##########################################################
# Midicart PHP 2.45 Demo                                  #                                        
# Copyright  Coxco Support.  All rights reserved.       #
##########################################################

Order a full package from http://www.midicart.com for just $59
We uses a secure connection over the Internet for credit card orders,
The payment processing is powered by Kagi.

Notes: 
    This demo will not send orders

###########################
# INSTALLATION PROCEDURES #		
###########################

Notes: 
    You may need to contact your system administrator or ISP for help regarding installation.
    These scripts were written and tested for Windows and Linux UNIX systems only.  
    Modifications will be necessary if you plan to use these scripts on other plattforms.
    Windows user can use order_final.asp instead for order_final.php.

1.  Modify the layout an graphics in one of the four shop.
    A. If you edit the frames, you must edit the javascript in middle_left.asp and basket.asp.

2.  Modify the file config.php
    A. Edit the database host.
    B. Edit the database username.
    C. Edit the database password.
    D. Edit the database name.
    E. Edit the e-mail account for receiving orders.
    F. Edit the upload path.
    G. Allmost all text in the shop can translate to other languages in config.php.

3.  Modify the file admin/sql_admin/config.inc.php
    A. Edit the database host.
    B. Edit the database username.
    C. Edit the database password.
    D. Edit the database name.


4.  Modify the order_final.php.
    A. This is the page who the customer get when he submit his order.

5.  Upload all files to your web server.

6.  Set the following permissions: (Only Linux/UNIX)
    A. Telnet to your server. (i.e. telnet www.foo.com)
    B. Go to the directory where you uploaded the files in step 4.
    C. Use the UNIX command 'chmod' the set these permissions:
       chmod 755 *.cgi
    D. Do not close your telnet session.

7.  Create the midicart table in your database.
    A. Go to http://www.domain.com/shop/admin/shop_admin.php
    B. Chose Advanced.
    C. Chose Run SQL query/queries and Location of the textfile
       In the package you have 2 SQL script, one with maingroup/secondgroup
       and one with only maingroup
    D. Browse and select one SQL script, and submit.

8.  Add items in the database.
    A. The database has been tested with 5000 items.

############################################
# VERY IMPORTANT SECURE THE ADMIN DIRECTORY#		
############################################

You'll first need to create an .htaccess file in the directory that you want to be protected, it should be chmod 644. This can be done with your favorite text editor. For more information on this step, read the manual. You can also use the files in Midicart package. You find a passwordgenerator at http://www.coxco.se/password/

Here's a sample .htaccess file that works:

AuthUserFile /home5/htran/public_html/sockets/users
AuthGroupFile /dev/null
AuthName "MonkeyBoy'sDomain"
AuthType Basic
require valid-user

Let me explain.

AuthUserFile

This is the file created by the command htpasswd -c filename user . It may be useful to know a fact about this directive. 
The path to the password file, given to AuthUserFile can be:
1.) An absolute path, which is easiest, until your home disk changes.
2.) A path that is relative to ServerRoot, which on darkwing is currently set to /var/www . You're welcome to figure out where the directory you're protecting is relative to /var/www. I certainly wouldn't.


AuthGroupFile

This is the group equivalent of AuthUserFile.
Each line of the group file contains a groupname followed by a colon, followed by the member usernames separated by spaces. Like this:

my-groupies: hoang superman black-butte 
Security-Alert:make sure that the AuthUserFile/AuthGroupFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthUserFile/AuthGroupFile, clients like wget.

AuthName 
This directive sets the name of the authorization realm so that users will know what username and password pair to enter.
This should be a single argument, if it contains spaces or special characters, then use quotes around the realm's name.


AuthType 
This will specify the type of user authentication for the directory. For apache web server, only Basic and Digest are currently implemented. Disclaimer:An AuthType of Digest is not supported by me...

require 
This directive selects which authenticated users can access a directory. The allowed syntaxes are: 

require user userid userid ...

Only the named users can access the directory.

require group group-name group-name ...

Only users in the named groups can access the directory.

require valid-user

All valid users can access the directory. 


That should be all. To set up the password file,do: 

htpasswd -c passwordfile username1 

for the first user, and do this for additional users:

htpasswd passwordfile username2 



############################
# COMMON PROBLEMS AND TIPS #		
############################

1.  "About Art No"
    The field art_no in the database can only have character and numbers 1-9 a-z.

2.  "Problem with old versions of Netscape"
    Netscape 4.7 and older, have problem with maingroup and secondgroup links, if the link is 
    more then one word.





