We’ve made it as simple as possible to create advanced dynamic shopping cart sites with ease but there is still a bit of work required on your part. CartThrob comes with default templates to get you up and running fast, but we recommend you review the docs presented on this site and review all of the configuration settings in detail before you build your first site. You can potentially create a shop without ever reading the manual, but it will be much more helpful in the long run to review the materials we have made available.
Many merchant accounts require that you make purchases using a secure connection. This requires the yearly purchase of an SSL certificate, and installation of that certificate on your website. If you require additional information about SSL Certificates, please Contact Us! All fully integrated payment gateways (including PayPal Payments Pro) are generally required to have an SSL certificate, and a secure https connection to complete transactions. Payment gateways that take payments off-site, including PayPal Standard, and 3-D secure systems may not require an SSL certificate, but it is good practice, when transmitting data to use https connections.
Installation of CartThrob requires ExpressionEngine. CartThrob is an addon that runs as part of ExpressionEngine 1.6.6, 1.6.7, and 1.6.8 (a 2.xx compatible version is coming soon.) To ascertain if your server can run ExpressionEngine, please see the documentation here.
Some off-site payment gateways, including Paypal Standard, 2Checkout.co, or others requiring 3-d secure payments & other offsite payment methods suggest that the PHP setting “session.referer_check” is disabled. You can check phpinfo(), or, using ExpressionEngine you can go to admin > utilities > PHP Info and check to make sure it is currently turned off (or set to no value.)
You can turn this off using php.ini (if you have access to it… on most shared hosts you won’t)
php_value session.referer_check none
or disable it by adding the PHP command ini_set to the top of your EE’s index.php file.
If setting referer_check to none causes any issues with other systems then try to leave referer_check enabled. If referer_check is enabled, it’s entirely possible to lose track of the contents of your session after being redirected back from another site, but it’s not necessarily ensured that this will happen.
cURL must be installed for several of the most common payment gateways to work (including Authorize.net.) If you do not have cURL installed on your server, ask your host for more information about cURL, install it yourself, or ask your IT department (cURL is free) or get a new webhost. We recommend the Rackspace Cloud, Dreamhost, and Engine Hosting. If you really have no option to use cURL, please contact us and we’ll see what we can do for you.
Go install Brandon Kelly’s excellent FieldFrame extension right now. Do it. Go.