Another system that works is when a user try's to install the program, they get given a key (a simple md5sum of some random info will do). They then have to upload that into their shop directory for the installation to continue. If any of you have had the pleasure to install gallery2, you'll know exactly what I mean.

Also I think a cs-cart wiki would be a good idea, that way its not up to the creators to update it. People who know how to do something can share their knowledge, or even explain it another way.

Well that's just my 2 cents, I've always found this forum to be useful when I'm stuck.

BTW! Good job with 3.3.4!

I also found this on my previous host, i added the following to my .htaccess file (one inside the cscart base directory will do).

Options -Indexes

<FilesMatch "(\.(inc(\.php)?|sh|sql|tpl(\.php)?))$">
  Order deny,allow
  Deny from all
</FilesMatch>

this stops people from directly accessing .tpl, .tpl.php, .sql, .inc & .inc.php files. It also stops listing of directorys. I cant remember where i found this snippet, but imho its a must for any e-store.

I hope this helps.

Worked fine for me. However the weekend after i had upgraded my website was hacked and it was a huge mess after that, so my website is now running a fresh install. I had made modifications to some of the files also, its just that i had kept a log of what files i edited so it was easy to redo.

Our site was thrashed pretty serverely, after injecting their own phishing sites and other crap on the server, they deleted every single file they had the permissions to alter. As a result i end up just deleting everything, and doing a fresh install (Luckily i had done the upgrade last week, and was organized enough to make it easier for the next time i had to upgrade). I went through the database with a fine tooth comb (Took a good 4hrs). I'm now just going through the site (with it showing up being under maitnance) and making sure nothing else is screwed up.

However all this hasn't discouraged me from the software one bit, and i'm very happy with its performance, and the response time from the cs-cart team was excellent. So thank you CS-Cart for a quality shopping cart, it makes my life that much easier. If only i could say the same about my webhost.

This morning i was woken abruptly by another business member querying about why the shops website was "suspended", upon investigation my webhost had suspeneded my account because i had violated my TOS, for Phishing.

I put in a request ticket and they said they found phishing files in the directory "/shop/classes/jpgraph/Customers-Paypal-Scam-2006/customers/Secured/Service/mysql/ssl/connection/__/login/". Once i get access to my site, i'll see what has gone on. Get the logs and from the httpd, and cs-cart...

Altho i have to say im not discouraged from using cs-cart, im just slightly miffed that this has happened.