Zen Cart™ Documentation
Implementation Guide
For Zen Cart™ Version 1.5
This is a BETA Release and should not be used
on a Live Site
Document Implementation Guide
Author Zen Cart™ Team
Document Revision 1.7b
Document Revision Date 20 May 2011
Beta Release Only
Table of Contents
1. Introduction.........................................................................................................................................3
2. Installation Requirements...................................................................................................................3
2.1 Server Hardware Requirements........................................................................................................3
2.2 Server Software Requirements.........................................................................................................3
2.3 Domain Name Requirements...........................................................................................................4
2.4 Other Installation Requirements......................................................................................................4
3. Obtaining the current Zen Cart™ release...........................................................................................4
3.1 Hash Keys........................................................................................................................................4
3.2 Patches.............................................................................................................................................5
4. Unpacking and Uploading the application software files...................................................................6
5. Pre-Installation Actions......................................................................................................................8
5.1 New Installations..............................................................................................................................8
5.1.1 File/Folder Permissions............................................................................................................8
5.2 Upgrades .........................................................................................................................................9
6. Running the Web-Based Installer.....................................................................................................10
6.1 New Installs ...................................................................................................................................10
6.1.1 Introduction.............................................................................................................................10
6.1.2 Step 1 Welcome Screen..........................................................................................................11
6.1.3 Step 2 License Confirmation..................................................................................................12
6.1.4 Step 3 System Inspection........................................................................................................13
6.1.5 Step 4 Database Setup............................................................................................................15
6.1.6 Step 5 System Setup................................................................................................................18
6.1.7 Step 6 Store Setup...................................................................................................................20
6.1.8 Step 7 Administrator Account Setup......................................................................................23
6.1.9 Step 9 Setup Finished.............................................................................................................24
6.2 Using zc_install to do The Database Upgrade Step of a Site Upgrade..........................................25
6.2.1 Introduction............................................................................................................................25
6.2.2 Step 1 Welcome Screen..........................................................................................................25
6.2.3 Step 2 License Confirmation.................................................................................................26
6.2.4 Step 3 System Inspection.......................................................................................................27
6.2.5 Step 4 Version-upgrade-checkboxes......................................................................................28
6.2.6 Step 5 Database-Upgrade Step Finished................................................................................29
7. Post Installation activities.................................................................................................................30
7.1 Changing The Admin Directory Name for Security-By-Obscurity...............................................30
7.2 Enabling SSL in your Admin.........................................................................................................30
©Zen Cart™ 2010-2011 Zen Cart™ Version 1.7b Page 1
Beta Release Only
7.3 Setting directory and file permissions............................................................................................30
7.4 Removing the installation directory...............................................................................................31
7.5 Blocked Administration Access......................................................................................................31
8. Accessing the Administration Panel and Configuring Users and Passwords...................................32
8.1 Introduction....................................................................................................................................32
8.2 PA-DSS and Administration Access..............................................................................................32
8.3 Users..............................................................................................................................................33
8.4 Profiles...........................................................................................................................................33
8.5 Admin Activity Logs.....................................................................................................................35
8.5.1 Review or Export Logs...........................................................................................................35
8.5.2 Purge Log History..................................................................................................................36
9. Code Customization, Addons, and Plugins......................................................................................37
10. Engaging 3rd-Party Consultants or Programmers..........................................................................38
10.1 Webstore “Admin”/Backend access..............................................................................................38
10.2 FTP Access..................................................................................................................................38
10.3 Control Panel access....................................................................................................................38
10.4 Secure use of customer database and website files......................................................................39
10.5 Two-Factor Authentication...........................................................................................................39
11. Removing Old Non-Compliant Data...............................................................................................40
11.1 Removing Old Credit Card Data From Database Records...........................................................40
11.2 Suggested Procedure For Secure Erasure of Old CHD data........................................................40
12. Network Diagram............................................................................................................................41
13. Dataflow Diagram..........................................................................................................................42
14. Implementation Guide Changelog..................................................................................................43
©Zen Cart™ 2010-2011 Zen Cart™ Version 1.7b Page 2
Beta Release Only
1. Introduction
This Implementation Guide is meant to help you when installing the current version of the Zen Cart™
application. or when updating your current version.
PA-DSS
It is a requirement of the PA-DSS that you follow the instructions in this Implementation Guide when
installing or upgrading your Zen Cart™ application.
Note also, that this guide is written for the v1.5 release of Zen Cart™
unless otherwise noted.
2. Installation Requirements
2.1 Server Hardware Requirements
Zen Cart™ itself does not “require” any particular hardware, as long as the hardware you use for your
hosting service supports the software requirements that follow.
However, users should be aware that some hardware configurations such as inadequate server RAM,
slow server hard drives, excessively restrictive firewalls, etc, can adversely affect the operation of the
Zen Cart™ application.
2.2 Server Software Requirements
Zen Cart™ will work with the following minimum requirements.
PHP version >= 5.2.3
MySQL version > 4.1.3
Apache version > 2.0
However it is recommended that you use the latest versions of PHP/MySQL and Apache.
Note: While we recommend the use of Apache as your web server software, it will also work with
Microsoft IIS and other Web Servers (e.g. nginx), however some security features will cease to work.
Further information on this is provided in the next section regarding .htaccess.
You will also need to ensure that your PHP version has the following modules installed:
cURL – Required for some shipping and payment methods.
OpenSSL support – Usually this is compiled into PHP and cURL upon install of PHP
Unless you will have no customers accessing your site via the internet, you will want an SSL certificate
added to your hosting account. A “shared” certificate may work, but dedicated is preferred as it is a
more seamless experience for your customers and is much easier to configure.
You will also need to ensure that your hosting service allows you to use SFTP for transferring files
©Zen Cart™ 2010-2011 Zen Cart™ Version 1.7b Page 3
Beta Release Only
to/from your hosting server.
2.3 Domain Name Requirements
You will need a registered domain name, connected to your webhosting account at your webhosting
company. If you need to register a domain name, see the “Register A Domain Name” section on this
screen: http://www.zen-cart.com/partners
Temporary use of merely an IP address may work during initial installation, but to actually run your
shop will require use of a domain name. Changing it after-the-fact will require manual editing of your
configure.php files. An article on making such changes can be found at http://tutorials.zen-cart.com
2.4 Other Installation Requirements
PA-DSS
Zen Cart™ uses Apache .htaccess files to better protect some directories for security purposes. You
should ensure that your Apache settings allow for the use of .htaccess files on your Web server (most
do). If you are unsure please check with your Hosting provider.
Specifically, Apache must be configured with AllowOverride set to either 'All' or at least both 'Limit'
and 'Indexes' parameters, and preferably the 'Options' parameter as well.
If you are not using Apache as the web server (e.g. you are using IIS or nginx) then you should take
steps to protect the directories in a similar manner to the .htaccess files Zen Cart™ suggests.
Your web server must be able to serve pages using SSL encryption and you should have an SSL
certificate correctly installed for your domain. If you do not have SSL or are unsure, then once again
you must confer with your Hosting provider.
Your web server must also be able to support the use of SFTP for transferring files to/from the server.
3. Obtaining the current Zen Cart™ release
The current release is obtainable via SourceForge: https://sourceforge.net/projects/zencart/files
The release is provided as a .zip file.
3.1 Hash Keys
Hash keys are a way of checking the validity of a zip file. We provide both md5 and sha1 hashes for the
current release. Those hashes can be seen below the download link on the home page of the Zen Cart™
support website at http://www.zen-cart.com
We also provide some information on how to check hash keys in the following FAQ article:
http://tutorials.zen-cart.com/index.php?article=405
©Zen Cart™ 2010-2011 Zen Cart™ Version 1.7b Page 4
Beta Release Only
