3-x-cart setting up your storef

7/26/2019 3-X-Cart Setting Up Your Storef

1/43

Table of Contents1 X-Cart:GeneralSettings....................................................................................................................................................................................................1

2 X-Cart:Store Security........................................................................................................................................................................................................22.1 Introduction......................................................................................................................................................................................................22.2 Theimportance of X-Cart security...................................................................................................................................................................22.3 Hosting X-Cart in a secure environment..........................................................................................................................................................22.4 How to secure your X-Cart..............................................................................................................................................................................32.5 How do I set up secure login, registration and checkout in my X-Cart store?.................................................................................................4

2.6 How do I set up password protection for my X-Cart admin and provider areas?............................................................................................62.7 Seven security features that you might not know yet......................................................................................................................................62.8 Maintaining X-Cart security.............................................................................................................................................................................82.9 See also...........................................................................................................................................................................................................8

3 X-Cart:Geographical Settings...........................................................................................................................................................................................93.1 Geographical settings in X-Cart.......................................................................................................................................................................93.2 Roles in geographical settings management...................................................................................................................................................9

4 X-Cart:Shipping Settings................................................................................................................................................................................................104.1 Overview........................................................................................................................................................................................................104.2 Roles in shipping settings management........................................................................................................................................................104.3 Shipping Methods..........................................................................................................................................................................................104.4 Real-time Shipping Calculators.....................................................................................................................................................................144.5 Shipping Charges..........................................................................................................................................................................................15

4.6 Shipping Markups..........................................................................................................................................................................................164.7 Setting up Shipping (manually defined rates)................................................................................................................................................174.8 Troubleshooting.............................................................................................................................................................................................194.9 FAQ...............................................................................................................................................................................................................19

5 X-Cart:Real-time Shipping Calculators..........................................................................................................................................................................225.1 Video tutorial..................................................................................................................................................................................................22

6 X-Cart:Tax Settings.........................................................................................................................................................................................................236.1 Taxsettings in X-Cart....................................................................................................................................................................................236.2 Roles in tax settings management................................................................................................................................................................236.3 Video tutorial..................................................................................................................................................................................................236.4 Taxes....................... ......................................................................................................................................................................................236.5 TaxRates......................................................................................................................................................................................................256.6 TaxFormula Editor........................................................................................................................................................................................296.7 TaxOptions...................................................................................................................................................................................................296.8 Applying Taxes to Products...........................................................................................................................................................................316.9 Examples of Configuring Taxes.....................................................................................................................................................................326.10 FAQ.............................................................................................................................................................................................................336.11 Troubleshooting...........................................................................................................................................................................................34

7 X-Cart:Payment Settings.................................................................................................................................................................................................35

8 X-Cart:Modules and Add-ons.........................................................................................................................................................................................368.1 Modules.........................................................................................................................................................................................................368.2 Add-ons.........................................................................................................................................................................................................36

9 X-Cart:PCI-DSS................................................................................................................................................................................................................389.1 Contents.........................................................................................................................................................................................................389.2 About PCI DSS..............................................................................................................................................................................................389.3 Configuring X-Cart to meet PCI DSS (cardholder data is not stored)............................................................................................................38

9.4 Configuring X-Cart to meet PCI DSS with X-Payments application..............................................................................................................409.5 Passing networksecurity scans....................................................................................................................................................................409.6 Submitting a self-assessment questionnaire.................................................................................................................................................409.7 FAQs.............................................................................................................................................................................................................409.8 Seealso....... ....... ....... ....................................................................................................................................................................................41

10 blog to your store..........................................................................................................................................................................................................4210.1 Why need blog.............................................................................................................................................................................................4210.2 Major blog engines on the market...............................................................................................................................................................4210.3 Setting up blog with your store....................................................................................................................................................................42

i


2/43

1 X-Cart:General Settings

You can adjust the overall configuration of your store using the 'General settings' section of X-Cart Admin area. In X-Cart versions 4.3.0 and later, the'General settings' section can be found at Settings menu -> General settings; in earlier X-Cart versions, this page can be found at Administration menu-> General settings. The 'General settings' section allows you to access and control both the settings affecting X-Cart's core functionality and thesettings of X-Cart's modules.

The following pages within the 'General settings' section pertain to X-Cart's core functionality:

3D-Secure Transaction options: This page allows you to enable Cardinal Centinel payment authentication platform support in your store.Appearance Options: This page allows you to adjust preferences that affect the overall appearance of your store.Company options: This page allows you to provide your company details and contact information (name, address, phone/fax numbers, emailaddresses, etc). Your company name, address and phone/fax numbers will be displayed on the storefront and included into customer emailnotifications. Email addresses of specific departments of your store will be used by X-Cart to send administrator and provider notifications.Company address will be used in real-time shipping rate calculations.

Contactus form options: This page allows you to configure the 'Contact us' form. You can define, which of the 'Contact us' form fields shouldbe active (visible to customers), and completion of which fields should be required (mandatory). If necessary, you can also add your own(custom) fields to the 'Contact us' form.

Email options: This page allows you to define options that affect sending of email notifications and newsletters.Email notifications options: This page allows you to define, which of the available email notifications should be sent to the customers,administrator(s), provider(s), users department and orders department of your store.

General options: This page allows you to adjust the general configuration of your store.Loggingoptionsallows you to define what kind of logs you wish to be kept in your store.Productsearch options:This page allows you to define, which fields should be included into the Product search form in the Customer area,and set default values for these fields.

SEO options: This page allows you to adjust options that can improve your site's ranking with search engines.Security options: This page allows you to adjust options that affect your store security (options that affect encryption methods used in yourstore, HTTPS options, etc).

Shipping options: This page allows you to adjust options that affect the calculation of shipping rates in your store.

User Profiles options: This page allows you to configure your store's user profile forms. You can define which of the user profile fields shouldbe active (included into the user profile forms), and completion of which fields should be required (mandatory). If necessary, you can also addyour own (custom) fields for use in user profiles.

Information on the settings pages pertaining to X-Cart modules is available in the Modulessection of this manual.

1
http://help.x-cart.com/index.php?title=File:General_settings.pnghttp://help.x-cart.com/index.php?title=File:General_settings.pnghttp://help.x-cart.com/index.php?title=X-Cart:Appearance_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Contact_Us_Form_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Email_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Email_Notifications_Optionshttp://help.x-cart.com/index.php?title=X-Cart:General_Optionshttp://help.x-cart.com/index.php?title=X-Cart:General_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Logging_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Product_Search_Optionshttp://help.x-cart.com/index.php?title=X-Cart:SEO_Optionshttp://help.x-cart.com/index.php?title=X-Cart:SEO_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Security_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Security_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Shipping_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Shipping_Optionshttp://help.x-cart.com/index.php?title=X-Cart:User_Profiles_Optionshttp://help.x-cart.com/index.php?title=X-Cart:User_manual_contents#Moduleshttp://help.x-cart.com/index.php?title=X-Cart:User_manual_contents#Moduleshttp://help.x-cart.com/index.php?title=X-Cart:User_Profiles_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Shipping_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Security_Optionshttp://help.x-cart.com/index.php?title=X-Cart:SEO_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Product_Search_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Logging_Optionshttp://help.x-cart.com/index.php?title=X-Cart:General_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Email_Notifications_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Email_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Contact_Us_Form_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Company_Optionshttp://help.x-cart.com/index.php?title=X-Cart:Appearance_Optionshttp://help.x-cart.com/index.php?title=X-Cart:3D-Secure_Transaction_optionshttp://help.x-cart.com/index.php?title=File:General_settings.png


3/43

2 X-Cart:Store Security

2.1 Introduction

X-Cart makes it easy for nearly anyone with the desire to establish an e-commerce store to do so, however not everyone has the backgroundknowledge to know to address security issues. Many store owners begin designing, adding products, and focusing on sales and SEO without ensuringthat their x-cart e-commerce store is developed in a secure environment with a focus on security. Once established often x-cart store owners are notaware of what is required to maintain their x-cart in a manner that keeps it secure over time.

The purpose of this tutorial is to assist you in understanding:

The importance of X-Cart securityHosting X-Cart in a secure environmentHow to secure your X-CartMaintenance of X-Cart security

2.2 The importance of X-Cart security

Website security should always be a priority, but is absolutely crucial when dealing with e-commerce stores that transact and store sensitive customerdata such as email addresses, phone numbers, addresses, and credit card information. Reading through the x-cart forums you will find many x-cartstore owners who have had the misfortune of having their x-cart hacked/exploited. Having worked with x-cart since 2002, I?ve had many of those storeowners come to me asking what can be done to fix their store, and I have repeatedly heard the common response that nobody had ever talked to themabout security and they were unaware of anything that needed to be done. Believe me when I say that if you are not aware of what is required to secureand maintain your x-cart, it is by sheer luck that your x-cart has not been hacked or exploited and it is only a matter of time before you become a victim.

That said, by reading this tutorial you are well on your way to understanding and performing x-cart security to keep you and your customers safe.

2.3 Hosting X-Cart in a secure environment

The environment on which your x-cart is hosted is the base for all security, and if your host and/or server is not secure, all the security settings on yourx-cart are not going to keep you from being exploited. There are generally two types of hosting: a shared server where you purchase a plan with a hostand they provide you space for your site to reside on a server with many other clients, or a dedicated server, which is a computer where you can hostyour site(s) exclusively (a VPS is essentially a combination allowing dedicated server privileges in an environment shared with less users than withshared hosting).

2.3.1 Secured Shared Hosting

The main benefits of shared hosting is the reduced cost available by sharing the server with other users, and having the server company manage the

server security. These same benefits can also pose a security threat however, as the sites of other clients can jeopardize your security if their sites arebreached, and if you rely on a server company to secure a server and they fail to do so correctly, you can find yourself in serious trouble. To combatthese potential problems, it is imperative that you host with a trusted hosting provider who makes server security a priority. View our recommendedX-Cart Hosting providers.

2.3.2 Dedicated unmanaged server

I unfortunately often see x-cart store owners establish or move to an unmanaged dedicated server without knowing the onus of security that falls onthem in doing so. When working with an unmanaged server, you are responsible for ALL server security. This includes the configuration of all yourserver settings, as well as keeping your kernel, os, php/mysql, control panel, etc. up-to-date as new branches and patches are released. This is adaunting task for anyone not very experienced with server security, and is not recommended for the average user.

2.3.3 Dedicated managed server

Surprisingly, having a managed server does not necessarily mean your server is secure. When purchasing a managed plan, it is important to know whatthe server provider will and won?t do as part of your managed plan; it is not uncommon for someone to established a managed server and setup theirsite(s) thinking the host will take care of security, only to find their server exploited to which the server company responds saying they only performsecurity tasks upon request. If you rely on your host for a fully managed security package it is important that you work with a trusted hosting providerwho takes security seriously, and ensure that all aspects of security are accounted for.

2.3.4 Server Management Companies

Personally, I recommend an unmanaged dedicated server package and then using the services of a server management company such as EZSM orServerWizards. These companies will configure your initial security settings, put processes in place to manage your security, and keep your serverup-to-date as upgrades and patches are made available.

2


4/43

2.4 How to secure your X-Cart

After securing the hosting environment, it is necessary to address security with x-cart itself. Taking the following steps will make great strides in securingyour x-cart:

1. Ensure you have a secure https connection for your store using a valid SSL certificate.

For more details please refer to How do I set up secure login, registration and checkout in my X-Cart store? .

2. Do not use the "master" x-cart admin account. To change this, login using your "master" x-cart admin account, create a new administrator with ausername that is less generic. Log in as that new user and delete the "master" user account.

3. Immediately password protect your admin and provider directories. You can usually password protect these directories using a control panel such ascPanel, or you can use .htaccess and .htpasswd files (Please find an example here, or run a quick google search if you are unsure how).

4. Be aware of your site?s file permissions, as having loose file permissions in conjunction with an exploit, can allow someone to write and execute fileson your website ? this is a very common exploit against x-cart so take this seriously. In general your file chmod permissions should appear as follows:

File Type Permission

*.php 644

*.tpl 644

*.pl 755

*.sh 755

/catalog/ 777

/files/ 777

/images/ 777

/var/ 777

/var/* folders 777

/var/* files 666

For more details please refer to:

Setting up file permissions in X-Cart

5. Turn off the option of sending credit card information in e-mails in the General Settings -> E-Mail Options section of your x-cart admin section.

6. Unless you are using the subscriptions module, do not store credit card information in your database. To disable, or to ensure that this setting isdisabled, open your config.php file and ensure the $store_cc variable is set to false:

$store_cc = false;

7. It is always a good idea to log into your x-cart admin section using https so that the data you transact during the x-cart session is encrypted. Thefollowing code will force your x-cart admins/providers to login using htt?s:// by redirecting them when htt?:// is used.

Add this code to the .htaccess of your admin section (adjust your url):

# Force https on the admin section

RewriteEngine On

RewriteCond %{SERVER_PORT} !443

RewriteRule ^(.*)$ https://www.your-domain.com/xcart-dir/admin/$1 [R=301,L]

Add this code to the .htaccess of your provider section (adjust your url):

# Force https on the provider section

RewriteEngine On

RewriteCond %{SERVER_PORT} !443

RewriteRule ^(.*)$ https://www.your-domain.com/xcart-dir/provider/$1 [R=301,L]

8. The following .htaccess code, which can be placed in an .htaccess file in your store?s root directory (same directory as / and cart.php), will preventaccess to sensitive areas of the x-cart file structure. If you are on a server that does not support .htaccess files, you will want to find alternate ways toblock access to these files.

Options +SymlinksIfOwnerMatch -Indexes

RewriteEngine on

3
http://help.x-cart.com/index.php?title=X-Cart:Store_Security#How_di_I_set_up_password_protection_for_my_X-Cart_admin_and_provider_areas.3Fhttp://help.x-cart.com/index.php?title=X-Cart:Setting_up_file_permissionshttp://help.x-cart.com/index.php?title=X-Cart:Store_Security#How_di_I_set_up_password_protection_for_my_X-Cart_admin_and_provider_areas.3Fhttp://help.x-cart.com/index.php?title=X-Cart:Store_Security#How_do_I_set_up_secure_login.2C_registration_and_checkout_in_my_X-Cart_store.3F


5/43

# Block access to sensitive directories

RedirectMatch permanent ^.*/.pgp/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/patch..*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/sql/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/schemes/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/skin1_original/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/Smarty.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/upgrade/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/var/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

# Block access to sensitive file types

RedirectMatch permanent ^.*.(ini|tpl|sql|log|conf|bak)$ http://www.yourdomain.com/x-cart-path/error_message.php

# Block access to sensitive files

RedirectMatch permanent ^.*/COPYRIGHT http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/INSTALL.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/NEW.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/README http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/UPGRADE.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/VERSION http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/include/version.php http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/config.php http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/top.inc.php http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/install.php$ http://www.yourdomain.com/x-cart-path/error_message.php

X-Cart4.4or aboveNote: If you use X-Cart 4.4 replace this line:


with these lines:


Otherwise speed-up tool for Javascript and CSS will not work!Note: Change http://www.yourdomain.com/x-cart-path/ to the url to your error_message.php file.

2.5 How do I set up secure login, registration and checkout in my X-Cart store?

Firstly, you should obtain an SSL certificate and have it properly installed and configured on your web server.

The majority of hosting companies help their customers to purchase SSL certificates or provide their own Shared SSL URLs. If your hosting companydoesn't render such services, you will need to purchase a certificate on your own.

We will be glad to assist you with this issue. You can purchase SSL certificates from our company. We sell SSL certificates provided by the world'sleading Certification Authority, Comodo Group. For details, conditions and prices, please see http://www.x-cart.com/ssl/.

If you are on a dedicated server, we can offer you our service on analyzing and configuring your server and/or install the SSL Certificate on it. Pleasenote: we will need the 'root' access to your server over SSH or the 'Administrator' access over MS Remote Access Desktop to complete these tasks.

Secondly, once you have the SSL certificate installed and configured, you should configure the HTTPS server in X-Cart. To do it, modify the/config.php file and set the $xcart_https_host variable properly:

/**

* X-Cart HTTP & HTTPS host and web directory

*

* This section defines the location of your X-Cart installation. If X-Cart is

* installed using Web installation, the variables of this section are

* configured via the Installation Wizard. If you install X-Cart manually, use

* this section to provide your web server details manually.

*

4
http://www.comodogroup.com/http://www.x-cart.com/ssl/http://www.comodogroup.com/http://www.yourdomain.com/x-cart-path/


6/43

* $xcart_http_host - Host name of the server on which your X-Cart software is

* to be installed;

* $xcart_https_host - Host name of the secure server that will provide access

* to your X-Cart-based store via the HTTPS protocol;

* $xcart_web_dir - X-Cart web directory.

*

* NOTE:

* The variables $xcart_http_host and $xcart_https_host must contain hostnames

* ONLY (no http:// or https:// prefixes, no trailing slashes).

*

* Web dir is the directory where your X-Cart is installed as seen from the Web,

* not the file system.

*

* Web dir must start with a slash and have no slash at the end. An exception to

* this rule is when you install X-Cart in the site root, in which case you need

* to leave the variable empty.

*

* EXAMPLE 1:

* $xcart_http_host ="www.yourhost.com";

* $xcart_https_host ="www.securedirectories.com/yourhost.com";

* $xcart_web_dir ="/xcart";

* will result in the following URLs:

* http://www.yourhost.com/xcart

* https://www.securedirectories.com/yourhost.com/xcart

*

* EXAMPLE 2:

* $xcart_http_host ="www.yourhost.com";

* $xcart_https_host ="www.yourhost.com";

* $xcart_web_dir ="";

* will result in the following URLs:

* http://www.yourhost.com/

* https://www.yourhost.com/

*/

Finally, enable the secure checkout at your store by selectingthe HTTPS protocol for the payment methods to be secure on the Payment Methodspage. You can also adjust these HTTPS options on the 'General settings/Security options' page:

Use HTTPS for users' login and registrationUse secure login form on a separate page (HTTPS)

Optionally, if you need secure certain php scripts you should add https scripts to /https.php file, 'https_scripts' array. You can find someexamples in /https.php file:

$https_scripts[] = 'login.php';

$https_scripts[] = array(

'cart.php',

"mode=checkout",

);

Optionally, if you want to switch the whole x-cart to secure mode edit https.php file. Find the line

function is_https_link($link, $https_scripts) {

and replace it with

function is_https_link($link, $https_scripts) {

return true;

Now, if your web server does not use SSL certificates, and you are running an HTTPS Proxy instead, you may need to make additional settings toenable your X-Cart work over SSL (secure connection). In the include/https_detect.php file, define the proxy IP address and set the $HTTPS variable to'true':

if ($_SERVER['REMOTE_ADDR'] == '192.160.1.1') {

$HTTPS_RELAY = true;

$HTTPS = true;

}

If you are not sure whether your web server uses SSL certificates or runs behind an HTTPS Proxy, contact your hosting service provider or serveradministrator or email our technical support - we will help you find that out.

If you experience problems with external services (payment / shipping) working over https while using curl/libcurl as the https module, try adding thefollowing line to top.inc.php:

define('USE_CURLOPT_SSL_VERIFYPEER', 1);

after

$xcart_dir = rtrim(realpath($xcart_dir), XC_DS);

5
http://help.x-cart.com/index.php?title=X-Cart:Security_Options#HTTPS_optionshttp://help.x-cart.com/index.php?title=X-Cart:Security_Options#HTTPS_optionshttp://help.x-cart.com/index.php?title=X-Cart:Security_Options#HTTPS_optionshttp://help.x-cart.com/index.php?title=X-Cart:Security_Options#HTTPS_options


7/43

2.6 How do I set up password protection for my X-Cart admin and provider areas?

Generally, the password protection can be done as follows (assuming that you want to use "abc123" and "123" as login/password):

1. In X-Cart Admin area, open the Summarypage.

2. In the Environment info section, find and copy the X-Cart directory path (something like /home/user/www/xcart). You will need it a bit later.

3. Generate .htpasswd file.

If you have shell access to your hosting server and enter the following command:

htpasswd -c .htpasswd abc123

and then press Enter. Now enter the merchant key (password) two times.

Alternatively, you can use one of the on-line htpasswd generators to generate an entry for your .htpasswd file (for examplehttp://www.htaccesstools.com/htpasswd-generator/), then copy the generated entry into your .htpasswd file.

So, the content of your .htpasswd file will look like:

abc123:$apr1$H1wVgYiJ$cRFQbQnqZGvmZ2Im.u9q30

4. Copy the .htpasswd file to the X-Cart's admin and provider directories.

5. Open admin/.htaccess and paste the following data to it:

AuthType Basic

AuthName "Restricted Admin Area"

# In the line below, replace /home/user/www/xcart/ with

# the actual X-Cart path shown on your Admin summary page.

AuthUserFile /home/user/www/xcart/admin/.htpasswd

require valid-user

6. Open provider/.htaccess and paste the following data to it:

AuthType Basic

AuthName "Restricted Provider Area"

# In the line below, replace /home/user/www/xcart/ with

# the actual X-Cart path shown on your Admin summary page.

AuthUserFile /home/user/www/xcart/provider/.htpasswd

require valid-user

Alternatively, you can password-protect the admin and provider areas using the password protection setup facility in the Control Panel of your hostingaccount.

2.7 Seven security features that you might not know yet

2.7.1 SECURITY_BLOCK_UNKNOWN_ADMIN_IP

The mode of enhanced protection. It allows you to control from which IP addresses users can access your x-cart.

By default, it is disabled. To turn it on, edit config.php file. Set this value

SECURITY_BLOCK_UNKNOWN_ADMIN_IP

to 'true', i.e.

define("SECURITY_BLOCK_UNKNOWN_ADMIN_IP", true);

Immediately you enable this mode, you should login to x-cart admin so that your own IP address is registered in the system. After that, no user will beable to login to the admin back end until you register his/her IP address: all login attempts will be denied and the users will get an error message.

If login/password, submitted by a user, are correct (i.e. correspond to the login/password of an existing user, and this user belongs to a type withpermissions to access this x-cart zone), a request to register the user's IP address will be sent to x-cart administrator email.

This notification will have information about the time of the login attempt, the username and the IP address. Thus you can consider whether or not togrant access to this user: by simply clicking on a link in the email. As a result, the IP address will be registered in your store's list of allowed IPaddresses.

More information: X-Cart:User Access Control

6
http://www.htaccesstools.com/htpasswd-generator/http://help.x-cart.com/index.php?title=X-Cart:User_Access_Controlhttp://help.x-cart.com/index.php?title=X-Cart:User_Access_Controlhttp://www.htaccesstools.com/htpasswd-generator/http://help.x-cart.com/index.php?title=X-Cart:Summary_Page


8/43

2.7.2 System Fingerprints

X-Cart uses MD5 (Message-Digest algorithm 5) for data integrity control. Using this tool you can create lists of MD5 checksums of all the files in X-Cartinstallation directory and compare checksum lists generated at different periods of time to verify the integrity of your X-Cart files.

In X-Cart, a list of MD5 checksums of all the files is called "system fingerprint". The first system fingerprint in your store is generated automatically duringx-cart installation.

Any system fingerprint can be compared with the current state of the store or with any other fingerprint. This process allows detecting any changes in/xcart directory. You get a list of files which have been modified, added or lost (removed from the system or renamed so they cannot be identified).

You can use this tool to track the changed and suspicious files. For ex, you think your store has been hacked. You get the full list of the changed files

and check/repair them manually.

More information: X-Cart:System Fingerprints

2.7.3 Protection from CSRF attacks (cross site request forgery attacks)

There is a built-in protection from CSRF attacks. Each form in the backend has a unique identifier which ensures that this form is valid. This uniqueforms are used for the protection.

Unique form identifiers are generated within a user session and assigned to each x-cart page which is loaded in the user's browser and which containsan HTML form for submitting data via POST. The main purpose of these identifiers is to ensure authenticity of the form when the form is submitted bythe user: if the submitted form contains a valid form identifier, the form is recognized as that generated by X-Cart in the current user's session, andtherefore it detected as valid and safe for use. If there is no valid form identifier, the form is treated as suspicious and the submit process is canceled.

Information about the CSRF attacks: http://en.wikipedia.org/wiki/Cross-site_request_forgery

There are sooooo many web applications that just don't have such a protection :-(

2.7.4 FRAME_NOT_ALLOWED

It is possible to forbid calling X-Cart in IFRAME / FRAME tags.

If you do not use X-Cart in any pages where X-Cart is displayed through a frame, you can enable this option as an additional security measure. Itprevents such attacks that the attackers display X-Cart through a frame and, using browser vulnerabilities, intercept the information entered in the form.

To enable this feature, edit the following line in config.php:

define("FRAME_NOT_ALLOWED", false);

2.7.5 Blowfish encryption (merchant key)

Blowfish data encryption (based on Merchant key) is more secure than the usual encryption method. In this method, you create a Merchant key - apassword that allows you to encrypt the details of your customers' orders and to decrypt previously encrypted order details when you wish to view them.

Such a higher level of security is because the key, used to encrypt and decrypt order details, is not stored anywhere in the system. The only thing that isstored is an MD5 signature of the key. When you need to access the details of a certain order, you manually enter your Merchant key into a special formon the 'Order details' page. In the next session, you will have to re-enter the Merchant key to get access to order details.

So if somebody steals your database and all files, he will not be able to steal the credit card numbers anyway.

More information: X-Cart:Blowfish

2.7.6 PHPIDS

PHPIDS(PHP Intrusion Detection System) is an open source PHP Web Application Intrusion Detection System. PHPIDS detects Cross-site scripting(XSS), SQL injection, header injection, Directory traversal, Remote File Execution, Local File Inclusion, Denial of Service (DoS). It is simple to use andwell structured. It provides impact of every attack by analyzing any chosen input variables as POST, GET, SESSION, COOKIE. Find out more athttp://phpids.org/

2.7.7 $admin_allowed_ip

By default there's no IP-based limitations on accessing X-Cart admin area. To make your admin area more secure you can define IP-based restrictionsby editing the$admin_allowed_ipparameter in the config.php file located in the X-Cart root directory as shown below.

Example:

$admin_allowed_ip = "192.168.0.1, 127.0.0.1";

7
http://help.x-cart.com/index.php?title=X-Cart:System_Fingerprintshttp://en.wikipedia.org/wiki/Cross-site_request_forgeryhttp://phpids.org/http://phpids.org/http://help.x-cart.com/index.php?title=X-Cart:Blowfishhttp://en.wikipedia.org/wiki/Cross-site_request_forgeryhttp://help.x-cart.com/index.php?title=X-Cart:System_Fingerprints


9/43

This will make the access limited to users from IP addresses 192.168.0.1 and 127.0.0.1.

2.8 Maintaining X-Cart security

A big mistake I see with users of software is thinking they can setup the software and run the software for an indefinite period of time. It is imperativewith x-cart, and all software you run for that matter, that you apply security patches and upgrade as new releases are available. While the patches andupgrades do require time and/or money to apply, neglecting to do so can be potentially fatal to your business and they need to be made a priority.

X-Cart provides security and release bulletins that you can sign up for in your Qualiteam Account. Be sure to sign-up for these bulletins and stay on topof your security.

Hint:If you need to walk away from your computer for whatsoever reason even for just a few moments, log off from the admin area of your store or lockyour workstation.

2.9 See also

X-Cart:Security OptionsX-Cart:Security related tips

Article copyright 2007 WebsiteCM.com http://www.websitecm.com/x-cart-tutorials/x-cart-security/

8
https://secure.x-cart.com/http://help.x-cart.com/index.php?title=X-Cart:Security_related_tipshttp://www.websitecm.com/x-cart-tutorials/x-cart-security/http://help.x-cart.com/index.php?title=X-Cart:Security_related_tipshttp://help.x-cart.com/index.php?title=X-Cart:Security_Optionshttps://secure.x-cart.com/


10/43

3 X-Cart:Geographical Settings

3.1 Geographical settings in X-Cart

Adjustment of your store's geographical settings includes defining countries, states, counties and destination zones.

Countries, states and counties are countries, states and counties from which you allow customer registrations and to which your store's products can besold and shipped. Names of your store's active countries, states and counties appear in drop-down boxes on all the pages where addresses can beentered ('Profile details' form, General settings->General options section, General settings->Company options section) so that store users can use themas address components when entering addresses. They are also used to define destination zones.

Destination zones are unities consisting of territories to which your products can be sold and shipped, and for which shipping and tax rates are thesame. Defining the store's destination zones correctly is very important, because destination zones serve as a basis for adjusting shipping charges andtax rates for different locations.

3.2 Roles in geographical settings management

If you are an X-Cart GOLD/GOLD PLUS administrator/provider:

You can manage countries (Study the section Countries):define what countries need to appear in 'Country' drop-down boxes in form sections intended for entering addresses;define what countries have states (required for JavaScript state and county selector);edit names of countries;define country names in all the languages used by your store.

You can manage states (See the section States):define names and codes for the states that need to appear in 'State' drop-down boxes in form sections intended for enteringaddresses;

edit state names and codes;delete states.

You can create and manage counties (See the section Counties):enable usage of counties in your store;define which states have counties;define names for the counties that need to appear in 'County' drop-down boxes in form sections intended for entering addresses;edit names of counties;delete counties.

You can define and manage destination zones (Check out the section Destination zones).

If you are an X-Cart PLATINUM/PRO administrator:

You can manage countries (Study the section Countries):define what countries need to appear in 'Country' drop-down menus on all the forms used to specify billing/shipping addresses;define what countries have states (required for JavaScript state and county selector);edit names of countries;define country names in all the languages used by your store.

You can manage states (See the section States):define names and codes for the states that need to appear in 'State' drop-down menus on all billing/shipping address forms;edit state names and codes;delete states.

You can create and manage counties (See the section Counties):enable usage of counties in your store;

define which states have counties;define names for the counties that need to appear in 'County' drop-down menus on all billing/shipping address forms;edit names of counties;delete counties.

If you are an X-Cart PLATINUM/PRO provider:

You can define destination zones and manage your own destination zones (Check out the section Destination zones). You cannot managedestination zones created by other providers.

9
http://help.x-cart.com/index.php?title=X-Cart:Destination_zoneshttp://help.x-cart.com/index.php?title=X-Cart:Countieshttp://help.x-cart.com/index.php?title=X-Cart:Stateshttp://help.x-cart.com/index.php?title=X-Cart:Countrieshttp://help.x-cart.com/index.php?title=X-Cart:Destination_zoneshttp://help.x-cart.com/index.php?title=X-Cart:Countieshttp://help.x-cart.com/index.php?title=X-Cart:Stateshttp://help.x-cart.com/index.php?title=X-Cart:Countries


11/43

4 X-Cart:Shipping Settings

4.1 Overview

X-Cart can be set up to calculate the cost of shipping for products being ordered by customers.

By default, shipping calculation in your store is disabled. If you wish to provide shipping cost calculation to your customers, you must enable thisfunctionality by selecting the check box ENABLE SHIPPING in the 'General settings/Shipping options' section of the store's Admin area.

After you enable shipping cost calculation, you will need to set up the shipping methods that your store will use to deliver orders to customers. You can

either define your own shipping methods or use the pre-defined shipping methods provided by such popular carriers as USPS, UPS, FedEx,DHL/Airborne, Canada Post and Australia Post.

If you decide to use your own shipping methods, the shipping rates for these methods will need to be entered into X-Cart manually.

If you decide to use the shipping methods provided by the carrier companies like USPS, UPS, FedEx, etc, the shipping rates for these methods willneed to be obtained from the respective carrier companies. These rates will need to be entered into X-Cart manually or to be obtained in real time fromthe online shipping calculators provided by the respective carrier companies or InterShipper service.

Shipping setup:

No shipping calculation

ENABLE SHIPPING (General settings/Shipping options) = off

Real-time shipping calculation

ENABLE SHIPPING (General settings/Shipping options) = onEnable real-time shipping calculation (General settings/Shipping options) = onActivate the real-time shipping methods that you wish to use:

a) Go to the 'Shipping methods' page.b) In the 'Real-time calculated shipping methods' section of the 'Shipping methods' page, enable the methods you wish to use.

Enable your store to use real-time shipping cost calculators

Non-real time shipping calculation

ENABLE SHIPPING (General settings/Shipping options) = onEnable real-time shipping calculation (General settings/Shipping options) = off

4.2 Roles in shipping settings managementIf you are an X-Cart GOLD/GOLD PLUS administrator/provider:

You candefine the shipping methods that will be used by your store. The methods can be real-time and non-real time (See the chapterShipping Methods).

If you decide to use real-time shipping methods, you can enable your store to use real-time shipping cost calculators (See the chapterReal-time Shipping Calculators).

If you decide to use non-real time shipping methods, you can adjust shipping rates for them (See the chapter Shipping Charges).

For real-time shipping methods, you can adjust markups (See the chapter Shipping Markups).

If you are an X-Cart PLATINUM/PROadministrator:

You candefine the shipping methods that will be used by your store. The methods can be real-time and non-real time (See the chapterShipping Methods).

If you decide to use real-time shipping methods, you can enable your store to use real-time shipping cost calculators (See the chapterReal-time Shipping Calculators).


You can adjust shipping rates for non-real time shipping methods (See the chapter Shipping Charges).You can adjust markups for real-time shipping methods (See the chapter Shipping Markups).

4.3 Shipping Methods

Before you start configuring your shipping methods, you must enable shipping in your store: Go to the General settings->Shipping options section andactivate shipping by selecting the 'ENABLE SHIPPING' check box.

After this you will be able to set up shipping methods on the 'Shipping Methods' page of the Admin area. In X-Cart versions 4.4.0 and later, this page

10


12/43

can be found at Shipping and Taxes menu -> Shipping methods; in X-Cart versions 4.3.0-4.3.2, this section can be found at Settings menu -> Shippingmethods; in earlier versions, this section can be found at Management menu -> Shipping methods.

The 'Shipping methods' page looks like this (or similar to this - with minor variations depending on the version):

There are two types of shipping methods that you can use:

User-defined methods (These can be added using the 'Add shipping method' section; after you add them, they appear in the'Defined shipping methods' section). Shipping rates for methods of this type can be defined manually via the 'Shipping charges'section.

Real-time calculated shipping methods (These can be selected using the ?Real-time calculated shipping methods? section).Methods of this type can be set up to obtain rates in real time from real-time calculation services (for this purpose, X-Cart providesintegration modules for InterShipper and real-time calculation services by UPS, USPS, FedEx, Airborne, etc). If you do not intend toobtain rates for these methods in real time, you can define charges for these methods manually via the 'Shipping charges' section;in this case, your customers will be provided with an approximate estimation of shipping cost based on your settings, which may bedifferent from the actual fees charged by the respective shipping carrier companies.

4.3.1 Setting up real-time calculated shipping methods

Real-time calculated shipping methods that you intend to use at your store can be selected in the 'Real-time calculated shipping methods' section of the'Shipping methods' page.

X-Cart versions 4.6.1 and later:By default, all real-time calculated shipping methods are disabled. The 'Real-time calculated shipping methods' section looks as follows:

11
http://help.x-cart.com/index.php?title=File:Edit_shipmethods.gifhttp://help.x-cart.com/index.php?title=File:Edit_shipmethods.gif


13/43

To set up real-time shipping methods:

Click theAdd/remove real-time shipping methodsbutton. This opens the 'Add/remove real-time shipping methods' page providing the list ofavailable carrier companies and their specific shipping methods (The method names are hidden from view and can be viewed by clicking onthe [+] icon next to the carrier company name).

1.

Locate the shipping methods you wish to use and select theActivecheck boxes next to their names.2.After selecting all the shipping methods you require, click Apply changes. The methods will be activated for your store and added to the list ofmethods in the 'Real-time calculated shipping methods' section.

3.

X-Cart versions 4.6.0 and earlier:By default, all real-time calculated shipping methods are enabled. You need to disable the methods you do not intend to use. The 'Real-time calculatedshipping methods' section looks as follows:

12
http://help.x-cart.com/index.php?title=File:Shipping_methods_all_disabled.png


14/43

To set up real-time shipping methods:

Go through the list of carrier companies displayed in the 'Real-time calculated shipping methods' section and expand the hidden list ofmethods for each company by clicking th [+] icon next to the company name.

1.

Use the 'Uncheck all' links to deselect all the methods for carriers you do not intend to use. For carriers that you will use, go through the list ofshipping method names and leave theActivecheck box selected only for the methods that you wish to use.

2.

After selecting all the shipping methods you require, click Apply changes.3.

All X-Cart versions:To receive shipping rates for the selected methods in real time, you must also adjust the configuration settings for the respective real-time shippingcalculation modules (See X-Cart:Shipping_Settings#Real-time_Shipping_Calculators).

4.3.2 Adding your own user defined shipping methods

You can create your own shipping methods. To add a new shipping method:

In Admin area, go to the Shipping Methods page.1.Use the 'Add shipping method' section to specify the details for your new shipping method:

Delivery time: Delivery time in days.Weight limit: Weight limit (set the value of these fields to zero if there are no limitations).Destination: Select National or International from the DESTINATION drop-down box, depending on whether this shipping methodcan be used for shipping goods to national or international locations. If you select National, this shipping method will not beavailable to international customers and customers who are not logged in. International shipping methods are only displayed tocustomers from countries different from the country of shop location.

Pos.: Position number (the number affecting the order in which the shipping methods are displayed to your customers).Active: Whether the method is available to customers.COD: Whether Cash on delivery payment method is available for this shipping method.

2.

Click theApply changesbutton. The new method will be added to the list in the 'Defined shipping methods' subsection.3.

13
http://help.x-cart.com/index.php?title=X-Cart:Shipping_Settings#Real-time_Shipping_Calculatorshttp://help.x-cart.com/index.php?title=File:Shipping_methods_all_disabled1.png


15/43

4.3.3 Editing shipping methods

To edit a shipping method:

In Admin area, go to the Shipping Methods page.1.Locate the shipping method you want to edit.2.Adjust the shipping method's details as required.Note: For real-time calculated methods, the weight limit settings limit not the total order weight, but the weight of one shipping package. Allorders above the weight limit will be split into several packages so that the weight of each package is below the limit. X-Cart calculatesshipping charges for each package and then adds them together to get the total order shipping cost.

3.

Click theApply changesbutton.4.

4.3.4 Activating/deactivating shipping methods

To change the availability of a shipping method:

(Instructions for user defined methods in all X-Cart versions and for real-time methods in X-Cart versions 4.6.0 and earlier):

In Admin area, go to the Shipping Methods page.1.Locate the shipping method you need to activate/deactivate and select/unselect the check box in theActivecolumn next to its name.2.ClickApply changes.3.

(Instructions for real-time methods in X-Cart versions 4.6.1 and later):

In Admin area, go to the Shipping Methods page.1.In the 'Real-time calculated shipping methods' section, click theAdd/remove real-time shipping methodsbutton.2.

On the 'Add/remove real-time shipping methods' page, locate the shipping method you need to activate/deactivate and select/unselect thecheck box in theActivecolumn next its name.

3.

ClickApply changes.4.

4.3.5 Deleting shipping methods

You can delete shipping methods you created. To delete a shipping method:

In Admin area, open the Shipping Methods page.1.In the 'Defined shipping methods' section, locate the shipping method you wish to delete and click the Deletebutton on the line of this method.2.

4.4 Real-time Shipping Calculators

Some carrier companies (like UPS, USPS, FedEx, DHL/Airborne, Canada Post and Australia Post) provide real-time shipping rates that allow users toestimate the cost of shipping by methods provided by these companies. Your X-Cart based store has shipping modules that enable it to obtain shippingrates from the real-time shipping calculators of such companies and provide your customers with an estimation of shipping cost for orders before theyare placed. Integrated shipping modules are provided for UPS, USPS, FedEx, DHL/Airborne, Canada Post and Australia Post. There is also a moduleallowing your store to obtain shipping rates for UPS, USPS, FedEx, DHL/Airborne through InterShipper rate service.

Important: Please be aware that to be able to use shipping modules for obtaining real-time shipping rates, your X-Cart based store will need to meetcertain system requirements (See the section Server Requirementsin this manual).To use X-Cart's shipping modules for obtaining real-time shipping rates, you will need an account with each company that you will use to ship productsto your customers (except for Australia Post - for which no account is needed) or an account with InterShipper.

Note. The real-time calculated rate quote is only an estimation and may be different from the actual charges for your shipment.Here you can find the instructions for enabling your store to use real-time shipping cost calculators provided by:

InterShipper,

USPS,

FedEx,

DHL/Airborne,

Canada Postand

Australia Post.

For information on setting up your store to use UPS real-time shipping calculator, see UPS Developer Kit

14
http://www.x-cart.com/xcart_manual/online/server_requirements.htmhttp://help.x-cart.com/index.php?title=X-Cart:InterShipperhttp://help.x-cart.com/index.php?title=X-Cart:UPS_Developer_Kithttp://help.x-cart.com/index.php?title=X-Cart:Australia_Posthttp://help.x-cart.com/index.php?title=X-Cart:Canada_Posthttp://help.x-cart.com/index.php?title=X-Cart:DHL/Airbornehttp://help.x-cart.com/index.php?title=X-Cart:FedExhttp://help.x-cart.com/index.php?title=X-Cart:USPShttp://help.x-cart.com/index.php?title=X-Cart:InterShipperhttp://www.x-cart.com/xcart_manual/online/server_requirements.htm


16/43

4.4.1 Video tutorial

4.5 Shipping Charges

X-Cart shopping cart software allows you to define shipping rates for each shipping method and destination zone defined by the administrator of yourstore. This is done by setting up shipping rules in the 'Shipping charges' section (In X-Cart versions 4.4.0 and later, this section can be found at Shippingand Taxes menu -> Shipping charges; in X-Cart versions 4.3.0-4.3.2, this section can be found at Settings menu -> Shipping charges; in earlierversions, this section can be found at Inventory menu -> Shipping charges). Each rule defines a shipping rate for a specific shipping situation (e.g. theshippingof an order the weight of which is between 10 and 15 lbs to the country located in zone 2 by UPS Ground should cost that much).

Note: In X-Cart PLATINUM or PRO, shipping charges are defined by each provider individually, in the provider area. See also the chapter Roles inshipping settings managementNote: You can make any shipping method available for more than one destination zone, or set up different shipping rules for the same method withinone destination zone.Note: When the 'Enable real-time shipping calculation' option is OFF (General settings/Shipping options), you can set up shipping charges both forreal-time shipping methodsandmanually defined shipping methods.Note: Shipping charges must be set up as follows:

ForInternationaldestination zones andInternationalshipping methods respectively.ForNational> destination zones andNationalshipping methods respectively.

Nationalshipping methods will never be applied toInternationaldestination zones, and visa versa. Thus, if you set up shipping charges for Nationalshipping methods andInternationaldestination zones, and visa versa, the shipping charges will never work.If your shipping policy is complex you may need to define multiple shipping rules to cover all the cases.

In X-Cart GOLD and GOLD PLUS, both shipping methods and shipping charges are defined by the store administrator. If he fails to define shipping

charges for certain shipping methods, such methods will be unavailable to customers.

In X-Cart PLATINUM and PRO, the store administrator defines only shipping methods, shipping charges for these methods are defined by providers. Ifproviders fail to define shipping charges for some shipping method, the shipping cost for this method will be "0" (zero).

4.5.1 Defining shipping charges

1. Go to the 'Shipping charges' section.

2. Scroll to the 'Add shipping charge values' section of the 'Shipping charges' form.

3. Define the shipping rule, adjust the fields as follows:

Shipping method: The shipping method for which you wish the shipping rule to be used.

Zone: The destination zone for which you wish the shipping rule to be used.Apply rate to: Select from DST (Discounted subtotal) or ST (Subtotal) to determine whether shipping should be calculated as a percentagefrom subtotal with or without discount (if any).

Weight range: The weight range for which you wish the shipping rule to be used. Must be set in units of weight used by the store.Order subtotal range: The order subtotal range for which you wish the shipping rule to be used. Must be set in units of primary currency usedby the store.

Note:If you do not wish to limit the weight and/or order subtotal ranges, set the respective values to 999999.9.

Flat charge: The fixed amount that you wish to charge per order. Must be set in units of primary currency used by the store.Percent charge: The amount that you wish to charge based on the order subtotal. Must be set in percent.Per item charge: The fixed amount that you wish to charge for each item in the shopping cart. Must be set in units of primary currency used bythe store.

Per charge: The fixed amount that you wish to charge per unit of weight (For example, the amount you wish to charge perkilogram of total order weight). Must be set in units of primary currency used by the store.

4. Click theAddbutton.

After shipping charges are defined, the cost of shipping in your store will be calculated according to the formula:

SHIPPING = Rate + TOTAL_WEIGHT*Weight_Rate + ITEMS*Item_Rate + SUM*Percent_Rate/100

where:

SHIPPINGis Shipping cost.Rateis the amount defined by the 'Flat charge' field.Weight_Rateis the amount defined by the 'Per charge' field.Item_Rateis the amount defined by the 'Per item charge' field.Percent_Rateis the amount defined by the 'Percent charge' field.TOTAL_WEIGHTis the total weight of the order (sum of weights of all the items in the shopping cart).ITEMSis the total number of items in the shopping cart.

SUMis the order total amount.

15


17/43

4.5.2 Modifying shipping charges

1. Go to the 'Shipping charges' section.

2. Select the group of shipping methods the charges for which you need to modify. Select the destination zone.

When the page is reloaded, only the shipping methods belonging to the specified group will be displayed.

3. Change the values that need to be modified (you can change the shipping method, the destination zone, the weight range or the total order amountrange, the contents of the Flat charge, Percent charge, Per item charge and Per lb. charge fields)

4. Click theUpdatebutton.

4.5.3 Deleting shipping charges

Go to the 'Shipping charges' section.1.Select the group of shipping methods to which the shipping charge you need to delete applies. Select the destination zone. When the page isreloaded, only the shipping methods belonging to the specified group will be displayed.

2.

Select the check boxes next to the shipping rule that needs to be deleted. Use the check box next to the shipping method name to select orunselect all the charges for this shipping method.

3.

Click theDelete selectedbutton.4.

4.5.4 Video tutorial

4.6 Shipping Markups

You can define markups for real-time calculated shipping methods. This can be useful when your shipping expenses exceed the value returned by thereal-time shipping processor (e.g. You have to pay for packing, insurance, etc).

Shipping markups are defined using X-Cart's 'Shipping markups' section (In X-Cart versions 4.4.0 and later, this section can be found at Shipping and

Taxes menu -> Shipping markups; in X-Cart versions 4.3.0-4.3.2, this section can be found at Settings menu -> Shipping markups; in earlier versions,this section can be found at Inventory menu -> Shipping markups).

Note: The 'Shipping markups' item appears in the Settings menu only after the option 'Enable real-time shipping calculation' is enabled in Generalsettings/Shipping options.Shipping markups are defined similar to shipping charges.

After you define markups, the shipping cost in your store will be calculated according to the formula:

SHIPPING = Rate + Markup + TOTAL_WEIGHT*Weight_Markup + ITEMS*Item_Markup + SUM*Percent_Markup/100

Where:

SHIPPINGis the shipping cost.Rateis the shipping rate returned by the real-time calculation service (UPS, FedEx, etc).Markupis a fixed markup amount applied to the order (the value of the 'Flat charge' field).

Weight_Markupis a shipping markup based on product weight (the value of the 'Per lbs charge' field).Item_Markupis a shipping markup applied per item ordered (the value of the 'Per Item charge' field).Percent_Markupis a shipping markup calculated as percent of the total order amount (the value of the 'Percent charge (%)' field)TOTAL_WEIGHTis the sum of weights of all the items in the shopping cart (variable).ITEMSis the total number of items in the shopping cart (variable).SUMis the total order amount (variable).

If a markup needs to be applied only to a certain weight and/or order subtotal range, specify this range using the corresponding fields.

The markups defined here will be added to the value returned by the real-time shipping calculation service.

16
http://help.x-cart.com/index.php?title=File:Edit_charges_for.gif


18/43


19/43

0-1 8.00 Royal Mail Airmail

1-2 18.00 Royal Mail International Signed For

2+ 55.00 Parcelforce International

4.7.1 Step 2. Creating shipping methods

Create manually defined shipping methodsyou are going to use. The ones we need are as follows:

National

1. Royal Mail 1st Class

2. City Link

International

3. Royal Mail Airmail

4. Royal Mail International Signed For

5. Parcelforce International

So there should be 5 manually defined shipping methods set in the 'Shipping Methods' section of the cart's Admin area.

4.7.2 Step 3. Defining destination zones

Now it's necessary to define the destination zonesyou are going to use. This can be done in the 'Settings' -> 'Destination zones' section. The zonesshould be as follows:

1. UK

2. EU (European Union)

3. USA / CANADA / FAR EAST & AUSTRALIA

4. REST OF WORLD

Note: Please be warned that you should not use one and the same country for 2 different destination zones. This will lead to the rates mess up.

4.7.3 Step 4. Setting up shipping rates

Once the shipping methods and destination zones have been defined, you can set up shipping rates using the 'Shipping charges' section. For moreinformation, refer to the #Shipping Chargessection of this manual.

You should get the following rules (sample for UK):

1. Royal Mail 1st Class/UK

2. City Link/UK

18
http://help.x-cart.com/index.php?title=File:Shipping_charges2.gifhttp://help.x-cart.com/index.php?title=File:Shipping_charges2.gifhttp://help.x-cart.com/index.php?title=X-Cart:Destination_zoneshttp://help.x-cart.com/index.php?title=X-Cart:Shipping_Settings#Managing_methods_with_manually_defined_rates


20/43

The rates for all other zones should be configured likewise. Please do note when you use one shipping method for one destination zone, you shoulddefine all rates for this method within one rule.

Once all shipping charges are defined, you should enable shipping for all the products in the cart. To do so check the 'General Settings' -> 'Shippingoptions' configuration and choose the options you like.

4.8 Troubleshooting

4.8.1 "There are no shipping methods for your location" error

There are 2 major groups of shipping methods that you can use in your store:

Shipping methods with manually defined rates1.Shipping methods the rates for which are defined via real-time calculation services - real-time shipping methods2.

The first group includes all methods for which rates can be set up through ?Shipping charges? in the provider zone (the methods added by you + themethods which are listed in the ?Real-time calculated shipping methods? subsection of the ?Edit shipping methods? form but do not get rates fromreal-time calculation services).

The second group includes methods the rates for which are delivered by InterShipper or special integrated modules from real-time shipping services likeUPS, USPS, FedEx, Airborne, etc.

If you are using methods of the first group, the problem is probably caused by the fact that no shipping rates were specified. Use the ?Shippingcharges? section of the provider interface to set up the rates you need.

If you are using methods of the second group, getting the ?no shipping methods? error means the settings of your real-time shipping methods are

incorrect.

4.9 FAQ

4.9.1 How to set up: $4.95 flat rate shipping fee for all orders?

You should define your shipping charges as follows:

1) Create a new shipping method with manually defined rates, set 'Destination' = 'National'.

2) Set up Flat Charge rateof $4.95 for the new shipping method and 'Zone Default'.

3) If you need the same flat rate to apply to all international orders, repeat step 1 ('Destination' = 'International') and step 2 accordingly.

19
http://help.x-cart.com/index.php?title=File:Shipping_Flat-rate.gifhttp://help.x-cart.com/index.php?title=File:Shipping_Flat-rate.gifhttp://help.x-cart.com/index.php?title=X-Cart:Shipping_Settings#Defining_shipping_chargeshttp://help.x-cart.com/index.php?title=X-Cart:Shipping_Settings#Managing_methods_with_manually_defined_rateshttp://help.x-cart.com/index.php?title=File:Shipping_charges3.gif


21/43

4.9.2 How to set up: shipping cost of $2.49 for one item, and then +$1.99 for any additional item?


Flat charge: 0.50 (calculated as $2.49 - $1.99)

Per item charge: 1.99

Note: Both the charges should be specified for the same shipping rule.In this case the shipping cost will be calculated as follows:

1 item: 0.5 + (1.99 * 1) = 2.49

2 items: 0.5 + (1.99 * 2) = 4.48

3 items: 0.5 + (1.99 * 3) = 6.47

And so on.

4.9.3 How to set up: zero shipping rate for orders above $250, and $6.50 flat rate for all other orders?


1st shipping rule:

Order subtotal range: 0 - 250.00

Flat charge: 6.50

2nd shipping rule:

Order subtotal range: 250.01 - 999999.99

All 'charge' fields: 0.00

4.9.4 How to set up: shipping cost of $3.00 for 1-4 items, and then +$1.10 for any additional item? All the items in thestore have the same weight (1.00 lbs)


1st shipping rule:

Weight range: 1.00-4.00

20
http://help.x-cart.com/index.php?title=File:Shipping_charges1.gifhttp://help.x-cart.com/index.php?title=File:Shipping_charges_example3.pnghttp://help.x-cart.com/index.php?title=File:Shipping_charges_example3.pnghttp://help.x-cart.com/index.php?title=File:Shipping_charges1.gif


22/43

Flat charge: 3.00

2nd shipping rule:

Weight range: 4.01-999999.99

Flat charge: 3.00

Per item charge: 1.10

4.9.5 How to set up: shipping charge of 20% of total price, but not over $600?


1st shipping rule:

Order subtotal range: 0 - 3000.00

Percent charge (%): 20.00

2nd shipping rule:

Order subtotal range: 3000.01 - 999999.99

Flat charge: 600.00

21
http://help.x-cart.com/index.php?title=File:Shipping_charges_example.gifhttp://help.x-cart.com/index.php?title=File:Shipping_charges_example1.pnghttp://help.x-cart.com/index.php?title=File:Shipping_charges_example1.pnghttp://help.x-cart.com/index.php?title=File:Shipping_charges_example.gif


23/43

5 X-Cart:Real-time Shipping Calculators

Some carrier companies (like UPS, USPS, FedEx, DHL/Airborne, Canada Post and Australia Post) provide real-time shipping rates that allow users toestimate the cost of shipping by methods provided by these companies. Your X-Cart based store has shipping modules that enable it to obtain shippingrates from the real-time shipping calculators of such companies and provide your customers with an estimation of shipping cost for orders before theyare placed. Integrated shipping modules are provided for UPS, USPS, FedEx, DHL/Airborne, Canada Post and Australia Post. There is also a moduleallowing your store to obtain shipping rates for UPS, USPS, FedEx, DHL/Airborne through InterShipper rate service.

Important: Please be aware that to be able to use shipping modules for obtaining real-time shipping rates, your X-Cart based store will need to meetcertain system requirements (See the section Server Requirementsin this manual).To use X-Cart's shipping modules for obtaining real-time shipping rates, you will need an account with each company that you will use to ship products

to your customers (except for Australia Post - for which no account is needed) or an account with InterShipper.

Note. The real-time calculated rate quote is only an estimation and may be different from the actual charges for your shipment.Here you can find the instructions for enabling your store to use real-time shipping cost calculators provided by:

InterShipper,

USPS,

FedEx,

DHL/Airborne,

Canada Postand

Australia Post.

For information on setting up your store to use UPS real-time shipping calculator, see UPS Developer Kit

5.1 Video tutorial

22
http://www.x-cart.com/xcart_manual/online/server_requirements.htmhttp://help.x-cart.com/index.php?title=X-Cart:InterShipperhttp://help.x-cart.com/index.php?title=X-Cart:UPS_Developer_Kithttp://help.x-cart.com/index.php?title=X-Cart:Australia_Posthttp://help.x-cart.com/index.php?title=X-Cart:Canada_Posthttp://help.x-cart.com/index.php?title=X-Cart:DHL/Airbornehttp://help.x-cart.com/index.php?title=X-Cart:FedExhttp://help.x-cart.com/index.php?title=X-Cart:USPShttp://help.x-cart.com/index.php?title=X-Cart:InterShipperhttp://www.x-cart.com/xcart_manual/online/server_requirements.htm


24/43

6 X-Cart:Tax Settings

6.1 Tax settings in X-Cart

X-Cart provides you with AvaTax modulefor reliable, fast and affordable sales tax automation service by Avalara. There's also a flexible tool for manualdefining the taxes to be used in your store. Simple settings allow you to define virtually any tax and tax rate. For each tax you can define how it needs tobe calculated, to what products it needs to be applied, how information about it needs to be displayed to customers, etc. You can make taxes dependenton the customer's location (billing or shipping address) and on the customer's membership. Customers coming from a certain location and having acertain membership will see just the tax rates for their destination zone and membership level, while the other tax rates will be hidden. X-Cart also allowsyou to have non-taxable products at your store.

6.2 Roles in tax settings management

If you are an X-Cart GOLD/GOLD PLUS administrator/provider:

You can define taxes (See the chapter Taxes).You can define taxes options (See the chapter Taxes Options).You can define tax rates (See the chapter Tax Rates).You can apply taxes to products (See the chapter Applying Taxes to Products).

If you are an X-Cart PLATINUM/PRO administrator:

You can define taxes (See the chapter Taxes).You can define taxes options (See the chapter Taxes Options).

You can apply taxes to products (See the chapter Applying Taxes to Products).


You can define tax rates for your products (See the chapter Tax Rates).You can apply taxes to your products (See the chapter Applying Taxes to Products).

6.3 Video tutorial

6.4 Taxes

6.4.1 Adding taxes

To add a tax:

1. Go to the 'Taxes' section of your store's Admin area. In X-Cart versions 4.4.0 and later, this section can be found at Shipping and Taxes menu -> Taxsystem (X-Cart Gold) or Shipping and Taxes menu -> Taxes (X-Cart Pro); in X-Cart versions 4.3.0-4.3.2, this section can be found at Settings menu ->Tax system; in earlier versions, this section can be found at Management menu -> Tax system.A dialog box titled'Taxes' opens:

Before you have created any taxes, the dialog box is empty.

2. In the 'Taxes' dialog box, click theAdd new...button. A dialog box 'Tax details' opens.

23
http://help.x-cart.com/index.php?title=File:Taxes.gifhttp://help.x-cart.com/index.php?title=File:Taxes.gifhttp://help.x-cart.com/index.php?title=File:Taxes.gifhttp://www.info.avalara.com/x-carthttp://help.x-cart.com/index.php?title=X-Cart:AvaTax


25/43

3. Define the details of the desired tax by completing the fields of the 'Tax details' dialog box (The fields marked by a red asterisk sign are mandatory):

Tax service name: Unique name by which X-Cart application will identify this tax. A tax service name may include letters (A-Z, a-z) and digits(0-9), may not exceed 10 characters in length and must begin with a letter. This value will not appear anywhere in your store's Customer area.

Tax display name: Name of the tax as it will appear to customers. If necessary, you can define a different tax display name for each of thelanguages used in your store. To add a tax display name in another language, select the necessary language from the Current languageselector at the top of the page, enter the tax display name in this language into the appropriate field and click the Savebutton.

Tax registration number: Tax registration number (required for certain types of taxes; appears on the invoice)Tax priority: Number defining the order in which the tax needs to be applied (relative to the other taxes).Status: Tax status (Enabled or Disabled).Apply tax to: Tax base. Use the #Tax Formula Editorto create the formula according to which this tax needs be applied.

Rates depend on: Select if the tax rate should be calculated for Shipping Address or Billing Address.Included into the product price: This option defines whether the prices of products to which this tax applies are stored in the database with thistax included or excluded. If you want the product prices to be inclusive of this tax, select this check box. If you leave this check boxunselected, the prices will be tax-exclusive.

Important: The option 'Included into the product price' should only be enabled for taxes whose rate is not supposed to change depending on thecustomer's address. If your store has products to which more than one taxes should be applied, you need to make sure that the option 'Included into theproduct price' is enabled for no more than one of the taxes applied to any such product.

Display product price including tax: This option defines whether the prices of products to which this tax applies are displayed to customerswith this tax included or excluded. If you want the product prices to be displayed as inclusive of this tax, select this check box. If you leave thischeck box unselected, the prices will appear tax-exclusive.

Also display (on the products list, product details and cart pages): This option is used in conjunction with the option 'Display product priceincluding tax' and defines what needs to be displayed on the named pages of your store besides the price with the included tax (Nothing, Ratevalue, Calculated tax cost, Rate value and tax cost).

24
http://help.x-cart.com/index.php?title=File:Tax_details0.gif


26/43

4. Click theSavebutton. The tax will be created and added to the list of your store's taxes. To v iew the list of your store's taxes, you can click the Taxeslist link at the top right-hand corner of the 'Tax details' dialog box.

Now that the tax has been created, it is possible to add tax rates for it. See the chapter #Tax Rates.

After the necessary taxes have been defined, be sure to set the options affecting how all taxes in your store are applied and displayed. See the cha pter#Taxes Options.

Also, please be aware that, before the taxes you have created become functional, they will need to be applied to products. See the chapter #ApplyingTaxes to Products.

6.4.2 Managing Taxes

The 'Taxes' dialogbox in the 'Taxes' section of your store's Admin area shows all the taxes defined in your store. When you have some taxes defined, itlooks similar to this:

The table columns provide the following information about each tax:

TAX - Service tax name.APPLY TAX TO - Tax base as defined in the 'Apply tax to' field of the 'Tax details'.PRIORITY - Order in which the tax needs to be applied (relative to the other taxes).STATUS - Enabled or disabled.

To edit the details of a tax:

Click on the name link of the tax that needs to be edited. The 'Tax details' dialog box displaying the details of the selected tax opens.1.Edit the tax details.2.Click theSavebutton at the bottom of the 'Tax details' dialog box to save the changes.3.

To change the order in which your taxes should be applied:

Change the order numbers in the PRIORITY column (The tax with the highest priority needs to have the smallest order number, the tax withthe lowest priority - the greatest order number).

1.

Click theUpdatebutton.2.

To temporarily disable a tax or to re-enable a disabled tax:

Select the appropriate status from the STATUS drop-down box opposite the name of the tax.1.Click theUpdatebutton.2.

To delete a tax:

Select the check box next to the name of the tax that needs to be deleted. (You can use the Check all / Uncheck all links to select or unselectall the taxes on the page.

1.

Click theDelete selectedbutton.2.

6.5 Tax Rates

25
http://help.x-cart.com/index.php?title=File:Taxes_list.gifhttp://help.x-cart.com/index.php?title=File:Taxes_list.gifhttp://help.x-cart.com/index.php?title=File:Taxes_list.gif


27/43

6.5.1 Adding tax rates

After the necessary taxes have been defined, you need to define tax rates for each tax.

Important: Before you begin defining tax rates for a certain tax, make sure that all the X-Cart:User Membershipsto which the tax needs to be applied aredefined.To define a tax rate:

If you are an X-Cart GOLD administrator/provider:

1. Go to the 'Taxes' section of your store's Admin area. In X-Cart versions 4.4.0 and later, this section can be found at Shipping and Taxes menu -> Taxsystem; in X-Cart versions 4.3.0-4.3.2, this section can be found at Settings menu -> Tax system; in earlier versions, this section can be found at

Management menu -> Tax system.

2. In the dialog box titled 'Taxes', find the tax for which you would like to add rates and click on its name. The 'Tax details' section of your store opens.Scroll down through the 'Tax details' dialog box. You should see a dialog box titled ': Tax rates' (where '' is the name of the taxwhose details are being displayed).

If you are an X-Cart PRO provider:

1. Go to the 'Tax rates' section (In X-Cart versions 4.4.0 and later, this section can be found at Shipping and Taxes menu -> Tax rates; in earlier X-Cartversions, this section can be found at Inventory menu -> Tax rates). You should see a dialog box 'Taxes' displaying the names of all taxes defined foryour store by the store administrator (The expression 'N rates defined' displayed in brackets next to each of the tax names shows the number of taxrates defined by you for these taxes. Before you have defined any rates, this number is 0 (zero)).

2. In the 'Taxes' dialog box, find the tax for which you would like to add rates and click on its name. The 'Tax details' section of your store opens. O n thepage, you should see a box titled 'Tax details' displaying the details of the selected tax as defined by the store administrator:

Note: To return to the list of your store's taxes, you can click the Taxes list link at the top right-hand corner of the 'Tax details' box.Below the 'Tax details' box, you should see a dialog box titled ': Tax rates' (where '' is the name of the tax whose details arebeing displayed).

3. Turn to the ': Tax rates' dialog box:

26
http://help.x-cart.com/index.php?title=File:Tax_details1.gifhttp://help.x-cart.com/index.php?title=File:Tax_details1.gifhttp://help.x-cart.com/index.php?title=File:Tax_details1.gifhttp://help.x-cart.com/index.php?title=X-Cart:User_Memberships


28/43

4. Define the details of the tax rate by completing the fields of the 'Add tax rate' subsection of the ': Tax rates' dialog box:

Rate value: Tax rate value (Use the drop-down box next to the 'Rate value' field to define whether the tax rate should b

3-x-cart setting up your storef

Documents