Help Request for our Webshop

Joachim Steiger roh at openmoko.org
Mon Sep 24 00:25:46 CEST 2007 

Krzysztof Kajkowski wrote:
> 2007/9/23, Dr. H. Nikolaus Schaller <hns at computer.org>:
>> The "standard" Open Source Web Shop is OSCommerce (http://
>> www.oscommerce.com/).
>>
>> The only requirements it does not solve are
>> * it is witten in PHP
>> * it has its own database model
> 
> Hi! Recently I'm running a one-person project on oscommerce and the
> deeper I get inside the code the more I see what a piece of ugly
> written software this is... Each file is a  mixture  of HTML, PHP and
> even SQL. There are no templates, no MVC nor other model, code is
> buggy, unmaintened and uses PHP classes like tables. It's a software
> that stuck in time five years ago... I would never do anything in
> oscommerce again.
> 
> regards
> 
> cayco

thanks for that abstract. i couldn't say it better.
in fact we had developed a web shop even before the gta01 sales started
and in the end put it into a deep, black hole.
yes it was based on oscommerce, but as soon as you tried to get it
maintainable or even secure, every competent person does run away or is
not ready to take any responsibility.

for example: oscommerce does not run with register globals off.

everybody with even a glimpse of clue about php should now know that
this is totally unacceptable to run and use when you have respect for
your users and feel some kind of responsible not to put their cc data
into an sql-db which gets read out from obviously unmaintainable php.

so please spare us further mails with 'why no oscommerce' 'why no php'

there are 4 major important facts for you to know:
- it has to be secure by concept. not only by clean work.
- it has to be maintainable code. which means less is sometimes more (we
do not believe in paying by lines of code)
- it has to perform. which does not mean we rule out scripting languages
- the code has to and will be audited before put into use by a
professional team who knows all the stuff a usual webcoder gives them..
so beware ;)

this mail should de-motivate anybody. but i think it is important that
we already took a punch at it and got a bloody nose.
we really know what we want and what we don't, now.

--

roh

More information about the community mailing list