Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store
Upcoming SlideShare
Loading in...5

Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store



Bilguun Ginjbaatar | Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store | Thesis Project completed in December 2007. Edinboro University of Pennsylvania

Bilguun Ginjbaatar | Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store | Thesis Project completed in December 2007. Edinboro University of Pennsylvania



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store Creating an Online Shopping Website for Chinguun-Tulga Office Supply Store Document Transcript

  • Page | i Creating an Online Shopping Portal Website for Chinguun-Tulga Office Supply Store Created by Bilguun Ginjbaatar Thesis Committee: Professor Ellen Zimmer Professor John Onderko Professor David Tucker
  • Page | ii Abstract In today‟s competitive Mongolian office supplies‟ market, it is vital for retailers to have a website where products can be sold online. For this master‟s project, an e-commerce website has been created for Chinguun-Tulga, a company which operates in Ulaanbaatar, Mongolia. The main requirement of this project is to create the website in the least expensive yet in a professional way – thus, an open-source solution known as OSCommerce is utilized to develop the e-commerce system. The final version of the website has a front-end site for public viewers and a back-end site for the store owner so that she could maintain the website. In addition, this website is accompanied by documents which cover topics such as intended website audience, design decision, competitive analysis, website contents, website structure, database elements, security aspects, payment methods, marketing approaches, website maintenance guide, management and user requirements, costs and benefits analysis, alternative development strategies, and project schedule.
  • Page | iii Table of Contents Foreword ................................................................................................................1 Project Summary Steps taken to complete the project SWOT analysis of Chinguun-Tulga Internet users of Mongolia Tools used Web hosting provider Evaluation of project Conclusion Bibliography..........................................................................................................16 Design Document..................................................................................................18 I. Introduction ......................................................................................................................... 19 II. Website Goals...................................................................................................................... 20 III. User Experience .................................................................................................................. 20 IV. Competitive Analysis........................................................................................................... 23 V. Site Content ......................................................................................................................... 29 VI. Payment Methods............................................................................................................... 40 VII. Marketing Approaches....................................................................................................... 41 VIII. Security.............................................................................................................................. 46 Site Maintenance Document ................................................................................62 1. Configuration........................................................................................................................ 63 2. Catalog.................................................................................................................................. 67 3. Modules................................................................................................................................ 71 4. Customers ........................................................................................................................... 72 5. Locations/Taxes.................................................................................................................... 74 6. Localization........................................................................................................................... 75 7. Reports................................................................................................................................. 76 8. Tools..................................................................................................................................... 77 9. Cascading Style Sheet (CSS) ................................................................................................. 80 Systems Requirements Document ........................................................................85 Executive Summary.................................................................................................................. 86 I. Information Systems Background......................................................................................... 87
  • Page | iv II. Functional Requirements..................................................................................................... 88 III. Environmental Requirements ........................................................................................... 102 IV. Alternatives....................................................................................................................... 103 V. Recommendation............................................................................................................... 107 VI. Project Schedule ............................................................................................................... 108 Appendix A ......................................................................................................... 109 Website Architecture Appendix B.......................................................................................................... 114 ERD and Database Tables
  • Page | 1 Foreword My name is Bilguun Ginjbaatar. For my master‟s thesis project, an e-commerce website has been created for Chinguun-Tulga, a company which operates in Ulaanbaatar, Mongolia. This project took about six months to complete. Currently available open-source solutions were researched for two months and a software called OSCommerce is utilized to develop Chinguun- Tulga‟s e-commerce system. OSCommerce is an online store management software program that can be used on any web server that has PHP and MySQL installed, and it is available as a free software under GNU General Public License. For the remainder of the six months, the website is designed and documentations are produced. The website for Chinguun-Tulga is created to help increase its sales as well as to acquire more customers in the Mongolian office supplies market. The website has a front-end for public users and a back-end for the administrator(s). In the front- end, all inventories are displayed in a categorized order, and customers can search products by name, keywords, product codes, and prices. Customers are asked to create an account in order to be able to checkout at the front-end. The back-end provides a configuration panel that is used to input products, remove products, put products on special sale, setup payment gateways, manage customers‟ accounts, manage orders; and access to it requires a username and password. The back-end site is going to be a very useful tool because the administrator can maintain the front- end site without having troubles editing complex PHP, HTML, and Java script files. Also, this website is accompanied by documents which cover topics such as intended website audience, design decision, competitive analysis, website contents, website structure, database elements, security aspects, payment methods, marketing approaches, website maintenance guide, management and user requirements, costs and benefits analysis, alternative development strategies, and project schedule.
  • Page | 2 Project Summary This project started under the guidance of Professor Ellen Zimmer at the end of the spring 2007 semester. The goal of this project is to create an e-commerce system for Chinguun-Tulga, where Mongolian customers would use the Internet to make their purchases. The deliverables of this project are: - Front-end website ( - Back-end website ( - Design Document - Website Maintenance Document - Systems Requirements Document In the Design Document, the elements related to the website design are discussed. In the introduction, Chinguun-Tulga Company‟s background and mission are stated. The goal of the website is to provide customers a dynamic e-commerce website displaying the inventory at Chinguun-Tulga office supplies store. User experience, the third section, basically talks about the audience definition and shows numerous scenarios why customers would visit Chinguun-Tulga‟s website. The fourth section, competitive analysis compares and contrasts four independent websites that sell office supplies. These included websites are,,, and Following this, the design decision, front-end site content, back-end site content, database elements, entity relationship diagram, and available payment options are discussed. A section on security aspects as well as the methods used to measure the website traffic is also addressed. Google Analytics is used to measure the traffic of the website as well as visitor‟s behavior. The Website Maintenance Document basically describes the functions of the back-end site and is intended for the store owner. It gives the store owner instructions on maintaining the website, adding new products, and what to do when an online transaction takes place. The back- end site updates the front-end contents by inputting data into the database, which the front-end site retrieves from the database. There are nine things to know about the maintenance, and these are: configuration, catalog, modules, customers, locations/taxes, localization, reports, tools, and cascading style sheet (CSS). The configuration section will setup the entire basic configuration such as assigning administrators, product listing options, customer details, e-mail options etc.
  • Page | 3 The catalog section is very important and it inputs all products, category folders, and product attributes to the store front. Here, step-by-step instructions on adding new products (ex: copying a new product, moving a category folder to a different location, etc.) are specified. In the modules section, the payment modules and options for shipping rates are described. In the customers section, descriptive guides such as how customers can be edited, deleted, and e-mailed as well as how reports for invoices can be generated are given. Both the invoice and the packing slip are created in this section. Also, the tax rates can be set up in the locations/taxes section. In the localization section, the currencies, languages, and orders status can be viewed. Mongolian language files are created here by copying the files from the English language folder to a new folder named Mongol. The reports section displays the products that were most viewed, products that have been purchased the most, and the total orders from all customers. A tools section allows database backup (or restore), define language, file manager, newsletter e-mail manager, and “who is online” features. Last but not least is the cascading style sheet (CSS). There are over 50 different styles, and most of the colors, text fonts, text sizes, tables, cell attributes that are used in the front-end website can be changed in the style sheet definition page in the catalog/stylesheet.css file. The cascading style sheet can be accessed by going to ToolsFile Manager links. The Website Maintenance Document should also be written in Mongolian language because the store owner does not know English fluently. Because of the given time constraint, this document is written only in English, and in the near future the Mongolian version will be written, so that the store owner can run the website without any further assistance from me. In the Systems Requirement Document (SRD), the management and user requirements, costs and benefits, and the alternative development strategies for Chinguun-Tulga‟s website are discussed. There are four options that can be chosen for Chinguun-Tulga‟s new e-commerce information system. The first scenario is “Ready-To-Use: 1&1 eShops”, the second is “Ready- To-Use: Network Solution”, the third is “E-commerce software: VP-ASP”, and the last is “Open- source solution: OS Commerce.” The first three scenarios involve high initial and maintenance costs, thus considering the cost as the main factor the OSCommerce solution is implemented. In the SRD, Chinguun-Tulga‟s business background and the types of products currently sold at Chinguun-Tulga‟ retail store are addressed. By creating data flow diagrams such as context
  • Page | 4 diagram and diagram zero, one, two, and three the functional requirements of this project are explained. Context diagram is a very general diagram, requiring it to be further decomposed into the diagram zero. In the diagram zero, there are three sub-processes, and they are: Process Order, Generate Report, and Backup/Restore. Diagram zero is further decomposed to illustrate these three processes and each is named “Diagram 1: Process Order”, “Diagram 2: Process Generate Report”, and “Diagram 3: Process Backup/Restore.” All entities, data, and flows are described in the Data Dictionary. Also, in the Data Store Design section, the simplest level of the entity relationship diagram (ERD) along with the un-normalized database schema is provided. (Further decomposed ERD and normalized database along with its tables are in the Appendix B.) Furthermore, the environmental requirement is discussed, and in order for Chinguun-Tulga to implement this e-commerce system, it needs a purchase of a desktop computer (or laptop), Internet connection, domain name, and a reliable web server to host the website. In the last page of SRD, a Gantt chart of the project schedule is provided. Steps taken to complete the project The knowledge from the Project Management class helped me construct a step-by-step approach for this project. The project is divided into four steps: planning, analysis, design, and implementation. Planning: In the planning stage, research was done for e-commerce solutions for Chinguun- Tulga. There were many different solutions available from various vendors. Once a decision to utilize OSCommerce was made, the other solutions were no longer in the plan. A work schedule was also created and it describes the work break down structure by each month, starting in May and ending in December of 2007. In the planning, it is important to create a Systems Requirement Document, design a detailed work plan (Gantt chart), and prepare an analysis on feasibility. Analysis: Mrs. Chuluunbaatar was interviewed over the phone, and she gave information about her company‟s operations. After examining Chinguun-Tulga‟s current system, I proposed my e-commerce website project to her. A work flow process diagrams such as DFDs and alternative options were studied in the Systems Requirements Document. After explaining the possibility of selling her products online, she agreed to be the project sponsor. The work on the project is continued by searching for different web
  • Page | 5 hosting providers. After analyzing several solutions, 1and1 Internet Inc., is chosen ( as the web hosting provider because they provided high quality service for a reasonable monthly fee. Design: Chinguun-Tulga‟s e-commerce website is designed based on the OSCommerce model. Designing the front-end website was quite demanding and required a lot of time in different combinations regarding the site design and color matching. The last version of the website has a white background and is positioned in the center; and its elements are integrated in a table with a border that equals zero. While designing the front-end, the designing of the back-end was also started based on the OSCommerce model. In addition, the front-end has a dual language feature: English and Mongolian. It allows Mongolian visitors to view the website in their native language, and my thesis committee can view the site in English. Implementation: After completing the design stage, the website is put into production phase. Several tests were implemented to see if the transactions were working as they were supposed to. If there was anything that needed to be debugged, it was fixed in this stage. The documentations such as Design Document and Website Maintenance Documents were revised and finalized in this stage, too. The final step in this stage is to present the system to the thesis committee. SWOT analysis of Chinguun-Tulga It was quite interesting to see Chinguun-Tulga‟s long-term strategic planning, rather than its day-to-day business operations. Strategic planning is the process of identifying long-term goals, strategies, and resources. To map out the strategic planning, firms create series of questions which are in combination called a SWOT analysis. SWOT analysis examines company‟s strengths (S), weaknesses (W), opportunities (O), and threats (T). The related questions were: - What are Chinguun-Tulga‟s major strengths, and how can it maximize them in the future? - What are Chinguun-Tulga‟s major weaknesses, and how can it overcome them?
  • Page | 6 - What are Chinguun-Tulga‟s major opportunities, and how can it take full advantage of them? What IT plans does it have to support business opportunities? - What major threats does Chinguun-Tulga face and what can it do about them? By creating this SWOT analysis, I aimed to contribute to the strategic planning process for Chinguun-Tulga. The main possible strengths are loyal customers who repeatedly purchase from Chinguun-Tulga, sales associates with great people skills, best store location, ability to order custom-products from the suppliers at a customer‟s request, and an IT graduate who has web development knowledge. The possible weaknesses are use of legacy systems, incomplete or old-fashioned financial statements, and limited budgets on marketing. On the possible threat side, three major risks are identified. First, there are many other competing firms who specialize in selling office supplies, and this number is increasing. This tough competition will eventually result in a “price war”, and if that happens, it will have a negative impact on Chinguun-Tulga‟s revenue. Also, some firms (ex: that do not even have a physical store are starting to sell products exclusively online. Lastly, there is a possibility that Chinguun-Tulga may not secure another 5-year-contract on its building lease. However, there are some possible opportunities. First, Chinguun-Tulga is well-positioned for expansion. The store is run by a very experienced person who knows what sells well and POSSIBLE STRENGTHS -Repeat and loyal customers -Excellent customer-focused sales associates -Great retail store location -Ability to order custom products from suppliers per customers' request -IT Graduate who has web development, and marketing skills POSSIBLE WEAKNESSES -Still using several legacy systems -Some documentation need updating -Limited or budget on marketing POSSIBLE OPPORTUNITIES -Well-positioned for expansion -Can be the first Ulaanbaatar's office supplies store with both e-commerce system and retail store -High Potential for B2B (business-to-business) growth POSSIBLE THREATS -The number of competing stores are growing -New competeition via web (ex: -Possibility of not securing another 5-year- contract on the building's lease Chinguun-Tulga SWOT Analysis
  • Page | 7 what does not. Moreover, there is a high potential for B2B (business-to-business) growth, meaning that Chinguun-Tulga could sell products in bulk to other businesses. The most important opportunity that was discovered for Chinguun-Tulga is an e-commerce system that allows customers to buy online. After their new e-commerce system is in operation, Chinguun- Tulga will gain a competitive advantage to offer services in both retail and online environment in the Mongolian office supply market. Internet users of Mongolia As I started working on this project, it was important to find out how many people really use the Internet in Mongolia. The complete internet users‟ data was not readily available from the Mongolian National Statistical Office. The Mongolian National Statistics Office, International Telecommunication Union, UNDP, the World Bank, and the Central Intelligence Agency of U.S. websites were mainly used to gather the data. Estimated data for 1998, 1999, 2000, 2001, 2002, 2003, 2004, and 2005 were collected, but 2006 and 2007 data were unavailable at the moment. The data is tabulated in the following chart: Year Number of Internet Users Percentage of population Sources 1998 3,400 0.13% NSO 1 1999 4,200 0.16% NSO 2 2000 30,000 1.10% The World Bank 3 2001 35,000 1.35% Report on E-Readiness 4 2002 140,000 5.18% UNDP 5 2003 157,027 5.81% The World Bank 2004 220,000 8.00% The World Factbook 6 2005 268,300 10.30% C.I.A. 7 1 Statistical Yearbook of 1998. Accessed on Nov 27, 2007. <> 2 Statistical Yearbook of 1999. Accessed on Nov 27, 2007. <> 3 Results: Ongoing Progress in Mongolia. Accessed on Nov 27, 2007. <> 4 E-Readiness Assessment Report of Mongolia for the Networked World. p.22 < > 5 National Report. Accessed on Nov 27, 2007. <> 6 Mongolia Facts. Accessed on Dec 1, 2007. <> 7 Mongolia Profile. Accessed on Nov 27, 2007. < factbook/geos/mg.html>
  • Page | 8 It is remarkable to notice that Mongolian Internet users have been increasing fast in the last eight years. In 1998, there were only about 3,400 Internet users, but eight years later this number reached 268,300, an increase by 78 times. It means that 10.3 (or more) in every 100 people are using the Internet now a days. Internet services were first introduced in early 1996 by Datacom, a data communication systems company. At present, there are seven ISPs in Mongolia; five of the ISPs are private companies, with an additional two subsidized and established by direct involvement of the Mongolian government. There are more than 70 Internet cafes and 10 Public Internet centers operating in Ulaanbaatar. The Internet cafes offer shared access to the Internet, fax over IP and Internet phone services to the public. In the Systems Requirements Document, estimation is made based on the fact that ten percent of Mongolians use the Internet in their daily lives. (This number was used only to calculate the quantity of benefits in the costs-and-benefits analysis.) Thus, the online sales are estimated to bring an additional five to ten percent increase to Chinguun-Tulga‟s revenue. It means that through its e-commerce online system, Chinguun-Tulga will earn at least $1,000 (5 percent of $20,000 in revenue) a year, or perhaps even more. This may not happen right away but again the number was used to derive the amount of benefits so that the comparisons among different scenarios become possible. Tools used The following applications are used for this project: Dream Weaver MX, Photoshop CS3, PhotoFiltre Studio, Adobe Kuler, and EmFTP. Created by Macromedia, DreamWeaver MX is a powerful WYSIWYG (What You See Is What You Get) tool that helps edit HTML, PHP, CSS, and Java Script files. It has great functionalities, such that while you work on the source code window, it allows you to view the site directly in the design window. DreamWeaver has been practiced for over two years, and I feel very comfortable using it. A great feature of DreamWeaver MX is the file transferring/synchronizing tool. Once you provide DreamWeaver MX with your web server‟s username and password, the file transferring feature will start working. For example, if I need to put (or receive) a file from my system to the web server, I would open the desired file and click
  • Page | 9 on PUT (or GET) from the site menu on the top. DreamWeaver MX is also used to gather the color names with its six digit hexadecimal names for the website. Photoshop CS3 is also used in this project. The product images were received in a digital format via e-mail from Mrs. Chuluunbaatar. There were a lot of problems with the product images, and most of the photos needed to be edited and cropped. All the product photos were taken by an amateur Mongolian photographer and they did not meet my expectations. Ideally, each image should have been taken on a clear white background with lights shining directly onto it. Since the images were on blue or dark backgrounds, the Photoshop CS3 was used for editing. Photoshop CS3 was also used to create the logo of Chinguun-Tulga. Also, an application called PhotoFiltre Studio is used, and it is quite similar to Photoshop CS3. PhotoFiltre Studio is utilized to create a 16 x 16 pixels icon image. This icon appears on the left side of Chinguun-Tulga‟s URL address in the web browser. Compared to Photoshop CS3, the PhotoFiltre Studio uses less memory and resources, and it loads to the computer quicker than Photoshop CS3. Adobe Kuler is used to choose the colors in the website. Deciding what combination of colors to use for Chinguun-Tulga‟s website was a challenging task in this project. To come up with appealing colors, I researched on the Internet and found out about many useful color matching tools. One of the best freely available color matching tools was Adobe Kuler (available at from Adobe. It allows webmasters to visualize what colors would go well with others; in fact, one can create a color-based theme from a combination of five web safe colors that match the best. For the purpose of this project, I set the base colors as light blue and light green. The other three colors are automatically selected by Adobe Kuler, and those were white beige, white, and oceanic blue. EmFTP is utilized to facilitate file transferring between the local machine and the web server. Although DreamWeaver MX took care of most of the file transferring, there were image files that needed to be transferred using the EmFTP. Not only EmFTP transfers files, but it also can change file permissions to read, write, and execute.
  • Page | 10 Web hosting provider The 1and1 Internet, Inc. ( is chosen as Chinguun-Tulga‟s web hosting provider. 1and1 Internet is located in Chesterbrook, PA in the United States. I did not choose a Mongolian web hosting provider because of the high webhosting costs. 1and1 Internet is considered as a better choice because of the additional services it provides. If you sign up on the six-month-contract with 1and1 Internet, they will give you a free domain name, and you can choose from .com, .net, .us, .org top level domains. The web space is 10GB, and the monthly transfer volume must be within 300GB. Not only they offer one free domain name, but give ten MySQL databases and a user friendly control panel for configuring domain, sub-domain, webmail, and FTP access. The best of all, their monthly fee for web hosting is very reasonable - $3.99 a month. There are reasons for not choosing a Mongolian host at the moment. First, it costs at least $50 to register a domain name8 , and the web hosting fees range from $8 to $20 per month9 ; and the given web space is very limited compared to what 1and1 Internet offers. If Chinguun-Tulga‟s website was hosted in Mongolia, it will cost about three times more than that of 1and1 Internet‟s. Considering the cost as the main factor for this project, Mongolian hosts were not selected. Another reason why a Mongolian host was not preferred is because of frequent power failure incidents in Ulaanbaatar; thus Mongolian web hosting providers will not guarantee a 100 percent up-time for Chinguun-Tulga‟s website. In the future, as hosting fees and the domain name service fees go down with Mongolian web hosting providers, Chinguun-Tulga‟s website should be moved to a Mongolian web hosting provider for efficiency purposes. But for now, going with 1and1 Internet is the ideal solution. While working on this project, I realized that it is impossible to use GoDaddy‟s 256-bit Turbo SSL certificate on 1and1‟s web server., in the present SSL market (as of September 2007), offers the least expensive SSL certificate, such as Turbo SSL, for only $19.99/year. This Turbo SSL certificate verifies the domain control and secures your site; and GoDaddy also issues a seal that can go on your website. Unfortunately, GoDaddy‟s certificate could not be installed on 1and1‟s server due to 1and1‟s policy. In order for the GoDaddy‟s 8 The current largest .mn domain name registrar charges $49.95/year for a single .mn domain. 9 MagicNet, the ISP company in Mongolia currently charges $8 per month for 30 mb webspace. <>
  • Page | 11 Standard SSL to work, I needed to obtain a Certificate Signing Request (CSR) from 1and1, and when contacted 1and1‟s Technical Support Department, they refused to sign the request. Instead, they offered 1and1‟s SSL certificate that is originated by GeoTrust for $49/year. As a result, my costs-and-benefits analysis in the Systems Requirements Document needed to be revised. Using GoDaddy‟s Turbo SSL certificate (available for $20), I originally came up with $477 for the total initial cost, and $428 for the annual maintenance cost. Since GoDaddy‟s SSL certificate was no longer an option, the costs-and-benefits analysis had to be re-calculated using 1and1‟s SSL offer. By choosing 1and1‟s SSL certificate (available for $49), the total initial cost came to $506, and $457 for the annual maintenance cost. The Systems Requirement Document has been updated with this new information.
  • Page | 12 Evaluation of Project When the project began, I used the materials from the classes I took in my master‟s program courses. After completing research on creating an e-commerce website using open- source technology, the following is the final outline: Design Document: Introduction Website Goals User Experience  Audience Definition  Scenarios Competitive Analysis Online Shopping Site Content  Front-End/Public Viewers‟ Site Contents  Back-End/Database Administrator‟s Contents Database Elements (Database tables are located in Appendix B) Payment Methods Marketing Approaches  Keywords  Tell-A-Friend Feature  Affiliate Program  Measuring the Traffic Security  Types of Security Threats  Securing  Payment Gateway Security  SSL for Chinguun-Tulga  Hosting Server Security  Database Security  Risk Analysis  Business Continuity Plan Website Maintenance Document: Configuration Catalog Modules Customers Locations/Taxes
  • Page | 13 Localization Reports Tools Cascading Style Sheets (CSS) Systems Requirements Document: Executive Summary Information Systems Background Functional Requirements  Dataflow Diagrams  Process Descriptions  Data Dictionary  Flows  Data Store Design  Database Schema  Form Environmental Requirements Alternatives  Scenario 1: Ready-To-Use Package: 1&1 eShops  Scenario 2: Ready-To-Use Package: Network Solutions  Scenario 3: E-commerce software: VP-ASP Shopping Cart  Scenario 4: Open-Source Solution: OS Commerce Recommendation Project Schedule (Gantt chart) As mentioned before, this e-commerce website is created for a Mongolian company and the target audiences are Mongolian customers. I believe the e-commerce system that I created for Chinguun-Tulga will generate more revenues. The best way to market this website is to ask other Mongolian websites to list Chinguun-Tulga‟s URL on their websites. Also, Chinguun-Tulga‟s website has been submitted to Google, the largest search engine in the world. The necessary changes were made in the material based on Professor Zimmer‟s suggestions. Professor Zimmer teaches both undergraduate and graduate level web system design and development courses at Edinboro University of Pennsylvania. During the course of my thesis project, she constantly gave feedbacks on the work that I have done. Professor Zimmer and I tested Chinguun-Tulga‟s e-commerce system both from the perspective of a store owner and a customer.
  • Page | 14 Given the time constraint, a few things I wish I could have done for this project are:  At  Flash or dynamic banners which display products randomly so that it attracts customers  At, below the header section:  Testimonial information from customers who actually purchased from Chinguun- Tulga‟s e-commerce system  Mongolian version of the Website Maintenance Document  Paper catalog of products  Improve product images by re-taking all pictures on a white background  Exchange links with Mongolian websites that attract large volumes of Mongolian visitors
  • Page | 15 Conclusion After completing the entire website, my understanding is that creating an e-commerce system for a retail company may be a complex project for one person to develop, but it can be done if more time is invested and further research is done. OSCommerce is one of the freely available technologies for online store management system. OSCommerce does not profess to be the “ultimate” e-commerce solution. Rather than attempt to be all things to all people, it provides a basic set of functionality that meets the common needs of almost all online businesses. In its website, it has community-supplied add-ons meaning that it can be customized to meet the specific needs of any business. Visual aesthetic is very important in a web development project, thus an advanced knowledge of Photoshop CS3 or PhotoFiltre Studio application can help create better graphic images. Also, choosing colors is imperative because colors give the general look and feel for any type of website. Systems analysis, information technology, web system development and design, electronic security, and documentation are very important components of a web development project of any size. Knowing the principles of project management will help with the planning of a project and outlining of the necessary steps. To produce a good and successful e-commerce website, one should integrate all the knowledge acquired from the courses mentioned above and dedicate oneself by investing an adequate amount of time in the project.
  • Page | 16 Bibliography 1. Adobe Kuler. 10 October 2007 <>. 2. Day, Kevin. Inside the Security Mind: Making the Tough Decisions. Upper Saddle River: Prentice Hall, 2003. 3. Dowla, Rafi. "Web System Deisgn and Development Using Open Source Technology." Technical Report 06-03. 2006. 4. "Network Security." FitzGerald, Jerry and Alan Dennis. Business Data Communications and Networking. 8th. Danvers: FitzGerald & Associates, 2005. 356-406. 5. ITU. International Telecommunication Union. <>. 6. Leon, Harold Ponce. Welcome to osCommerce. May 2007 <>. 7. Mongolian National Statistical Office. September 2007 <>. 8. Mookhey, K. K. Common Security Vulnerabilities in e-commerce Systems. 26 April 2004. 25 October 2007 <>. 9. Morochove, Richard. "Measure Your E-Commerce Site's Performance." PC World 15 October 2007. 10. osCommerce. "osCommerce 2.2 Milestone 2 Update 051112 Documentation." 11. OSCommerce. Security and Privacy Proposal. 7 April 2005. < ns/4>. 12. Pfleeger, Charles P and Shari Lawrence Pfleeger. Security in Computing. 3rd. Upper Saddle River: Prentice-Hall, 2003. 13. "The Risk Register." Schwalbe, Kathy. Information Technology Project Management. 4th. Thomson Course Technology, n.d.
  • Page | 17 14. Shelly, B Gary, Thomas J Cashman and J Harry Rosenblatt. "Strategic Planning Overview." Systems Analysis and Design. 6th edition. Thomson Course Technology, n.d. 15. Sklar, David. Learning PHP 5. 1st edition. O'Reilly Media, July 2004. 16. The World Factbook: Mongolia. 18 October 2007. <>. 17. Turban, Efraim. Electronic Commerce: A Managerial Perspective. Upper Saddle River: Prentice Hall, 2006. 18. UNICEF. At a glance: Mongolia. September 2007 <>. 19. W3C. W3C main page. <>. 20. W3Schools, free web development information. <>. 21. Welling, Luke and Laura Thompson. PHP and MySQL Web Development. 3rd edition. Sams, 2004. 22. Wikipedia, Community managed encyclopedia. <>. 23. World Bank. <>. 24. Zimmer, Ellen. Professor Zimmer's Home Page. September 2007 <>.
  • Page | 18 Design Document This document describes the project goal and scope, Chinguun-Tulga Company’s background and mission, intended website audience, design decision, front-end site content, back-end site content, database elements, security, payment options, and the methods that used to measure the website traffic. In the appendix section, the website maintenance document and the systems requirements document are included.
  • Page | 19 I. Introduction Chinguun-Tulga, established in 1999, is a small B2C (business-to-customers) company that sells office supplies through its retail store. Most products are imported from China, and once a month, new inventories are shipped from Beijing. The retail store is conveniently located in a busy district at the heart of Ulaanbaatar. The store operates Monday through Friday from 9:00 am to 8:00 pm, and from 9:00 am to 6:00 pm on Saturdays. It is closed on Sundays and during the major holidays such as Independence Day and Mongolian Lunar New Years days. The owner of Chinguun-Tulga, Mrs. Sarangerel Chuluunbaatar, hired three sales people who assist customers at the store with the checkout process. Mission Statement Chinguun-Tulga‟s mission is to provide high quality service to all its customers with a professional, kind, and supportive manner. Chinguun-Tulga is committed to being the best in all areas of its business. Chinguun-Tulga‟s vision is to: Treat every supplier, employee, and customer with honesty, dignity and respect. Impress our customers, current and prospective, to encourage future business. Improve all aspects of service delivery to our customers, our employees and our community. Provide a safe and convenient environment to shop. Statistics: - Chinguun-Tulga carries about 150 different types of office products in categories such as binders/ document organizers, punchers/staplers, pens and pencils, papers and note cards, paper clips and pins, calculators, rulers, erasers, document shredders, and desk accessories. - Average weekly sales range from ₮500,000 – ₮1,500,000 Mongolian Tugriks ($500 - $1,500 in U.S. Dollars) Goals and Deliverables of the Project The goal of this project is to increase sales by creating an e-commerce website for Chinguun-Tulga, where customers will be using the Internet to make their purchases. The deliverables of this project will be: - Front-end website ( - Back-end website ( - Design Document - Website Maintenance Document - Systems Requirements Document
  • Page | 20 II. Website Goals Chinguun-Tulga Office Supply Store will provide product information and service for customers through their online store, at Customers will be able to access information through the website for services such as product listings, product pricing, product descriptions, upcoming products, best selling products, and special product discounts. After browsing, customers can conveniently purchase the products using the online shopping cart. If customers have any questions or concerns, they may fill out a form on “contact us” page on the website. The secondary goal of the website is to increase sales by attracting more customers. On their website, Chinguun-Tulga will provide up-to-date information both to the customers and the employees. New visitors will be able to see the new products, while the employees can keep track of inventory by logging on to the back-end of the website. III. User Experience Audience Definition I spoke with Mrs. Sarangerel Chuluunbaatar, Director of Chinguun-Tulga Office Supply Store, on June 7, 2007 to discuss the development and structure of the website. One of the key questions addressed was the intended audience. Below is a list of the intended audience that was discussed in the conversation along with definitions for further clarity. New Customers – customers that are considering buying at www.chinguun-, and want to inquire about products offered. Current Customers – established customers who have already purchased from the retail store and want to find out about additional services online. Referred Customers – friends or someone who knows the current customers that are considering buying office products, and want to learn about the products and services being offered. Chinguun-Tulga Staff – employees who work for Chinguun-Tulga, who may need to keep track of inventory, arrangements for shipping, and want to check for accuracy of product description and price. Chinguun-Tulga Director – Mrs. Chuluunbaatar will be adding new products on the website, and will review products that were sold, orders that are pending, processed orders, and the status of payments.
  • Page | 21 Scenarios Scenario 1 Character: New Customer Jojo works as an administrative assistant at a prestigious cosmetics company in Ulaanbaatar and loves shopping online. Her supervisor told her to buy a document shredder, three boxes of A4 format paper, and some desk accessories for the company. Jojo usually goes to a nearby office supply store, but this time, she really wants to shop online and explore more online stores in the Ulaanbaatar city area. So, Jojo finds out about Chinguun-Tulga‟s online store, and she needs to know if Chinguun-Tulga offers what she is looking for. Purpose: Jojo visits Chinguun-Tulga‟s website and searches for a document shredder, papers, and desk accessories. She looks at the category list on the left side of the website, and clicks on the corresponding categories. To make her search even easier, she could simply use the “search by keyword” tool located on the top area of the website. She may also want to find out about the available payment methods. To find out about it, she clicks on the “conditions of use” link and reads all about payments. Once she finds the answers, she feels happy to be shopping online! Scenario 2 Character: Current Customer Enn is a 23 year old recent college graduate that that shops at Chinguun-Tulga Office Supply Store on a frequent basis. This time he wants to purchase school supplies that are on special sale. Purpose: Enn visits Chinguun-Tulga‟s website and sees some of the special products on the very first page. To find out about more he clicks on the specials link. This page displays all items that are currently on sale. From here, Enn adds the items he wants on his shopping cart, and when he is ready to checkout, he simply clicks on the checkout link. Scenario 3 Character: Customer Who Wishes to Contact Chinguun-Tulga Phil is an Art teacher who works at an elementary school in Ulaanbaatar. Phil is looking for water colors for his third grade students and wants to know if Chinguun-Tulga carries what he is looking for. He finds that the website offers water colors from three different vendors. He needs to contact Chinguun-Tulga to find out if there is any more water colors they carry.
  • Page | 22 Purpose: He goes to Chinguun-Tulga‟s website and locates the link to the contact us page. The contact us page has a form that allows visitors to send e-mail message conveniently. Phil fills out the form and submits his message to Chinguun-Tulga, and he receives a reply in an hour! Scenario 4 Character: Store Owner Mrs. Chuluunbaatar wishes to do the following: -To keep track of her online customers and the receipt of their orders. She needs this information as soon as it becomes available. -She also wants add new products on the website and put some products on special discount or clearance. There are two ways for her to know whether she sold goods online or not. The first way is receiving an individual e-mail after each successful online transaction. After the payment has been processed, the system will automatically generate an e-mail and send it to with the transaction details. The other way to know about online sales will be to login to the administrative side of the website. To do that, Mrs. Chuluunbaatar will use her administrator‟s username and password. The first upcoming page will display all completed and pending orders with the date and time. Mrs. Chuluunbaatar will use the administrator‟s website to add new products. As stated earlier, each month the store receives inventories from Beijing, and new products that are not listed on the website need to be added. Also, Mrs. Sarangerel needs to be able to add products, reduce inventories, or offer special discounts without any difficulty.
  • Page | 23 IV. Competitive Analysis The competitive analysis is divided into two sections. One section will be devoted to analyzing stores in Ulaanbaatar: (Store that sells electronic and office supplies online) (Store specializing in hand-delivering gifts and greetings in the Ulaanbaatar area) The second section will be devoted to analyzing big office supply stores in the United States: (Store specializing in office products and electronic appliances) (Office supply and furniture store) These websites were compared based on the following features: - Site Design (10 points) - Site Navigation (10 points) - Overall Look and Feel (10 points) - Consistency throughout the Website (10 points) - Up-to-Date Information (10 points) - Security (10 points) - Payment Options (10 points) Each website is thoroughly reviewed, and the comments and ratings are given for each website on the following pages. The highest possible score for a website is 70 points, and each feature as listed above are measured on a scale from zero to ten, ten being the highest, and zero being the lowest.
  • Page | 24 Store 1: General Site Features Score Comments Site Design 10 Centered and has a repeating gray photo in the background. Used only primary colors such as red, black, and white. Products are displayed in three columns. Has dual language feature. Site Navigation 10 Excellent navigation. All menus are visible on each page and located mainly on the top and the left side. Products are divided in technology, furniture, electronics, and office supplies categories. Overall Look and Feel 10 Professional and very clean. Has a welcoming feel, but it would be nicer if they had a dynamic ad that displays savings, discounts, and weekly ads etc. Also, the name seems to be borrowed from a U.S. based store. Consistency throughout the Website 8 About us page seems to be using 100% table width. The links to company introduction, logistics, and investment are dead. Up-to-Date Information 8 The website has a copyright logo and year. The date is not up-to-date. Security 5 SSL seems to be unknown. does not allow customers to create an account, thus the checkout process was impossible for new shoppers. Payment Options 10 Bank transfer; Zoos, Capitron, Khas bank credit cards; Visa, Master Card, Total: 61
  • Page | 25 Store 2: General Site Features Score Comments Site Design 7 Centered design, flash banner on top; Choice of only few colors, looks busy, hard to focus, and not enough empty space. Site Navigation 9 Global navigation should have more than two links. The left side has categories: menu and special gifts. There is no search feature. Overall Look and Feel 8 The choice of text font is not good. Images of the products are nice, however, buttons such as "Add to Cart" and "Checkout" are too big. Consistency throughout the Website 10 All pages stay consistent with one another. Up-to-Date Information 5 There are no weekly specials or sales announced on a regular basis. No category such as NEW PRODUCTS Security 10 Connection encrypted with AES-256 bit high grade encryption. SSL certificate issued by expires on 5/25/2008. Payment Options 10 Visa, Master Card, Paypal, Pay-by-phone, Money Transfer: Money Gram and Western Union Total: 59
  • Page | 26 Store 3: General Site Features Score Comments Site Design 9 Entire website is aligned to the left. The background color is combination of green and light green, and the main body is on a white background. Too many colors are used. Site Navigation 10 Excellent navigation. All office products are listed under OFFICE SUPPLIES menu. Product pages display product details, and also show a considerable product in a blue box. If more information is needed, the links are provided within the same page. Shoppers do not have to click on the back button. Overall Look and Feel 9 Overall look is professional, but it could have been improved if fewer colors were used. The dynamic ad is not professional enough. Consistency throughout the Website 10 All information is provided in the section that is aligned to the left. Everything stays consistent. Up-to-Date Information 10 Just like OfficeDepot, they have weekly specials, and offer great savings on a regular basis. Security 10 Connection encrypted with AES-256 bit high grade encryption. SSL certificate issued by RSA Data Security, Inc, expires on 10/17/2007. Payment Options 10 American Express, Discover Network, Master Card, Visa, Office Depot Credit Card Total: 68
  • Page | 27 Store 4: General Site Features Score Comments Site Design 10 Clean, crystal, and the centered style gives a focused and professional look to the website. Bright red color distinguishes the horizontal menu from other sub menus on the bottom. Site Navigation 10 Excellent navigation. All office products are listed under OFFICE SUPPLIES menu. Product pages display product details, and other related products. If more information is needed, the links are provided within the same page. Shoppers do not have to click on the back button. Overall Look and Feel 10 Well organized! Not busy and has a welcoming feel. The dynamic ad on top is very informative. Consistency throughout the Website 10 Menu on the left side stays consistent with the entire website. Up-to-Date Information 10 Weekly specials are announced frequently. Security 10 Connection encrypted with AES-256 bit high grade encryption. SSL certificate issued by RSA Data Security, Inc, expires on 10/21/2008. Payment Options 10 American Express, Discover Network, Master Card, Visa, Office Depot Credit Card Total: 70
  • Page | 28 After reviewing each website based on the criteria, I found that the best website for online shopping was OfficeDepot, with a total score of 70. OfficeDepot‟s website breaks down the various office products into many categories, making the navigation to desirable information much easier. OfficeDepot has a global horizontal menu that makes navigation less time consuming, and provided an abundant information about their products and services in a format that is very easy to read. The content was well structured with great product images. For instance, if binders and accessories was selected from the horizontal “office supplies” menu, a shopper would see images of binders with the corresponding prices as well as exclusive brand products and the best selling products in the category. The search of products can also be narrowed down by keywords, item numbers, brand, and price. Staples‟s website is very well organized and provides the products‟ information in three main categories: office products, technology, and furniture. The site design is good, but everything is aligned to the left, making the website look busy and hard to read. Although the overall look and feel is very welcoming, there seems to be many different mismatching colors. For instance, the yellow frame on each product box does not match with the other main colors such as red and green. Moreover, their dynamic ad on the index page should be created in a more professional way. Accordingly, based on the information above, I gave them a total score of 68. The next best website was, and this one earned a total score of 59. is one of the most visited sites in Mongolia, and it provides information in the areas of computer programming, website listings, Mongolian songs, entertainment, and dictionary etc. They recently launched their gift delivering services in Ulaanbaatar, and most orders come from people who are living and working outside of Mongolia. In terms of site design, there seems to be too much empty space and usage of large font size to fill it. No information is provided regarding terms of use, payment methods, and security. In fact, to find out about their SSL and payment options, I had to create a testing account and went through the entire checkout process. Information regarding security and payments should be readily available in a Condition of Use section. Even though the navigation was easy, they could add more things such as testimonials, special discounts, and weekly ads. In the Ulaanbaatar city, would be my choice. Their office products were listed in a very professional and easily readable way. Plus, the design is very comprehensive and the entire site has a welcoming feel to it. Not only the site navigation was easy, but the site also provides a lot of information for shoppers interested in buying from them. In reference to consistency, some links were dead, and in the About Us page, the organization chart caused the website to display disproportionally. Another issue with this site is the difficulty to checkout. To purchase from them, a shopper must be a previous customer or must send a request to be their customer to This feature might give a wrong impression to customers by not allowing them to instantly create an account and to checkout. Thus, based on this information, I gave them a total score of 61.
  • Page | 29 V. Site Content The website of Chinguun-Tulga Office Supply Store has two sides: front-end website for public viewers and a back-end website for the administrator(s). Please refer to Appendix A to view the site architecture. Front-End/ Public Viewers’ Site Content A. The front-end homepage will contain information about the products that are offered at Chinguun-Tulga in different categories, an option to select products by manufacturers, new products that were recently added, shopping cart contents of the customer, best selling products, and special items that are on sale. There are also links to such information as - shipping and returns, privacy notice, conditions of use, contact us, - as well as a search tool. B. The front-end site connects directly to the MySQL database to retrieve data from the database. The basic data exchanging scheme is described as follows: C. The navigation tabs are located on the top and left side of each page and have links to the following main sections: 1) My Account (Allows customers to see an overview of their account) 2) Cart (Cart displays items currently in the shopping cart) 3) Checkout (Checkout allows shopper to complete their online purchase) 4) Categories i. Binders ii. Staplers iii. Hole Punchers iv. Tapes 1. Tape holders 2. Tapes v. Paper Clips and Pins vi. Notepads vii. Document Organizers viii. Calculators ix. Document Shredders
  • Page | 30 x. Desk Accessories 1. Correction Tapes and Pens 2. Desktop Document Holder 3. Glue Sticks 4. Rulers 5. Pencil Basket 6. Waste Basket xi. Markers xii. Magnifying Glasses xiii. Erasers and Lead Refills 1. Erasers 2. Pencil Lead Refills 3. Pen Refills xiv. Pens and Pencils 1. Pens 2. Pencils 5) Manufacturers (It is a drop down menu of Manufacturers) 6) What‟s New (A box that randomly shows new products with each new click) 7) Quick Find (A search box that allows shoppers to search for products) 8) Information Box i. Shipping and Returns ii. Privacy Notice iii. Conditions of Use iv. Contact Us 9) Order History (If a customer is logged in, his/her order history will be shown) 10) Bestsellers (A box that shows a list of five best selling products) 11) Specials (A box that displays an item that is currently on sale) 12) Languages (Language box allows shoppers to select their preferred language: either English or Mongolian) Functional Requirements 1. The main goal of the website is to provide an up-to-date, complete list of the products carried by Chinguun-Tulga Office Supply Store in a professional manner. 2. When a user visits the site, they should be able to locate the information they seek in a timely fashion. 3. It is also important for the website‟s default language to be set in Mongolian. The English version of the website is created for the thesis committee members. 4. The website must be easily updatable and user-friendly to Mrs.Chuluunbaatar and the employees of Chinguun-Tulga.
  • Page | 31 Front-End Site Design Each page on Chinguun-Tulga‟s website has three basic components: header, body, and footer; and the pages are based on the following design: Header Menu1 | Menu 2 | Menu 3 | Search box Body Breadcrumb Column Left Categories Category 1 Category 2 Category 3 … Manufacturers What’s New Quick Find Information Shipping & Returns Privacy Notice Condition of Use Contact Us Personalized Greeting New Products Product A price Product B price Product C price Product D price Product E price Product F price Product G price Product H price … Column Right Shopping Cart n items Order History Bestsellers Specials Languages [Current Date] Number of Request Since [Date Created] Footer Payment Option Logos Copyright Date Store Name Site Creator’s Name 950 pixels
  • Page | 32 Designing the front-end website was quite demanding and required a lot of time on different combinations regarding the site design and color matching. The last version of the website has a white background and is positioned in the center; and its elements are included in a table with a border that equals zero. There is no specific value assigned to the height in the tables because when different quantities of products are displayed, it will stretch the website in the vertical aspect. Therefore, limiting the height will display the website improperly. On the other hand, the widths of tables are no greater than 950 pixels. 950 pixels was a great choice because most computers at present have screen resolutions of 1024 x 960, 1280 x 960, 1280 x 1024 and higher. As mentioned earlier, in each page, there are three main parts: header, body, and footer. The header section is positioned at the absolute top of each page. The table that houses the header codes has a border that equals zero, making the table look invisible to viewers. Also, it is divided into two sub-columns. Dividing the table into two columns was necessary because I wanted to position the logo of Chinguun-Tulga to the left and the navigation menu links along with the search feature to the right. The body lies right below the header and starts with breadcrumbs. Breadcrumb navigation provided at the top of the page indicates the route and location of the current page. Below the breadcrumbs, there is a table that has three sub-columns. The first column is named Column Right, the left column is Column Left, and the column in between contains the product information, new products for each current month, etc. In the Column Left the following items are included in a box style: Categories – a box containing all available categories: binders, staplers, etc. The number of products in each category is shown in brackets. For example: Binders (4), Staplers (5) – it means there are 4 items in binders, and 5 items in staplers category. Manufacturers – a drop down menu that allows a shopper to select products by manufacturers What’s New? – a box that displays a new single item along with the price on the bottom Quick Find – This box has a form field that allows a shopper to search items by keywords, for example: pen OR eraser. (OR operator is allowed). Beneath the form field, there is a link to the Advanced Search option. A shopper will be able to search products by specifying more fields such as categories (a dropdown menu), manufacturers (a dropdown menu), minimum price, maximum price, date from (mm/dd/yyyy), and date to (mm/dd/yyyy). Information – This box contains links to shipping and returns, privacy notice, conditions of use, and contacts us pages. If a shopper clicked on each link, the corresponding information will be displayed in the column between Column Left and Column Right. On the opposite side, in the Column Left section, the following information is available: Shopping Cart - a box that displays what and how many items currently in the cart. Visitor‟s cart items are transferred to a customer‟s cart once the visitor creates an account at Chinguun-Tulga‟s website.
  • Page | 33 Bestsellers – a box that displays a list of five best selling items. Specials – a box that displays products that currently have reduced prices. Product‟s image, old price, and the new price are shown in this box. Languages – this box simply shows a flag of England and Mongolia. If a shopper wants to view the website in English, the English flag should be clicked, and for Mongolian, the Mongolian flag should be clicked. The footer follows the body column. The footer starts with a table consisting of two sub- columns with a border that equals zero, making the table invisible to viewers. The sub-column in the left contains the current date in the following format: Wednesday, 10 October, 2007. On the right side sub-column, the number of hits is shown along with the date that site was created. It will display something like this: 4825 requests since Monday 03 September, 2007. Below these, there is another table that has two sub columns with a border that equals zero. Here, the left sub-column has an image of available payment options. The visual aspect is a great way to let customers know of what payments are available in order to purchase from Chinguun-Tulga‟s website. The right sub-column displays some texts such as the copyright date, copyright logo, the name of the store, and the creator of the site. Colors Used The most utilized five colors in the front-end website are: light green (#99cc00) used in the box header, lighter green (#99cc33) used in the logo, light blue (#ccccff) used as cell background, white (#ffffff) used as general background, black (#000000) used for text color. Macromedia DreamWeaver MX is the main software that was used to complete this project. DreamWeaver MX has a feature that displays all the colors used in the website. The figure on the left shows the various colors used within all the elements throughout the whole site such as - the text, table border, table background color, and images. Deciding what combination of colors to use for Chinguun- Tulga‟s website was another challenging task in this project. To come up with appealing colors, I researched on the Internet and found out about many useful color matching tools. One of the best freely available color matching tools was Adobe Kuler (available at: from Adobe. It allows webmasters to visualize what colors would go well with other; in fact, one can create a color-based theme from a combination of five independent colors that match the best. For the purpose of this project, I set the base colors as light blue (#ccccff) and light green (#99cc00). The other three colors are automatically selected and those were: white beige (#fff4e6), white (#ffffff), and oceanic blue (#6ae8c7). The figure on the next page displays the exact choice of colors that were input.
  • Page | 34 It should also be noted that the colors used for the main text, titles, table background, and cell background can be modified by making changes in the cascading style sheet in the catalog folder. To find out more about what each class in the style sheet is responsible for, please refer to the CSS section in the Site Maintenance Document.
  • Page | 35 Back-End/ Administrator’s Site Content A. The main goal of the back-end site is to allow store owner to update the front-end website without having troubles editing the source codes of the web pages. Rather, she will use the back-end site to easily alter any information that she feels necessary - at anytime from anywhere! B. The access to the back-end requires a username and password, and the administrator(s) should always keep this information in a secure place. C. The back-end homepage will contain important information regarding updating the front- end contents and other configurable contents such as: the administrator‟s configurations, products in the catalog, payment and shipping options, customers‟ list, reports, and tools to configure database backup/restoration, etc. D. The navigation tabs are located on the left side of each page and have links to the following main sections: 1) Administration (index page of back-end) 2) Online Catalog (a link to the store page) 3) Configuration i. Administrators ii. My Store iii. Minimum Values iv. Maximum Values v. Images vi. Customer Details vii. Shipping and Packaging viii. Product Listing ix. Stock x. Logging xi. Cache xii. E-mail Options xiii. Sessions 4) Catalog i. Categories/Products ii. Products Attributes iii. Manufacturers iv. Reviews v. Specials vi. Products Expected 5) Modules i. Payment ii. Shipping iii. Order Total 6) Customers i. Customers
  • Page | 36 ii. Orders 7) Locations Taxes i. Countries ii. Zones iii. Tax Zones iv. Tax Classes v. Tax Rates 8) Localization i. Currencies ii. Languages iii. Orders Status 9) Reports i. Products Viewed ii. Products Purchased iii. Customer Orders Total 10) Tools i. Database Backup ii. Banner Manager iii. Cache Control iv. Define Languages v. File Manager vi. Send E-mail vii. Newsletter Manager viii. Server Info ix. Who‟s Online Functional Requirements 1. The main goal of the back-end website is to provide a list of complete configuration management files to Mrs. Chuluunbaatar. 2. When Mrs. Chuluunbaatar logs in to the back-end site, she should be able to locate the links to the pages that alter front-end information. 3. The navigation in the back-end should be easy.
  • Page | 37 Back-End Site Design Each page on the back-end site has three basic components: header, body, and footer; and the pages are based on the following design: Header Body Link to Index | Link to Online Catalog Column Left Body Navigation Configuration Catalog Modules Customers Locations/Taxes Localization Reports Tools Content Footer Store Name Copyright Date Site Creator’s Name 100 %
  • Page | 38 The back-end website has a white background and is positioned in the center; and its elements are included in a table with a border that equals zero. There is no specific value assigned to the height in the tables because when new category or new products are added, it will stretch the website in the vertical aspect. Therefore, limiting the height will display the website improperly. On the other hand, the widths of tables are specified to have 100 percent. By doing so the back-end site displays the entire site in full-screen in the horizontal aspect. Similar to the front-end design, each page in the back-end contains three main parts: header, body, and footer. The header section is positioned at the absolute top of each page. The table that houses the header codes has a border that equals zero, making the table look invisible to viewers. A logo that reflects the Chinguun-Tulga‟s Administrator Area was created and resides to the very left side in this table. The body section lies right below the header and contains two sub-columns. The first column is named Column Left, and the adjacent column is called Body. The left sub-column contains the main navigation that includes links to: configuration, catalog, modules, customers, taxes, localization, reports, and tools. On the adjacent sub-column, the contents of configuration, catalog, modules, customers, taxes, localization, reports, and tools will be available. Also in this sub-column, there will be action buttons such as EDIT, DELETE, INSERT, MOVE, UPDATE, NEW PRODUCTS, and NEW CATEGORY. For example, if the administrator wants to add new product in the Desk Accessories category, she would go to the Catalog page, then to the Desk Accessories page, and click on the NEW PRODUCT button. (For more information about adding new products to the website, please refer to the Site Maintenance Document.) The footer section follows the body. Unlike the front-end site, the footer in the back-end consists of only three rows. The top row displays the name of the store, copyright date, and the link to the front-end website. The middle row serves as a separation line between the top row and the bottom row, and it is colored in green. The bottom row contains the name of the site creator and a link to his website. It should also be mentioned that if the administrator‟s page is left idle for more than ten minutes, then the session will end, making the administrator log-off automatically. Thus, the back-end site has a self protecting tool from potential danger, and the administrator must keep in mind that once the necessary changes are made - always remember to logoff!
  • Page | 39 Database Elements The database plays an important role in this project. As mentioned earlier, information entered in the database will be retrieved both to the back-end and the front-end of the website. Chinguun-Tulga‟s database is hosted at, and ten MySQL databases came along with the domain name and hosting plan package through The current database is stored behind a firewall to protect the website data, and the database is only accessible exclusively through the server. It means that direct access to this MySQL database using a home PC (external ODBC connection) cannot be established. The following are the important information regarding the database server: Database Name: db216012793 User Name: dbo216012793 Password: xxxxxxxxxxxx Host Name: Description: Chinguun-Tulga E-commerce Website Database Version: MySQL 4.0 Used Storage Space: 0.12 mb Max. Storage Space: 100 mb Status: Ready (Please refer to Appendix B to view the normalized database tables and ERD)
  • Page | 40 VI. Payment Methods Before a shopper buys an item, we always tell him/her to make sure that our payment method works for him/her. Also, at, we will not store any credit card data. Credit card transactions are processed at third party websites such as and There are four payment methods available to purchase from Chinguun-Tulga, and they are: - Cash on Delivery - Check/Money Order - - Payment Method How It Works Cash on Delivery Buyer has to make the payment in cash on delivery of the item at the address mentioned by him/her. Buyer may inspect the item prior to making payment. Check/Money Order Buyer makes the payment in check or money order form. There is a risk that the check may be bounced. In that case, bounced checks can be traced by their banks and the penalty fees will be applied to the customer. processes Visa, Master Card transactions in an encrypted secure socket layer protocol. Facts: -The cost of initial setup is $49 USD. No monthly fees. -Each transaction that goes through this option will have 5.5% discount rate -Fee per transaction: $0.45 Example: If the total amount of the sale was $100, we will receive $94.05 from the processes Visa, Master Card, Discover, AMEX cards and if the shopper already has an account, he/she can submit the payment by logging into personal account. Paypal uses secure AES 256-bit encryption, and its certificate is issued by VeriSign. Facts: -The cost of initial setup is zero. No monthly fees. -Each transaction that goes through this option will have 2.9% discount rate. -Fee per transaction: $0.30 Example: If the total amount of the sale was $100, we will receive $96.80 from
  • Page | 41 VII. Marketing Approaches A. Keywords Chinguun-Tulga‟s website contains a meta tag for keywords, and it is inserted between the <body> and </body> tags. Keywords that identify Chinguun-Tulga‟s website are: <meta name="Keywords" content="Chinguun-Tulga, Chinguun-Tulga Office Store, e-shop in Ulaanbaatar, e-commerce Store in Mongolia, Online Shopping in Mongolia, Online Store in Ulaanbaatar, Mongolian Office Supply Store, Office Store in Ulaanbaatar, Office Store in Mongolia, Office Supplies, Papers, Binders, Staplers, Hole Punchers, Tapes, Paper Clips, Pins, Sticky notes, Document Holders, Calculators, Document Shredders"> Keywords are very useful tool because on the web keywords are the references to the content of the website. Search engine crawlers read the keywords of the website first, and then give index to the website in search ranking. B. Tell-a-Friend Feature Chinguun-Tulga‟s website has a Tell-a-Friend feature that allows customers to send information about a specific product to their friends or someone they know. Tell-a-Friend feature appears on the right side of each product, and one simply has to enter a friend‟s e- mail address to send information. For example, Rick was visiting Chinguun-Tulga‟s website and found out that they offer “Steel 0.5 mm Pencil” that Bilguun was looking for. So, Rick uses the Tell-a-Friend feature to let Bilguun know about the pencil. Bilguun would receive an e-mail in the following format: From: Rick Date: Monday, October 22, 2007 To: Bilguun Subject: Your friend Rick has recommended this great product from Chinguun-Tulga Office Supply Store Hi Bilguun! Your friend, Rick, thought that you would be interested in Steel 0.5mm Pencil from Chinguun-Tulga Office Supply Store. I found the pencil that you were looking for. To view the product click on the link below or copy and paste the link into your web browser: Regards, Chinguun-Tulga Office Supply Store
  • Page | 42 C. Affiliate Program Chinguun-Tulga could use affiliate program to increase traffic to its website. Affiliate program is an e-commerce program under which owners of one website send users to another website to purchase related items. Banner exchange is a type of affiliate program and it does not cost anything. For instance, Chinguun-Tulga can put the links of other Mongolian e- commerce websites on its own home page. In return, the other websites will have to put Chinguun-Tulga‟s link on their homepages. According to, there are several Mongolian websites that attract large numbers of visitors. The top three are: On average, this website attracts over 3,800 visitors a day from all around the world. They claim to be the largest entertainment portal website of Mongolia. 1,800 visitors are attracted to this website on a daily basis. provides information mostly to people who are living and studying outside of Mongolia. On average, over 1,400 people visit this website daily. They seem to target younger audience who usually seek new information, movies, songs, classified ads, and news. It is highly recommendable that Chinguun-Tulga to initiate a banner exchange program with the sites that mentioned above. It will be a win-win situation for the both parties because the goals of all websites are to attract more visitors through an increased traffic. D. Measuring the Traffic There are two ways to measure the traffic to Chinguun-Tulga‟s website: Logs and Google Analytics. Logs basically shows the amount of data exchange in terms of kilobytes and megabytes, while Google Analytics displays the website traffic in more useful way such as traffic sources overview, visitors overview, map overlay etc. Logs The first method for traffic measuring is the Logs. To see data, the administrator must login to the following page: Address: Username: u46281644 Password: BEck1982 This method shows the analysis of monthly data transfer in separate protocols such as HTTP, FTP, and e-mail. A summary is shown in the first two columns, and the number of megabytes in each category indicates how many megabytes were actually consumed by the specified number of requests. For example, in September 2007, there were 44,079 total
  • Page | 43 requests and 255.5 megabytes of data exchange. Out of that, 37,488 requests and 222.3 megabytes of data exchanges were related to HTTP, and 6,591 requests and 33.1 megabytes of data exchanges were related FTP. The breakdown of monthly data transfer is shown below. Analysis for September 2007:
  • Page | 44 Google Analytics Google Analytics is the other method that is used for traffic analysis. A code that collects data is inserted in the catalog/index.php page. The following code is provided when you sign up with Google Analytics, and it is inserted just before the </body> tag. <script src="" type="text/javascript" </script> <script type="text/javascript"> _uacct = "UA-1423455-4"; urchinTracker();</script> Google Analytics displays the following statistics: - Site Usage (Number of visits, page views, bounce rate, average time on site) - Visitors Overview (Number of visitors, visitor segmentation, technical profile) - Map Overlay (Map of countries, states, cities where the visits come from) - Traffic Source (Direct or referring websites, top traffic sources list, keywords) - Content Overview (Most visited pages, navigation analysis, click patterns)
  • Page | 45 For this project, Google Analytics is mainly used to measure the number of page visits by segments. Google analytics also allows the store owner to see which key words were used exclusively to bring customers to the website.
  • Page | 46 VIII. Security In today‟s world, the Internet is being used by almost all businesses, and the number of sales done over the Internet is greater than before. The increase in online transactions has been accompanied by an equal rise in the number and types of attacks against the security of online payment systems. If the business owner utilizes the Internet as the main channel to reach customers and a way of doing business, there may be vulnerabilities such as SQL injections, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows. Successful exploitation of these vulnerabilities can lead to a wide range of results. Information and path disclosure vulnerabilities will typically act as initial stages leading to further exploitation. SQL injection or price manipulation attacks could cripple the website, compromise confidentiality, and in worst cases, cause the e-commerce business to shut down completely. Types of Security Threats Recent numbers from the U.S. Department of Commerce show that online retail is continuing its rapid growth. However, malicious phishing schemes and fear of inadequate online security cause online retailers to lose out on business as potential customers draw back at doing business online, worrying that sensitive data will be abused or compromised. The truth is that there can be numerous threats to e-commerce sites and many of the threats result from poor design by the web masters; because the entire website was not developed with its database security in mind. The following are the common vulnerabilities discovered in shopping cart and e-commerce online payment systems: SQL injections, price manipulation, buffer overflows, cross-site scripting, remote command execution, and weak authentication and authorization. SQL Injection SQL injection refers to the insertion of SQL meta-characters in user input, such that the attacker's queries are executed by the back-end database. Typically, attackers will first determine whether a site is vulnerable to such an attack by sending in a single-quote (') character. The outcomes from an SQL injection attack on a vulnerable site may range from a detailed error message, which discloses the back-end technology being used, to allowing the attacker to access restricted areas of the site because he manipulated the query to an always-true Boolean value, or it may even allow the execution of operating system commands. Price Manipulation This is a vulnerability that is almost completely unique to online shopping carts and payment gateways. This is how it works: in the most common occurrence of this vulnerability, the total payable price of the purchased goods is stored in a hidden HTML field of a dynamically generated web page. An attacker can simply modify the amount that is payable, and this information flows from the user's browser to the web server. The final payable price can be manipulated by the attacker to a value of his choice. This information is eventually sent to the payment gateway with whom the online merchant has partnered. Some websites that utilize PayPal, a payment processing service for online vendors, can become a victim of this type of vulnerability. If the volume of transactions is very high, the
  • Page | 47 price manipulation may go completely unnoticed, or may be discovered too late. Repeated attacks of this nature could potentially cripple the viability of the online merchant. An example of this type of attack will be addressed later in detail for Chinguun-Tulga‟s website. Buffer Overflows Buffer overflow vulnerabilities are not very common in shopping cart or other web applications using Perl, PHP, and ASP. However, sending in a large number of bytes to web applications that are not geared to deal with them can have unexpected consequences. It is possible to disclose the path of the PHP functions by sending in a very large value in the input fields. For example, when 6,000 or more bytes were fed into a particular field, the back-end PHP script may show it was unable to process and may display the following error message: “Fatal Error: Maximum execution time of 30 seconds exceeded in /www/html/func/admin/functions.php on line 163” “Fatal Error: Maximum execution time of 30 seconds exceeded in /www/html/func/admin/add_cart.php on line 100” Using this error information, the attacker may be able to get access to the restricted admin folder. According to, multiple buffer overflows were discovered in the PDGSoft Shopping Cart, which potentially allowed the attacker to execute code of his choice by overwriting the saved return address. As we can see, the error pages can serve as a valuable source for critical information. These errors can be induced in web applications that do not follow strict input validation principles. For instance, the application may expect numeric values and would fail when alphabets or punctuation characters are supplied to it. Cross-Site Scripting The cross-site scripting (XSS) attack is primarily targeted against the end user and leverages two factors: 1. The lack of input and output validation being done by the web application. 2. The trust placed by the end-user in a URL that carries the vulnerable web site's name. The XSS attack requires a web form that takes in user input, processes it, and prints out the results on a web page, which also contains the user's original input. It is most commonly found in search features, where the search logic will print out the results along with a line such as 'Results for <user_supplied_input>'. In this case, if the user input is printed out without being parsed, then an attacker can embed JavaScript by supplying it as a part of the input. By crafting a URL, which contains JavaScript, a victim can be social engineered10 into clicking on it, and the script executes on the victim's system. A typical XSS attack URL would look like this: 10 Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.
  • Page | 48;script>ale rt("OK")&lt;script>. In this case, when the victim clicks on this link, a message box with the text "OK" will open up on his system. In most cases, the attacker would craft the URL in order to try and steal the user's cookie, which would probably contain the session ID and other sensitive information. The JavaScript could also be coded to redirect the user to the attacker's website where malicious code could be launched using ActiveX controls or by utilizing browser vulnerabilities, such as those in Internet Explorer or Mozilla Firefox. Remote Command Execution The most devastating web application vulnerabilities can occur when the CGI script allows an attacker to execute operating system commands due to inadequate input validation. This is most common with the use of the “system call” in PHP scripts. Using a command separator and other shell meta-characters, it is possible for an attacker to execute commands with the privileges of the web server. Weak Authentication and Authorization Authentication mechanisms that do not prohibit multiple failed logins can be attacked using tools such as Brutus11 . Similarly, if the web site uses HTTP Basic Authentication or does not pass session IDs over SSL, an attacker can sniff the traffic to discover the user's authentication and authorization credentials. Since HTTP is a stateless protocol, web applications commonly maintain state using session IDs or transaction IDs stored in a cookie on the user's system. Thus, this session ID becomes the only way that the web application can determine the online identity of the user. If the session ID is stolen (say through XSS), or it can be predicted, then the attacker can take over a valid user's online identity in relation to the vulnerable web site. Where the algorithm used to generate the session ID is weak, it is insignificant to write a PHP script to enumerate through the possible session ID space and break the application's authentication and authorization schemes. 11 Brutus can be downloaded from
  • Page | 49 Securing At Chinguun-Tulga‟s website, the following is protected: the back-end website, all data that is pertinent to customers‟ orders, database, connections to database, and usernames and passwords used to enter „Administrator Only‟ areas. The logical structure of Chinguun-Tulga‟s website is shown in the following diagram:  – the root of the website sits on a secure web server that is hosted by  /catalog/ - all PHP files of the front-end site is located in the catalog directory  /catalog/admin/ - all configuration files of the back-end reside in the admin directory; it authenticates the user using session-based access.  /logs/ - logs directory contains the traffic.html file that displays the volume of the traffic created between clients and server; it authenticates the user using .htaccess.  The database server is not in the same machine as the web server, and it is hosted on a separate server at Administrator’s Area (Back-end) The back-end site,, is the heart of the project and it includes vital configuration files. The back-end is used by the store owner to add new products, remove old products, put products on sale, keep track of orders, and to create reports such as packing slips and customer order invoices. If the back-end of the web site is compromised by an attacker, he could not only steal data, but delete products and other important files and directories. Authenticating the user and using sessions A very common method of authenticating users is checking a database and using session. To use this authentication, we must have a database and tables for administrators, passwords, and sessions. Session is a unique number assigned to a client (visitor). This unique number is also used as a filename in the session table in the database. Because the client has the number on his
  • Page | 50 cookie the server can keep track of what he/she is doing by writing data to the session file. Sometimes, when starting the session the following error might show up: Warning: session_start(): Cannot send session cache limiter – headers already sent (output started at ..admin login.php:1) in ..admin login.php on line 3 PHP will display this error message if the script executing session_start() already sent something. If there is even a single space before the <?php, this error will appear. The error shows the line number so it is not too difficult to locate the problem. As the administrator logs in to the back-end, the PHP script checks the username and password against a hard coded pair. Using a SELECT statement, the database is queried to test if these two exist in the database. If a match is found, the session variable is set and the administrator moves to the main page. If someone is logged in, it means that eventually they will need to be logged off, therefore login script is not complete without the logout script. The process of logging out a user depends on the status of the user, whether they are logged in or out. The server checks the status and can log out the user if the user is still logged in, if logged out, then the server doesn‟t have to. In this case, we check whether $_SESSION[„db_is_logged_in‟] is being set or not and whether its value is true. Using this information, the logout script is built either to simply unset this session or set the session value to false. The script below uses “unset” method to log the user out. <?php> session_start (); if (isset ($_SESSION [‟db_is_logged_in‟])) { unset($_SESSION [„db_is_logged_in‟]); } header („location: login.php‟); ?> For security purposes, if the administrator is logged in and the session continues to stay idle for at least 15 minutes, the server logs off the administrator automatically. Also, the administrators have passwords that are at least eight characters long, and for an attacker to break the password, it will take at least 528 trials. These passwords are stored in the administrator‟s table in an encrypted form such as e59b526f0fb87305678856d2186ce4b7:49. Using .htaccess To prevent unauthorized access, the logs directory uses .htaccess method. .htaccess file provides a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular directory to apply those directives to the directory. If a directive is permitted in the .htaccess file, the value must be in AllowOverride in order for that directive to be permitted. Here, I am going to discuss the .htaccess file and the power it has to improve a website. The most popular uses of .htaccess file are custom 404 error pages and the basic password protection. .htaccess is easy to implement and consists of a few simple instructions in text file. It can accomplish a huge range of things including: password protecting folders, redirecting users
  • Page | 51 automatically, custom error pages, changing file extensions, restricting IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file. One of the most important uses of .htaccess is adding password protection to a directory. If a directory is password protected by an .htaccess file, then everything below this directory will be password protected as well. The following is an example of an .htaccess file that will implement password protection: AuthName “Section Name” AuthType Basic AuthUserFile /full/path/to/.htpasswd Require valid-user “Section Name” is the area that is being protected using .htaccess. The “Section Name” should be replaced with an appropriate name. The “full/path/to/.htpasswd” should be changed to reflect the full server path to the .htpasswd file. Creating the password protection is a little bit more difficult than using the components of .htaccess. To setup .htaccess to password protect a directory, we need to create another file that contains the usernames and encrypted passwords. These should be placed in a file named .htpasswd. The file can be placed anywhere within your website but it is advisable to store it outside the web root, so that it is impossible to be accessed from the Internet. .htpasswd can be created using standard text editor, and the username and password should be entered in the following format: username: password To provide access to multiple users, additional lines of entry should be made for each user. When someone tries to access the site, the browser will pop up a standard username/dialog box. In addition, a web application such as DynamicDrive ( provides a tool that easily creates both .htapsswd and .htaccess files. Customers’ Data (Front-end) At, customers are required to create an account in order to complete their purchase. The following data are collected from customers: - Personal Information: Gender, First Name, Last Name, Date of Birth, E-mail address - Company Information: Company Name - Address: Street Address, Suburb, Post Code, City, State, Country - Contact Information: Telephone number, Fax number Customers also provide shipping and billing addresses upon checking out, and this information is used to create an invoice and packing slip for the order. To let customers know about the privacy policy, Chinguun-Tulga created a Privacy Notice page and it addresses the following issues: security and safety, personal information usage, how cookies are used, electronic communication, and protection of information. The goal is to inform the customers.
  • Page | 52 Security and Safety Chinguun-Tulga notifies its customers that it does not keep the customer‟s credit card data on its web server. Rather, customer‟s credit card data is kept secure with the credit card processing agents, such as PayPal and 2CheckOut.Com. Having this statement relieves a lot of pressure for customers, and they feel secure and comfortable shopping at Chinguun-Tulga‟s website. Personal Information Chinguun-Tulga also states that it gathers customer‟s personal information, such as address and phone numbers, only to process and deliver orders. To provide an enhanced and more personalized shopping experience, Chinguun-Tulga may call the customers to verify their orders and provide post-purchase-services, such as future discounts and special pricing on selected items. Cookies Cookies are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts. Chinguun-Tulga uses cookies for two reasons. First, it checks to see whether the visitor is a registered customer. If he/she is not a registered customer, then Chinguun-Tulga asks to create an account. Second, Chinguun-Tulga uses cookies to identify the customer. There is no other way to know who is who if there was no readable cookie on the client‟s browser. Registered users will be greeted by their first name, just like how greets users by their names. Most web browsers allow you to instruct the browser to prevent the use of cookies. However, if you disable this feature, some features of Chinguun-Tulga web site may not function properly. Protection of Information As stated before, Chinguun-Tulga uses personal information to establish an e- communication, to provide a secure and prompt service, to process orders, and to inform about new product offers and discounts. Customers‟ information is the most important asset of Chinguun-Tulga‟s business, and it does not share or sell customers‟ information to third parties under any circumstances. However, Chinguun-Tulga reserves the right to disclose information provided by customers as required by law, in response to legal process and law enforcement requests and as necessary or appropriate.
  • Page | 53 Payment Gateway Security PayPal is used as one of the main payment processing providers for Chinguun-Tulga, and I recently discovered that it has a price manipulation security vulnerability. This is a weakness that is quite unique to online shopping carts and payment gateways. This is how it works: the total payable price of the purchased goods is stored in a “hidden field” of a dynamically generated web page; an attacker can simply modify the amount that is payable by saving the page on his computer, and the information that was manipulated, transfers from the user's browser to the web server. For instance, I am Hacker Joe and I create an account with Chinguun-Tulga by providing my basic information such as name, e-mail, and delivery address. I then proceed to add products such as a thick magnifying glass ($3.50), a document shredder ($100.00), and a Redwood organizer ($12.50). Once I am done adding the items to my shopping cart, I would go to the checkout page by clicking on the checkout button. There are four stages to finish the checkout process, and they are: Delivery information, Payment information, Order confirmation, Confirm Order pages. In the delivery information section, it will display that my total payable price for the chosen three items is $116.00. Here I will confirm my delivery address, and I will select the shipping method. Since Chinguun-Tulga charges a flat fee of $3.00 for all orders, my total payable price is now $119.00. In the payment method section, I would select PayPal, and click on the continue button. It takes me to the Order Confirmation page. Instead of clicking on the confirm order button, I will save this page on my computer as checkout_confirmation.php file. What I have to do now is to open the checkout_confirmation.php file with HTML editor (say DreamWeaver MX), and locate the following codes: <input type="hidden" name="amount" value="116.00"><input type="hidden" name="shipping" value="3.00"><input type="hidden" name="currency_code" value="USD"> Then I change it to the following codes: <input type="hidden" name="amount" value="50.00"><input type="hidden" name="shipping" value="1.00"><input type="hidden" name="currency_code" value="USD"> Now, I would click on the save button to save the file and close the HTML editor. Then, I open the saved checkout_confirmation.php page, and it will take me to the third stage of the checkout process, the order confirmation page. I am only one click away from transferring the price manipulated order – all I have to do now is to click on the confirm order button. It will take me to the secure PayPal website, to Here, I will see that my total payable amount is $51.00, not $119.00.The trick is done! If Chinguun-Tulga receives hundreds of orders every day, these transactions could go completely unnoticed, and even if noticed – it may be too late to fix. Of the four available payment options, PayPal is the most unsecure way while the other methods such as Cash on Delivery and are safer options. Checks and Money
  • Page | 54 orders are not the safest way because money orders can be replicated by artists and personal checks can be bounced. SSL SSL stands for Secure Socket Layer. SSL is a cryptographic protocol that provides secure communication on the Internet for such things as web browsing, e-mail, internet faxing, instant messaging, and other data transfers. Since its introduction in 1994, SSL has been the standard for e-commerce transaction security and is likely to remain so into the future. In e-commerce web applications, SSL is used to encrypt credit card data as well as other personally identifiable information, which prevents hackers from stealing information for malicious intent. You will know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox on the right side of the address bar as well). SSL Certificate The SSL certificate sits on a secure server and is used to encrypt the data as well as to identify the site. The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in. SSL certificates used to come in 40-bit and 128-bit varieties, though 40-bit encryption has been hacked. These days, SSL comes in 128-bit and 256-bit varieties. There are two principal ways of getting an SSL certificate: you can either buy one from certificate authorities or you can self-sign your own certificate. When you self-sign your certificate, it is like issuing yourself a driver‟s license. Self-signed certificates will trigger a warning window in most browser configurations which will indicate that the certificate was not recognized. However, if you buy the SSL certificate from credible certificate authorities such as VeriSign, it can cost as much as $2,000 a year. A recent market share report from Security Space, showed that as of April 2007, VeriSign and its acquisitions have a 59.6% share of the certificate authority market, followed by Comodo (8.3%), GoDaddy (5.3%), DigiCert (2.1%), Entrust (1.3%) and Network Solutions (1.1%). Also, according to a survey conducted by VeriSign, 93 percent of online shoppers reported that they felt it important for an e-commerce site to include a trust mark of some kind on their site, 64 percent have abandoned a shopping cart because they didn‟t get a sense of security and trust when it came time to provide payment information, and 75 percent will only make purchases through sites that include a trust mark. SSL Certificate for Chinguun-Tulga As I mentioned before, 1and1 hosts Chinguun-Tulga‟s website on its secure server and it offers dedicated SSL to its clients. Through 1and1, Chinguun-Tulga is going install a GeoTrust SSL certificate for $49 a year. This dedicated certificate will protect data transmission with a 128-bit encryption against both interference and any attempts at manipulation.
  • Page | 55 Before considering GeoTrust‟s SSL certificate, I tried to buy an SSL certificate from for Chinguun-Tulga., in the present SSL market, offers the least expensive SSL certificate such as Standard SSL for only $14.99/year. This Standard SSL verifies the domain control, secures your site, and GoDaddy also issues a seal that can go on your website. The seal provided is shown as below: Having a seal indicating the website is secured by certificate authorities gives shoppers more sense of security, and in fact, e-tailers who have some kind of security logos are likely to generate more income than e-shops that have no security logos in their web site. Unfortunately, GoDaddy‟s certificate could not be installed on 1and1‟s server. In order for the GoDaddy‟s Standard SSL to work, I needed to obtain a Certificate Signing Request (CSR) from 1and1, and when I contacted their Technical Support Department, they refused to sign the request. Instead, I was offered to use 1and1‟s SSL certificate that is originated by GeoTrust.
  • Page | 56 Hosting Server Security The hosting server is another important sector of the security aspect. 1and1 provides a control panel that allows me to configure the domain name, sub-domains, e-mail accounts, FTP account, and most importantly the MySQL administration. The login to the control panel requires a username and password. Being a client of 1and1 for over a year, I noticed that their Linux web server is up for 24/7 for 365 days a year, and the speed of data transfer has been fast and reliable. Although the server is monitored and maintained routinely by 1and1‟s administrators, there could be some network vulnerabilities such as anonymity attack, many points of attack, sharing, and authorization access. Anonymity An attacker can mount an attack from thousands of miles away and never come into direct contact with the system, its administrators, or users. The potential attack is thus safe behind an electronic shield. The attack can be passed through many other hosts in an effort to disguise the origin of the attack. Many points of attack When files are stored in a network host remote from the user, the data or the file itself may pass through many hosts to get to the user. One host‟s administrator may enforce rigorous security policies, but that administrator has no control over other hosts in the network. Thus, the user must depend on the access control mechanisms in each of these systems. An attack can come from any host to any host, so for large networks there are many points of vulnerability. Sharing Other accounts on a shared server can affect your website. For instance, if my account is sitting on the same server where other resource intense websites such as religious or adult oriented websites are stored, the overload of traffic can be immense. This overload may have an adverse effect on your website and the server uptime may start going down. Authorization Access Authorization access is perhaps the most important component for attackers. Once an attacker gains access to‟s network, he can enter the control panel, and it will allow him to have further access to the e-mail accounts, steal FTP access username and password, and the database will be at high risk. Thus, the usernames and passwords to all access should kept secret, and every once in a while the passwords should be changed and they should not easily guessable.
  • Page | 57 Database Security Protecting data is at the heart of many e-commerce systems, and Chinguun-Tulga relies on a database management system (DBMS) to manage the protection. The database has a key function for Chinguun-Tulga‟s e-commerce website because the front-end website outputs data from the database, while the back-end administrator‟s side inputs data into the database. Chinguun-Tulga uses MySQL, a multi-user SQL database management system, and the basic program runs as a server providing single user access to one database. A database is a single collection of data, stored and maintained at one central location, to which many people have access as needed. A database offers many advantages over a simple file system and they are: - Shared access: Many users can use one common and centralized set of data. - Minimal redundancy: Individual users do not have to collect and maintain their own set of data. - Data consistency: If a change occurs in a data value, it affects all users of that data. - Data integrity: Data values are protected against accidental or malicious undesirable changes. - Controlled access: Only authorized users are allowed to view or modify data values. A DBMS is designed to provide these advantages efficiently, but the objectives can conflict with each other when it comes to security. In addition, there are three factors that affect the security of the DBMS: data confidentiality, integrity, and inference problems. Both confidentiality and integrity are important to users of databases. Confidentiality can be broken by indirect disclosure of a negative result or of the bounds of a value. Integrity of the entire database is responsibility of the DBMS software, and this problem can be handled though backups, redundancy, and change logs. Integrity of an individual element of the database is the responsibility of the database administrator, who defines the access policy. When OSCommerce open-source solution is combined with 1and1‟s MySQL database, the configuration locates the database with the sensitive information behind a firewall. It will be accessed from an application-server also located behind a second firewall, which will receive the web server requests. This three-tier design isolates the web server from the database, isolating the database server from the outside users by two dedicated private networks. Only the web server can communicate through the firewall with the application-server, and only this can communicate with the database. This configuration is relatively secure and special attention must be paid on securing the information sent to the client from the web server, the web server itself, and the database/application-server system. The application server will incorporate the event logging and the security analyzer that recognizes unauthorized attempts to log into an account. Internet  Firewall Web-Server  Firewall  Application-Server Firewall  Database Data in the database is the most valuable asset for a store owner and attackers are after data. In order to steal data from Chinguun-Tulga‟s database, attackers have to go through a five layer defense mechanism such as, humans, network, operating systems, application, and database in addition to firewalls. First, the attacker must know about the existence of Chinguun-
  • Page | 58 Tulga‟s website, usually through humans and other marketing channels. Then, the attacker finds out about the network information and identifies who hosts the website. In fact, finding out who hosts what website is relatively easy to figure with help of such web application as WhoIsHostingThis ( If the attacker successfully welcomes himself into the network layer, then he faces the Operating System layer, which is Linux. The fourth layer is the Application Layer, and it would be phpMyAdmin in the Control Panel that is provided by 1and1. Once the attacker reaches phpMyAdmin stage, the entire database is at risk. Here, he can browse the tables, fields, elements, database schema, change query commands, or even drop tables. It can be concluded that database security key points of interest are: server security, database connections, table access control, and restricting database access. Server security is the process of limiting actual access to the database server itself, and the idea is that if someone cannot access it, they cannot see it. There are no reasons for the administrator to keep the database server visible to the world. Database back-end should never be on the same machine as the web-server, not only for security, but for performance as well. If the database server is supplying information to a web server, then it should be configured to allow connections only from that web server. As for database connections, a normal user should never be inputting SQL statements, PHP or JavaScript and should never submit them from a form element. Also, table access control is probably one of the most overlooked forms of database security, because of the inherent difficulties access restriction causes after applying them. To use table access control properly, collaboration from both system administrator and database developer are required. Last but not least, all web-enabled applications have ports that they listen to. Cyber criminals are likely to do a simple port scan to look for open ports used as a default port by popular database systems. Changing the port number is perhaps the easiest and best way to misdirect attackers. Humans Network Operating systems Application Database Data
  • Page | 59 Risk Analysis No Rank Risk Description Category Probability Impact 1 SQL Injection Displays elements in database to hackers Database medium high 2 Price Manipulation Total payable amount alteration Payment high low 3 Buffer Overflows Discloses path of web folders Server low medium 4 Cross-Site Scripting Phishing, spoofing URL low low 5 Remote Command Execution System call of PHP scripts Operating System low low 6 Weak Authentication Attacker sniffs the network, and acquires passwords Network medium high 7 Access to Back-End Hacking into the back-end website Authentication / Control Access low high 8 Access to PHP scripts Attacker deletes vital php scripts, alters with malicious intent Authentication low high 9 Access to Customer's data Customers' address and personal info disclosure Authentication low medium 10 Access to Orders data Information about orders that were placed by customers Authentication low low 11 Access to the Database Attacker breaks into the control panel and enters MySQL administration Network/ Authentication low high 12 Control Panel Attacker obtains username and password to control panel, Network/ Application Server low high 13 No Certificate Event in which SSL is not utilized Network/ Payment low medium 14 Anonymity Attack to Web Server Attackers try to gain access to the 1and1's web server Network low medium 15 Loss of Bilguun's Laptop Bilguun's laptop has a direct FTP access to Chinguun-Tulga's root server through DreamWeaver Human Risk low high 16 File Sharing Web server hosts other files for resource-intense websites Web-Server low low 17 Web Server Uptime Power Outage, Accidental damage to web servers Hosting Server/ Network low high
  • Page | 60 Business Continuity Plan Contingency Plan The Risk Analysis table indicates that there are at least eight high impact risks facing Chinguun-Tulga‟s website. In cases that these risks cause a minor failure or complete interruption in the e-commerce system, there should be a document that sets the procedures and information intended to deliver stability of the critical business functions. Such a document is known as a Business Continuity Plan, and it basically describes a written plan to maintain or resume business in the event of disruption. File Restore/Backup Files and databases of Chinguun-Tulga should be frequently backed up. Files in the catalog folder include the front-end and back-end php scripts, images, and cascading style sheets. The copies of these files are stored on many different mediums. First, parallel to the catalog folder, there is a directory called emergency, which contains exact same files in the catalog directory. If the php scripts are edited during the development stage, the files from the emergency directory can be used as a restoration. Also, since I developed this website using Macromedia DreamWeaver MX software, copies of all files in the catalog folder reside in my personal laptop. As changes occur in the files from the laptop, the files on the web server are directly synchronized with the files that are on a local machine. Moreover, the catalog folder is also backed up on two other hard drive disks that are kept offsite. In the back-end, there is a tool that creates a backup of the database. By logging into the administrator‟s end, the store owner is able to generate a database backup. The backup process should never be interrupted because the larger the database, the longer it will take to backup. Backup can be done in two ways; one is to create a SQL file in the backup directory with no compression, and the other is to download the database as a text file on the administrator‟s hard disk drive. Similar to the data backup, data can be restored to the database using the restore feature. Restoration can be done by uploading the SQL file that was created as a database backup from the backup directory, or it can be loaded from the administrator‟s computer. Best Practices To summarize the aspects of security, security is a vital component in an online business environment and e-commerce applications should be designed and implemented with careful considerations for defense mechanisms from the beginning. The following are the best recommended practices: - Database server should not reside in the same machine as the server. - Set a cookie in the user‟s computer after authentication and always delete it after the user closes the browser. If the user‟s computer does not accept the cookie, let the customer know about it. - Short term cookies ensure more security than long term cookies.
  • Page | 61 - Careful implementation of an .htaccess file can help by securing against many potential vulnerabilities as well as session authorization model. - The entire website, including the database should be developed with security in mind. - Installing fewer modules is always better because each module has some sort of vulnerability. - It is preferable to assign a person who will be in charge of the overall security. - Check all user data to ensure that it is not malicious code or SQL query which might expose confidential data. - When the web server is not secure enough, the payment gateway should be outsourced. - Do not store Credit Card numbers on the web server. When a credit card is used, there is no need for credit card information to stay on the web server. If there is a particularly valid reason to save credit card information, it should be stored in a separate server, possibly in an offline machine that only the web server can access with a secure link. All other IP address requests should not be welcomed by that machine. - Last but not least, only allow users to view what they need to view – nothing more.
  • Page | 62 Site Maintenance Document This document will give the store owner instructions on maintaining the website, adding new products, and what to do when the online transaction takes place.
  • Page | 63 1. Configuration The Configuration section will setup the entire basic store configuration. If you click on "Configuration", then a drop down of text links will appear. Clicking on one of the links will show the listings on the right section of the page. To edit any of these listings, simply click on the edit button on the right. Administrators There are currently two administrators: bilguunadmin and saranadmin. To create a new administrator, click on the insert button. The password of the administrator can be changed by clicking on the edit button. My Store Store Name It is the name of the store. Store Owner It can be the name of the store owner or the name of the store. This will show up in the e-mail in the “from” field when the customer receives his/her purchase confirmation e-mail. E-mail Address This is the store‟s general e-mail address. It is currently set as E-mail from This is the "from" email address in the customer's purchase email. When an e-mail is sent, customers will see "Office Supply Store" in the from field. Country This is where the store is located; and it is set to Mongolia. Zone This is a zone where the store is located. There are six zones, and Chinguun-Tulga is located at “Baruun durvun Zam, Baga Toiriu” zone. Zones are basically used to calculate the shipping rate, if the zone shipping method is used. (Currently, however, Chinguun-Tulga uses the flat rate of $3.00 for all shipping.) Expected Sort Order The sort order is used in the expected products box.
  • Page | 64 Expected Sort Field The column to sort by in the expected products box Switch to Default Language Currency If there are several currencies, then it will automatically switch currencies when the language is changed. Send Extra Order Emails To This is the email address where you will receive orders. It is set as sarangerel@chinguun- Display Cart after Adding Product If set to "true", then it will show the shopping cart page when a product is put in the cart and the customer has to click on "continue" to return to their product page to continue shopping. They will also see their items in the shopping cart box. If this is set to "false", then the customer will stay on the same page of the item they are putting in the cart and will be able to see their items in the shopping cart box in the top right column. Allow Guest to Tell a Friend This feature lets the customer, while shopping, tell a friend about our site through the tell-a- friend box. Default Search Operator On the search field, the "or" operator can be used. Store Address and Phone The name of the store, phone, and other information that will be seen if the customer is using a check or a money order to checkout with. Show Category Counts Set to "true" to show the count of products in each category. Set to "false" if you do not want to show the number of products in each category. Tax Decimal Place Tax decimal place pads the tax value with decimal places. Display Prices with Tax Set to "false" and prices will not display with tax. Set to "true" and prices will display with tax.
  • Page | 65 Minimum Values These are the minimum values of any field filled out by the customer. Usually these are left as is Maximum Values These are the maximum values for fields of different modules in our store. Images These are the settings for all the images that are used in the website. The "Small Image Width & Height" are the image sizes of the products in the product listing page. The "Heading Image Width & Height" are the image sizes that are uploaded for each category. The "Subcategory Image Width & Height" are all the sub-category image sizes. Customer Details These are the values that a customer fills out when they register at Chinguun-Tulga. The current required fields are: gender, date of birth, company, suburb, and state. Shipping/Packaging Country Of Origin – It is currently set as Mongolia. Postal Code – sets the postal code. Enter the Max Package Weight - Put the maximum weight here (this will be used if "ship by weight" in the Modules/Shipping Table Rate is chosen). Product Listing This displays the order of the products listed in our store. Currently, the product listing is set up in a way that -Product image appears first (1) -Product name appears second (2) -Product price appears third (3) -Buy Now button appears at the bottom (4). Stock This is an inventory control. If the Stock Level and Subtract Stock are set to true, then the server-side script will check our stock and subtract stock from items purchased.
  • Page | 66 Allow Checkout allows customer to checkout even though our stock level is too low. Mark Product out of Stock is a symbol we can use to mark a product that is out of stock. Stock Re-order level is the set level to which the stock gets down to before re-ordering. Current value is set to 5. Logging It keeps the log of all transactions that have occurred in the website. Cache Set the Use Cache to true if you want to use caching features. Cache directory is: /tmp/. Whenever the cache directory is not setup, there will be a pink error message displayed at the top of the store screen like this: Error: Cache directory does not exist. Please set this Configuration->Cache. To fix this, through a FTP program, create a subfolder named "cache" in the "catalog" folder and set the chmod permissions to 777. Then, go to Configuration/Cache. Click on "Use Cache" and set to "true". Email Options Each time after a transaction takes place, an e-mail is sent to the customers and the store owner. To change this option, choose false in the Send E-mails field. Download and GZIP We do not have to worry about these features because these are not used for our website. Sessions The Session files can be either stored in the database or a session directory named “/tmp.”
  • Page | 67 2. Catalog The Catalog is a very important section and it will input all your products and category folders, including setting up your products as an expected date, setup product attributes, manufacturers, check your reviews, and put products on special sale. Categories/Products Categories/Products Clicking on the new category button in the center section will make a new folder for a category. Clicking on the new product button will make a new product. When you are adding a new product you have the ability to: - show if the product is in or out of stock - set the date the product will be available, which corresponds with the "Products Expected" module - set the product's manufacturer - set the product's name and description - set the product's quantity in stock - upload the product‟s image - set a product's URL if you need to link out to another site - set the product's price - set the tax class which is used to charge tax on each product (this class must be setup first in the tax section) - set products weight which, if you are using "weight" for your shipping schedule, each product will need to have a weight listed. To Add a New Product We need to add a new pencil in the PENS & PENCIL category. To do that, you will have to click on the PENS & PENCIL category. The screen will show that there are two sub-categories: PENS and PENCIL. Then, choose the PENCIL folder. It will list the products that are available in that sub- category. To add the new pencil, click on the new product button. It will display a form that is used to add a new product as shown in the next page. To add a new product, always check the following and have them ready if available: - Product Manufacturer‟s info (If the product manufacturer is known, add the name of the manufacturer by going to the manufacturers page) - Product Quantity (It will be used to keep track of the inventory.) - Product Model. Assigning a product code is a good idea. It helps the store owner Mrs. Chuluunbaatar to order more products from the suppliers in China by product code. - Product‟s Image. The image of the product is very important. All images should have a clear white background. Image size should be in the multiplication of 170x120 pixels. (Width of 170 and height of 120). It can be any of the following sizes: 170 x 120, 255 x 180, 340 x 240, 510 x 360, etc.
  • Page | 68 - Product‟s weight (If the product weight is known, list it in units of pounds. It will be used to calculate the shipping rate, if the shipping method is set to ship by weight method.)
  • Page | 69 To Move a New Product To move a new product, click to highlight the product you want to move and click on the move button on the right. When you click on the move button you will see this message: "Move (name of product) to:” Choose a place to move it and click on the move button. To Copy a New Product To copy a new product, click to highlight the product you want to copy and click on the copy to button on the right. When you click on the copy to button you will see this message: Copy Method: -Link product -Duplicate product Choose Link product if you want to link it and Duplicate product if you want to add another product. Move a Category Folder To move a category folder, click to highlight that folder and click on the move button on the right. You can move folders either to other folders or to the top of the directory. Products Attributes This section deals with the attributes of the products. For example, we are going to sell binders of different sizes and different colors: -Thick and red binder -Thick and blue binder -Thin and red binder -Thin and blue binder To set the attributes, first, you need to setup the Option Name. Using binders as an example, you would have at least two option names: color and size. Next, you will have to setup your Option Values. In this section you will see a box that shows the Option Names that you have already setup. You have color setup as an Option Name; so make sure the color is in this box. Then, to the right of that box is a blank box where you type in one of your colors. Do this for each color and then do this again for each size. Make sure you associate and "Option Value" (red, blue) with an "Option Name" (color, size). Now, you are ready to start adding options to your products. Under the "Products Attributes" section at the bottom you will see a drop down box listing all of your products that you have already put into your store. Choose one and follow across the drop downs to the right. The next box is the "Option Names", then the "Option Values", and then the price box. If the price stays the same on each attribute then leave this box blank. If the price goes up or down on each attribute then put an amount from the "base price" and put a "plus" or "minus" sign in the next box. For Example: size = 10.00 (this is the regular price, so there is no need to put a price in the "price box") size = small = 8.00 (put 2.00 - (this is $2 with a "minus" sign from the base price of $10.00) size = large = 12.00 (put 2.00 + (this is $2 with a "plus" sign from the base price of $10.00)
  • Page | 70 Manufacturers Manufacturer‟s info can be added with its own image by clicking on the insert button. A Manufacturers' URL can also be listed to the direct of the manufacturer. Reviews Reviews show the listing of all reviews that customers have entered. These reviews can be edited or deleted by the store administrator. Specials Products can be listed as special discounted items by a percentage or by an amount. For example, we would like to have the Presentation Binding System on sale for 20% off. To put items on specials, you need to click on the new product button. On the next screen, choose your product from the drop-down box, then put a special price in the Special Price box. Here, this can be a percentage (20%) off or it can be a reduced dollar amount like 20.00. In the Expiry Date box, the expiration date can be entered. For no expiration, the expiry date box can be left empty. Products Expected This list shows the products that are expected to arrive at the store on a certain date. This is set up when the site owner inputs a product into the Date Available field, in the “Categories/Products” section.
  • Page | 71 3. Modules In modules, you will setup your payment, shipping, and order total. Payment There are several different payment modules. To activate one, you need to click on the name to highlight it, then click on the install button on the top right. To remove a payment module, you would simply select the method, and click on the remove button on the top right. Shipping In shipping, there are several different ways. They are: -Flat Rate -Per Item Rate -Table Rate -Zone Rates The current shipping method is the Flat Rate. The shipping cost is not based on the total cost or weight of items. No matter what the amount of the order is, Chinguun-Tulga will charge a flat fee of $3.00 per order. Order Total The "Order Total" module puts the items in the order they will appear in the checkout process. There are five modules: low order fee, shipping, sub-total, tax, and total. Low order fee can be applied to orders below the required amount. For example, Chinguun-Tulga may apply order fee of $5.00 for all orders below $20.00. Also, under the shipping module, free shipping may be applied to orders over $50.00, if the field is set to 50.00.
  • Page | 72 4. Customers Customers This is the list of all customers that are currently registered at Chinguun- Tulga‟s website. Customers can be edited, deleted, emailed and their orders can be viewed by clicking on the orders button. Orders These are the "pending" orders. Click on the edit button to see the order and you can change the status of the order, put comments in the comments box, and notify the customer of the progress of his/her order. An invoice and packing slip can be created by clicking on the invoice and packing slip buttons respectively. The server-side script creates reports for the packing slip and the invoice in the format that is shown below. Report for Invoice:
  • Page | 73 Report for Packing Slip: Also, the orders can be deleted by clicking on the delete button. Upon deleting an order, you will be asked if you really want to delete the order. It will also ask you if you want the product to be re-stocked after the order is deleted. To re-stock the item, simply check the “re-stock product quantity” box and confirm delete.
  • Page | 74 5. Locations/Taxes This section will set up the locations and tax options of the store. Countries This is the list of all countries that Chinguun-Tulga will ship products to. Since, Chinguun-Tulga only sells products in Mongolia, there is only one country listed on this list. Zones This is the listing of all zones in Ulaanbaatar. There are currently six zones, and they are: -3th and 4th Districts, Tumur Zam -Baruun Durvun Zam, Baga Toiruu -Dambadarjaa, Belh, Tolgoit, Orbit -Salhit, Sharga-Morit -Tavan-Shar, Ulaan-Huaran -Zuragt, 1st horoolol, Zones can be edited, deleted, and added by clicking on edit, delete, and the new zones buttons. Tax Zones This is the state and tax description of your store. Tax Classes This is the title of your tax class title like “taxable goods” and the description of that title. Tax Rates This is the tax rate of the state your store is in. How to Setup Your Taxes Currently, the prices of the items are the prices already including the taxes. If we were to create an Ulaanbaatar City sales tax of 7%, then we would do the following: Go to the Administrator‟s area  Locations/Taxes  Tax Zones. Create a new tax zone, and name it Ulaanbaatar City Tax. Then, go to the Tax Classes, and click on the new tax class button. In the Tax Title, there will be choice of Taxable Goods and City Sales Tax, choose City Sales Tax. Zone should be set as Ulaanbaatar City. In the tax rate field, you can enter the tax percentage as 7.00%, and when done entering all this information click on the update button.
  • Page | 75 6. Localization This section will setup the default currency, language, and order status to notify the customers. The Orders Status can be added or its name can be changed by clicking the edit button after that line has been highlighted. Currencies The current currency is U.S. Dollars. To add a new currency, click on the new currency button. To update the current currency, click on update currencies button. Languages This section displays the available languages for the store. A new language can be added by clicking on the new language button. The name, code, image, sort order of the language can be edited by clicking on the edit button for each language. Orders Status Orders are classified in four different ways: pending, processing, delivered, and preparing [Paypal]. When a customer places an order, the store owner will see the status of the order as pending in the orders page, and pending is the default status for all orders. If the order is delivered to the customer, the store owner can change the status of the order to delivered. On the other hand, if the customer is using PayPal payment options, the store owner will have to change the status of the order to preparing [PayPal], and once the payment transaction is cleared it can be changed to delivered status.
  • Page | 76 7. Reports This section shows how many products have been viewed, purchased, and the total of the customers‟ orders. Products Viewed Products viewed section displays the products that have been viewed the most. For example, Knock 0.5 Pencil is in the first rank because it has been viewed 39 times so far. Products Purchased Products purchased section displays the products that have been purchased the most. For example, Elliptical Punch is in the number one spot because it has been purchased twice. Customer Orders-Total This section displays total of the customers who have purchased from Chinguun-Tulga. Along with their first name and last name, you can also see the date that their account was created. Customers can be edited, deleted, e-mailed and their overall orders can be viewed by clicking on the edit, delete, email, and orders buttons respectively.
  • Page | 77 8. Tools The tools section is used for database backup/restoration, banner management, file manager, sending e-mails to customers, sending newsletter to customers, and it also shows the server information as well as who is currently online at Chinguun-Tulga‟s website. Database Backup Clicking on the backup button will create a database backup, and the restore button will restore the database. When backing up the database, you should not interrupt the backup process because this process might take a couple of minutes. The backup file can be saved as PureSQL file in the catalog/admin/backups folder in the server, or it can be saved on the store owner‟s computer hard disk drive as a text file. Also, when restoring the database, you should not interrupt the restoration process because the larger the backup, the longer this process takes. Restoration can be done by browsing a text file from the store owner‟s computer or from the PureSQL file that is saved in the catalog/admin/backup folder located in the server. Banner Manager The banner manager allows you to put a banner at the bottom of the pages. An option to display a banner can be changed by clicking on the green button in the screen. If the banner is shown on the pages, by simply clicking on the red button you can disable this banner displaying feature. Cache Control Cache control shows the folders that caches files. The cache folder can be refreshed by clicking on the recycle button. Define Languages Define languages displays the files for all available languages. Chinguun-Tulga has two languages: English and Mongolian, thus there are two folders that contain all the associated files for each language. File Manager File manager lists all the files that are residing in the catalog folder. Each file is shown with its size, permission, user, group, and date modified can be edited by clicking on the EDIT button.
  • Page | 78 You can also create a new folder, a new file, and upload new files from your computer by simply clicking on the browse button. It eliminates the need for using file transfer protocol applications such as EmFTP, DreamWeaver, etc. Send Email This section allows the store owner to send e-mail to all customers, to all newsletter subscribers, or to individual customers. The message field does not support HTML tags, so you must only use text messages in the Message field. It should also be noted that to send a message, you must click on the send mail button twice to send the message. When send mail button is clicked once, it will display a confirmation page, and here you can check for any spelling errors, or make changes by clicking on the back button. If everything else looks good, you can proceed by clicking on the send mail button again. Newsletter Manager Similar to the Send Email module, the owner can send a newsletter or a product notification to subscribed customers. To create a new newsletter, you would click on the new newsletter button. Then, choose Newsletter (or product notification) from the drop down box to send a regular newsletter (or product notification). Then, choose the title and type your message in the content box. Click Save. This will take you back to the original page with your newsletter listed. Click on the lock button on the right. Now, you can edit, delete, preview, send, or unlock your new newsletter. For the product notification newsletter click on the send button. On the next page, choose the products from the left and transfer them to the right box. Click submit. Any customer who has asked to be notified on all or certain products will be sent an e-mail.
  • Page | 79 Server Info Server info shows information about the server that hosts Chinguun-Tulga‟s website. This is useful if you need to know exactly what programs are on your server. Who’s Online This is a traffic reporting tool that is used to see who is accessing your website at the moment. If a customer is logged into your store and looking around, you can click on their link and see what page they are on and what products they are looking at.
  • Page | 80 9. Cascading Style Sheet (CSS) Most of the colors used in the website can be changed on the cascading style sheet definition page in the catalog/stylesheet.css file. (To edit the cascading style sheet, go to, login using the administrator‟s username and password. Then go to: Tools  File Manager  stylesheet.css  edit button.) .boxText This style changes the font size of the text in all the boxes. .errorBox This style is used for color and text size of error boxes with the red triangle. Example: admin/backup.php where it will say backup directory does not exist, warning: I can write to your configuration files, etc. .stockWarning This is the style used for the stock level warning, a text shown on the shopping cart page when purchasing items. .productsNotifications This style is used for the product notifications checkbox bar on the checkout success page. .orderEdit This is the color style used on the "edit" links shown on the checkout confirmation page. BODY It is the color in the left and right column boxes and the "text body" that is NOT linked. A This style is used for color style for ALL link colors throughout the entire store. A:hover This is the color style used for mouse over links throughout the entire store. FORM This style is used for forms. It changes the color of this text, "Use keywords to find the product you are looking for" in the "Quick Find" box on the left. TR.header (means table row.header and is a general setting for the whole table) This is a style used for the background color of the header. TR.headerNavigation The styles used for the breadcrumb navigation path. Background color of the top navigation as "Top :. Catalog :. etc.
  • Page | 81 TD.headerNavigation It is used for arrow colors that point forward and the vertical link separators :. in the breadcrumb navigation path. If you set a background color here, it will override the TR.headerNavigation color set. Also, background image for the navigation table can be set. A.headerNavigation It sets the text link colors for the breadcrumb navigation path links (Top :. Catalog:. etc.) A.headerNavigation:hover This is the mouse over effects of the breadcrumb navigation path links (top, catalog, my account, cart contents, etc.) TR.headerError It is the style used for the error messages shown in the header. The default is a red background with white text. TD.headerError This is the style used for the error messages shown in the header. The default is a red background with white text. TR.headerInfo It is the style used for the information messages shown in the header. It changes the background color of the top box that appears when a new password is sent. Example: A New Password Has Been Sent To Your Email Address TD.headerInfo This style is used for the information messages shown in the header. It changes the background color of the top box that appears when a new password is sent. Example: A New Password Has Been Sent To Your Email Address TR.footer This sets the color of the footer row where the date and counter are. TD.footer This is the size and color of the text in the footer row where the date and counter are. If you set a background color on this TD.footer tag, it will override the TR.footer tag. .infoBox It sets the background border color around all the boxes, except for the "my account", "edit account", and "add a new address" boxes. .infoBoxContents This style sets the color of ALL the inside of the boxes and puts a colored border around the comments boxes. Setting a text color here will color the numbers text in the boxes like the catalog listings and the "Best Sellers" box numbers and the "My Account", "Edit Account", & "Add Address" headings.
  • Page | 82 .infoBoxNotice This style used is for the outline of the box created at the top of the checkout_payment.php page when a customer inputs the wrong credit card number or expiration date. .infoBoxNoticeContents The style used for the body of the box created at the top of the checkout_payment.php page when a customer inputs the wrong credit card number or expiration date. TD.infoBoxHeading This style sets the left and right column boxes and the new products box heading color and text color. The text size of the heading boxes can be changed. For anything above 10 you will need to enlarge the box graphics. Padding can be added to these heading boxes, too. TR.accountHistory-odd, TR.addressBook-odd, TR.alsoPurchased-odd, TR.payment-odd, TR.productListing-odd, TR.productReviews-odd, TR.upcomingProducts-odd, TR.shippingOptions-odd, TR.accountHistory-even, TR.addressBook-even, TR.alsoPurchased- even, TR.paymenteven, TR.productListing-even, TR.productReviews-even, TR.upcomingProducts-even, TR.shippingOptions-even These styles set the odd and even row colors on all box listings. TABLE.productListing It sets a border around the products listing table that shows the listing of the products. .productListing-heading The color of the background of the product listing heading that has "product name", "price", etc. The text style and color can also be set. TD.productListing-data This sets a different background color for the product listing table, box padding, size, and borders. A.pageResults This style sets the link on catalog/includes/split_page_results.php and page results numbered link colors at the bottom of the product pages. A.pageResults:hover Mouse over link colors on catalog/includes/split_page_results.php and page results numbered links mouse over color at the bottom of the product pages. TD.pageHeading, DIV.pageHeading This style is used for page headings. Color on the checkout_success.php page that says "Your Order Has Been Processed!" and also on all the product heading pages as “What's New Here?” text on the product pages. TR.subBar, TD.subBar This is the style used for the sub navigation bar. TD.main, P.main The size of the text can be set for all the main text areas, the "My Account Info", "Edit
  • Page | 83 Account", "Add Address", "Order History", & "Notifications" page boxes. If you set the text color, it is the text color on all these, not the column boxes. A padding can be also be set for all the body text in the store. TD.smallText, SPAN.smallText, P.smallText It is the color and size of Copyright text at the bottom of the page. "Include Subcategories" Text on the advanced_search.php page Page results text at the bottom of the product pages such as "Displaying 11 to 20 (of 32 products) Result Pages:" TD.accountCategory It is the style used for the account categories. TD.fieldKey and TD.fieldValue Text sizes for the account parameter keys and values on the advanced_search.php page such as "Categories: Manufacturers: Price From: Price To: Date From: Date To: TD.tableHeading This style alters the text styles and sizes on the table headings of address_book.php and product_reviews.php pages. SPAN.newItemInCart This is the style used for marking new products added to the shopping cart, so that these products show what's in the shopping cart page. CHECKBOX, INPUT, RADIO, SELECT These are the styles used for certain HTML form elements like the size of the text inside the drop down boxes. Example: manufacturers‟ drop down menu. SPAN.greetUser It is the style used for the user greeting "Welcome Guest!" on the first page. TABLE.formArea In "My Account Information", "Edit Account", and "Add Address” - this is the inside box color. TD.formAreaTitle In "My Account Information", "Edit Account", and "Add Address" - this is the size of the text headings. It changes the text color on top of the boxes on the "My Account Info" page. Padding can also be set for space on the right and left sides. SPAN.markProductOutOfStock The text color that is used for marking products that are out of stock. SPAN.productSpecialPrice It is the style used on special product prices. TD.checkoutBar This is the style for bottom text on the checkout page that says:
  • Page | 84 [ delivery address | payment method | confirmation | finished! ] SPAN.checkoutBarHighlighted This style displays the highlight color of the text showing which page you are on: [ delivery address | payment method | confirmation | finished! ] SPAN.errorText This style is used for error text messages. .moduleRow This is the style used for the shipping and payment modules. .moduleRowOver This is the color of the bar on the checkout_payment.php page on a mouse over when you choose your payment method. .moduleRowSelected This is the color of the bar on the checkout_shipping.php showing the shipping charge and the selected payment method on the checkout_payment.php page. .checkoutBarFrom, .checkoutBarTo This is the color and size of the text at the bottom of the checkout pages that show what page you are NOT on such as [ delivery address | payment method | confirmation | finished! ] .checkoutBarCurrent This is the color and size of the text at the bottom of the checkout pages that shows what page you are on such as [ delivery address | payment method | confirmation | finished! ] .messageBox .messageStack .messageStackError, .messageStackWarning .messageStackSuccess These are the styles used for message boxes. Here you can define the color of the background error that show up when trying to delete an address that is your primary address in the account section. .inputRequirement It is the style used for form input requirement fields: the color of the asterisk * and the words "Required Information" on the account.php pages.
  • Page | 85 Systems Requirements Document This system requirements document describes management and user requirements, costs and benefits, and outlines the alternative development strategies.
  • Page | 86 Executive Summary This system requirements document describes management and user requirements, costs and benefits, and outlines the alternative development strategies. After completing a series of phone interviews with the owner Chinguun-Tulga office supply store, and finding out what her business requirements are, I came up with the following conclusions. There are four scenarios that they can choose from for their new e-commerce information system. The first scenario is “Ready-To-Use: 1&1 eShops”, the second is “Ready-To-Use: Network Solution”, the third is “E-commerce software: VP-ASP”, and the last is “Open-source solution: OS Commerce.” (Section V: Alternatives in this document describes each scenario in more details.) If Chinguun-Tulga chooses the “Ready-To-Use: 1&1 eShops” scenario, it will cost $768 for annual maintenance. Before this, they will have to pay $768 for initial setup cost. The bright side of this option will be to have an already-built and ready-to-run website. Similarly, if they choose the “Ready-To-Use: Network Solution” scenario, Chinguun-Tulga will face high initial and annual maintenance costs, $1,659 and 1,560 respectively. Thus, this option is not practicable. However, if the “E-commerce software: VP-ASP” alternative is chosen, the initial cost will come to $1,120, and $745 in maintenance for each year. This alternative is less expensive compared to the previous two alternatives. On the other hand, if Chinguun-Tulga decides to utilize the fourth scenario, “Open-source solution: OS Commerce”, they can create an e-commerce website with the minimal cost. To implement this option I will spend two to three months developing the website, and the initial cost will be $477 (including a purchase of a SSL certificate, Linux hosting fees, and payment gateway setup with, and $428 per year thereafter. The break-even point will occur as soon as the website is operational, and the benefits will surpass the costs in this alternative. Thus, after careful consideration, using cost as the main factor, I recommend implementing the “Open-source: OS Commerce Development” scenario. Chinguun-Tulga will have a virtual presence where they will sell goods in a more reachable audience, and provide better service to customers through their website at the lowest possible cost.
  • Page | 87 I. Information Systems Background An analysis of the Chinguun-Tulga Office Supply Store was completed on Wednesday, July 1, 2007. This analysis is the result of an information system request submitted to Mrs. Chuluunbaatar Sarangerel, owner of Chinguun-Tulga Company, on June 18, 2007. The conclusion is there is a need for computerized book keeping system and an e-commerce website to support their business operations. The following facts are the result of my findings at the Chinguun-Tulga Office Supply Store: I. This retail store operates from 9:00 am to 8:00 pm Monday through Friday, 9:00 am to 6:00 pm on Saturdays; and the store is closed on Sundays and during the major holidays such as Independence Day and Mongolian Lunar New Years days. II. There are three sales people who sit behind the counter, and when the customers are ready to check out these sales people receive the payment (usually in cash form) and issue receipts for transactions. III. All transactions involve cash. There are no credit/debit card or check payments. For large transactions, above $1,000 USD, Chinguun-Tulga requires bank transfer payment method of its customers. IV. There are about 150 different office products sold at the store. The main categories are: a. Binders/ Document Organizers b. Hole Punchers/ Staplers c. Pens and Pencils d. Tapes/ Papers/ Note cards e. Paper Clips & Pins f. Calculators g. Rulers h. Erasers & Lead Refills i. Document Shredders j. Desk Accessories V. There are no orders received through phone or fax because there is no printed catalogue of their office products. VI. Once a month Mrs. Sarangerel Chuluunbaatar, the owner of the store, counts all products to keep track of the store inventory. It takes about 2-6 hours to complete. VII. Mrs. Sarangerel Chuluunbaatar creates three quarterly-based reports of her inventory. The three reports include: a. Report of Items Purchased, b. Report for Items Remaining in the Inventory, c. Accounting Report for auditing purposes.
  • Page | 88 II. Functional Requirements The new system that proposed for Chinguun-Tulga office supply store will have the following logical system. Data Flow Diagrams (DFDs) a. Context Diagram This is the diagram that describes the entire system in the simplest form. In this diagram, Chinguun-Tulga‟s office supply sales system interacts with the following five external entities: Customer, Employee, Credit Card Company, Shipping Agent and Auditors.
  • Page | 89 b. Diagram Zero The Context Diagram is further decomposed to a lower level diagram that has three processes: Order Process, Generate Report Process, and Data Backup/ Restore Processes.
  • Page | 90 c. Diagram 1: Process Order (Decomposed) In diagram zero, the Chinguun-Tulga office supply sales system was decomposed into three processes, and one of them was Process Order (Process 1). In this diagram, Process 1 is further decomposed into seven sub-processes: 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, and 1.
  • Page | 91 The new information system at Chinguun-Tulga will be used to sell products to customers using the Internet. The general public can browse the catalogue of products contained in an inventory database. To make a purchase a new customer will enter his/her name, address, and personal email profile. (For further use of the system, the Internet user should register as a customer by creating a username and password.) The customer may proceed to add items to a shopping cart. At any point the customer can view the shopping cart list and modify its contents. When the customer is satisfied with their selection of product they will proceed to the check out: If the customer has previously purchased goods, then the system will display their credit card details and offer the customer the option of amending the card details or accept the current details. If the customer has not previously used their credit card, then they are requested to enter the card details. When the user confirms the purchase the system will create a customer order and issue his/her credit card details to a third party organization to validate the credit card account and process the payment. Once the payment process completed, the system will send a copy of the customer order to Chinguun-Tulga who will fulfill the purchase by sending out the goods to the customer. Here, Chinguun-Tulga is also acting as the shipping agent. d. Diagram 2: Process Generate Report (Decomposed) In diagram zero, the Chinguun-Tulga office supply sales system was decomposed into three processes, and one of them was Process Generate Report (Process 2). In this diagram, Process 2 is further decomposed into four sub-processes: 2.1, 2.2, 2.3, and 2.4.
  • Page | 92 e. Diagram 3: Process Backup/ Restore (Decomposed) In diagram zero, the Chinguun-Tulga office supply sales system was decomposed into three processes, and one of them was Process Backup/Restore Data (Process 3). In this diagram, Process 3 is further decomposed into two sub-processes: 3.1 and 3.2. Process Descriptions 1.1 Browse Catalogue If browsing by category Open website Website connects to Product Inventory Database Display products by category If browsing by price Open website Website connect to Product Inventory Database Display products by price If browsing using search tool Open website Website connects to Product Inventory Database Display products by keyword 1.2 Register/ Create Profile Get personal information
  • Page | 93 Get gender Get first name Get last name Get date of birth Get email address Get address information Get street address Get suburb name Get post code Get city name Get country Get state/province Get contact information Get telephone number Get fax number Get optional information Get newsletter subscription request Get login information: Get password Get password (repeated) 1.3 Login If returning customer Login using username and password If public customer (new customer) Run process 1.2 (Register/Create Profile) Login using username and password 1.4 Add Product To Cart Choose product Click on ADD TO CART Product is added to Shopping Cart database 1.5 View/ Edit Cart Click on Shopping Cart Display all products in the Shopping Card database Allow changes made by customer 1.6 Check-Out Order Final quantity of all products calculated Total price of all products calculated Connect to the Credit Card Company/Bank Transfer payment information/ Run process 1.7 Get payment notification from the Credit Card Company/Bank If payment NOT OK Notify customer transaction unsuccessful
  • Page | 94 If payment OK Connect to Product Inventory database Update inventory list with new quantity Close database connection Output payment result Record customer orders in the Customer Order database 1.7 Issue Credit Card for Validation Transfer payment information to Credit Card Issuer Receive validation status 1.8 Issue Order to Shipping Agent Retrieve new orders from Customer Orders database Create packing slip/sales receipt 2.1 Generate Products Viewed Report Connect to Product Inventory database Execute sql for best viewed products Print the records Close database connection 2.2 Generate Products Purchased Report Connect to Product Inventory database Execute sql for items purchased in a weekly (or monthly) basis Print the records Close database connection 2.3 Generate Customer Orders Total Report Connect to Product Inventory database Execute sql for customer orders total report Print the records Close database connection 2.4 Generate Accounting Report Connect to database Execute sql for Accounting Report Print the records Close database connection 3.1 Backup Data Connect to database Backup data to a file Close database connection Check if medium exists Save file to medium
  • Page | 95 3.2 Restore Data Open database Restore data from a file Close database connection Data Dictionary Entities Auditor: An agent in charge of inspecting financial statements of Chinguun-Tulga Credit Card Company: Financial institution used in credit card purchase by customer Customer: Customer of Chinguun-Tulga Office Supply Store Employee: Owner Mrs. Sarangerel Chuluunbaatar and three other employees Public: Customers that do not have profile with Chinguun-Tulga‟s website Shipping Agent: Employees and the owner of Chinguun-Tulga Processes: Process Order: A process that executes the credit card transactions between the purchasers, the bank, and the system. Process Generate Report: A subsystem that is responsible for creation of necessary reports. Process Backup/Restore Data: A process that creates backup of database information for storage on separate medium. Flows Accounting Report: Bookkeeping information that is generated by report generation subsystem for presentation to auditors All Data: All information in Customers and Product Inventory database will be backed up to Backup Database for an emergency purpose. Browse Products: Customer and general public can list and view the desired products from the database. Cart Item: Once the product is selected it to the shopping cart. Cart items may be altered (remove or add) later. Cart Item ID: When customer views his/her shopping cart, selected products will be shown with its unique ID number. To change the product, a customer can enter the unique ID number of another product. Credit Card: In order to use the credit card, 16-digit credit card numbers are sent to the credit card processing institute for authentication. Credit Card Payments: To complete the transaction, a customer enters the credit card number in the checkout form.
  • Page | 96 Credit Card Status: Credit card processing institute processes the card and sends the status of the card to checkout system. Customer Account Info: Customer creates a profile with his/her title, first name, last name, contact information, and login information. As soon as the account is setup an email is sent to the customer with account login information. Customer Information: All customer information is saved to the Customers database. Customer Order: After the credit card is authenticated, the check-out order is completed. This data will be recorded in the Customer Orders database. Customer Orders Total Report: Output of Generate Customer Orders Total process. Data: Information retrieved from database for report generation subsystem. Denial: Notice to customer from system of payment rejection. Item Details: Data that is retrieved from product inventory database when customers browse catalogue. Items Sold Report: Output of Generate Items Sold Report Payment: Payment from customer via bank system Payment Data: Data from Process order to Customers database Payment Notification: A notice from bank indicating payment has been received Personal info: Information that is used to create a profile from public. Product ID: Unique number that identifies each and all products that listed in the catalogue. Product Info: Information that relates to certain product is loaded from the database for customers to view Product Inventory Data: All data that are used to create reports Products Viewed Report: Output of Generate Best Viewed Report process Products Purchased Report: Output of Generate Products Purchased Report process Quantity Data: A data that updates Product Inventory database as the customer completes an order Request Restore: Employee prompted request for restoration of information in backup database Request Inventory Info: Employee‟s request to create report for remaining inventory Sales Receipt: Receipt is sent to the customer after each completed transaction Shipping Request: Shipping agent receives request to deliver products that are just purchased. Username and Password: Login information that is used to create profile; if the profile already exist the username and password are used to view customer‟s account.
  • Page | 97 Data Store Design Entity Relationship Diagram (ERD) In the Systems Requirements Document, the ERD (shown below) is the very simple level of the entity relationship diagram. In the Design Document, all the tables are described and normalized up to the third normal form. Primary keys such as the product IDs are used to uniquely identify the records. All the products have fields that can be updated by the website administrator.
  • Page | 98 Database Schema CREATE TABLE `customers` ( `customers_id` INTEGER(5), PK `customers_gender` CHAR(1), `customers_firstname` VARCHAR (32), `customers_lastname` VARCHAR (32), `customers_dob` DATETIME, `customers_email_address` VARCHAR(96), `customers_default_adress_id` INTEGER (5), `customers_telephone` VARCHAR(32), `customers_fax` VARCHAR(32), `customers_password` VARCHAR(40) ); CREATE TABLE `customers_info` ( `customers_info_id` INTEGER(5), PK, FK `customers_info_date_of_last_logon` DATETIME, `customers_info_number_of_logons` INTEGER(5), `customers_info_date_account_created` DATETIME, `customers_info_date_account_last_modified` DATETIME ); CREATE TABLE `customers_basket` ( `customers_basket_id` INTEGER(5), PK `customers_id` INTEGER (5), FK1 `products_id` TEXT, FK2 `customers_basket_quantity` INTEGER(2), `final_price` NUMBER, `customer_basket_date_added` VARCHAR(8) ); CREATE TABLE `customers_basket_attributes` ( `customers_basket_attributes_id` INTEGER(5), PK `customers_id` INTEGER(5), `products_id` INTEGER(5), `products_options_id` INTEGER(5), `products_options_values_id` INTEGER (5) );
  • Page | 99 CREATE TABLE `manufacturers` ( `manufacturers_id` INTEGER (5), PK `manufacturers_name` VARCHAR(32), `manufacturers_image` VARCHAR(64) ); CREATE TABLE `orders_products` ( `orders_products_id` INTEGER (5), PK `orders_id` INTEGER (5), FK1 `products_id` INTEGER (5), FK2 `products_name` VARCHAR(64), `products_price` NUMBER, `final_price` NUMBER, `products_quantity` INTEGER (2) ); CREATE TABLE `orders` ( `orders_id` INTEGER (5), PK `customers_id` INTEGER (5), FK1 `customers_name` VARCHAR(64), `customers_street_address` VARCHAR(64), `customers_district` VARCHAR(32), `customers_city` VARCHAR(32), `customers_postcode` VARCHAR(10), `customers_state` VARCHAR(32), `customers_country` VARCHAR(32), `customers_telephone` VARCHAR(32), `customers_email_address` VARCHAR(96), `delivery_name` VARCHAR(64), `delivery_street_address` VARCHAR(64), `delivery_district` VARCHAR(32), `delivery_city` VARCHAR(32), `delivery_postcode` VARCHAR(10), `delivery_state` VARCHAR(32), `delivery_country` VARCHAR(32), `payment_method` VARCHAR(12), `cc_type` VARCHAR(20), `cc_owner` VARCHAR(64), `cc_number` VARCHAR(32), `cc_expires` VARCHAR(4), `date_purchased` DATETIME,
  • Page | 100 `shipping_cost` NUMBER, `shipping_method` VARCHAR(32), `orders_status` VARCHAR(10), `orders_date_finished` DATETIME ); CREATE TABLE `products` ( `products_id` INTEGER (5), PK `productcs_model` VARCHAR (12), `products_image` VARCHAR (64), `produtcs_price` NUMBER, `products_weight` NUMBER, `products_status` SMALLINT (1) ); CREATE TABLE `products_description` ( `products_id` INTEGER (5), PK, FK `products_name` VARCHAR (64), `producst_url` VARCHAR (255) );
  • Page | 101 Form In order for customers to purchase products from Chinguun-Tulga‟s website, they need to be registered first. The form shown below is used to collect customer‟s information. Once the customer creates an account, he or she will be able to proceed with the check-out process.
  • Page | 102 III. Environmental Requirements In order to implement the new system, the following environmental requirements need to be met: - Purchase of a desktop computer (or laptop), - Internet connection, - Domain name, and - A server to host the website Since this project is a web based project, the Internet connection is the first thing that is required to accommodate the connectivity of the website to the customers and the Chinguun-Tulga Office Supply Store. It has its advantages: from anywhere at any time, the owner of Chinguun-Tulga can access the back-end website and be able to modify store-front by adding/removing new products. The connectivity to the Internet will remain the responsibility of the owner of Chinguun-Tulga, and the average cost of the Internet service in Ulaanbaatar is $30 (ranges from $15 to $50) per month. The main hardware component of the system will be a desktop computer (or a laptop), at a cost of $400 ($800 for laptop), and it is heavily used to maintain the website. A printing device may be needed, as reports will be generated in a weekly, monthly, and quarterly basis. Chinguun-Tulga will also need a digital photo camera to post the pictures of the products on the website, and there may also be a need for photo editing software such as Photoshop CS3, or simply PhotoFiltre Studio. Domain name will be needed to access the website. Most Mongolian websites use .MN top level domain extensions; however, the fee for this type of extension is almost ten times higher than .COM, .NET extensions. If the website is hosted through some U.S. based website hosting providers, there is a good chance that domain name might be included for free. Also, the web site will load quickly. The choice of .MN, .COM, .NET domain name extensions will be further analyzed in the cost-benefit analysis in the chosen scenario. The server to host the website will be running in Linux. It will provide the Apache, PHP, and MySQL mainframe to support the store-front and the back-end of the website. Security concerns will also be addressed. Credit card transaction flows will be occurring behind a secure HTTPS connection, and the information exchanged on the server will be hashed using SSL certificate. Secure authentication will also prevent unauthorized access into the server using administrative account(s). The administrator‟s directory on the web, will be accessible using a username and password. The system will take about three months to implement, and once the website is running some training will be needed for administrator of the system.
  • Page | 103 IV. Alternatives There may be many options that are available to create an online shopping website. Basic methods for creating e-commerce site include Ready-To-Use package, E-Commerce Software, and an Open-Source Solution. Some companies offer the Ready-To-Use package which suggests the simplest way to run business online through their own web template and payment processing system. With this method, setting up the site can be extremely simple and easy; however the fees associated are high. Another way to run an online business is to buy shopping cart software. This method is less costly than Ready-To-Use method, but setting up the store-front can be more complicated. The last method is to use open-source codes to create an online store. Compared to the other two methods, open-source solution involves minimal cost; however, setting up the store-front is not simple and it might take some time. For each alternative, I found a solution package and compared all of them in terms of cost to implement: Scenario 1: Ready-To-Use Package: 1&1 eShops Scenario 2: Ready-To-Use Package: Network Solutions Scenario 3: E-commerce software: VP-ASP Scenario 4: Open-Source e-commerce solution: OS Commerce Scenario 1: Ready-To-Use Package: 1&1 eShops offers a complete eShop solution tailored to meet online business model. They offer three types of packages: Business eShop (for products up to 50) for $9.99/month, Professional eShop (for products up to 200) for $29.99/month, and Developer eShop (for unlimited products) for $49.95/month. Since Chinguun-Tulga has less than 200 types of products, the second package can be used, which is the Professional eShop solution. After the website is set up and the staff is trained, Chinguun-Tulga should be able to handle routine maintenance task without my assistance. The following is the cost analysis of this scenario. Cost Desktop Computer (exists already) $0.00 Digital Camera (exists already) $0.00 Printer (exists already) $0.00 Internet Access (12 months at $30) $360.00 Package Price (12 months at $29.99) $359.88 Hosting Fee & Domain (12 months at $3.99) $47.88 Setup Fee 0.00 Total Initial Cost $767.76 For this scenario, the annual maintenance cost will come to $768, including the Internet access ($360/yr), package fees ($36o/yr), and the hosting fees ($48/yr).
  • Page | 104 Scenario 2: Ready-To-Use Package: Network Solutions is another complete e-commerce website solution provider. They offer two types of packages: Standard e-commerce for $49.95/month, and Pro e-commerce for $99.95/month. They also charge one time setup fee for both packages: $49 for the first choice and $99 for the other. According to the 2007 Shopping Cart Software Report, Network Solutions ranked in the top three, and they allow up to 100,000 different products to be sold online. There are benefits such as free domain name, 24/7 real person customer service, and secure 128-bit HTTPS/SSL encryption from this vendor. If this alternative is used for this project, the following would be the cost analysis of this scenario. Cost Desktop Computer (exists already) $0.00 Digital Camera (exists already) $0.00 Printer (exists already) $0.00 Internet Access (12 months at $30) $360.00 Package Price ($99.95/month) $1,199.40 One Time Setup Fee $99.00 Total Initial Cost $1,658.40 For this scenario, the annual maintenance cost will come to about $1,560, including the Internet access ($360/yr) and the package fees ($1200/yr). Scenario 3: E-commerce software: VP-ASP Shopping Cart provides quite a feasible e-commerce software package. They offer three types of software packages: Value (for $2450, Plus (for $375), and Deluxe (for $495). They also offer hosting services for $20 - $50 per month. The benefits for this package include 5 free domain names (choice of: .com, .net, .org, .biz, .info), gift certificate and order tracking feature, and a dedicated SSL security. If this alternative is used for this project, the following would be the cost and benefit analysis of this scenario. Cost Desktop Computer (exists already) $0.00 Digital Camera (exists already) $0.00 Printer (exists already) $0.00 Internet Access (12 months at $30) $360.00 VP ASP Plus Package $375.00 Gold Hosting Plan (annual) $385.00 Total Initial Cost $1,120.00 For this scenario, the annual maintenance cost will come to $745, including the Internet access ($360/yr) and the gold hosting plans ($385/yr).
  • Page | 105 Scenario 4: Open-source solution: OS Commerce offers an open source solution for online shops. As of September 2007, there are 12,666 online shops that utilize OSCommerce‟s open-source solution. This scenario does not require high expenses but setting up the store-front may be not as simple as what the other alternatives have to offer. The following is the cost analysis of this scenario. Cost Desktop Computer (exists already) $0.00 Digital Camera (exists already) $0.00 Printer (exists already) $0.00 Internet Access (12 months at $30) $360.00 OS Commerce Package Price $0.00 Hosting Fee (through at $4/month) $48.00 SSL certificate (from $49.00 Payment Gateway Setup ( $49.00 Total Initial Cost $506.00 It is clear to see that Scenario 4, OS Commerce Open-Source Solution, offers the least expensive method to implement this project. The only initial costs associated with this scenario are the Internet access, web hosting, SSL certificate, and a one-time payment gateway setup fees. After that, the average annual maintenance cost will come to $428.00. It should also be noted that I, Bilguun Ginjbaatar, am willing to work on this project for Chinguun-Tulga free of charge to set up the store front. Since we know what the cost is going to be, let‟s discuss the possible benefits of this scenario. They are: Benefits Intangible Benefits: - New and much more improved business environment - Easy administration & e-commerce solution - New customers Tangible Benefits: - Included Free Domain Name (choice of .com, .net, .info) from - 300GB monthly transfer volume, 10GB web space from - Secure back-end website that allows add/remove products online - Professional front-end website - Automated computer sale system - Increase in sales by 5-10% ($1,000) - No need for hiring additional staff ($800) - Possible Marketing Plan: partnering with other Mongolian websites and banner exchange to attract more customers
  • Page | 106 Online sales are estimated to bring additional 5-10% sales to Chinguun-Tulga‟s physical store sales. The store‟s annual sales range from $20,000 to $30,000. In addition, we have been experiencing fast growing internet users in Mongolia in the last five years. According to the data provided by the Mongolian National Statistics Office, over ten percent of the Mongolians are using the Internet in their daily lives at present. Thus, we expect that through their online shopping website, Chinguun-Tulga will earn at least $1,000 (5 percent of $20,000) a year, or perhaps even more as Mongolian Internet users increase. There are other benefits. For example, if the physical store operated for 24/7 to provide the same service as the online shopping site, there would be a need for additional staff that would cover the night shifts. Chinguun-Tulga would have to pay an annual salary of $800 (12 months at ₮80,000 Mongolian Tugriks per month). Thus, by not hiring additional staff for 24/7 store operation, Chinguun-Tulga is saving $800 each year. With all of the benefits above being taken into consideration, we derive the following cost- benefit analysis. Scenario 4: " Open-source Solution: OS Commerce " Year Costs Cumulative Costs Benefits Cumulative Benefits 0 $ 506 $ 506 $ 1,800 $1,800 1 $ 457 $ 963 $ 1,800 $3,600 2 $ 457 $ 1,420 $ 1,800 $5,400 3 $ 457 $ 1,877 $ 1,800 $7,200 4 $ 457 $ 2,334 $ 1,800 $9,000 (NOTE: Each year, Chinguun-Tulga will spend $360 on the Internet Access, $48 on web hosting fees, and $49 on a 256-bit encryption SSL certificate that is provided by The benefits are derived by adding up the estimated increase in sales and savings from not hiring extra staff. Each year, the increasing number of online customers will increase the sales and bring incremental revenues to Chinguun-Tulga.) Payment Gateway Options for Scenario 4 For OSCommerce package there are many possible payment options. Encrypted customer order information will be transmitted to the payment processing third party website. The following are the payment options:  Non-Online Payments Cash on Delivery - payment received upon delivery. Check/ Money Order – payments sent to Chinguun-Tulga in a check format.  Online third parties:
  • Page | 107 With Internet merchant account from Merchant Accounts Express: no set-up/license fee, no transaction fee, monthly gateway fee $19.95 (through; ChronoPay: Requires getting a quote depending on the business volume. PayPal: No set-up fee; discount rate 2.9% + $.30 per transaction; chargeback protection, no long term contract required; PayQuake: set-up fee $295, no annual fee, transaction fee $.50, monthly service fee $29; One time set-up fee $49, no monthly fee, discount rate 5.5% plus $.45 per transaction; WorldPay: Set-up Fee £200, monthly fee £30, per-transaction charge: discount rate 3.75% - 4.5%, reverse transaction fee: £10. Cash on delivery, check/money order, and online payments from PayPal and are the suggested methods for Chinguun-Tulga to receive payments. The most advantageous online gateway could be Paypal since they do not require a long term contract and charge a low rate and low transaction fees. For example, you‟ll pay $3.20 on a $100 transaction. The second best online option could be because they require only one time fee of $49, and after that Chinguun-Tulga will be charged 5.5% plus $.45 per transaction. For instance, you‟ll pay $5.95 on a $100 transaction. Feasibility Scenario 3 (VP-ASP) and scenario 4 (OS Commerce) are operationally and economically feasible. On the other hand, scenario 1 (1&1 eShops) and scenario 2 (Network Solutions) are not feasible due to their high initial cost. Both scenario 1 and scenario 2 focus on readily available service that requires little training/knowledge of online shop developeing experience, and majority of the total cost consists of service and hosting plan fees. In scenario 3, licensed shopping cart software is used. Although the cost maybe relatively lower than ready-to-use package, there is a less expensive alternative, which is open-source solution. Scenario 4 focuses on open-source solution; however, with this method Chinguun-Tulga will face a lot of manual work. The main advantage of open-source solution would be the minimal initial and maintenance cost of e-commerce website. Once the website is operational and running the benefits will be seen very quickly. V. Recommendation From the findings, it can be concluded that even though two scenarios (3 and 4) are practicable, Scenario 4 (Open Source Solution: OS Commerce) has identified a more efficient and effective feasibility. The starting cost is the lowest and the benefits will be seen as soon as the website is operational. For this project, I highly recommend using scenario 4, OSCommerce Open-Source solution.
  • Page | 108 VI. Project Schedule
  • Page | 109 Appendix A Website Architecture
  • Page | 110 Front-End Site Architecture Catalog My Account Create Account (If new) Login (If existing) Account History Edit My Account Edit Account Info Edit My Address Change My Password My Orders Email Notifications Subscribe /Unsubscribe from Newsletters Edit Product Notifications Cart Checkout Delivery Information Payment Information Confirmation Finish Categories Binders Staplers Hole Punchers Tapes Paper Clips & Pins Note Pads Document Organizers Calculators Document Shredders Desk Accessories Markers Magnifying Glasses Erasers and Lead Refills Pens and Pencils Manufacturers What’s New? Product Info Reviews Add to Cart Quick Find Information Shipping and Returns Privacy Notice Condition of Use Contact Us Languages Specials Best Sellers Order History (If logged in)
  • Page | 111 Screen Shot: Front-End
  • Page | 112 Back-End Site Architecture Administration (must login) Configuration Administrators My Store Minimum Values Maximum Values Images Customer Details Shipping/ Packaging Product Listing Stock Logging Cache E-mail Options Sessions Catalog Categories/ Products Products Attributes Manufacturers Reviews Specials Products Expected Modules Payment Shipping Order Total Customers Customers Orders Create Invoice or Packing Slip Locations/ Taxes Countries Zones Tax Zones Tax Classes Tax Rates Localization Currencies Languages Orders Status Reports Products Viewed Products Purchased Customers Orders total Tools Database Backup Banner Manager Cache Control Define Languages File Manager Send E-mail Newsletter Manager Server Info Who’s Online Administration Online Catalog
  • Page | 113 Screen Shot: Back-End Before Login After Login
  • Page | 114 Appendix B ERD and Database Tables
  • Page | 115 Entity Relationship Diagram
  • Page | 116 Tables Table: ADDRESS_BOOK Relationships: ADDRESS_BOOK CUSTOMERS: CUSTOMERS_ID = CUSTOMERS_ID ADDRESS_BOOK COUNTRIES: entry_country_id = countries_id ADDRESS_BOOK ZONES: entry_zone_id = zone_id Table: ADDRESS_FORMAT Relationships: ADDRESS_FORMAT ORDERS: address_format_id = customers_address_format_id address_format_id = delivery_address_format_id Table: ADMINISTRATORS
  • Page | 117 Table: CATEGORIES Relationships: CATEGORIES CATEGORIES: categories_id = parent_id CATEGORIES PRODUCTS_TO_CATEGORIES: categories_id = categories_id CATEGORIES CATEGORIES_DESCRIPTION: categories_id = categories_id Table: CATEGORIES_DESCRIPTION Relationships: CATEGORIES CATEGORIES_DESCRIPTION: categories_id = categories_id CATEGORIES LANGUAGES: languages_id = languages_id Table: CONFIGURATION
  • Page | 118 Relationships: CONFIGURATION CONFIGURATION_GROUP: configuration_group_id = configuration_group_id Table: CONFIGURATION_GROUP Relationships: CONFIGURATION_GROUP CONFIGURATION: configuration_group_id = configuration_group_id Table: COUNTER Table: COUNTER_HISTORY Table: COUNTRIES Relationships: COUNTRIES ADDRESS_BOOK: countries_id = entry_country_id COUNTRIES ZONES: countries_id = entry_country_id
  • Page | 119 Table: CURRENCIES Table: CUSTOMERS Relationships: CUSTOMERS REVIEWS: customers_id = customers_id CUSTOMERS WHOS_ONLINE: customers_id = customer_id ADDRESS_BOOK CUSTOMER: customers_id = customers_id CUSTOMERS ORDERS: customers_id = customers_id CUSTOMERS CUSTOMERS_INFO: customers_id = customers_id CUSTOMERS CUSTOMERS_BASKET: customers_id = customers_id CUSTOMERS CUSTOMERS_BASKET_ATTRIBUTES: customers_id = customers_id
  • Page | 120 Table: CUSTOMERS_BASKET Relationships: CUSTOMERS CUSTOMERS_BASKET: customers_id = customers_id CUSTOMERS_BASKET PRODUCTS: products_id = products_id Table: CUSTOMERS_BASKET_ATTRIBUTES Relationships: CUSTOMERS CUSTOMERS_BASKET_ATTRIBUTES: customers_id = customers_id CUSTOMERS_BASKET_ATTRIBUTES PRODUCTS: products_id = products_id CUSTOMERS_BASKET_ATTRIBUTES PRODUCTS OPTIONS: products_id = products_id CUSTOMERS_BASKET_ATTRIBUTES PRODUCTS OPTIONS_VALUES: products_options_value_id = products_options_value_id Table: CUSTOMERS_INFO
  • Page | 121 Relationships: CUSTOMERS CUSTOMERS_INFO: customers_id = customers_id Table: LANGUAGES Relationships: LANGUAGES MANUFACTURERS_INFO: languages_id = languages_id LANGUAGES REVIEWS_DESCRIPTION: languages_id = languages_id LANGUAGES CATEGORIES_DESCRIPTION: languages_id = languages_id LANGUAGES PRODUCTS_DESCRIPTION: languages_id = languages_id LANGUAGES PRODUCTS_OPTIONS: languages_id = languages_id LANGUAGES PRODUCTS_OPTIONS_VALUES: languages_id = languages_id Table: MANUFACTURERS Relationships: MANUFACTURERS MANUFACTURERS_INFO: manufacturers_id = manufacturers_id PRODUCTS MANUFACTURERS_INFO: products_id = products_id Table: MANUFACTURERS_INFO
  • Page | 122 Relationships: MANUFACTURERS MANUFACTURERS_INFO: manufacturers_id = manufacturers_id MANUFACTURERS_INFO LANGUAGES: languages_id = languages_id Table: NEWSLETTERS Table: ORDERS
  • Page | 123 Relationships CUSTOMERS ORDERS: customers_id = customers_id ORDERS ADDRESS_FORMAT: delivery_address_format_id = address_format_id customers_address_format_id = address_format_id ORDERS ORDERS_PRODUCTS: orders_id = orders_id ORDERS ORDERS_PRODUCTS_ATTRIBUTES: orders_id = orders_id ORDERS_TOTAL ORDERS: orders_id = orders_id Table: ORDERS_PRODUCTS
  • Page | 124 Relationships ORDERS ORDERS_PRODUCTS: orders_id = orders_id PRODUCTS ORDERS_PRODUCTS: products_id = products_id Table: ORDERS_PRODUCTS_ATTRIBUTES Relationships ORDERS ORDERS_PRODUCTS_ATTRIBUTES: orders_id = orders_id Table: ORDERS_STATUS Relationships ORDERS_STATUS ORDERS_STATUS_HISTORY: orders_status_id = orders_status_id
  • Page | 125 Table: ORDERS_STATUS_HISTORY Relationships ORDERS_STATUS ORDERS_STATUS_HISTORY: orders_status_id = orders_status_id Table: ORDERS_TOTAL Relationships ORDERS_TOTAL ORDERS: orders_id = orders_id Table: PRODUCTS
  • Page | 126 Relationships PRODUCTS PRODUCTS_DESCRIPTION: products_id = products_id PRODUCTS PRODUCTS_TO_CATEGORIES: products_id = products_id PRODUCTS REVIEWS: products_id = products_id PRODUCTS SPECIALS: products_id = products_id PRODUCTS TAX_CLASS: tax_class_id = products_tax_class_id PRODUCTS MANUFACTURERS: manufacturers_id = manufacturers_id PRODUCTS CUSTOMERS_BASKET: products_id = products_id PRODUCTS CUSTOMERS_BASKET_ATTRIBUTES: products_id = products_id PRODUCTS ORDERS_PRODUCTS: products_id = products_id PRODUCTS PRODUCTS_ATTRIBUTES: products_id = products_id Table: PRODUCTS_ATTRIBUTES Relationships PRODUCTS PRODUCTS_ATTRIBUTES: products_id = products_id PRODUCTS_ATTRIBUTES PRODUCTS_OPTIONS: options_id = products_options_id PRODUCTS_ATTRIBUTES PRODUCTS_OPTIONS_VALUES: options_values_id = products_options_values_id Table: PRODUCTS_DESCRIPTION
  • Page | 127 Relationships PRODUCTS PRODUCTS_DESCRIPTION: products_id = products_id LANGUAGES PRODUCTS_DESCRIPTION: language_id = language_id Table: PRODUCTS_NOTIFICATION Relationships PRODUCTS PRODUCTS_NOTIFICATION: products_id = products_id PRODUCTS_NOTIFICATION CUSTOMER: customers_id = customers_id Table: PRODUCTS_OPTIONS Relationships PRODUCTS_OPTIONS PRODUCTS_ATTRIBUTES: products_id = products_id PRODUCTS_OPTIONS CUSTOMERS_BASKET_ATTRIBUTES: products_id = products_id PRODUCTS_OPTIONS LANGUAGES: languages_id = languages_id Table: PRODUCTS_OPTIONS_VALUES
  • Page | 128 Relationships PRODUCTS_OPTIONS_VALUES PRODUCTS_ATTRIBUTES: products_options_value_id = options_values_id PRODUCTS_OPTIONS_VALUES CUSTOMERS_BASKET_ATTRIBUTES: products_options_value_id = products_ options_values_id PRODUCTS_OPTIONS_VALUES LANGUAGES: language_id = language_id Table: PRODUCTS_TO_CATEGORIES Relationships PRODUCTS_TO_CATEGORIES PRODUCTS: products_id = products_id PRODUCTS_TO_CATEGORIES CATEGORIES: categories_id = categories_id Table: REVIEWS Relationships REVIEWS PRODUCTS: products_id = products_id CUSTOMERS REVIEWS: customers_id = customers_id REVIEWS REVIEWS_DESCRIPTION: reviews_id = reviews_id Table: REVIEWS_DESCRIPTION
  • Page | 129 Relationships REVIEWS REVIEWS_DESCRIPTION: reviews_id = reviews_id REVIEWS_DESCRIPTION LANGUAGES: languages_id = languages_id Table: SESSIONS Table: SPECIALS Relationships SPECIALS PRODUCTS: products_id = products_id Table: TAX_CLASS Relationships TAX_RATES TAX CLASS: tax_class_id = tax_class_id TAX_CLASS PRODUCTS: tax_class_id = products_tax_class_id Table: TAX_RATES
  • Page | 130 Relationships TAX_RATES ZONES: tax_zone_id = zone_id TAX_RATES TAX CLASS: tax_class_id = tax_class_id Table: WHOS_ONLINE Relationships WHOS_ONLINE CUSTOMERS: customers_id = customers_id Table: ZONES Relationships ZONES COUNTRIES: zone_country_id = countries_id ZONES ADDRESS_BOOK: zone_id = entry_zone_id TAX_RATES ZONES: tax_zone_id = zone_id
  • Page | 131