Installing PrestaShop and OpenCart were both very simple, the one thing I found interesting about PrestShop was their last install instruction – to rename the “admin” directory to a random string, effectively serving as a password. Smart! Since Open Cart did not make this suggestion, I wonder whether doing so would break the installation, ie are the paths in the files able to detect what directory they are inside of, and update themselves? I am going to guess not, but I will try it anyway and see.

Worryingly, I came across a really interesting blog post about Security with Open Cart. A security researcher named Ben Maynard found a vulnerability in Open Cart, which would allow an attacker to create an admin user account, if he was able to get the real admin to click on a link while logged in to his admin section.

He notified Daniel, the lead programmer/founder of OpenCart of the vulnerability, and the response demonstrated a concerning lack of interest for the possible compromise in security. The correspondence listed above is worth the read.

Daniel eventually fixed the security issue in the next release of OpenCart as detailed in the comments thread of this post, without ever thanking Ben for his analysis. Furthermore, a link posted to a thread in OpenCart’s forum from that same blog post comment thread shows Daniel absolutely belittling another programmer who reviewed Open Cart’s code and concluded that there was room for improvement.

That doesn’t sit well with me. If someone takes the time to evaluate your work, you owe them the minimum of respect for their time. Daniel calls this coder an idiot multiple times, it’s painful to read. OK, I get that you are stretched tight for time, you get criticism all the time, and you are uniquely situated wrt to the code to know when someone’s comments are not true, or are obsolete in terms of the roadmap/current betas, etc. But that doesn’t give you license to attack someone else. I guess the idea of “Open” hasn’t quite registered.

Speaking of criticism, that is something of a vulnerability for the Open Cart project as a whole – with one programmer who doesn’t exactly welcome feedback or collaboration, one has to wonder about the stability of the project. One cannot question the pace of releases, however, Daniel does seem to be very committed to improvements. I guess I will let the software speak for itself, even though I am probably a bad judge because I can’t even really understand the code itself, given my level of understanding. I’m still going to invest time in the app, even though I’m now concerned that I could be investing in a dead end. Why? An individual can only take a complex project so far. Daniel needs to branch out. If it’s control he seeks, then he needs to change his business model to increase revenue to hire coders, instead of collaborating with them, which he seems to be unwilling to do. That way, he will retain control over how the project is executed, but at least it’s no longer simply one individual, which does not inspire confidence. An individual can incubate, prove the concept, tinker, launch, and iterate. But real growth is beyond one person.


So, friends… I’ve ditched Magento, and I now begin, after another year-long hiatus, to document the installation and tinkering of a new ecommerce app. I’ll start with OpenCart.

Here are the download instructions, seems pretty straightforward…


///       OpenCart V1.5.x     ///
///    Install Instructions   ///
///  ///



1. Upload all the files and folders to your server from the “Upload” folder.
This can be to anywhere of your choice.

e.g. /public_html/store or /public_html

2. If you have a Linux/Unix make sure the following folders and files are writable.
chmod 0755 or 0777 image/
chmod 0755 or 0777 image/cache/
chmod 0755 or 0777 image/data/
chmod 0755 or 0777 system/cache/
chmod 0755 or 0777 system/logs/
chmod 0755 or 0777 download/
chmod 0755 or 0777 config.php
chmod 0755 or 0777 admin/config.php

3. Make sure you have installed a MySQL Database which has a user assigned to it

4. Visit the store homepage
e.g. or

5. Follow the onscreen instructions.

6. Delete the install directory after install is complete.

For any support issues please visit:




The only two files I had to change permissions on were the config.php and admin/config.php. I did this before visiting the install URL via browser, so the ensuing  install checklist came up clean. If I had missed these, the two files would have shown up here. So from what I can see thus far (as much as you can judge a piece of software based on the installation process :-) ) Open Cart seems idiot proof. I will test this theory shortly.

© 2011 'Tis Educational Suffusion theme by Sayontan Sinha