As a continuation of my research into choosing an appropriate shopping cart application for an upcoming project I’m working on I chose to review OpenCart this time. To be honest, I hadn’t even heard of OpenCart until one of the comments from the last post turned me onto it but after reviewing it I am glad I did.

As mentioned above, OpenCart is another e-commerce platform useful for setting up an online storefront. OpenCart is released under the GNU General Public License version 3 (GPLv3) which means it’s freely available for anyone to use and since OpenCart is written in php it’s right in my wheel house. The main developer of OpenCart is Daniel Kerr who, from what I can gather, is over in Great Britain but not the Australian rules footballer (in case there was some confusion from any Aussies).

Anywho, OpenCart has lot of good features available out of the box with my favorites being the Backup Manager,  User Groups, really nice localization (l18n) and internationalization (i18n) options, support for multiple stores and a slick reporting overview. OpenCart also has the one feature I personally love from any and all e-commerce packages; Guest Checkouts. Personally, when I’m buying something from an online store that’s not a 500 pound gorilla like Amazon or Best Buy I hate signing up for an account. Guest checkout is the shit.

The code is really well structured and thought out; it uses a nice implementation of the MVC pattern which made things ridiculously easy to walk through and find out what was going on under the hood. OpenCart appears to be using a home grown MVC framework, which, while, in my opinion a little unnecessary,  isn’t at all a big deal. Unfortunately, the code appears to be open to Cross Site Request Forgery (CSRF) attacks and other security issues. More on this in a minute.

The OpenCart administration module is attractive and laid out logically. Everything is ready and available in such a way that most people with experience working with administration panels would feel right at home. It should be noted though that the administration panel will NOT work in Internet Explorer 6.

Naturally, OpenCart also ships with the ability to have custom themes and the default theme that ships with OpenCart is quite attractive too. After reviewing the procedure for creating themes though I have to say that I’m not even a little impressed in how themes are supposed to be created; they appear, in my opinion, to be overly complicated, a little convoluted and deviates from the traditional manner used with countless other open source projects.

OpenCart has a basic module system though it isn’t what, in my experience, should be considered a module system; in OpenCart a module is more of a sidebar widget. A small distinction to be sure and not really an issue; more of an inconvenience of nomenclature than anything else but something that drives me nuts (can’t we all agree on what these terms mean already?).

There’s also a lot of manual intervention needed when configuring the system. Want to add a module? FTP the module, go to the module section of the admin, click install, click edit and fill out the form (be sure to enable the module too). Want to turn on search engine friendly URLs? Rename the file .htaccess.txt to .htaccess (through FTP or similar) then go to the administration panel, then to the settings area to enable. Very anti user friendly in my opinion.

There are other issues with OpenCart, like the flow for adding images to a product being pretty convoluted, but those are all small in the grand scheme (pretty much all my gripes can be, rightfully, dismissed as design decisions I don’t agree with). Fair enough. What isn’t acceptable is the complete lack of respect the developer has for security in OpenCart or the developers who try to help out in general. This, I’m afraid, is a deal breaker.

May 2010 was actually a pretty fortuitous time for me to research OpenCart; as soon as I began looking into the program I started seeing some discussion on OpenCart which lead me to a forum post on the official OpenCart forums. Another developer had some suggestions on how to improve the style and conventions of OpenCart and, well, Daniel really showed his ass.

Then, not a week later, I see on that there’s another war going on between Daniel and a developer who found some pretty nasty CSRF issues. Again, Daniel showed his ass (along with a good helping of ignorance mixed with arrogance this time) with nothing being resolved.

This was truly the breaking point for me. Why in the world would I ever use software written by someone who, when confronted with the issues, acts like nothing’s wrong? Nope. I have people relying on me to make choices that won’t, you know, ruin their business and OpenCart, for all it’s bells and whistles and nice code and pretty administration panel, is a horrible platform because the developer refuses to do anything about issues when presented with them.