PerlShop^TM Manual
(version 4.3)

This manual pertains to the Perlshop 4.3 cart that comes with your W3U virtual web hosting account.  For more information about Perlshop 4.3 visit WaveRiderSystems.  Print out a copy of this manual and use it to check off each step as you complete it.  You can view the original Perlshop 3.1 manual at Arpanet.

||  More About Perlshop  ||

Table of Contents:

1. Overview
2. Upgrading from a prior version
3. Installing the Script
4. Editing the ps.cfg configuration file
   1. Server Customization
   2. Company Customization
5. Creating the Catalog Pages
   1. Catalog Page Format
   1. Entering the store
   2. Server Independence
   3. Built-in Navigation tags
   4. Custom Navigation tags
      1. Navigation using Forms
      2. Navigation using Links
   5. Single Item Selection Forms
   6. Multiple Item Selection forms
   7. Optional Tags
   8. Order of Html Tags
   2. Automating Catalog Page Creation
   • Appendix
     1. Security
        1. File Security
        2. Transaction Security
     2. Cookies
     3. Online Payment Methods
        1. First Virtual
        2. SecureOrder
     4. Debugging
     5. Output File Formats
        1. Customer File
        2. Order File
        3. Log Files
           1. Page Hits File
           2. Search Hits File
     6. Requirements

   ---

   Overview

   PerlShop is a shopping cart program that displays a catalog that is embedded in static html pages using hidden form field tags. You can use any design for your catalog pages (sample catalog pages, more sample catalog pages, and still more sample catalog pages).  PerlShop will only add navigational menu bars and buttons when it displays the pages.

   A unique order number is assigned to each user upon entering the store. The order number is used to keep track of the state of each user's transactions and is saved across each user's session using hidden fields. Cookies can be optionally enabled to let shoppers return later to finish an order.

   PerlShop was designed from the beginning with security in mind. Please read the security section below to make sure you understand how to properly implement the security features before you start accepting orders.
   

   Upgrading from a prior Version

   Your W3U virtual web hosting account comes configured with an operational version of Perlshop, version 4.3.0.  The most recent version of Perlshop can be downloaded from WaveRiderSystems.com 

   Installing the Script

   1. For W3U web hosting accounts, your Perlshop script (perlshop.cgi) is installed in your scripts/shop43 directory and is completely operational. If you wish to test the shop cart, point your web browser to, http://www.yourdomainname/scripts/shop43/   If you wish to change the location of the script, see 'Changing the Location of the Perlshop Script'.  If you wish to change the location of your catalog pages, see 'Changing the Location of the Catalog Pages'

   Changing the Location of the Perlshop Script

   To change the shop cart location, you will need experience with (or be willing to learn) ftp, and/or telnet.

   1. If the new shop location directory does not exist, then create it. e.g. if using telnet, at the command line type mkdir 'directory name'.  
   2. Then create all of the directories (and subdirectories) that currently reside in the /shop43 directory.  You can also change the names of the shop cart directories, but you will have to edit the ps.cfg file accordingly.
   3. Set the permissions of all new directories to read-write-execute (e.g. at the command line type chmod 777 'directoryname' (no semi-quote).
   4. Copy (or move) all files that reside in the shop43 and subdirectories of the existing shop cart, to the corresponding new shop directories.  Note:  as a security precaution, an index.html 'warning' file has been added to most of your shop cart directories to prevent web visitors from viewing the contents of those directories.  You can modify the wordage of this file as you deem necessary.
   5. Set the permissions on all .cgi and .pl files to execute (e.g. at the command line type chmod 755 perlshop.cgi)
   6. Test it out by entering 'PerlShop.cgi' at the command prompt, it should display a copyright notice.
   7. Configure the ps.cfg file to reflect the new location of the shop cart (i.e.. change /scripts/shop43 to new directory path).
   8. If you will be enabling the secure server option, make sure to follow completely the instructions under the Transaction Security section below

   Changing the Location of the Catalog Pages

   1. By default your shop cart catalog pages should be placed in the 'scripts/shop43/catalog' directory.  However, you can place your catalog pages in any directory.   Just modify the ps.cfg file to point to the new catalog page location.  For instance if you want to move your catalog pages from the 'catalog' directory to the 'shop43' directory, change the following line in the ps.cfg file from
      $catalog_directory = $curr_dir . 'catalog';
      to,
      $catalog_directory = '/home/sites/site#/web/scripts/shop43' . ''; #change site# to your site number
      or alternatively,
      $catalog_directory = '/home/sites/home/web/scripts' . 'shop43';

   Editing the ps.cfg file

   Server Customization

   Note that most of the variables have already been set to the default values defined in the examples below.

   1. Change the variable '$server_address' to the IP address (or the equivalent domain name, e.g. www.yourname.com) of the server the script will be running on.
   2. Set the variable '$cgi_directory' (the location of the perlshop.cgi script) to the appropriate subdirectory of www.yourname.com . e.g. by default this is '/scripts/shop43'
   3. Set the variable $css_directory = '' (location of your cascading style sheets) and the $script_directory = ''; (location of your .js and .pl scripts) to the appropriate subdirectory of www.yourname.com . e.g. by default this is '/scripts/shop43'
   4. Change the variable '$image_directory' to point to the subdirectory created for your image files (e.g. the default setting is '/scripts/shop43/pics')
   5. To use the secure server option set $use_secure_server = 'yes'; also set $secure_server_domain = 'www.w3u.net/ssl'; and 
      $secure_cgi_directory = '/scripts/shop43';
      $secure_css_directory = '/scripts/shop43';
      $secure_image_directory = '/scripts/shop43/pics';
      $secure_script_directory = '/scripts/shop43';
   6. Set the '$mail_via' variable to 'sendmail'.
          a.)  The location of the sendmail program on the server is '/usr/sbin/sendmail'
   7. If you decide to change the names of the default subdirectory names (e.g. catalog, customers, orders, log, temp_customers, temp_orders, tokens), then you must modify the corresponding variables in the ps.cfg file e.g. see Changing the Location of the Catalog Pages.

   Company Customization

   1. If you wish to include an image at the top of the pages generated by PerlShop, you must change the values of the '$banner' variable, and the associated image attribute variables ($hspace, $vspace, $border, $height, $width, $width, $align). If you do not want to include an image, you must set the value of '$banner' to a null string (e.g. "").
   2. If you wish to include a background image or change the background color of the generated pages, change the value of the '$background' and '$background_color' variables.
   3. Change the '$company_name' variable to the name of your own company.
   4. Change the '$company_address' variable to the address of your own company, each address line must be separated by a '<br>' html tag.
   5. Change the '$company_email' variable to the email address at your company that you will use for catalog related inquiries.
   6. Change the '$mail_order_to' variable to the email address at your company that will receive the emailed order confirmations.
   7. Change the '@accept_payment_by' variable to include the valid methods of payment that your company will accept.
   8. If your company will accept credit card payments, then change the '@valid_credit_cards' variable to include the valid card types your company will accept.
   9. If your company will accept COD payments, then change the '$cod_charge' variable to the value of the amount that will be added to the order for COD shipments.
   10. If your company adds a separate handling charge to each order, change the '$Handling' variable to the amount to be added.
   11. Change the '$Pay_checks' variable to the name of the person or company that checks should be made out to if the order is being paid by check.
   12. If using one of the compatible payment options, then add the appropriate information to that section in the ps.cfg file  e.g.
       • American Express Payflow.
       • Bank of America.
       • Charge.com.
       • E-Commerce Exchange (ECX).
       • First Interstate Financial Services.
       • Merchant Commerce, Inc.
       • National Bankcard Systems (eNBS.com).
       • Network 1 Financial.
       • pay|Net Merchant Services.
       • VeriSign Payment Services (formerly Signio).
       • Wells Fargo Bank.
       • WorldPay.
       • Card Service International
       • On-line payment acceptance via PayPal.
       • and many others.
   13. Change the text of the '$return_policy' and $shipping_policy variable to reflect your own company's policy that will be included at the bottom of each order confirmation.
   14. Change the '$catalog_country' variable to the name of the Country your catalog site is based in.
   15. Change the '$accept_any_country' variable based on whether or not you will accept orders from a country that you have not explicitly listed in the '@Shipping_Rates' table. If you set this variable to 'yes', then you must have an 'OTHER' entry in the '@Shipping_Rates' table.
   16. Change the text of the '$local_currency' and '$local_weight' variables as appropriate for the country your catalog site is based in.
   17. If any of the Items in your catalog will use either the 'Item_weight' or 'Item_option' tags, then you must enter a value for the '$weight_caption' and/or '$item_caption' variables.
   18. Change the '$shipping_type' variable to the method of calculating shipping that your company will use. If you are selling items that are not actually shipped, set the variable to 'none'.
   19. Modify the '@Shipping_Rates' variable to reflect the shipping companies that your company uses, and the rates your company charges.
   20. If your catalog will provide a discount based on the quantity ordered or the total price, then modify the '$discount_type' and '@Discount_Rates' variables appropriately.
   21. Modify the '@Tax_States' variable to include any states for which your company must charge sales tax, and the rate charged.
   22. If you want to allow the shopper to see their orders (i.e. what's in the shopping cart), without leaving the current page after pressing the 'ORDER' button, then you can make that the default mode by setting the '$stay_on_page' variable to 'yes'.
   23. If you want to have the Credit Card # and expiration date included on the merchant's copy of the emailed order confirmation, set $carno_on_email = 'yes', but this can create a security risk, and you must read the security section below first before setting this variable to 'yes'.
   24. If you wish to use your own images instead of the standard html submit buttons, put the respective image file title(s) as the value of the $button_image variable(s), e.g. $button_image{'UPDATE'} = 'upd.gif';

   Creating the Catalog Pages

   1. Catalog Page Format
      Important Note: Every PerlShop html tag MUST be on a line by itself and the ITEM_CODE tag MUST be the last tag before the closing </FORM> tag.
      

      I.)  Entering the store:
      There are two ways to ENTER the store.

      Method I:  Use an html form.
      

      1. <form METHOD=POST ACTION="http://www.yourdomainname/scripts/shop43/perlshop.cgi>
      2. <input TYPE=HIDDEN NAME=ACTION value="ENTER">
      3. <input TYPE=SUBMIT value="Start Shopping">
      4. <input TYPE=HIDDEN NAME=thispage VALUE="page1.html">
      5. <input TYPE=HIDDEN NAME=ORDER_ID VALUE="!ORDERID!">
      6. </form>

      To use an image button to ENTER the shop cart, change the following line,
      <input TYPE=HIDDEN NAME=ACTION value="ENTER">
      to
      <input type=hidden NAME=ACTION value="ENTER">
      <input type=image src=imagename border="0" name="submit">

   Method II:  Use a text hyperlink 
   e.g. <a href="http://www.com/perlshop.cgi?ACTION=ENTER&thispage=page1.html&ORDER_ID=!ORDERID!">Descriptive Name</a>

   (NOTE: You can not use the !MYURL! option for the ACTION part of the <form...> tag here; see below)

   The text of the Submit button can be anything you like (change the text of the 'VALUE=' for the 'input TYPE=SUBMIT  tag), but the Hidden ACTION tag must have contain: VALUE="ENTER".

   II.)  Server Independence
   Instead of using a hard coded URL on your catalog pages, you can use the !MYURL! and !MYWWW! tags. If you ever move your catalog to another server or domain, you won't have to change all the references to your URL.
   1. !MYURL!
      Use this as the action for a POST or GET tag. For example:
      <form method=post action="!MYURL!">
      <a href="!MYURL!?action=thispage&thispage=page1.html&ORDER_ID=!ORDERID!">
   2. !MYWWW!
      Use this as the URL for non-cgi references (e.g. images). For example:
      <img src="!MYWWW!/images/logo.gif">
      

   Built-in Navigation tags

   Overview
   
   The Perlshop <pstag> has existed since the original versions of Perlshop 3. Perlshop 4 has
   added new optional attributes to this tag, and has extended the capabilities of the original
   attributes. 
   
   Tag Placement
   
   Due to limitations in the Perlshop 3/4 catalog page file parser, the following limitations exist
   for the <pstag> text: 
   
   a.)  The <pstag> must be the very first line of the catalog page file. 
   b.)  There is no limit to the length of the text used by this tag, but the tag itself must all be
   on one line. 
   
   Example Use
   
   The <pstag> may be expressed as either an html tag, or as an html comment. The pstag and
   attribute names may be either upper or lower case. Attribute values are case sensitive. 
   
   Example of use as an html tag: 
   
   <pstag prev="prevpage.html" next="nextpage.html" header="on" footer="on">
   
   Example of use as an html comment: 
   
   <!--pstag prev="prevpage.html" next="nextpage.html" header="on" footer="on" -->
   
   The prev attribute
   
   The prev attribute of the pstag is used to generate the Prev Page link at the top of a catalog
   page, and the Prev Page button at the bottom of a catalog page. The following rules apply: 
   
   a.)  If this attribute is not used, no link or button will be produced. 
   b.)  If the file named by this attribute is the same as the name of the catalog page file
   containing the pstag, no link or button will be produced.
   
   i.e. If page1.html was the first page of your catalog, then on page1.html you would use page1.html as the prevpage (the previous page button will not appear on that catalog page).
   
   The next attribute
   
   The next attribute of the pstag is used to generate the Next Page link at the top of a catalog
   page, and the Next Page button at the bottom of a catalog page. The following rules apply: 
   
   a.)  If this attribute is not used, no link or button will be produced. 
   b.)  If the file named by this attribute is the same as the name of the catalog page file
   containing the pstag, no link or button will be produced.
   
   If the last page was page3.html, then on page3.html you would use page3.html as the nextpage attribute (the next page button will not apprar ont that catalog page).
   
   The header attribute
   
   The header attribute works in combination with the $generate_page_header setting from the
   ps.cfg file. The ps.cfg file setting assigns the default operation for all catalog pages. The
   header attribute allows the default value to be overridden for a given page. The rules are: 
   
   a.)  If the pstag header attribute is set to "on", the page header will be generated,
   regardless of the ps.cfg setting. 
   b.)  If the pstag header attribute is set to "off", the page header will not be generated,
   regardless of the ps.cfg setting. 
   
   The footer attribute
   
   The footer attribute works in combination with the $generate_page_footer setting from the
   ps.cfg file. The ps.cfg file setting assigns the default operation for all catalog pages. The
   footer attribute allows the default value to be overridden for a given page. The rules are: 
   
   a.)If the pstag footer attribute is set to "on", the page footer will be generated,
   regardless of the ps.cfg setting. 
   b.)  If the pstag footer attribute is set to "off", the page footer will not be generated,
   regardless of the ps.cfg setting. 
   
   Each page of your catalog that you create can have a tag on the first line of the page that has links to the previous and next pages of the catalog. For example, the tag for the first line of page2 of the catalog would look like:
                     <!--PSTAG prevpage=page1.html nextpage=page3.html -->
   ( If page1.html was the first page, then on page1.html you would use page1.html as the prevpage. If the last page was page3.html, then on page3.html you would use page3.html as the nextpage).
   This tag is optional, and if not using it, you can set the $add_navigation variable to 'no'

   Custom Navigation tags

   You can create a menu navigation system for your catalog by using either a submit button or <a href ...> link for each destination. These buttons or links can appear either on a menu page just after your Catalog Entry Page, or on any of your individual catalog item pages, or both.
   
   1. Using Forms
      Each submit button would have the format shown below (with 'NAME=none' for the SUBMIT tag), but with a different file title for the VALUE of the hidden 'NAME=thispage' tag. For example:
      
      <form METHOD=POST ACTION="!MYURL!">
      <input type=SUBMIT NAME=none VALUE="VCR'S">
      <input TYPE=HIDDEN NAME=thispage VALUE="page1.html">
      <input TYPE=HIDDEN NAME=ORDER_ID VALUE="!ORDERID!">
      </form>
      
      <form METHOD=POST ACTION="!MYURL!">
      <input type=SUBMIT NAME=none VALUE="CAMERA'S">
      <input TYPE=HIDDEN NAME=thispage VALUE="page2.html">
      <input TYPE=HIDDEN NAME=ORDER_ID VALUE="!ORDERID!">
      </form>
      
   2. Using Links
      Each <a href ...> tag would have the following format:
      <a href="!MYURL!?ACTION=thispage&thispage=page1.html&ORDER_ID=!ORDERID!">THISPAGE</a>
      

   Single Item Selection Forms.

   In this format, each individual item for sale in the catalog is contained within it's own html <form>...</form> block. You can have both Single Item and Multiple Item selection forms in the same catalog, and even within the same page. A sample Single Item Selection Form follows with an explanation of each line below it:
   1. <FORM METHOD=POST ACTION="!MYURL!">
   2. <input type="submit" name=dummy value="Press to Order">
   3. <INPUT TYPE=HIDDEN NAME=ACTION VALUE="ORDER">
   4. <INPUT TYPE=HIDDEN NAME=ORDER_ID VALUE="!ORDERID!">
   5. <INPUT TYPE=HIDDEN NAME=ITEM_ID VALUE="12345">
   6. <INPUT TYPE=HIDDEN NAME=ITEM_NAME VALUE="Polish for Dummies">
   7. Polish For Dummies $212.98 <br>
   8. <INPUT TYPE=HIDDEN NAME=ITEM_PRICE VALUE="212.98">
   9. <INPUT TYPE=HIDDEN NAME=thispage value=page1.html>
   10. Qty:<INPUT TYPE=TEXT SIZE=3 MaxLength=3 NAME=QTY VALUE="1">
   11. This book is especially good for beginners. <br>
   12. <INPUT TYPE=HIDDEN NAME=ITEM_CODE value="!ITEMCODE!">
   13. </FORM>

   Description of each line above:

   1. This is the opening form tag with the location of the perlshop.cgi program on your server
   2. This creates a submit button on the catalog page with the text " Press to Order", you can use any text you want to create the button.
   3. This is a hidden field that tells the perlshop script to process the 'ORDER' action command.
   4. This is a hidden field that has a placeholder !ORDERID! that will be replaced automatically by the perlshop script with the actual unique invoice number for this shopping session.
   5. This is a hidden field whose value should be set to item number you have assigned for this catalog item. Each item number must be unique.
   6. This is a hidden field whose value should be set to the name of the item.
   7. This is the name of the item, and the price, as it will appear on the catalog page.
   8. This is a hidden field whose value should be set to the price of the item. The price should be in the format '999999.99' Commas and a leading dollar sign are optional. There is no limit on the actual price of the item.
   9. This is a hidden field whose value should be set to the actual file title of the page that this catalog item is located in.
   10. This is the Quantity field that will appear on the form whose value is the default number of items that will be ordered if a customer orders this item.
   11. This is some descriptive text you can add if the item name does not sufficiently describe the item being ordered.
   12. This is a hidden field that has a placeholder !ITEMCODE! that will be replaced automatically by the perlshop script with a unique digital signature generated for this catalog item and shopping session only
   13. This is the closing form tag.
       

   Multiple Item Selection Forms

   This format allows for ordering multiple items with one press of the 'ORDER' submission button. More than one item is contained within the same html <form>...</form> block. You can have both Multiple Item and Single Item selection forms in the same catalog, and even within the same page. A sample Multiple Item Selection form follows, note that there is only one of each of the 'form', 'submit', 'ORDER_ID', 'ITEM_CODE', and 'thispage' tags.
   
   <FORM METHOD=POST ACTION="!MYURL!">
   <INPUT TYPE=HIDDEN NAME=ITEM_ID VALUE="12348">
   <INPUT TYPE=HIDDEN NAME=ITEM_NAME VALUE="Polish in 623 Days"> Polish in 623 Days $15.98
   <INPUT TYPE=HIDDEN NAME=ITEM_PRICE VALUE="15.98">
   Qty:<INPUT TYPE=TEXT SIZE=3 MaxLength=3 NAME=QTY
   VALUE="0">
   Learn Polish at your own rate.
   
   <INPUT TYPE=HIDDEN NAME=ITEM_ID VALUE="12349">
   <INPUT TYPE=HIDDEN NAME=ITEM_NAME VALUE="Polish in 53 easy lessons">
   Polish in 53 easy lessons $31.98
   <INPUT TYPE=HIDDEN NAME=ITEM_PRICE VALUE="31.98">
   Qty:<INPUT TYPE=TEXT SIZE=3 MaxLength=3 NAME=QTY VALUE="0">
   Easy guide to learning Polish.
   
   <input type="submit" name=dummy value="Press to Order">
   <INPUT TYPE=HIDDEN NAME=ACTION VALUE="ORDER">
   <INPUT TYPE=HIDDEN NAME=ORDER_ID VALUE="!ORDERID!">
   <INPUT TYPE=HIDDEN NAME=thispage value=multi.html>
   <INPUT TYPE=HIDDEN NAME=ITEM_CODE value="!ITEMCODE!">
   </FORM>
   1. Optional Tags
      You can include the standard Server-Side include tags (SSI tags) on your catalog pages, PerlShop will emulate the server and process the SSI tags itself. The variable $allow_ssi_cgi can be set to allow the use of the SSI cgi command to run cgi programs, but this creates a BIG security hole, and should not be enabled unless absolutely necessary AND you know what you are doing!
      
      The following html tags are optional:
      1. WEIGHT
         This 'type=hidden' tag can be used if you want to calculate the shipping charges based on weight. The value of the tag should be the shipping weight of the item. If you want to use this tag, you must change the value of the '$weight_caption' variable (e.g.. $weight_caption="Weight").
      2. TAXTYPE
         This 'type=hidden' tag can be used if some of the items that you sell are taxable, and some are not. The default is to add tax (if you have made an entry in the '@Tax_States' variable), but you can override it for individual items by using a <INPUT TYPE=HIDDEN NAME="ITEM_TAXTYPE"  VALUE="none"> tag.
      3. OPTIONx
         These tags can be used to specify any attributes of the items that you sell. For example, this tag can be used to specify the Color or Size, or any other descriptive attributes of your items. You can have up to three different OPTION tags. If you want to use this tag, you must change the value of the '$option1_caption' variable to the name of the option (e.g. $option1_caption = "Color"), and so on for each option.
         (You can let the user pick the value of the option by creating list boxes, radio buttons, or even through an input field.)
      4. The ITEM_SHIPTYPE tag became available with Perlshop v4.2.08. This tag allows you to
         specify free shipping for any given item in your store. Use of this tag for other shipping
         related information may be added in a future software release. 
         Use
         This ITEM_SHIPTYPE tag is used in very much the same fashion as the
         ITEM_TAXTYPE tag.
         Tag Example:
         <input type=hidden name="ITEM_SHIPTYPE" value="free">
      5. The QTY_MIN and QTY_MAX tags were introduced with limited functionality in
         Perlshop 4.2.07, with full functionality introduced with Perlshop 4.2.08. Unless otherwise
         noted, this document describes the complete function set for these new tags. 
         
         Under normal circumstances, the quantity value for a given item in your store can be any
         number at all. These tags can be used to place limits on the quantity value, allowing you to
         enforce rules like "Only one per customer". 
         
         Examples
         
         The following example shows a catalog item with an enforced quantity range of 2..5:
         
         <form name="demo" method=post action="!MYURL!">
         <input type=hidden name="order_id" value="!ORDERID!">
         <input type=hidden name="item_id" value="item_001">
         <input type=hidden name="item_name" value="Widget 1">
         <input type=hidden name="item_price" value="4.50">
         <input type=hidden name="qty_min" value="2">
         <input type=hidden name="qty_min" value="5">
         <input type=text name="qty" value="0" size=4 maxlength=4>
         <input type=submit name="action" value="Order">
         </form>
         
         Using the tags
         
         The qty_min an qty_max tags are both optional. If either is used, the value of the tag must
         be an integer value greater than 1. If both are used, the value of the qty_max tag should be
         greater than the value of the qty_min tag. Perlshop does no error checking to ensure that
         you have set these values correctly.
         
         How these tags are used by Perlshop
         
         There are two circumstances under which Perlshop 4 will use these tag values. The first
         case is adding new items to a shopping cart. The second case is when the update button on
         the shopping cart screen is used to alter an item quantity.
         
         When adding new items to a shopping cart, Perlshop will check for the presense of qty_min
         and qty_max tags. If the item quantity falls outside the limits specified by these tags, the
         quantity will be altered so that the limits are respected. If the quantity falls below the
         specified minimum, Perlshop will set the item quantity to the specified minimum. If the
         quantity falls above the specified maximum, Perlshop will set the item quantity to the
         specified maximum. If either of these conditions occurs, an error message will be displayed
         above the shopping cart display that informs the customer of the adjusted quantity value. 
         
         Similar behavior will occur when using the quantity update button on the shopping cart
         display screen. 
         
         A special case exists for the quantity update button when the qty_max value is set to the
         value -1. In this case, the quantity value will be displayed without using a quantity box for
         that item. This is useful for situations in which a fixed quantity must be used for a given item. 
         
         More Examples
         
         This example shows a catalog item with an enforced upper quantity limit of 10:
         
         <form name="demo" method=post action="!MYURL!">
         
         <input type=hidden name="order_id" value="!ORDERID!">
         <input type=hidden name="item_id" value="item_002">
         <input type=hidden name="item_name" value="Widget 2">
         <input type=hidden name="item_price" value="4.50">
         <input type=hidden name="qty_max" value="10">
         <input type=text name="qty" value="0" size=4 maxlength=4>
         <input type=submit name="action" value="Order">
         
         </form>
         
         This example shows a catalog item with an enforced lower quantity limit of 5:
         
         <form name="demo" method=post action="!MYURL!">
         
         <input type=hidden name="order_id" value="!ORDERID!">
         <input type=hidden name="item_id" value="item_003">
         <input type=hidden name="item_name" value="Widget 3">
         <input type=hidden name="item_price" value="4.50">
         <input type=hidden name="qty_min" value="5">
         <input type=text name="qty" value="0" size=4 maxlength=4>
         <input type=submit name="action" value="Order">
         
         </form>
         
         This example shows a catalog item with an enforced quantity value of 1:
         
         <form name="demo" method=post action="!MYURL!">
         <input type=hidden name="order_id" value="!ORDERID!">
         <input type=hidden name="item_id" value="item_003">
         <input type=hidden name="item_name" value="Widget 3">
         <input type=hidden name="item_price" value="4.50">
         <input type=hidden name="qty_min" value="1">
         <input type=hidden name="qty_max" value="1">
         <input type=hidden name="qty" value="1">
         <input type=submit name="action" value="Order">
         </form>
      6. StayOnPage
         By placing a tag within the <form>...</form> block, this tag can be used to override the value of the '$stay_on_page' variable in the script. For example, the following tag allows the user to change the default value from 'no' to 'yes' by selecting a checkbox:
         <input type=checkbox name="StayOnPage" value="YES">
      7. For more information on Optional Tags see the documentation at WaveRiderSystems
         
   2. Order of Html Tags
      The order of the Html Tags is Very Important!
      1. The 'ITEM_CODE' tag MUST be the very last tag just before the closing </form> tag.
      2. If any of the optional tags 'ITEM_WEIGHT', 'ITEM_TAXTYPE', or 'ITEM_OPTIONx' exist, then they MUST appear before 'QTY' tag.
      3. Each Html Tag Should be on a line by itself.
         
         
   • Automating Catalog Page Creation
     
   1. Waveridersystems.com (see Perlshop Office, Perlshop Plus, or Perlshop DBI)
   2. Perlshop.org
      
   • Appendix
     1. Security
        IMPORTANT NOTE: PerlShop as distributed includes several security features, but these must be augmented by external programs for real security. No guarantees or warranties of any kind regarding security are made, either using PerlShop alone or augmented by external programs. Since PerlShop is distributed as source code, it is possible someone could modify it to create holes in the security. One way to minimize this possibility is to record digital signatures, using MD5, SHA or PGP, of perlshop.cgi and check them occasionally.
        
        1. File Security
           The files created by an internet server are normally created under the user 'nobody', this is not very secure since anyone else running a script under the default 'nobody' user would have access to those files.
           When possible, the output files should be created in subdirectories of your cgi-bin directory as specified in the Installing the Script section above, and not within your server's document directory tree, (but make sure that the server you are using is set up so that the files in your cgi-bin directory tree are not directly accessible as html document files from a browser.)
           The output files are not encrypted online, since (unless you use public-key encryption) anyone having access to them would obviously have access to the encryption key used within the program as well.
           The output files should be periodically removed from the Internet server as often as possible. If you don't remove them, you should at least encrypt them manually, making sure not to store the encryption key on the server. If transferring the files to your own computer, they should be encrypted first.
           
           You can increase security by:
           a.)  Creating an index.html (or index.htm) file, and place it in the customers, orders, temp_customers, temp_orders, log, and tokens directories. If the server has not been configured properly to prevent directory browsing, this will prevent web visitors from browsing the files in those directories.
           b.)  Change the shop cart directory names from the default values (modify the ps.cfg file accordingly).
           
        2. Transaction Security
           PerlShop attempts to guarantee the integrity of each transaction by creating a digital signature of the data sent in each transaction, and sending the signature along with the data. On receipt of each transaction, the signature is re-computed and compared to the one received, if there were any alterations of the data, the two signatures would not compare, and the transaction is rejected.
           
           PerlShop has an option to put the Credit Card # and expiration date on the merchant's copy of the order confirmation email. This can severely compromise all of the other security precautions you might take, and should be used with caution. You should definitely not use this option if you have also enabled the Secure Server option, since the shopper will then trust that his personal information will only be transmitted securely (all W3U web hosting packages include Secure Server).  If you break your customer's trust, you will not be in business very long.
           A future version of PerlShop will have an interface to PGP so that the email can be encrypted before sending it, until then, it is not recommended to put the CC# on the email.
           
           The only way to ensure the security of each transmission is to use an encryption enabled browser/server combination.
           
           If you have access to a secure server, you can now give any shopper that has access to a secure browser the option of selecting a secure check-out form to enter their personal information, all of the other pages will go through the regular server, since there is a significant overhead going through a secure server. The shopper will still have an option to use the regular (non-secure) check-out form, since it is difficult, if not impossible, to initiate a secure transaction from behind some firewalls, giving only a secure check-out option would needlessly prevent some shoppers from using your site.
           
           To enable use of a secure server, set the $use_secure_server variable to 'yes', then enter the URL of the Secure Server into the $secure_server_address variable (see Editing the ps.cfg File).
           
     2. Cookies:
        The script now has an option to use cookies to allow a shopper to order some items, leave your site, then return at a later date or time and immediately receive a message that they have an outstanding order, and be given the option of continuing to add new items to the existing order, or to start a new session with an empty "Cart".
        Since the cookie is stored on the shopper's computer, it will only let the shopper continue an order on the same computer that the original items were ordered on.
        In order to minimize shopper's security concerns, the only info. stored in the cookie is the unique-id assigned to the shopper's session.
        This option can be turned on or off by the $use_cookies variable, and the number of days before the cookie will expire and an existing order can no longer be reused can be set by the $cookie_expire_days variable.
        
     3. Output File Formats
        1. Customer File
           A single record CSV (comma separated, quoted) file with the following fields:
           invoice#, IP address, date, time, title, first name, last name , company, street1, street2, city, state, zip, country, email, daytime phone, daytime extension, evening phone, evening extension, fax, Shiptype, Payby, Cardtype, Card#, Expire month, Expiration year, source, suggestions, sub_total, tax, shipping, grand_total, total_discount, cod_charge, handling.
        2. Order File
           A multiple record CSV (comma separated, quoted) file with the following fields: invoice#, item id#, item name, price, quantity. The following optional fields also appear: weight, taxtype, option1, option2, option3 (they will appear, but be blank if the option is not applicable).
        3. log Files
           1. Page Hits log file
              A multiple record CSV (comma separated, quoted) file of every catalog page that has been accessed, with the following fields:
              Page title, date, IP address.
           2. Search Hits log file
              A multiple record CSV (comma separated, quoted) file of each Search pattern that has been entered on the Search screen, whether the search was successful or not, with the following fields:
              Search String, # of matches, date, IP address.
              
     4. Requirements:
        PerlShop has currently been tested using Perl5.  Perlshop runs under most Unix/Linux server operating systems, and under Windows running the WebSite server.

   ---

   ||  Web Hosting Services  ||  Web Design Services  ||  W3U's Home  ||

    Email: w3u@w3u.com   or   http://www.w3u.com/  

    Last Update by Jack Martin, W3U Webmaster: March. 19, 2001                                                                                      Copyright ©2000, ARPAnet Corp. 

   PerlShop, Adverware, and the PerlShop logo are trademarks of ARPAnet Corp.
   All other trademarks are the property of their respective owners.