesLocalizationReportsTools
Content
FooterStore Name Copyright Date
Site Creator’s Name
Page | 38
100 %
The back-end website has a white background and is positioned in the center; and its elements are included in a table with a border that equals zero. There is no specific value assigned to the height in the tables because when new category or new products are added, it will stretch the website in the vertical aspect. Therefore, limiting the height will display the website improperly. On the other hand, the widths of tables are specified to have 100 percent. By doing so the back-end site displays the entire site in full-screen in the horizontal aspect. Similar to the front-end design, each page in the back-end contains three main parts: header, body, and footer.
The header section is positioned at the absolute top of each page. The table that houses the header codes has a border that equals zero, making the table look invisible to viewers. A logo that reflects the Chinguun-Tulga’s Administrator Area was created and resides to the very left side in this table.
The body section lies right below the header and contains two sub-columns. The first column is named Column Left, and the adjacent column is called Body. The left sub-column contains the main navigation that includes links to: configuration, catalog, modules, customers, taxes, localization, reports, and tools. On the adjacent sub-column, the contents of configuration, catalog, modules, customers, taxes, localization, reports, and tools will be available. Also in this sub-column, there will be action buttons such as EDIT, DELETE, INSERT, MOVE, UPDATE, NEW PRODUCTS, and NEW CATEGORY. For example, if the administrator wants to add new product in the Desk Accessories category, she would go to the Catalog page, then to the Desk Accessories page, and click on the NEW PRODUCT button. (For more information about adding new products to the website, please refer to the Site Maintenance Document.)
The footer section follows the body. Unlike the front-end site, the footer in the back-end consists of only three rows. The top row displays the name of the store, copyright date, and the link to the front-end website. The middle row serves as a separation line between the top row and the bottom row, and it is colored in green. The bottom row contains the name of the site creator and a link to his website.
It should also be mentioned that if the administrator’s page is left idle for more than ten minutes, then the session will end, making the administrator log-off automatically. Thus, the back-end site has a self protecting tool from potential danger, and the administrator must keep in mind that once the necessary changes are made - always remember to logoff!
Page | 39
Database Elements
The database plays an important role in this project. As mentioned earlier, information entered in the database will be retrieved both to the back-end and the front-end of the website. Chinguun-Tulga’s database is hosted at www.perfora.net, and ten MySQL databases came along with the domain name and hosting plan package through www.1and1.com. The current database is stored behind a firewall to protect the website data, and the database is only accessible exclusively through the server. It means that direct access to this MySQL database using a home PC (external ODBC connection) cannot be established. The following are the important information regarding the database server:
Database Name: db216012793
User Name: dbo216012793
Password: xxxxxxxxxxxx
Host Name: db1109.perfora.net
Description: Chinguun-Tulga E-commerce Website Database
Version: MySQL 4.0
Used Storage Space: 0.12 mb
Max. Storage Space: 100 mb
Status: Ready
(Please refer to Appendix B to view the normalized database tables and ERD)
Page | 40
VI. Payment Methods
Before a shopper buys an item, we always tell him/her to make sure that our payment method works for him/her. Also, at Chinguun-Tulga.com, we will not store any credit card data. Credit card transactions are processed at third party websites such as 2CheckOut.com and Paypal.com.
There are four payment methods available to purchase from Chinguun-Tulga, and they are:
- Cash on Delivery- Check/Money Order- 2ChecOut.com- Paypal.com
Payment Method How It Works
Cash on DeliveryBuyer has to make the payment in cash on delivery of the item at the address mentioned by him/her. Buyer may inspect the item prior to making payment.
Check/Money Order
Buyer makes the payment in check or money order form. There is a risk that the check may be bounced. In that case, bounced checks can be traced by their banks and the penalty fees will be applied to the customer.
2CheckOut.com
2CheckOut.com processes Visa, Master Card transactions in an encrypted secure socket layer protocol. Facts:-The cost of initial setup is $49 USD. No monthly fees.-Each transaction that goes through this option will have 5.5% discount rate-Fee per transaction: $0.45
Example: If the total amount of the sale was $100, we will receive $94.05 from the 2CheckOut.com.
Paypal.com
Paypal.com processes Visa, Master Card, Discover, AMEX cards and if the shopper already has an account, he/she can submit the payment by logging into personal account. Paypal uses secure AES 256-bit encryption, and its certificate is issued by VeriSign.
Facts:-The cost of initial setup is zero. No monthly fees.-Each transaction that goes through this option will have 2.9% discount rate.-Fee per transaction: $0.30
Example: If the total amount of the sale was $100, we will receive $96.80 from PayPal.com
Page | 41
VII. Marketing Approaches
A. Keywords
Chinguun-Tulga’s website contains a meta tag for keywords, and it is inserted between the <body> and </body> tags. Keywords that identify Chinguun-Tulga’s website are:
<meta name="Keywords" content="Chinguun-Tulga, Chinguun-Tulga Office Store, e-shop in Ulaanbaatar, e-commerce Store in Mongolia, Online Shopping in Mongolia, Online Store in Ulaanbaatar, Mongolian Office Supply Store, Office Store in Ulaanbaatar, Office Store in Mongolia, Office Supplies, Papers, Binders, Staplers, Hole Punchers, Tapes, Paper Clips, Pins, Sticky notes, Document Holders, Calculators, Document Shredders">
Keywords are very useful tool because on the web keywords are the references to the content of the website. Search engine crawlers read the keywords of the website first, and then give index to the website in search ranking.
B. Tell-a-Friend Feature
Chinguun-Tulga’s website has a Tell-a-Friend feature that allows customers to send information about a specific product to their friends or someone they know. Tell-a-Friend feature appears on the right side of each product, and one simply has to enter a friend’s e-mail address to send information. For example, Rick was visiting Chinguun-Tulga’s website and found out that they offer “Steel 0.5 mm Pencil” that Bilguun was looking for. So, Rick uses the Tell-a-Friend feature to let Bilguun know about the pencil. Bilguun would receive an e-mail in the following format:
From: RickDate: Monday, October 22, 2007To: BilguunSubject: Your friend Rick has recommended this great product from Chinguun-Tulga Office Supply Store
Hi Bilguun!
Your friend, Rick, thought that you would be interested in Steel 0.5mm Pencil from Chinguun-Tulga Office Supply Store.
I found the pencil that you were looking for.
To view the product click on the link below or copy and paste the link into your web browser:
http://www.chinguun-tulga.com/catalog/product_info.php?products_id=103
Regards,
Chinguun-Tulga Office Supply Storehttp://www.chinguun-tulga.com/catalog/
Page | 42
C. Affiliate Program
Chinguun-Tulga could use affiliate program to increase traffic to its website. Affiliate program is an e-commerce program under which owners of one website send users to another website to purchase related items. Banner exchange is a type of affiliate program and it does not cost anything. For instance, Chinguun-Tulga can put the links of other Mongolian e-commerce websites on its own home page. In return, the other websites will have to put Chinguun-Tulga’s link on their homepages.
According to www.TopSites.mn, there are several Mongolian websites that attract large numbers of visitors. The top three are:
www.Caak.mn On average, this website attracts over 3,800 visitors a day from all around the world. They claim to be the largest entertainment portal website of Mongolia.
www.Orloo.com 1,800 visitors are attracted to this website on a daily basis. Orloo.com provides information mostly to people who are living and studying outside of Mongolia.
www.Terguun.com On average, over 1,400 people visit this website daily. They seem to target younger audience who usually seek new information, movies, songs, classified ads, and news.
It is highly recommendable that Chinguun-Tulga to initiate a banner exchange program with the sites that mentioned above. It will be a win-win situation for the both parties because the goals of all websites are to attract more visitors through an increased traffic.
D. Measuring the Traffic
There are two ways to measure the traffic to Chinguun-Tulga’s website: Logs and Google Analytics. Logs basically shows the amount of data exchange in terms of kilobytes and megabytes, while Google Analytics displays the website traffic in more useful way such as traffic sources overview, visitors overview, map overlay etc.
Logs
The first method for traffic measuring is the Logs. To see data, the administrator must login to the following page:
Address: http://www.chinguun-tulga.com/logs/traffic.html Username: u46281644Password: BEck1982
This method shows the analysis of monthly data transfer in separate protocols such as HTTP, FTP, and e-mail. A summary is shown in the first two columns, and the number of megabytes in each category indicates how many megabytes were actually consumed by the specified number of requests. For example, in September 2007, there were 44,079 total
Page | 43
requests and 255.5 megabytes of data exchange. Out of that, 37,488 requests and 222.3 megabytes of data exchanges were related to HTTP, and 6,591 requests and 33.1 megabytes of data exchanges were related FTP. The breakdown of monthly data transfer is shown below.
Analysis for September 2007:
Page | 44
Google Analytics
Google Analytics is the other method that is used for traffic analysis. A code that collects data is inserted in the catalog/index.php page. The following code is provided when you sign up with Google Analytics, and it is inserted just before the </body> tag.
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript" </script><script type="text/javascript">_uacct = "UA-1423455-4";urchinTracker();</script>
Google Analytics displays the following statistics:- Site Usage (Number of visits, page views, bounce rate, average time on site)- Visitors Overview (Number of visitors, visitor segmentation, technical profile)- Map Overlay (Map of countries, states, cities where the visits come from)- Traffic Source (Direct or referring websites, top traffic sources list, keywords)- Content Overview (Most visited pages, navigation analysis, click patterns)
Page | 45
For this project, Google Analytics is mainly used to measure the number of page visits by segments. Google analytics also allows the store owner to see which key words were used exclusively to bring customers to the website.
Page | 46
VIII. Security
In today’s world, the Internet is being used by almost all businesses, and the number of sales done over the Internet is greater than before. The increase in online transactions has been accompanied by an equal rise in the number and types of attacks against the security of online payment systems. If the business owner utilizes the Internet as the main channel to reach customers and a way of doing business, there may be vulnerabilities such as SQL injections, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows. Successful exploitation of these vulnerabilities can lead to a wide range of results. Information and path disclosure vulnerabilities will typically act as initial stages leading to further exploitation. SQL injection or price manipulation attacks could cripple the website, compromise confidentiality, and in worst cases, cause the e-commerce business to shut down completely.
Types of Security Threats
Recent numbers from the U.S. Department of Commerce show that online retail is continuing its rapid growth. However, malicious phishing schemes and fear of inadequate online security cause online retailers to lose out on business as potential customers draw back at doing business online, worrying that sensitive data will be abused or compromised. The truth is that there can be numerous threats to e-commerce sites and many of the threats result from poor design by the web masters; because the entire website was not developed with its database security in mind. The following are the common vulnerabilities discovered in shopping cart and e-commerce online payment systems: SQL injections, price manipulation, buffer overflows, cross-site scripting, remote command execution, and weak authentication and authorization.
SQL Injection
SQL injection refers to the insertion of SQL meta-characters in user input, such that the attacker's queries are executed by the back-end database. Typically, attackers will first determine whether a site is vulnerable to such an attack by sending in a single-quote (') character. The outcomes from an SQL injection attack on a vulnerable site may range from a detailed error message, which discloses the back-end technology being used, to allowing the attacker to access restricted areas of the site because he manipulated the query to an always-true Boolean value, or it may even allow the execution of operating system commands.
Price Manipulation
This is a vulnerability that is almost completely unique to online shopping carts and payment gateways. This is how it works: in the most common occurrence of this vulnerability, the total payable price of the purchased goods is stored in a hidden HTML field of a dynamically generated web page. An attacker can simply modify the amount that is payable, and this information flows from the user's browser to the web server.
The final payable price can be manipulated by the attacker to a value of his choice. This information is eventually sent to the payment gateway with whom the online merchant has partnered. Some websites that utilize PayPal, a payment processing service for online vendors,
Page | 47
can become a victim of this type of vulnerability. If the volume of transactions is very high, the price manipulation may go completely unnoticed, or may be discovered too late. Repeated attacks of this nature could potentially cripple the viability of the online merchant. An example of this type of attack will be addressed later in detail for Chinguun-Tulga’s website.
Buffer Overflows
Buffer overflow vulnerabilities are not very common in shopping cart or other web applications using Perl, PHP, and ASP. However, sending in a large number of bytes to web applications that are not geared to deal with them can have unexpected consequences. It is possible to disclose the path of the PHP functions by sending in a very large value in the input fields. For example, when 6,000 or more bytes were fed into a particular field, the back-end PHP script may show it was unable to process and may display the following error message:
“Fatal Error: Maximum execution time of 30 seconds exceeded in /www/html/func/admin/functions.php on line 163”
“Fatal Error: Maximum execution time of 30 seconds exceeded in /www/html/func/admin/add_cart.php on line 100”
Using this error information, the attacker may be able to get access to the restricted admin folder. According to SecurityFocus.com, multiple buffer overflows were discovered in the PDGSoft Shopping Cart, which potentially allowed the attacker to execute code of his choice by overwriting the saved return address.
As we can see, the error pages can serve as a valuable source for critical information. These errors can be induced in web applications that do not follow strict input validation principles. For instance, the application may expect numeric values and would fail when alphabets or punctuation characters are supplied to it.
Cross-Site Scripting
The cross-site scripting (XSS) attack is primarily targeted against the end user and leverages two factors:
1. The lack of input and output validation being done by the web application.
2. The trust placed by the end-user in a URL that carries the vulnerable web site's name.
The XSS attack requires a web form that takes in user input, processes it, and prints out the results on a web page, which also contains the user's original input. It is most commonly found in search features, where the search logic will print out the results along with a line such as 'Results for <user_supplied_input>'. In this case, if the user input is printed out without being parsed, then an attacker can embed JavaScript by supplying it as a part of the input. By crafting a URL, which contains JavaScript, a victim can be social engineered10 into clicking on it, and the script executes on the victim's system. A typical XSS attack URL would look like this:
10 Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.
Page | 48
http://www.vulnerablesite.com/cgibin/search.php?
keywords=<script>alert("OK")<script>.
In this case, when the victim clicks on this link, a message box with the text "OK" will open up on his system.
In most cases, the attacker would craft the URL in order to try and steal the user's cookie, which would probably contain the session ID and other sensitive information. The JavaScript could also be coded to redirect the user to the attacker's website where malicious code could be launched using ActiveX controls or by utilizing browser vulnerabilities, such as those in Internet Explorer or Mozilla Firefox.
Remote Command Execution
The most devastating web application vulnerabilities can occur when the CGI script allows an attacker to execute operating system commands due to inadequate input validation. This is most common with the use of the “system call” in PHP scripts. Using a command separator and other shell meta-characters, it is possible for an attacker to execute commands with the privileges of the web server.
Weak Authentication and Authorization
Authentication mechanisms that do not prohibit multiple failed logins can be attacked using tools such as Brutus11. Similarly, if the web site uses HTTP Basic Authentication or does not pass session IDs over SSL, an attacker can sniff the traffic to discover the user's authentication and authorization credentials.
Since HTTP is a stateless protocol, web applications commonly maintain state using session IDs or transaction IDs stored in a cookie on the user's system. Thus, this session ID becomes the only way that the web application can determine the online identity of the user. If the session ID is stolen (say through XSS), or it can be predicted, then the attacker can take over a valid user's online identity in relation to the vulnerable web site. Where the algorithm used to generate the session ID is weak, it is insignificant to write a PHP script to enumerate through the possible session ID space and break the application's authentication and authorization schemes.
11 Brutus can be downloaded from http://www.hoobie.net/brutus.
Page | 49
Securing www.Chinguun-Tulga.com
At Chinguun-Tulga’s website, the following is protected: the back-end website, all data that is pertinent to customers’ orders, database, connections to database, and usernames and passwords used to enter ‘Administrator Only’ areas. The logical structure of Chinguun-Tulga’s website is shown in the following diagram:
www.chinguun-tulga.com – the root of the website sits on a secure web server that is hosted by www.1and1.com
/catalog/ - all PHP files of the front-end site is located in the catalog directory
/catalog/admin/ - all configuration files of the back-end reside in the admin directory; it authenticates the user using session-based access.
/logs/ - logs directory contains the traffic.html file that displays the volume of the traffic created between clients and server; it authenticates the user using .htaccess.
The database server is not in the same machine as the web server, and it is hosted on a separate server at db1109.perfora.net
Administrator’s Area (Back-end)
The back-end site, http://www.chinguun-tulga.com/catalog/admin, is the heart of the project and it includes vital configuration files. The back-end is used by the store owner to add new products, remove old products, put products on sale, keep track of orders, and to create reports such as packing slips and customer order invoices. If the back-end of the web site is compromised by an attacker, he could not only steal data, but delete products and other important files and directories.
Authenticating the user and using sessions
A very common method of authenticating users is checking a database and using session. To use this authentication, we must have a database and tables for administrators, passwords, and sessions. Session is a unique number assigned to a client (visitor). This unique number is also used as a filename in the session table in the database. Because the client has the number on his
Page | 50
cookie the server can keep track of what he/she is doing by writing data to the session file. Sometimes, when starting the session the following error might show up:
Warning: session_start(): Cannot send session cache limiter – headers already sent (output started at ..\admin\ login.php:1) in ..\admin\ login.php on line 3
PHP will display this error message if the script executing session_start() already sent something. If there is even a single space before the <?php, this error will appear. The error shows the line number so it is not too difficult to locate the problem.
As the administrator logs in to the back-end, the PHP script checks the username and password against a hard coded pair. Using a SELECT statement, the database is queried to test if these two exist in the database. If a match is found, the session variable is set and the administrator moves to the main page.
If someone is logged in, it means that eventually they will need to be logged off, therefore login script is not complete without the logout script. The process of logging out a user depends on the status of the user, whether they are logged in or out. The server checks the status and can log out the user if the user is still logged in, if logged out, then the server doesn’t have to. In this case, we check whether $_SESSION[‘db_is_logged_in’] is being set or not and whether its value is true. Using this information, the logout script is built either to simply unset this session or set the session value to false. The script below uses “unset” method to log the user out.
<?php>session_start (); if (isset ($_SESSION [’db_is_logged_in’])) { unset($_SESSION [‘db_is_logged_in’]); }
header (‘location: login.php’);?>
For security purposes, if the administrator is logged in and the session continues to stay idle for at least 15 minutes, the server logs off the administrator automatically. Also, the administrators have passwords that are at least eight characters long, and for an attacker to break the password, it will take at least 528 trials. These passwords are stored in the administrator’s table in an encrypted form such as e59b526f0fb87305678856d2186ce4b7:49.
Using .htaccess
To prevent unauthorized access, the logs directory uses .htaccess method. .htaccess file provides a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular directory to apply those directives to the directory. If a directive is permitted in the .htaccess file, the value must be in AllowOverride in order for that directive to be permitted.
Here, I am going to discuss the .htaccess file and the power it has to improve a website. The most popular uses of .htaccess file are custom 404 error pages and the basic password protection. .htaccess is easy to implement and consists of a few simple instructions in text file. It can accomplish a huge range of things including: password protecting folders, redirecting users
Page | 51
automatically, custom error pages, changing file extensions, restricting IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file.
One of the most important uses of .htaccess is adding password protection to a directory. If a directory is password protected by an .htaccess file, then everything below this directory will be password protected as well. The following is an example of an .htaccess file that will implement password protection:
AuthName “Section Name”AuthType BasicAuthUserFile /full/path/to/.htpasswdRequire valid-user
“Section Name” is the area that is being protected using .htaccess. The “Section Name” should be replaced with an appropriate name. The “full/path/to/.htpasswd” should be changed to reflect the full server path to the .htpasswd file. Creating the password protection is a little bit more difficult than using the components of .htaccess. To setup .htaccess to password protect a directory, we need to create another file that contains the usernames and encrypted passwords. These should be placed in a file named .htpasswd. The file can be placed anywhere within your website but it is advisable to store it outside the web root, so that it is impossible to be accessed from the Internet. .htpasswd can be created using standard text editor, and the username and password should be entered in the following format:
username: password
To provide access to multiple users, additional lines of entry should be made for each user. When someone tries to access the http://www.chinguun-tulga.com/logs/ site, the browser will pop up a standard username/dialog box. In addition, a web application such as DynamicDrive (www.dynamicdrive.com) provides a tool that easily creates both .htapsswd and .htaccess files.
Customers’ Data (Front-end)
At Chinguun-Tulga.com, customers are required to create an account in order to complete their purchase. The following data are collected from customers:
- Personal Information: Gender, First Name, Last Name, Date of Birth, E-mail address- Company Information: Company Name- Address: Street Address, Suburb, Post Code, City, State, Country- Contact Information: Telephone number, Fax number
Customers also provide shipping and billing addresses upon checking out, and this information is used to create an invoice and packing slip for the order. To let customers know about the privacy policy, Chinguun-Tulga created a Privacy Notice page and it addresses the following issues: security and safety, personal information usage, how cookies are used, electronic communication, and protection of information. The goal is to inform the customers.
Page | 52
Security and Safety
Chinguun-Tulga notifies its customers that it does not keep the customer’s credit card data on its web server. Rather, customer’s credit card data is kept secure with the credit card processing agents, such as PayPal and 2CheckOut.Com. Having this statement relieves a lot of pressure for customers, and they feel secure and comfortable shopping at Chinguun-Tulga’s website.
Personal Information
Chinguun-Tulga also states that it gathers customer’s personal information, such as address and phone numbers, only to process and deliver orders. To provide an enhanced and more personalized shopping experience, Chinguun-Tulga may call the customers to verify their orders and provide post-purchase-services, such as future discounts and special pricing on selected items.
Cookies
Cookies are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts. Chinguun-Tulga uses cookies for two reasons. First, it checks to see whether the visitor is a registered customer. If he/she is not a registered customer, then Chinguun-Tulga asks to create an account. Second, Chinguun-Tulga uses cookies to identify the customer. There is no other way to know who is who if there was no readable cookie on the client’s browser. Registered users will be greeted by their first name, just like how Amazon.com greets users by their names. Most web browsers allow you to instruct the browser to prevent the use of cookies. However, if you disable this feature, some features of Chinguun-Tulga web site may not function properly.
Protection of Information
As stated before, Chinguun-Tulga uses personal information to establish an e-communication, to provide a secure and prompt service, to process orders, and to inform about new product offers and discounts. Customers’ information is the most important asset of Chinguun-Tulga’s business, and it does not share or sell customers’ information to third parties under any circumstances. However, Chinguun-Tulga reserves the right to disclose information provided by customers as required by law, in response to legal process and law enforcement requests and as necessary or appropriate.
Page | 53
Payment Gateway Security
PayPal is used as one of the main payment processing providers for Chinguun-Tulga, and I recently discovered that it has a price manipulation security vulnerability. This is a weakness that is quite unique to online shopping carts and payment gateways. This is how it works: the total payable price of the purchased goods is stored in a “hidden field” of a dynamically generated web page; an attacker can simply modify the amount that is payable by saving the page on his computer, and the information that was manipulated, transfers from the user's browser to the web server.
For instance, I am Hacker Joe and I create an account with Chinguun-Tulga by providing my basic information such as name, e-mail, and delivery address. I then proceed to add products such as a thick magnifying glass ($3.50), a document shredder ($100.00), and a Redwood organizer ($12.50). Once I am done adding the items to my shopping cart, I would go to the checkout page by clicking on the checkout button. There are four stages to finish the checkout process, and they are: Delivery information, Payment information, Order confirmation, Confirm Order pages.
In the delivery information section, it will display that my total payable price for the chosen three items is $116.00. Here I will confirm my delivery address, and I will select the shipping method. Since Chinguun-Tulga charges a flat fee of $3.00 for all orders, my total payable price is now $119.00. In the payment method section, I would select PayPal, and click on the continue button. It takes me to the Order Confirmation page. Instead of clicking on the confirm order button, I will save this page on my computer as checkout_confirmation.php file.
What I have to do now is to open the checkout_confirmation.php file with HTML editor (say DreamWeaver MX), and locate the following codes:
<input type="hidden" name="amount" value="116.00"><input type="hidden" name="shipping" value="3.00"><input type="hidden" name="currency_code" value="USD">
Then I change it to the following codes:
<input type="hidden" name="amount" value="50.00"><input type="hidden" name="shipping" value="1.00"><input type="hidden" name="currency_code" value="USD">
Now, I would click on the save button to save the file and close the HTML editor. Then, I open the saved checkout_confirmation.php page, and it will take me to the third stage of the checkout process, the order confirmation page. I am only one click away from transferring the price manipulated order – all I have to do now is to click on the confirm order button. It will take me to the secure PayPal website, to https://secure.paypal.com/cgi-bin/webscr. Here, I will see that my total payable amount is $51.00, not $119.00.The trick is done! If Chinguun-Tulga receives hundreds of orders every day, these transactions could go completely unnoticed, and even if noticed – it may be too late to fix.
Page | 54
Of the four available payment options, PayPal is the most unsecure way while the other methods such as Cash on Delivery and 2CheckOut.com are safer options. Checks and Money orders are not the safest way because money orders can be replicated by artists and personal checks can be bounced.
SSL
SSL stands for Secure Socket Layer. SSL is a cryptographic protocol that provides secure communication on the Internet for such things as web browsing, e-mail, internet faxing, instant messaging, and other data transfers. Since its introduction in 1994, SSL has been the standard for e-commerce transaction security and is likely to remain so into the future. In e-commerce web applications, SSL is used to encrypt credit card data as well as other personally identifiable information, which prevents hackers from stealing information for malicious intent. You will know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox on the right side of the address bar as well).
SSL Certificate
The SSL certificate sits on a secure server and is used to encrypt the data as well as to identify the site. The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in.
SSL certificates used to come in 40-bit and 128-bit varieties, though 40-bit encryption has been hacked. These days, SSL comes in 128-bit and 256-bit varieties. There are two principal ways of getting an SSL certificate: you can either buy one from certificate authorities or you can self-sign your own certificate. When you self-sign your certificate, it is like issuing yourself a driver’s license. Self-signed certificates will trigger a warning window in most browser configurations which will indicate that the certificate was not recognized. However, if you buy the SSL certificate from credible certificate authorities such as VeriSign, it can cost as much as $2,000 a year.
A recent market share report from Security Space, showed that as of April 2007, VeriSign and its acquisitions have a 59.6% share of the certificate authority market, followed by Comodo (8.3%), GoDaddy (5.3%), DigiCert (2.1%), Entrust (1.3%) and Network Solutions (1.1%). Also, according to a survey conducted by VeriSign, 93 percent of online shoppers reported that they felt it important for an e-commerce site to include a trust mark of some kind on their site, 64 percent have abandoned a shopping cart because they didn’t get a sense of security and trust when it came time to provide payment information, and 75 percent will only make purchases through sites that include a trust mark.
SSL Certificate for Chinguun-Tulga
As I mentioned before, 1and1 hosts Chinguun-Tulga’s website on its secure server and it offers dedicated SSL to its clients. Through 1and1, Chinguun-Tulga is going install a GeoTrust
Page | 55
SSL certificate for $49 a year. This dedicated certificate will protect data transmission with a 128-bit encryption against both interference and any attempts at manipulation.
Before considering GeoTrust’s SSL certificate, I tried to buy an SSL certificate from GoDaddy.com for Chinguun-Tulga. GoDaddy.com, in the present SSL market, offers the least expensive SSL certificate such as Standard SSL for only $14.99/year. This Standard SSL verifies the domain control, secures your site, and GoDaddy also issues a seal that can go on your website. The seal provided is shown as below:
Having a seal indicating the website is secured by certificate authorities gives shoppers more sense of security, and in fact, e-tailers who have some kind of security logos are likely to generate more income than e-shops that have no security logos in their web site.
Unfortunately, GoDaddy’s certificate could not be installed on 1and1’s server. In order for the GoDaddy’s Standard SSL to work, I needed to obtain a Certificate Signing Request (CSR) from 1and1, and when I contacted their Technical Support Department, they refused to sign the request. Instead, I was offered to use 1and1’s SSL certificate that is originated by GeoTrust.
Page | 56
Hosting Server Security
The hosting server is another important sector of the security aspect. 1and1 provides a control panel that allows me to configure the domain name, sub-domains, e-mail accounts, FTP account, and most importantly the MySQL administration. The login to the control panel requires a username and password. Being a client of 1and1 for over a year, I noticed that their Linux web server is up for 24/7 for 365 days a year, and the speed of data transfer has been fast and reliable. Although the server is monitored and maintained routinely by 1and1’s administrators, there could be some network vulnerabilities such as anonymity attack, many points of attack, sharing, and authorization access.
Anonymity
An attacker can mount an attack from thousands of miles away and never come into direct contact with the system, its administrators, or users. The potential attack is thus safe behind an electronic shield. The attack can be passed through many other hosts in an effort to disguise the origin of the attack.
Many points of attack
When files are stored in a network host remote from the user, the data or the file itself may pass through many hosts to get to the user. One host’s administrator may enforce rigorous security policies, but that administrator has no control over other hosts in the network. Thus, the user must depend on the access control mechanisms in each of these systems. An attack can come from any host to any host, so for large networks there are many points of vulnerability.
Sharing
Other accounts on a shared server can affect your website. For instance, if my account is sitting on the same server where other resource intense websites such as religious or adult oriented websites are stored, the overload of traffic can be immense. This overload may have an adverse effect on your website and the server uptime may start going down.
Authorization Access
Authorization access is perhaps the most important component for attackers. Once an attacker gains access to www.1and1.com’s network, he can enter the control panel, and it will allow him to have further access to the e-mail accounts, steal FTP access username and password, and the database will be at high risk. Thus, the usernames and passwords to all access should kept secret, and every once in a while the passwords should be changed and they should not easily guessable.
Page | 57
Database Security
Protecting data is at the heart of many e-commerce systems, and Chinguun-Tulga relies on a database management system (DBMS) to manage the protection. The database has a key function for Chinguun-Tulga’s e-commerce website because the front-end website outputs data from the database, while the back-end administrator’s side inputs data into the database. Chinguun-Tulga uses MySQL, a multi-user SQL database management system, and the basic program runs as a server providing single user access to one database.
A database is a single collection of data, stored and maintained at one central location, to which many people have access as needed. A database offers many advantages over a simple file system and they are:
- Shared access: Many users can use one common and centralized set of data.- Minimal redundancy: Individual users do not have to collect and maintain their own set
of data.- Data consistency: If a change occurs in a data value, it affects all users of that data.- Data integrity: Data values are protected against accidental or malicious undesirable
changes.- Controlled access: Only authorized users are allowed to view or modify data values.
A DBMS is designed to provide these advantages efficiently, but the objectives can conflict with each other when it comes to security. In addition, there are three factors that affect the security of the DBMS: data confidentiality, integrity, and inference problems. Both confidentiality and integrity are important to users of databases. Confidentiality can be broken by indirect disclosure of a negative result or of the bounds of a value. Integrity of the entire database is responsibility of the DBMS software, and this problem can be handled though backups, redundancy, and change logs. Integrity of an individual element of the database is the responsibility of the database administrator, who defines the access policy.
When OSCommerce open-source solution is combined with 1and1’s MySQL database, the configuration locates the database with the sensitive information behind a firewall. It will be accessed from an application-server also located behind a second firewall, which will receive the web server requests. This three-tier design isolates the web server from the database, isolating the database server from the outside users by two dedicated private networks. Only the web server can communicate through the firewall with the application-server, and only this can communicate with the database. This configuration is relatively secure and special attention must be paid on securing the information sent to the client from the web server, the web server itself, and the database/application-server system. The application server will incorporate the event logging and the security analyzer that recognizes unauthorized attempts to log into an account.
Internet Firewall Web-Server Firewall Application-Server Firewall Database
Data in the database is the most valuable asset for a store owner and attackers are after data. In order to steal data from Chinguun-Tulga’s database, attackers have to go through a five layer defense mechanism such as, humans, network, operating systems, application, and
Page | 58
database in addition to firewalls. First, the attacker must know about the existence of Chinguun-Tulga’s website, usually through humans and other marketing channels. Then, the attacker finds out about the network information and identifies who hosts the website. In fact, finding out who hosts what website is relatively easy to figure with help of such web application as WhoIsHostingThis (www.whoishostingthis.com). If the attacker successfully welcomes himself into the network layer, then he faces the Operating System layer, which is Linux. The fourth layer is the Application Layer, and it would be phpMyAdmin in the Control Panel that is provided by 1and1.
Once the attacker reaches phpMyAdmin stage, the entire database is at risk. Here, he can browse the tables, fields, elements, database schema, change query commands, or even drop tables.
It can be concluded that database security key points of interest are: server security, database connections, table access control, and restricting database access. Server security is the process of limiting actual access to the database server itself, and the idea is that if someone cannot access it, they cannot see it. There are no reasons for the administrator to keep the database server visible to the world. Database back-end should never be on the same machine as the web-server, not only for security, but for performance as well. If the database server is supplying information to a web server, then it should be configured to allow connections only from that web server. As for database connections, a normal user should never be inputting SQL statements, PHP or JavaScript and should never submit them from a form element. Also, table access control is probably one of the most overlooked forms of database security, because of the inherent difficulties access restriction causes after applying them. To use table access control properly, collaboration from both system administrator and database developer are required. Last but not least, all web-enabled applications have ports that they listen to. Cyber criminals are likely to do a simple port scan to look for open ports used as a default port by popular database systems. Changing the port number is perhaps the easiest and best way to misdirect attackers.
Page | 59
Database
Data
Risk Analysis
No Rank Risk Description Category Probability Impact
1 SQL Injection Displays elements in database to hackers
Database medium high
2 Price Manipulation Total payable amount alteration Payment high low
3 Buffer Overflows Discloses path of web folders Server low medium
4 Cross-Site Scripting Phishing, spoofing URL low low
5 Remote Command Execution
System call of PHP scripts Operating System
low low
6 Weak Authentication
Attacker sniffs the network, and acquires passwords
Network medium high
7 Access to Back-End Hacking into the back-end website
Authentication / Control Access
low high
8 Access to PHP scripts
Attacker deletes vital php scripts, alters with malicious intent
Authentication low high
9 Access to Customer's data
Customers' address and personal info disclosure Authentication low medium
10 Access to Orders data
Information about orders that were placed by customers
Authentication low low
11 Access to the Database
Attacker breaks into the control panel and enters MySQL administration
Network/ Authentication
low high
12 Control PanelAttacker obtains username and password to control panel, www.1and1.com
Network/ Application Server
low high
13 No Certificate Event in which SSL is not utilized Network/ Payment
low medium
14 Anonymity Attack to Web Server
Attackers try to gain access to the 1and1's web server Network low medium
15 Loss of Bilguun's Laptop
Bilguun's laptop has a direct FTP access to Chinguun-Tulga's root server through DreamWeaver
Human Risk low high
16 File Sharing Web server hosts other files for resource-intense websites
Web-Server low low
17 Web Server Uptime
Power Outage, Accidental damage to web servers
Hosting Server/ Network
low high
Page | 60
Page | 61
Business Continuity Plan
Contingency Plan
The Risk Analysis table indicates that there are at least eight high impact risks facing Chinguun-Tulga’s website. In cases that these risks cause a minor failure or complete interruption in the e-commerce system, there should be a document that sets the procedures and information intended to deliver stability of the critical business functions. Such a document is known as a Business Continuity Plan, and it basically describes a written plan to maintain or resume business in the event of disruption.
File Restore/Backup
Files and databases of Chinguun-Tulga should be frequently backed up. Files in the catalog folder include the front-end and back-end php scripts, images, and cascading style sheets. The copies of these files are stored on many different mediums. First, parallel to the catalog folder, there is a directory called emergency, which contains exact same files in the catalog directory. If the php scripts are edited during the development stage, the files from the emergency directory can be used as a restoration. Also, since I developed this website using Macromedia DreamWeaver MX software, copies of all files in the catalog folder reside in my personal laptop. As changes occur in the files from the laptop, the files on the web server are directly synchronized with the files that are on a local machine. Moreover, the catalog folder is also backed up on two other hard drive disks that are kept offsite.
In the back-end, there is a tool that creates a backup of the database. By logging into the administrator’s end, the store owner is able to generate a database backup. The backup process should never be interrupted because the larger the database, the longer it will take to backup. Backup can be done in two ways; one is to create a SQL file in the backup directory with no compression, and the other is to download the database as a text file on the administrator’s hard disk drive. Similar to the data backup, data can be restored to the database using the restore feature. Restoration can be done by uploading the SQL file that was created as a database backup from the backup directory, or it can be loaded from the administrator’s computer.
Best Practices
To summarize the aspects of security, security is a vital component in an online business environment and e-commerce applications should be designed and implemented with careful considerations for defense mechanisms from the beginning. The following are the best recommended practices:
- Database server should not reside in the same machine as the server.
- Set a cookie in the user’s computer after authentication and always delete it after the user closes the browser. If the user’s computer does not accept the cookie, let the customer know about it.
- Short term cookies ensure more security than long term cookies.
Page | 62
- Careful implementation of an .htaccess file can help by securing against many potential vulnerabilities as well as session authorization model.
- The entire website, including the database should be developed with security in mind.
- Installing fewer modules is always better because each module has some sort of vulnerability.
- It is preferable to assign a person who will be in charge of the overall security.
- Check all user data to ensure that it is not malicious code or SQL query which might expose confidential data.
- When the web server is not secure enough, the payment gateway should be outsourced.
- Do not store Credit Card numbers on the web server. When a credit card is used, there is no need for credit card information to stay on the web server. If there is a particularly valid reason to save credit card information, it should be stored in a separate server, possibly in an offline machine that only the web server can access with a secure link. All other IP address requests should not be welcomed by that machine.
- Last but not least, only allow users to view what they need to view – nothing more.
Page | 63
Site Maintenance DocumentThis document will give the store owner instructions on maintaining the website, adding new products, and what to do when the online transaction takes place.
Page | 64
1. Configuration
The Configuration section will setup the entire basic store configuration. If you click on "Configuration", then a drop down of text links will appear. Clicking on one of the links will show the listings on the right section of the page. To edit any of these listings, simply click on the edit button on the right.
AdministratorsThere are currently two administrators: bilguunadmin and saranadmin. To create a new administrator, click on the insert button. The password of the administrator can be changed by clicking on the edit button.
My Store
Store Name It is the name of the store.
Store OwnerIt can be the name of the store owner or the name of the store. This will show up in the e-mail in the “from” field when the customer receives his/her purchase confirmation e-mail.
E-mail Address This is the store’s general e-mail address. It is currently set as [email protected].
E-mail fromThis is the "from" email address in the customer's purchase email. When an e-mail is sent, customers will see "Office Supply Store" [email protected] in the from field.
Country This is where the store is located; and it is set to Mongolia.
ZoneThis is a zone where the store is located. There are six zones, and Chinguun-Tulga is located at “Baruun durvun Zam, Baga Toiriu” zone. Zones are basically used to calculate the shipping rate,
Page | 65
if the zone shipping method is used. (Currently, however, Chinguun-Tulga uses the flat rate of $3.00 for all shipping.)
Expected Sort Order The sort order is used in the expected products box.
Expected Sort Field The column to sort by in the expected products box
Switch to Default Language Currency If there are several currencies, then it will automatically switch currencies when the language is changed.
Send Extra Order Emails ToThis is the email address where you will receive orders. It is set as [email protected].
Display Cart after Adding Product If set to "true", then it will show the shopping cart page when a product is put in the cart and
the customer has to click on "continue" to return to their product page to continue shopping. They will also see their items in the shopping cart box.
If this is set to "false", then the customer will stay on the same page of the item they are putting in the cart and will be able to see their items in the shopping cart box in the top right column.
Allow Guest to Tell a FriendThis feature lets the customer, while shopping, tell a friend about our site through the tell-a-friend box.
Default Search OperatorOn the search field, the "or" operator can be used.
Store Address and PhoneThe name of the store, phone, and other information that will be seen if the customer is using a check or a money order to checkout with.
Show Category Counts Set to "true" to show the count of products in each category. Set to "false" if you do not want to show the number of products in each category.
Tax Decimal Place
Page | 66
Tax decimal place pads the tax value with decimal places.
Display Prices with Tax Set to "false" and prices will not display with tax. Set to "true" and prices will display with tax.
Minimum ValuesThese are the minimum values of any field filled out by the customer. Usually these are left as is
Maximum ValuesThese are the maximum values for fields of different modules in our store.
ImagesThese are the settings for all the images that are used in the website.
The "Small Image Width & Height" are the image sizes of the products in the product listing page.
The "Heading Image Width & Height" are the image sizes that are uploaded for each category.
The "Subcategory Image Width & Height" are all the sub-category image sizes.
Customer DetailsThese are the values that a customer fills out when they register at Chinguun-Tulga. The current required fields are: gender, date of birth, company, suburb, and state.
Shipping/Packaging Country Of Origin – It is currently set as Mongolia. Postal Code – sets the postal code. Enter the Max Package Weight - Put the maximum weight here (this will be used if "ship
by weight" in the Modules/Shipping Table Rate is chosen).
Product ListingThis displays the order of the products listed in our store. Currently, the product listing is set up in a way that -Product image appears first (1)-Product name appears second (2)-Product price appears third (3)-Buy Now button appears at the bottom (4).
Page | 67
StockThis is an inventory control.
If the Stock Level and Subtract Stock are set to true, then the server-side script will check our stock and subtract stock from items purchased.
Allow Checkout allows customer to checkout even though our stock level is too low. Mark Product out of Stock is a symbol we can use to mark a product that is out of stock. Stock Re-order level is the set level to which the stock gets down to before re-ordering.
Current value is set to 5.
LoggingIt keeps the log of all transactions that have occurred in the website.
CacheSet the Use Cache to true if you want to use caching features. Cache directory is: /tmp/. Whenever the cache directory is not setup, there will be a pink error message displayed at the top of the store screen like this:
Error: Cache directory does not exist. Please set this Configuration->Cache.
To fix this, through a FTP program, create a subfolder named "cache" in the "catalog" folder and set the chmod permissions to 777. Then, go to Configuration/Cache. Click on "Use Cache" and set to "true".
Email OptionsEach time after a transaction takes place, an e-mail is sent to the customers and the store owner. To change this option, choose false in the Send E-mails field.
Download and GZIPWe do not have to worry about these features because these are not used for our website.
SessionsThe Session files can be either stored in the database or a session directory named “/tmp.”
Page | 68
2. Catalog
The Catalog is a very important section and it will input all your products and category folders, including setting up your products as an expected date, setup product attributes, manufacturers, check your reviews, and put products on special sale.
Categories/Products
Categories/Products Clicking on the new category button in the center section will make a new
folder for a category. Clicking on the new product button will make a new product.
When you are adding a new product you have the ability to:- show if the product is in or out of stock- set the date the product will be available, which corresponds with the
"Products Expected" module- set the product's manufacturer- set the product's name and description- set the product's quantity in stock - upload the product’s image- set a product's URL if you need to link out to another site- set the product's price- set the tax class which is used to charge tax on each product (this class must be setup first in
the tax section)- set products weight which, if you are using "weight" for your shipping schedule, each
product will need to have a weight listed.
To Add a New ProductWe need to add a new pencil in the PENS & PENCIL category. To do that, you will have to click on the PENS & PENCIL category. The screen will show that there are two sub-categories: PENS and PENCIL. Then, choose the PENCIL folder. It will list the products that are available in that sub-category. To add the new pencil, click on the new product button. It will display a form that is used to add a new product as shown in the next page.
To add a new product, always check the following and have them ready if available:- Product Manufacturer’s info (If the product manufacturer is known, add the name of the
manufacturer by going to the manufacturers page)- Product Quantity (It will be used to keep track of the inventory.)- Product Model. Assigning a product code is a good idea. It helps the store owner Mrs.
Chuluunbaatar to order more products from the suppliers in China by product code.- Product’s Image. The image of the product is very important. All images should have a clear
white background. Image size should be in the multiplication of 170x120 pixels. (Width of 170
Page | 69
and height of 120). It can be any of the following sizes: 170 x 120, 255 x 180, 340 x 240, 510 x 360, etc.
- Product’s weight (If the product weight is known, list it in units of pounds. It will be used to calculate the shipping rate, if the shipping method is set to ship by weight method.)
Page | 70
To Move a New ProductTo move a new product, click to highlight the product you want to move and click on the move button on the right. When you click on the move button you will see this message:"Move (name of product) to:”Choose a place to move it and click on the move button.
To Copy a New ProductTo copy a new product, click to highlight the product you want to copy and click on the copy to button on the right. When you click on the copy to button you will see this message:Copy Method:-Link product-Duplicate productChoose Link product if you want to link it and Duplicate product if you want to add another product.
Move a Category FolderTo move a category folder, click to highlight that folder and click on the move button on the right. You can move folders either to other folders or to the top of the directory.
Products Attributes
This section deals with the attributes of the products. For example, we are going to sell binders of different sizes and different colors:-Thick and red binder-Thick and blue binder-Thin and red binder-Thin and blue binder
To set the attributes, first, you need to setup the Option Name. Using binders as an example, you would have at least two option names: color and size. Next, you will have to setup your Option Values. In this section you will see a box that shows the Option Names that you have already setup. You have color setup as an Option Name; so make sure the color is in this box. Then, to the right of that box is a blank box where you type in one of your colors. Do this for each color and then do this again for each size. Make sure you associate and "Option Value" (red, blue) with an "Option Name" (color, size).
Now, you are ready to start adding options to your products. Under the "Products Attributes" section at the bottom you will see a drop down box listing all of your products that you have already put into your store. Choose one and follow across the drop downs to the right. The next box is the "Option Names", then the "Option Values", and then the price box. If the price stays the same on each attribute then leave this box blank. If the price goes up or down on each attribute then put an amount from the "base price" and put a "plus" or "minus" sign in the next box.
For Example:size = 10.00 (this is the regular price, so there is no need to put a price in the "price box")size = small = 8.00 (put 2.00 - (this is $2 with a "minus" sign from the base price of $10.00)size = large = 12.00 (put 2.00 + (this is $2 with a "plus" sign from the base price of $10.00)
Page | 71
ManufacturersManufacturer’s info can be added with its own image by clicking on the insert button. AManufacturers' URL can also be listed to the direct of the manufacturer.
ReviewsReviews show the listing of all reviews that customers have entered. These reviews can be edited or deleted by the store administrator.
SpecialsProducts can be listed as special discounted items by a percentage or by an amount.
For example, we would like to have the Presentation Binding System on sale for 20% off. To put items on specials, you need to click on the new product button. On the next screen, choose your product from the drop-down box, then put a special price in the Special Price box. Here, this can be a percentage (20%) off or it can be a reduced dollar amount like 20.00. In the Expiry Date box, the expiration date can be entered. For no expiration, the expiry date box can be left empty.
Products ExpectedThis list shows the products that are expected to arrive at the store on a certain date. This is set up when the site owner inputs a product into the Date Available field, in the “Categories/Products” section.
Page | 72
3. Modules
In modules, you will setup your payment, shipping, and order total.
PaymentThere are several different payment modules. To activate one, you need to click on the name to highlight it, then click on the install button on the top right. To remove a payment module, you would simply select the method, and click on the remove button on the top right.
ShippingIn shipping, there are several different ways. They are:-Flat Rate-Per Item Rate-Table Rate-Zone Rates
The current shipping method is the Flat Rate. The shipping cost is not based on the total cost or weight of items. No matter what the amount of the order is, Chinguun-Tulga will charge a flat fee of $3.00 per order.
Order TotalThe "Order Total" module puts the items in the order they will appear in the checkout process. There are five modules: low order fee, shipping, sub-total, tax, and total. Low order fee can be applied to orders below the required amount. For example, Chinguun-Tulga may apply order fee of $5.00 for all orders below $20.00. Also, under the shipping module, free shipping may be applied to orders over $50.00, if the field is set to 50.00.
Page | 73
4. Customers
CustomersThis is the list of all customers that are currently registered at Chinguun-Tulga’s website. Customers can be edited, deleted, emailed and their orders can be viewed by clicking on the orders button.
OrdersThese are the "pending" orders. Click on the edit button to see the order and you can change the status of the order, put comments in the comments box, and notify the customer of the progress of his/her order.
An invoice and packing slip can be created by clicking on the invoice and packing slip buttons respectively. The server-side script creates reports for the packing slip and the invoice in the format that is shown below.
Report for Invoice:
Page | 74
Report for Packing Slip:
Also, the orders can be deleted by clicking on the delete button. Upon deleting an order, you will be asked if you really want to delete the order. It will also ask you if you want the product to be re-stocked after the order is deleted. To re-stock the item, simply check the “re-stock product quantity” box and confirm delete.
Page | 75
5. Locations/Taxes
This section will set up the locations and tax options of the store.
CountriesThis is the list of all countries that Chinguun-Tulga will ship products to. Since, Chinguun-Tulga only sells products in Mongolia, there is only one country listed on this list.
ZonesThis is the listing of all zones in Ulaanbaatar. There are currently six zones, and they are:-3th and 4th Districts, Tumur Zam-Baruun Durvun Zam, Baga Toiruu-Dambadarjaa, Belh, Tolgoit, Orbit -Salhit, Sharga-Morit-Tavan-Shar, Ulaan-Huaran-Zuragt, 1st horoolol,
Zones can be edited, deleted, and added by clicking on edit, delete, and the new zones buttons.
Tax ZonesThis is the state and tax description of your store.
Tax ClassesThis is the title of your tax class title like “taxable goods” and the description of that title.
Tax RatesThis is the tax rate of the state your store is in.
How to Setup Your TaxesCurrently, the prices of the items are the prices already including the taxes.
If we were to create an Ulaanbaatar City sales tax of 7%, then we would do the following: Go to the Administrator’s area Locations/Taxes Tax Zones.Create a new tax zone, and name it Ulaanbaatar City Tax. Then, go to the Tax Classes, and click on the new tax class button. In the Tax Title, there will be choice of Taxable Goods and City Sales Tax, choose City Sales Tax. Zone should be set as Ulaanbaatar City. In the tax rate field, you can enter the tax percentage as 7.00%, and when done entering all this information click on the update button.
Page | 76
6. Localization
This section will setup the default currency, language, and order status to notify the customers. The Orders Status can be added or its name can be changed by clicking the edit button after that line has been highlighted.
CurrenciesThe current currency is U.S. Dollars. To add a new currency, click on the new currency button. To update the current currency, click on update currencies button.
LanguagesThis section displays the available languages for the store. A new language can be added by clicking on the new language button. The name, code, image, sort order of the language can be edited by clicking on the edit button for each language.
Orders StatusOrders are classified in four different ways: pending, processing, delivered, and preparing [Paypal]. When a customer places an order, the store owner will see the status of the order as pending in the orders page, and pending is the default status for all orders. If the order is delivered to the customer, the store owner can change the status of the order to delivered. On the other hand, if the customer is using PayPal payment options, the store owner will have to change the status of the order to preparing [PayPal], and once the payment transaction is cleared it can be changed to delivered status.
Page | 77
7. Reports
This section shows how many products have been viewed, purchased, and the total of the customers’ orders.
Products ViewedProducts viewed section displays the products that have been viewed the most. For example, Knock 0.5 Pencil is in the first rank because it has been viewed 39 times so far.
Products PurchasedProducts purchased section displays the products that have been purchased the most. For example, Elliptical Punch is in the number one spot because it has been purchased twice.
Customer Orders-TotalThis section displays total of the customers who have purchased from Chinguun-Tulga. Along with their first name and last name, you can also see the date that their account was created. Customers can be edited, deleted, e-mailed and their overall orders can be viewed by clicking on the edit, delete, email, and orders buttons respectively.
Page | 78
8. Tools
The tools section is used for database backup/restoration, banner management, file manager, sending e-mails to customers, sending newsletter to customers, and it also shows the server information as well as who is currently online at Chinguun-Tulga’s website.
Database BackupClicking on the backup button will create a database backup, and the restore button will restore the database.
When backing up the database, you should not interrupt the backup process because this process might take a couple of minutes. The backup file can be saved as PureSQL file in the catalog/admin/backups folder in the server, or it can be saved on the store owner’s computer hard disk drive as a text file.
Also, when restoring the database, you should not interrupt the restoration process because the larger the backup, the longer this process takes. Restoration can be done by browsing a text file from the store owner’s computer or from the PureSQL file that is saved in the catalog/admin/backup folder located in the server.
Banner ManagerThe banner manager allows you to put a banner at the bottom of the pages. An option to display a banner can be changed by clicking on the green button in the screen. If the banner is shown on the pages, by simply clicking on the red button you can disable this banner displaying feature.
Cache ControlCache control shows the folders that caches files. The cache folder can be refreshed by clicking on the recycle button.
Define LanguagesDefine languages displays the files for all available languages. Chinguun-Tulga has two languages: English and Mongolian, thus there are two folders that contain all the associated files for each language.
File ManagerFile manager lists all the files that are residing in the catalog folder. Each file is shown with its size, permission, user, group, and date modified can be edited by clicking on the EDIT button.
Page | 79
You can also create a new folder, a new file, and upload new files from your computer by simply clicking on the browse button. It eliminates the need for using file transfer protocol applications such as EmFTP, DreamWeaver, etc.
Send EmailThis section allows the store owner to send e-mail to all customers, to all newsletter subscribers, or to individual customers.
The message field does not support HTML tags, so you must only use text messages in the Message field. It should also be noted that to send a message, you must click on the send mail button twice to send the message. When send mail button is clicked once, it will display a confirmation page, and here you can check for any spelling errors, or make changes by clicking on the back button. If everything else looks good, you can proceed by clicking on the send mail button again.
Newsletter ManagerSimilar to the Send Email module, the owner can send a newsletter or a product notification to subscribed customers.
To create a new newsletter, you would click on the new newsletter button. Then, choose Newsletter (or product notification) from the drop down box to send a regular newsletter (or product notification). Then, choose the title and type your message in the content box. Click Save.This will take you back to the original page with your newsletter listed. Click on the lock button on the right. Now, you can edit, delete, preview, send, or unlock your new newsletter.
For the product notification newsletter click on the send button. On the next page, choose the products from the left and transfer them to the right box. Click submit. Any customer who has asked to be notified on all or certain products will be sent an e-mail.
Page | 80
Server InfoServer info shows information about the server that hosts Chinguun-Tulga’s website. This is useful if you need to know exactly what programs are on your server.
Who’s OnlineThis is a traffic reporting tool that is used to see who is accessing your website at the moment. If a customer is logged into your store and looking around, you can click on their link and see what page they are on and what products they are looking at.
Page | 81
9. Cascading Style Sheet (CSS)
Most of the colors used in the website can be changed on the cascading style sheet definition page in the catalog/stylesheet.css file. (To edit the cascading style sheet, go to http://www.chinguun-tulga.com/catalog/admin, login using the administrator’s username and password. Then go to: Tools File Manager stylesheet.css edit button.)
.boxText This style changes the font size of the text in all the boxes.
.errorBoxThis style is used for color and text size of error boxes with the red triangle. Example: admin/backup.php where it will say backup directory does not exist, warning: I can write to your configuration files, etc.
.stockWarningThis is the style used for the stock level warning, a text shown on the shopping cart page when purchasing items.
.productsNotificationsThis style is used for the product notifications checkbox bar on the checkout success page.
.orderEditThis is the color style used on the "edit" links shown on the checkout confirmation page.
BODYIt is the color in the left and right column boxes and the "text body" that is NOT linked.
AThis style is used for color style for ALL link colors throughout the entire store.
A:hoverThis is the color style used for mouse over links throughout the entire store.
FORMThis style is used for forms. It changes the color of this text, "Use keywords to find the product you are looking for" in the "Quick Find" box on the left.
TR.header (means table row.header and is a general setting for the whole table)This is a style used for the background color of the header.
TR.headerNavigationThe styles used for the breadcrumb navigation path. Background color of the top navigation as "Top :. Catalog :. etc.
Page | 82
TD.headerNavigationIt is used for arrow colors that point forward and the vertical link separators :. in the breadcrumb navigation path. If you set a background color here, it will override the TR.headerNavigation color set. Also, background image for the navigation table can be set.
A.headerNavigationIt sets the text link colors for the breadcrumb navigation path links (Top :. Catalog:. etc.)
A.headerNavigation:hoverThis is the mouse over effects of the breadcrumb navigation path links (top, catalog, my account, cart contents, etc.)
TR.headerErrorIt is the style used for the error messages shown in the header. The default is a red background with white text.
TD.headerErrorThis is the style used for the error messages shown in the header. The default is a red background with white text.
TR.headerInfoIt is the style used for the information messages shown in the header. It changes the background color of the top box that appears when a new password is sent.Example: A New Password Has Been Sent To Your Email Address
TD.headerInfoThis style is used for the information messages shown in the header.It changes the background color of the top box that appears when a new password is sent.Example: A New Password Has Been Sent To Your Email Address
TR.footerThis sets the color of the footer row where the date and counter are.
TD.footerThis is the size and color of the text in the footer row where the date and counter are. If you set a background color on this TD.footer tag, it will override the TR.footer tag.
.infoBoxIt sets the background border color around all the boxes, except for the "my account", "edit account", and "add a new address" boxes.
.infoBoxContentsThis style sets the color of ALL the inside of the boxes and puts a colored border around the comments boxes. Setting a text color here will color the numbers text in the boxes like the catalog listings and the "Best Sellers" box numbers and the "My Account", "Edit Account", & "AddAddress" headings.
Page | 83
.infoBoxNoticeThis style used is for the outline of the box created at the top of the checkout_payment.php page when a customer inputs the wrong credit card number or expiration date.
.infoBoxNoticeContentsThe style used for the body of the box created at the top of the checkout_payment.php page when a customer inputs the wrong credit card number or expiration date.
TD.infoBoxHeadingThis style sets the left and right column boxes and the new products box heading color and text color.The text size of the heading boxes can be changed. For anything above 10 you will need to enlarge the box graphics. Padding can be added to these heading boxes, too.
TR.accountHistory-odd, TR.addressBook-odd, TR.alsoPurchased-odd, TR.payment-odd,TR.productListing-odd, TR.productReviews-odd, TR.upcomingProducts-odd, TR.shippingOptions-odd, TR.accountHistory-even, TR.addressBook-even, TR.alsoPurchased-even, TR.paymenteven, TR.productListing-even, TR.productReviews-even, TR.upcomingProducts-even, TR.shippingOptions-evenThese styles set the odd and even row colors on all box listings.
TABLE.productListingIt sets a border around the products listing table that shows the listing of the products.
.productListing-headingThe color of the background of the product listing heading that has "product name", "price", etc. The text style and color can also be set.
TD.productListing-dataThis sets a different background color for the product listing table, box padding, size, and borders.
A.pageResultsThis style sets the link on catalog/includes/split_page_results.php and page results numbered link colors at the bottom of the product pages.
A.pageResults:hoverMouse over link colors on catalog/includes/split_page_results.php and page results numbered links mouse over color at the bottom of the product pages.
TD.pageHeading, DIV.pageHeadingThis style is used for page headings. Color on the checkout_success.php page that says"Your Order Has Been Processed!" and also on all the product heading pages as “What'sNew Here?” text on the product pages.
TR.subBar, TD.subBarThis is the style used for the sub navigation bar.
TD.main, P.mainThe size of the text can be set for all the main text areas, the "My Account Info", "Edit
Page | 84
Account", "Add Address", "Order History", & "Notifications" page boxes. If you set the text color, it is the text color on all these, not the column boxes. A padding can be also be set for all the body text in the store.
TD.smallText, SPAN.smallText, P.smallTextIt is the color and size of Copyright text at the bottom of the page."Include Subcategories" Text on the advanced_search.php pagePage results text at the bottom of the product pages such as "Displaying 11 to 20 (of 32products) Result Pages:"
TD.accountCategoryIt is the style used for the account categories.
TD.fieldKey and TD.fieldValueText sizes for the account parameter keys and values on the advanced_search.php page such as "Categories: Manufacturers: Price From: Price To: Date From: Date To:
TD.tableHeadingThis style alters the text styles and sizes on the table headings of address_book.php and product_reviews.php pages.
SPAN.newItemInCartThis is the style used for marking new products added to the shopping cart, so that these products show what's in the shopping cart page.
CHECKBOX, INPUT, RADIO, SELECTThese are the styles used for certain HTML form elements like the size of the text inside the drop down boxes. Example: manufacturers’ drop down menu.
SPAN.greetUserIt is the style used for the user greeting "Welcome Guest!" on the first page.
TABLE.formAreaIn "My Account Information", "Edit Account", and "Add Address” - this is the inside box color.
TD.formAreaTitleIn "My Account Information", "Edit Account", and "Add Address" - this is the size of the text headings. It changes the text color on top of the boxes on the "My Account Info" page. Padding can also be set for space on the right and left sides.
SPAN.markProductOutOfStockThe text color that is used for marking products that are out of stock.
SPAN.productSpecialPriceIt is the style used on special product prices.
TD.checkoutBarThis is the style for bottom text on the checkout page that says:
Page | 85
[ delivery address | payment method | confirmation | finished! ]
SPAN.checkoutBarHighlightedThis style displays the highlight color of the text showing which page you are on:[ delivery address | payment method | confirmation | finished! ]
SPAN.errorTextThis style is used for error text messages.
.moduleRowThis is the style used for the shipping and payment modules.
.moduleRowOverThis is the color of the bar on the checkout_payment.php page on a mouse over when you choose your payment method.
.moduleRowSelectedThis is the color of the bar on the checkout_shipping.php showing the shipping charge and the selected payment method on the checkout_payment.php page.
.checkoutBarFrom, .checkoutBarToThis is the color and size of the text at the bottom of the checkout pages that show what page you are NOT on such as [ delivery address | payment method | confirmation | finished! ]
.checkoutBarCurrentThis is the color and size of the text at the bottom of the checkout pages that shows what page you are on such as [ delivery address | payment method | confirmation | finished! ]
.messageBox
.messageStack
.messageStackError, .messageStackWarning
.messageStackSuccessThese are the styles used for message boxes. Here you can define the color of the background error that show up when trying to delete an address that is your primary address in the account section.
.inputRequirementIt is the style used for form input requirement fields: the color of the asterisk * and the words "Required Information" on the account.php pages.
Page | 86
Systems Requirements DocumentThis system requirements document describes management and user requirements, costs and benefits, and outlines the alternative development strategies.
Page | 87
Executive Summary
This system requirements document describes management and user requirements, costs and benefits, and outlines the alternative development strategies. After completing a series of phone interviews with the owner Chinguun-Tulga office supply store, and finding out what her business requirements are, I came up with the following conclusions.
There are four scenarios that they can choose from for their new e-commerce information system. The first scenario is “Ready-To-Use: 1&1 eShops”, the second is “Ready-To-Use: Network Solution”, the third is “E-commerce software: VP-ASP”, and the last is “Open-source solution: OS Commerce.” (Section V: Alternatives in this document describes each scenario in more details.)
If Chinguun-Tulga chooses the “Ready-To-Use: 1&1 eShops” scenario, it will cost $768 for annual maintenance. Before this, they will have to pay $768 for initial setup cost. The bright side of this option will be to have an already-built and ready-to-run website. Similarly, if they choose the “Ready-To-Use: Network Solution” scenario, Chinguun-Tulga will face high initial and annual maintenance costs, $1,659 and 1,560 respectively. Thus, this option is not practicable. However, if the “E-commerce software: VP-ASP” alternative is chosen, the initial cost will come to $1,120, and $745 in maintenance for each year. This alternative is less expensive compared to the previous two alternatives.
On the other hand, if Chinguun-Tulga decides to utilize the fourth scenario, “Open-source solution: OS Commerce”, they can create an e-commerce website with the minimal cost. To implement this option I will spend two to three months developing the website, and the initial cost will be $477 (including a purchase of a SSL certificate, Linux hosting fees, and payment gateway setup with 2CheckOut.com), and $428 per year thereafter. The break-even point will occur as soon as the website is operational, and the benefits will surpass the costs in this alternative.
Thus, after careful consideration, using cost as the main factor, I recommend implementing the “Open-source: OS Commerce Development” scenario. Chinguun-Tulga will have a virtual presence where they will sell goods in a more reachable audience, and provide better service to customers through their website at the lowest possible cost.
Page | 88
I. Information Systems Background
An analysis of the Chinguun-Tulga Office Supply Store was completed on Wednesday, July 1, 2007. This analysis is the result of an information system request submitted to Mrs. Chuluunbaatar Sarangerel, owner of Chinguun-Tulga Company, on June 18, 2007.
The conclusion is there is a need for computerized book keeping system and an e-commerce website to support their business operations.
The following facts are the result of my findings at the Chinguun-Tulga Office Supply Store:
I. This retail store operates from 9:00 am to 8:00 pm Monday through Friday, 9:00 am to 6:00 pm on Saturdays; and the store is closed on Sundays and during the major holidays such as Independence Day and Mongolian Lunar New Years days.
II. There are three sales people who sit behind the counter, and when the customers are ready to check out these sales people receive the payment (usually in cash form) and issue receipts for transactions.
III. All transactions involve cash. There are no credit/debit card or check payments. For large transactions, above $1,000 USD, Chinguun-Tulga requires bank transfer payment method of its customers.
IV. There are about 150 different office products sold at the store. The main categories are:a. Binders/ Document Organizersb. Hole Punchers/ Staplersc. Pens and Pencilsd. Tapes/ Papers/ Note cardse. Paper Clips & Pinsf. Calculatorsg. Rulersh. Erasers & Lead Refillsi. Document Shreddersj. Desk Accessories
V. There are no orders received through phone or fax because there is no printed catalogue of their office products.
VI. Once a month Mrs. Sarangerel Chuluunbaatar, the owner of the store, counts all products to keep track of the store inventory. It takes about 2-6 hours to complete.
VII. Mrs. Sarangerel Chuluunbaatar creates three quarterly-based reports of her inventory. The three reports include:
a. Report of Items Purchased, b. Report for Items Remaining in the Inventory,c. Accounting Report for auditing purposes.
Page | 89
II. Functional Requirements
The new system that proposed for Chinguun-Tulga office supply store will have the following logical system.
Data Flow Diagrams (DFDs)
a. Context Diagram
This is the diagram that describes the entire system in the simplest form. In this diagram, Chinguun-Tulga’s office supply sales system interacts with the following five external entities: Customer, Employee, Credit Card Company, Shipping Agent and Auditors.
Page | 90
Page | 91
b. Diagram Zero
The Context Diagram is further decomposed to a lower level diagram that has three processes: Order Process, Generate Report Process, and Data Backup/ Restore Processes.
Page | 92
c. Diagram 1: Process Order (Decomposed)
In diagram zero, the Chinguun-Tulga office supply sales system was decomposed into three processes, and one of them was Process Order (Process 1). In this diagram, Process 1 is further decomposed into seven sub-processes: 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, and 1.
Page | 93
The new information system at Chinguun-Tulga will be used to sell products to customers using the Internet. The general public can browse the catalogue of products contained in an inventory database. To make a purchase a new customer will enter his/her name, address, and personal email profile. (For further use of the system, the Internet user should register as a customer by creating a username and password.) The customer may proceed to add items to a shopping cart. At any point the customer can view the shopping cart list and modify its contents. When the customer is satisfied with their selection of product they will proceed to the check out:
If the customer has previously purchased goods, then the system will display their credit card details and offer the customer the option of amending the card details or accept the current details.
If the customer has not previously used their credit card, then they are requested to enter the card details.
When the user confirms the purchase the system will create a customer order and issue his/her credit card details to a third party organization to validate the credit card account and process the payment. Once the payment process completed, the system will send a copy of the customer order to Chinguun-Tulga who will fulfill the purchase by sending out the goods to the customer. Here, Chinguun-Tulga is also acting as the shipping agent.
d. Diagram 2: Process Generate Report (Decomposed)
In diagram zero, the Chinguun-Tulga office supply sales system was decomposed into three processes, and one of them was Process Generate Report (Process 2). In this diagram, Process 2 is further decomposed into four sub-processes: 2.1, 2.2, 2.3, and 2.4.
Page | 94
e. Diagram 3: Process Backup/ Restore (Decomposed)
In diagram zero, the Chinguun-Tulga office supply sales system was decomposed into three processes, and one of them was Process Backup/Restore Data (Process 3). In this diagram, Process 3 is further decomposed into two sub-processes: 3.1 and 3.2.
Process Descriptions
1.1 Browse CatalogueIf browsing by category
Open websiteWebsite connects to Product Inventory DatabaseDisplay products by category
If browsing by priceOpen websiteWebsite connect to Product Inventory DatabaseDisplay products by price
If browsing using search toolOpen websiteWebsite connects to Product Inventory DatabaseDisplay products by keyword
1.2 Register/ Create ProfileGet personal information
Page | 95
Get genderGet first nameGet last nameGet date of birthGet email address
Get address informationGet street addressGet suburb nameGet post codeGet city nameGet countryGet state/province
Get contact informationGet telephone numberGet fax number
Get optional informationGet newsletter subscription request
Get login information:Get passwordGet password (repeated)
1.3 LoginIf returning customer
Login using username and passwordIf public customer (new customer)
Run process 1.2 (Register/Create Profile)Login using username and password
1.4 Add Product To CartChoose productClick on ADD TO CARTProduct is added to Shopping Cart database
1.5 View/ Edit CartClick on Shopping CartDisplay all products in the Shopping Card databaseAllow changes made by customer
1.6 Check-Out OrderFinal quantity of all products calculatedTotal price of all products calculatedConnect to the Credit Card Company/BankTransfer payment information/ Run process 1.7Get payment notification from the Credit Card Company/BankIf payment NOT OK
Notify customer transaction unsuccessful
Page | 96
If payment OKConnect to Product Inventory databaseUpdate inventory list with new quantityClose database connection
Output payment resultRecord customer orders in the Customer Order database
1.7 Issue Credit Card for ValidationTransfer payment information to Credit Card IssuerReceive validation status
1.8 Issue Order to Shipping AgentRetrieve new orders from Customer Orders databaseCreate packing slip/sales receipt
2.1 Generate Products Viewed ReportConnect to Product Inventory databaseExecute sql for best viewed productsPrint the recordsClose database connection
2.2 Generate Products Purchased ReportConnect to Product Inventory databaseExecute sql for items purchased in a weekly (or monthly) basisPrint the recordsClose database connection
2.3 Generate Customer Orders Total ReportConnect to Product Inventory databaseExecute sql for customer orders total reportPrint the recordsClose database connection
2.4 Generate Accounting ReportConnect to databaseExecute sql for Accounting ReportPrint the recordsClose database connection
3.1 Backup DataConnect to databaseBackup data to a fileClose database connectionCheck if medium existsSave file to medium
Page | 97
3.2 Restore DataOpen databaseRestore data from a fileClose database connection
Data Dictionary
EntitiesAuditor: An agent in charge of inspecting financial statements of Chinguun-TulgaCredit Card Company: Financial institution used in credit card purchase by customerCustomer: Customer of Chinguun-Tulga Office Supply StoreEmployee: Owner Mrs. Sarangerel Chuluunbaatar and three other employeesPublic: Customers that do not have profile with Chinguun-Tulga’s websiteShipping Agent: Employees and the owner of Chinguun-Tulga
Processes:Process Order: A process that executes the credit card transactions between the purchasers, the bank, and the system.Process Generate Report: A subsystem that is responsible for creation of necessary reports.Process Backup/Restore Data: A process that creates backup of database information for storage on separate medium.
Flows
Accounting Report: Bookkeeping information that is generated by report generation subsystem for presentation to auditorsAll Data: All information in Customers and Product Inventory database will be backed up to Backup Database for an emergency purpose.Browse Products: Customer and general public can list and view the desired products from the database.Cart Item: Once the product is selected it to the shopping cart. Cart items may be altered (remove or add) later.Cart Item ID: When customer views his/her shopping cart, selected products will be shown with its unique ID number. To change the product, a customer can enter the unique ID number of another product.Credit Card: In order to use the credit card, 16-digit credit card numbers are sent to the credit card processing institute for authentication.Credit Card Payments: To complete the transaction, a customer enters the credit card number in the checkout form.
Page | 98
Credit Card Status: Credit card processing institute processes the card and sends the status of the card to checkout system.Customer Account Info: Customer creates a profile with his/her title, first name, last name, contact information, and login information. As soon as the account is setup an email is sent to the customer with account login information.Customer Information: All customer information is saved to the Customers database.Customer Order: After the credit card is authenticated, the check-out order is completed. This data will be recorded in the Customer Orders database.Customer Orders Total Report: Output of Generate Customer Orders Total process.Data: Information retrieved from database for report generation subsystem.Denial: Notice to customer from system of payment rejection.Item Details: Data that is retrieved from product inventory database when customers browse catalogue.Items Sold Report: Output of Generate Items Sold ReportPayment: Payment from customer via bank systemPayment Data: Data from Process order to Customers databasePayment Notification: A notice from bank indicating payment has been receivedPersonal info: Information that is used to create a profile from public.Product ID: Unique number that identifies each and all products that listed in the catalogue.Product Info: Information that relates to certain product is loaded from the database for customers to viewProduct Inventory Data: All data that are used to create reportsProducts Viewed Report: Output of Generate Best Viewed Report processProducts Purchased Report: Output of Generate Products Purchased Report processQuantity Data: A data that updates Product Inventory database as the customer completes an orderRequest Restore: Employee prompted request for restoration of information in backup databaseRequest Inventory Info: Employee’s request to create report for remaining inventorySales Receipt: Receipt is sent to the customer after each completed transactionShipping Request: Shipping agent receives request to deliver products that are just purchased.Username and Password: Login information that is used to create profile; if the profile already exist the username and password are used to view customer’s account.
Page | 99
Data Store Design
Entity Relationship Diagram (ERD)
In the Systems Requirements Document, the ERD (shown below) is the very simple level of the entity relationship diagram.
In the Design Document, all the tables are described and normalized up to the third normal form. Primary keys such as the product IDs are used to uniquely identify the records. All the products have fields that can be updated by the website administrator.
Page | 100
Database Schema
CREATE TABLE `customers` ( `customers_id` INTEGER(5), PK `customers_gender` CHAR(1), `customers_firstname` VARCHAR (32), `customers_lastname` VARCHAR (32), `customers_dob` DATETIME, `customers_email_address` VARCHAR(96), `customers_default_adress_id` INTEGER (5), `customers_telephone` VARCHAR(32), `customers_fax` VARCHAR(32), `customers_password` VARCHAR(40) );
CREATE TABLE `customers_info` ( `customers_info_id` INTEGER(5), PK, FK `customers_info_date_of_last_logon` DATETIME, `customers_info_number_of_logons` INTEGER(5), `customers_info_date_account_created` DATETIME, `customers_info_date_account_last_modified` DATETIME );
CREATE TABLE `customers_basket` ( `customers_basket_id` INTEGER(5), PK `customers_id` INTEGER (5), FK1 `products_id` TEXT, FK2 `customers_basket_quantity` INTEGER(2), `final_price` NUMBER, `customer_basket_date_added` VARCHAR(8) );
CREATE TABLE `customers_basket_attributes` ( `customers_basket_attributes_id` INTEGER(5), PK `customers_id` INTEGER(5), `products_id` INTEGER(5), `products_options_id` INTEGER(5), `products_options_values_id` INTEGER (5) );
Page | 101
CREATE TABLE `manufacturers` ( `manufacturers_id` INTEGER (5), PK `manufacturers_name` VARCHAR(32), `manufacturers_image` VARCHAR(64) );
CREATE TABLE `orders_products` ( `orders_products_id` INTEGER (5), PK `orders_id` INTEGER (5), FK1 `products_id` INTEGER (5), FK2 `products_name` VARCHAR(64), `products_price` NUMBER, `final_price` NUMBER, `products_quantity` INTEGER (2) );
CREATE TABLE `orders` ( `orders_id` INTEGER (5), PK `customers_id` INTEGER (5), FK1 `customers_name` VARCHAR(64), `customers_street_address` VARCHAR(64), `customers_district` VARCHAR(32), `customers_city` VARCHAR(32), `customers_postcode` VARCHAR(10), `customers_state` VARCHAR(32), `customers_country` VARCHAR(32), `customers_telephone` VARCHAR(32), `customers_email_address` VARCHAR(96), `delivery_name` VARCHAR(64), `delivery_street_address` VARCHAR(64), `delivery_district` VARCHAR(32), `delivery_city` VARCHAR(32), `delivery_postcode` VARCHAR(10), `delivery_state` VARCHAR(32), `delivery_country` VARCHAR(32), `payment_method` VARCHAR(12), `cc_type` VARCHAR(20), `cc_owner` VARCHAR(64), `cc_number` VARCHAR(32), `cc_expires` VARCHAR(4), `date_purchased` DATETIME,
Page | 102
`shipping_cost` NUMBER, `shipping_method` VARCHAR(32), `orders_status` VARCHAR(10), `orders_date_finished` DATETIME );
CREATE TABLE `products` ( `products_id` INTEGER (5), PK `productcs_model` VARCHAR (12), `products_image` VARCHAR (64), `produtcs_price` NUMBER, `products_weight` NUMBER, `products_status` SMALLINT (1) );
CREATE TABLE `products_description` ( `products_id` INTEGER (5), PK, FK `products_name` VARCHAR (64), `producst_url` VARCHAR (255) );
Page | 103
Form
In order for customers to purchase products from Chinguun-Tulga’s website, they need to be registered first. The form shown below is used to collect customer’s information. Once the customer creates an account, he or she will be able to proceed with the check-out process.
Page | 104
III. Environmental Requirements
In order to implement the new system, the following environmental requirements need to be met:
- Purchase of a desktop computer (or laptop), - Internet connection,- Domain name, and- A server to host the website
Since this project is a web based project, the Internet connection is the first thing that is required to accommodate the connectivity of the website to the customers and the Chinguun-Tulga Office Supply Store. It has its advantages: from anywhere at any time, the owner of Chinguun-Tulga can access the back-end website and be able to modify store-front by adding/removing new products. The connectivity to the Internet will remain the responsibility of the owner of Chinguun-Tulga, and the average cost of the Internet service in Ulaanbaatar is $30 (ranges from $15 to $50) per month. The main hardware component of the system will be a desktop computer (or a laptop), at a cost of $400 ($800 for laptop), and it is heavily used to maintain the website. A printing device may be needed, as reports will be generated in a weekly, monthly, and quarterly basis. Chinguun-Tulga will also need a digital photo camera to post the pictures of the products on the website, and there may also be a need for photo editing software such as Photoshop CS3, or simply PhotoFiltre Studio.
Domain name will be needed to access the website. Most Mongolian websites use .MN top level domain extensions; however, the fee for this type of extension is almost ten times higher than .COM, .NET extensions. If the website is hosted through some U.S. based website hosting providers, there is a good chance that domain name might be included for free. Also, the web site will load quickly. The choice of .MN, .COM, .NET domain name extensions will be further analyzed in the cost-benefit analysis in the chosen scenario.
The server to host the website will be running in Linux. It will provide the Apache, PHP, and MySQL mainframe to support the store-front and the back-end of the website.
Security concerns will also be addressed. Credit card transaction flows will be occurring behind a secure HTTPS connection, and the information exchanged on the server will be hashed using SSL certificate. Secure authentication will also prevent unauthorized access into the server using administrative account(s). The administrator’s directory on the web, will be accessible using a username and password. The system will take about three months to implement, and once the website is running some training will be needed for administrator of the system.
Page | 105
IV. Alternatives
There may be many options that are available to create an online shopping website. Basic methods for creating e-commerce site include Ready-To-Use package, E-Commerce Software, and an Open-Source Solution. Some companies offer the Ready-To-Use package which suggests the simplest way to run business online through their own web template and payment processing system. With this method, setting up the site can be extremely simple and easy; however the fees associated are high. Another way to run an online business is to buy shopping cart software. This method is less costly than Ready-To-Use method, but setting up the store-front can be more complicated. The last method is to use open-source codes to create an online store. Compared to the other two methods, open-source solution involves minimal cost; however, setting up the store-front is not simple and it might take some time. For each alternative, I found a solution package and compared all of them in terms of cost to implement:
Scenario 1: Ready-To-Use Package: 1&1 eShopsScenario 2: Ready-To-Use Package: Network SolutionsScenario 3: E-commerce software: VP-ASPScenario 4: Open-Source e-commerce solution: OS Commerce
Scenario 1: Ready-To-Use Package: 1&1 eShops
1and1.com offers a complete eShop solution tailored to meet online business model. They offer three types of packages: Business eShop (for products up to 50) for $9.99/month, Professional eShop (for products up to 200) for $29.99/month, and Developer eShop (for unlimited products) for $49.95/month. Since Chinguun-Tulga has less than 200 types of products, the second package can be used, which is the Professional eShop solution. After the website is set up and the staff is trained, Chinguun-Tulga should be able to handle routine maintenance task without my assistance. The following is the cost analysis of this scenario.
CostDesktop Computer (exists already) $0.00Digital Camera (exists already) $0.00Printer (exists already) $0.00Internet Access (12 months at $30) $360.00Package Price (12 months at $29.99) $359.88Hosting Fee & Domain (12 months at $3.99) $47.88Setup Fee 0.00 Total Initial Cost $767.76
For this scenario, the annual maintenance cost will come to $768, including the Internet access ($360/yr), package fees ($36o/yr), and the hosting fees ($48/yr).
Page | 106
Scenario 2: Ready-To-Use Package: Network Solutions
NetworkSolutions.com is another complete e-commerce website solution provider. They offer two types of packages: Standard e-commerce for $49.95/month, and Pro e-commerce for $99.95/month. They also charge one time setup fee for both packages: $49 for the first choice and $99 for the other. According to the 2007 Shopping Cart Software Report, Network Solutions ranked in the top three, and they allow up to 100,000 different products to be sold online. There are benefits such as free domain name, 24/7 real person customer service, and secure 128-bit HTTPS/SSL encryption from this vendor. If this alternative is used for this project, the following would be the cost analysis of this scenario.
CostDesktop Computer (exists already) $0.00Digital Camera (exists already) $0.00Printer (exists already) $0.00Internet Access (12 months at $30) $360.00Package Price ($99.95/month) $1,199.40One Time Setup Fee $99.00 Total Initial Cost $1,658.40
For this scenario, the annual maintenance cost will come to about $1,560, including the Internet access ($360/yr) and the package fees ($1200/yr).
Scenario 3: E-commerce software: VP-ASP Shopping Cart
VPASP.com provides quite a feasible e-commerce software package. They offer three types of software packages: Value (for $2450, Plus (for $375), and Deluxe (for $495). They also offer hosting services for $20 - $50 per month. The benefits for this package include 5 free domain names (choice of: .com, .net, .org, .biz, .info), gift certificate and order tracking feature, and a dedicated SSL security. If this alternative is used for this project, the following would be the cost and benefit analysis of this scenario.
CostDesktop Computer (exists already) $0.00Digital Camera (exists already) $0.00Printer (exists already) $0.00Internet Access (12 months at $30) $360.00VP ASP Plus Package $375.00Gold Hosting Plan (annual) $385.00 Total Initial Cost $1,120.00
For this scenario, the annual maintenance cost will come to $745, including the Internet access ($360/yr) and the gold hosting plans ($385/yr).
Page | 107
Scenario 4: Open-source solution: OS Commerce
OScommerce.com offers an open source solution for online shops. As of September 2007, there are 12,666 online shops that utilize OSCommerce’s open-source solution. This scenario does not require high expenses but setting up the store-front may be not as simple as what the other alternatives have to offer. The following is the cost analysis of this scenario.
CostDesktop Computer (exists already) $0.00Digital Camera (exists already) $0.00Printer (exists already) $0.00Internet Access (12 months at $30) $360.00OS Commerce Package Price $0.00Hosting Fee (through 1and1.com at $4/month) $48.00SSL certificate (from 1and1.com) $49.00Payment Gateway Setup (2CheckOut.com) $49.00 Total Initial Cost $506.00
It is clear to see that Scenario 4, OS Commerce Open-Source Solution, offers the least expensive method to implement this project. The only initial costs associated with this scenario are the Internet access, web hosting, SSL certificate, and a one-time payment gateway setup fees. After that, the average annual maintenance cost will come to $428.00. It should also be noted that I, Bilguun Ginjbaatar, am willing to work on this project for Chinguun-Tulga free of charge to set up the store front.
Since we know what the cost is going to be, let’s discuss the possible benefits of this scenario. They are:
BenefitsIntangible Benefits:- New and much more improved business environment- Easy administration & e-commerce solution- New customers
Tangible Benefits:- Included Free Domain Name (choice of .com, .net, .info) from 1and1.com - 300GB monthly transfer volume, 10GB web space from 1and1.com - Secure back-end website that allows add/remove products online- Professional front-end website- Automated computer sale system - Increase in sales by 5-10% ($1,000)- No need for hiring additional staff ($800)- Possible Marketing Plan: partnering with other Mongolian websites and banner
exchange to attract more customers
Page | 108
Online sales are estimated to bring additional 5-10% sales to Chinguun-Tulga’s physical store sales. The store’s annual sales range from $20,000 to $30,000. In addition, we have been experiencing fast growing internet users in Mongolia in the last five years. According to the data provided by the Mongolian National Statistics Office, over ten percent of the Mongolians are using the Internet in their daily lives at present. Thus, we expect that through their online shopping website, Chinguun-Tulga will earn at least $1,000 (5 percent of $20,000) a year, or perhaps even more as Mongolian Internet users increase.
There are other benefits. For example, if the physical store operated for 24/7 to provide the same service as the online shopping site, there would be a need for additional staff that would cover the night shifts. Chinguun-Tulga would have to pay an annual salary of $800 (12 months at ₮80,000 Mongolian Tugriks per month). Thus, by not hiring additional staff for 24/7 store operation, Chinguun-Tulga is saving $800 each year.
With all of the benefits above being taken into consideration, we derive the following cost-benefit analysis.
Scenario 4: " Open-source Solution: OS Commerce "
Year
CostsCumulative
CostsBenefits
Cumulative Benefits
0 $ 506 $ 506 $ 1,800 $1,800 1 $ 457 $ 963 $ 1,800 $3,600 2 $ 457 $ 1,420 $ 1,800 $5,400 3 $ 457 $ 1,877 $ 1,800 $7,200 4 $ 457 $ 2,334 $ 1,800 $9,000
(NOTE: Each year, Chinguun-Tulga will spend $360 on the Internet Access, $48 on web hosting fees, and $49 on a 256-bit encryption SSL certificate that is provided by 1and1.com. The benefits are derived by adding up the estimated increase in sales and savings from not hiring extra staff. Each year, the increasing number of online customers will increase the sales and bring incremental revenues to Chinguun-Tulga.)
Payment Gateway Options for Scenario 4
For OSCommerce package there are many possible payment options. Encrypted customer order information will be transmitted to the payment processing third party website. The following are the payment options:
Non-Online PaymentsCash on Delivery - payment received upon delivery. Check/ Money Order – payments sent to Chinguun-Tulga in a check format.
Online third parties:
Page | 109
Authorize.net: With Internet merchant account from Merchant Accounts Express: no set-up/license fee, no transaction fee, monthly gateway fee $19.95 (through MerchantExpress.com);
ChronoPay: Requires getting a quote depending on the business volume.PayPal: No set-up fee; discount rate 2.9% + $.30 per transaction; chargeback
protection, no long term contract required;PayQuake: set-up fee $295, no annual fee, transaction fee $.50, monthly service fee
$29;2CheckOut.com: One time set-up fee $49, no monthly fee, discount rate 5.5% plus
$.45 per transaction;WorldPay: Set-up Fee £200, monthly fee £30, per-transaction charge: discount rate
3.75% - 4.5%, reverse transaction fee: £10.
Cash on delivery, check/money order, and online payments from PayPal and 2CheckOut.com are the suggested methods for Chinguun-Tulga to receive payments. The most advantageous online gateway could be Paypal since they do not require a long term contract and charge a low rate and low transaction fees. For example, you’ll pay $3.20 on a $100 transaction. The second best online option could be 2CheckOut.com because they require only one time fee of $49, and after that Chinguun-Tulga will be charged 5.5% plus $.45 per transaction. For instance, you’ll pay $5.95 on a $100 transaction.
Feasibility
Scenario 3 (VP-ASP) and scenario 4 (OS Commerce) are operationally and economically feasible. On the other hand, scenario 1 (1&1 eShops) and scenario 2 (Network Solutions) are not feasible due to their high initial cost. Both scenario 1 and scenario 2 focus on readily available service that requires little training/knowledge of online shop developeing experience, and majority of the total cost consists of service and hosting plan fees. In scenario 3, licensed shopping cart software is used. Although the cost maybe relatively lower than ready-to-use package, there is a less expensive alternative, which is open-source solution. Scenario 4 focuses on open-source solution; however, with this method Chinguun-Tulga will face a lot of manual work. The main advantage of open-source solution would be the minimal initial and maintenance cost of e-commerce website. Once the website is operational and running the benefits will be seen very quickly.
V. Recommendation
From the findings, it can be concluded that even though two scenarios (3 and 4) are practicable, Scenario 4 (Open Source Solution: OS Commerce) has identified a more efficient and effective feasibility. The starting cost is the lowest and the benefits will be seen as soon as the website is operational. For this project, I highly recommend using scenario 4, OSCommerce Open-Source solution.
Page | 110
VI. Project Schedule
Page | 111
Appendix A
Website Architecture
Front-End Site Architecture
Page | 113
Catalog
Languages
My AccountCreate
Account (If new)
Login(If existing)
Account History
Edit My AccountEdit Account InfoEdit My
AddressChange
My Passw
ordMy
Orders
Email Notificati
ons
Subscribe
/Unsubscribe from NewslettersEdit
Product
Notifications
Cart CheckoutDelivery
Information
Payment Informatio
n
Confirmation
Finish
Categories
Binders
Staplers
Hole Punchers
Tapes
Paper Clips &
Pins
Note Pads
Document Organizers
Calculators
Document Shredders
Desk Accessorie
s
Markers
Magnifying Glasses
Erasers and Lead
Refills
Pens and Pencils
Manufacturers What’s New?
Product Info
Reviews
Add to Cart
Quick Find InformationShipping
and Returns
Privacy Notice
Condition of Use
Contact Us
Screen Shot: Front-End
http://www.chinguun-tulga.com/catalog
Page | 114
Back-End Site Architecture
Page | 115
Screen Shot: Back-End
http://www.chinguun-tulga.com/catalog/admin
Before Login
Page | 116
Administration(must login)
Administration
Configuration
Administrators
My Store
MinimumValues
MaximumValues
Images
CustomerDetails
Shipping/Packaging
ProductListing
Stock
Logging
Cache
E-mailOptions
Sessions
Catalog
Categories/Products
ProductsAttributes
Manufacturers
Reviews
Specials
Products Expected
Modules
Payment
Shipping
OrderTotal
Customers
Customers
OrdersCreate
Invoice or Packing
Slip
Locations/Taxes
Countries
Zones
Tax Zones
Tax Classes
Tax Rates
Localization
Currencies
Languages
OrdersStatus
Reports
ProductsViewed
ProductsPurchased
CustomersOrders total
Tools
DatabaseBackup
BannerManager
CacheControl
DefineLanguages
FileManager
SendE-mail
NewsletterManager
ServerInfo
Who’s Online
After Login
Page | 117
Appendix B
ERD and Database Tables
Page | 118
Entity Relationship Diagram
Tables
Table: ADDRESS_BOOK
Relationships:ADDRESS_BOOK CUSTOMERS: CUSTOMERS_ID = CUSTOMERS_IDADDRESS_BOOK COUNTRIES: entry_country_id = countries_id
ADDRESS_BOOK ZONES: entry_zone_id = zone_id
Table: ADDRESS_FORMAT
Relationships:ADDRESS_FORMAT ORDERS: address_format_id = customers_address_format_id
address_format_id = delivery_address_format_id
Table: ADMINISTRATORS
Page | 120
Table: CATEGORIES
Relationships:CATEGORIES CATEGORIES: categories_id = parent_idCATEGORIES PRODUCTS_TO_CATEGORIES: categories_id = categories_idCATEGORIES CATEGORIES_DESCRIPTION: categories_id = categories_id
Table: CATEGORIES_DESCRIPTION
Relationships:CATEGORIES CATEGORIES_DESCRIPTION: categories_id = categories_idCATEGORIES LANGUAGES: languages_id = languages_id
Table: CONFIGURATION
Page | 121
Relationships:CONFIGURATION CONFIGURATION_GROUP: configuration_group_id = configuration_group_id
Table: CONFIGURATION_GROUP
Relationships:CONFIGURATION_GROUP CONFIGURATION: configuration_group_id = configuration_group_id
Table: COUNTER
Table: COUNTER_HISTORY
Table: COUNTRIES
Relationships:COUNTRIES ADDRESS_BOOK: countries_id = entry_country_idCOUNTRIES ZONES: countries_id = entry_country_id
Page | 122
Table: CURRENCIES
Table: CUSTOMERS
Relationships:CUSTOMERS REVIEWS: customers_id = customers_idCUSTOMERS WHOS_ONLINE: customers_id = customer_idADDRESS_BOOK CUSTOMER: customers_id = customers_idCUSTOMERS ORDERS: customers_id = customers_idCUSTOMERS CUSTOMERS_INFO: customers_id = customers_idCUSTOMERS CUSTOMERS_BASKET: customers_id = customers_idCUSTOMERS CUSTOMERS_BASKET_ATTRIBUTES: customers_id = customers_id
Page | 123
Table: CUSTOMERS_BASKET
Relationships:CUSTOMERS CUSTOMERS_BASKET: customers_id = customers_idCUSTOMERS_BASKET PRODUCTS: products_id = products_id
Table: CUSTOMERS_BASKET_ATTRIBUTES
Relationships:CUSTOMERS CUSTOMERS_BASKET_ATTRIBUTES: customers_id = customers_idCUSTOMERS_BASKET_ATTRIBUTES PRODUCTS: products_id = products_idCUSTOMERS_BASKET_ATTRIBUTES PRODUCTS OPTIONS: products_id = products_idCUSTOMERS_BASKET_ATTRIBUTES PRODUCTS OPTIONS_VALUES: products_options_value_id = products_options_value_id
Table: CUSTOMERS_INFO
Page | 124
Relationships:CUSTOMERS CUSTOMERS_INFO: customers_id = customers_id
Table: LANGUAGES
Relationships:LANGUAGES MANUFACTURERS_INFO: languages_id = languages_idLANGUAGES REVIEWS_DESCRIPTION: languages_id = languages_idLANGUAGES CATEGORIES_DESCRIPTION: languages_id = languages_idLANGUAGES PRODUCTS_DESCRIPTION: languages_id = languages_idLANGUAGES PRODUCTS_OPTIONS: languages_id = languages_idLANGUAGES PRODUCTS_OPTIONS_VALUES: languages_id = languages_id
Table: MANUFACTURERS
Relationships:MANUFACTURERS MANUFACTURERS_INFO: manufacturers_id = manufacturers_idPRODUCTS MANUFACTURERS_INFO: products_id = products_id
Table: MANUFACTURERS_INFO
Page | 125
Relationships:MANUFACTURERS MANUFACTURERS_INFO: manufacturers_id = manufacturers_idMANUFACTURERS_INFO LANGUAGES: languages_id = languages_id
Table: NEWSLETTERS
Table: ORDERS
Page | 126
RelationshipsCUSTOMERS ORDERS: customers_id = customers_idORDERS ADDRESS_FORMAT: delivery_address_format_id = address_format_id
customers_address_format_id = address_format_idORDERS ORDERS_PRODUCTS: orders_id = orders_idORDERS ORDERS_PRODUCTS_ATTRIBUTES: orders_id = orders_idORDERS_TOTAL ORDERS: orders_id = orders_id
Table: ORDERS_PRODUCTS
Page | 127
RelationshipsORDERS ORDERS_PRODUCTS: orders_id = orders_idPRODUCTS ORDERS_PRODUCTS: products_id = products_id
Table: ORDERS_PRODUCTS_ATTRIBUTES
RelationshipsORDERS ORDERS_PRODUCTS_ATTRIBUTES: orders_id = orders_id
Table: ORDERS_STATUS
RelationshipsORDERS_STATUS ORDERS_STATUS_HISTORY: orders_status_id = orders_status_id
Page | 128
Table: ORDERS_STATUS_HISTORY
RelationshipsORDERS_STATUS ORDERS_STATUS_HISTORY: orders_status_id = orders_status_id
Table: ORDERS_TOTAL
RelationshipsORDERS_TOTAL ORDERS: orders_id = orders_id
Table: PRODUCTS
Page | 129
RelationshipsPRODUCTS PRODUCTS_DESCRIPTION: products_id = products_id
PRODUCTS PRODUCTS_TO_CATEGORIES: products_id = products_idPRODUCTS REVIEWS: products_id = products_idPRODUCTS SPECIALS: products_id = products_idPRODUCTS TAX_CLASS: tax_class_id = products_tax_class_idPRODUCTS MANUFACTURERS: manufacturers_id = manufacturers_idPRODUCTS CUSTOMERS_BASKET: products_id = products_idPRODUCTS CUSTOMERS_BASKET_ATTRIBUTES: products_id = products_idPRODUCTS ORDERS_PRODUCTS: products_id = products_idPRODUCTS PRODUCTS_ATTRIBUTES: products_id = products_id
Table: PRODUCTS_ATTRIBUTES
RelationshipsPRODUCTS PRODUCTS_ATTRIBUTES: products_id = products_id
PRODUCTS_ATTRIBUTES PRODUCTS_OPTIONS: options_id = products_options_idPRODUCTS_ATTRIBUTES PRODUCTS_OPTIONS_VALUES:
options_values_id = products_options_values_id
Table: PRODUCTS_DESCRIPTION
Page | 130
RelationshipsPRODUCTS PRODUCTS_DESCRIPTION: products_id = products_idLANGUAGES PRODUCTS_DESCRIPTION: language_id = language_id
Table: PRODUCTS_NOTIFICATION
RelationshipsPRODUCTS PRODUCTS_NOTIFICATION: products_id = products_idPRODUCTS_NOTIFICATION CUSTOMER: customers_id = customers_id
Table: PRODUCTS_OPTIONS
RelationshipsPRODUCTS_OPTIONS PRODUCTS_ATTRIBUTES: products_id = products_id
PRODUCTS_OPTIONS CUSTOMERS_BASKET_ATTRIBUTES: products_id = products_id
PRODUCTS_OPTIONS LANGUAGES: languages_id = languages_id
Table: PRODUCTS_OPTIONS_VALUES
Page | 131
RelationshipsPRODUCTS_OPTIONS_VALUES PRODUCTS_ATTRIBUTES: products_options_value_id = options_values_idPRODUCTS_OPTIONS_VALUES CUSTOMERS_BASKET_ATTRIBUTES: products_options_value_id = products_ options_values_idPRODUCTS_OPTIONS_VALUES LANGUAGES: language_id = language_id
Table: PRODUCTS_TO_CATEGORIES
RelationshipsPRODUCTS_TO_CATEGORIES PRODUCTS: products_id = products_idPRODUCTS_TO_CATEGORIES CATEGORIES: categories_id = categories_id
Table: REVIEWS
RelationshipsREVIEWS PRODUCTS: products_id = products_idCUSTOMERS REVIEWS: customers_id = customers_idREVIEWS REVIEWS_DESCRIPTION: reviews_id = reviews_id
Table: REVIEWS_DESCRIPTION
Page | 132
RelationshipsREVIEWS REVIEWS_DESCRIPTION: reviews_id = reviews_idREVIEWS_DESCRIPTION LANGUAGES: languages_id = languages_id
Table: SESSIONS
Table: SPECIALS
RelationshipsSPECIALS PRODUCTS: products_id = products_id
Table: TAX_CLASS
RelationshipsTAX_RATES TAX CLASS: tax_class_id = tax_class_idTAX_CLASS PRODUCTS: tax_class_id = products_tax_class_id
Table: TAX_RATES
Page | 133
RelationshipsTAX_RATES ZONES: tax_zone_id = zone_idTAX_RATES TAX CLASS: tax_class_id = tax_class_id
Table: WHOS_ONLINE
RelationshipsWHOS_ONLINE CUSTOMERS: customers_id = customers_id
Table: ZONES
RelationshipsZONES COUNTRIES: zone_country_id = countries_idZONES ADDRESS_BOOK: zone_id = entry_zone_idTAX_RATES ZONES: tax_zone_id = zone_id
Page | 134
Page | 135
