The back end is the admin section for Kartris. In some cases the terms 'back end' and 'admin section' may be used interchangeably.

To access the back end of your Kartris site, go to:

[your site domain]/Admin/

You will need your username and password. Note that if you forget these details, it is not possible for anyone to recover them, since they are 'hashed' for security. Instead, they can only be reset.

If you have another user who has 'config' permissions in the back end, they can edit your login and create a new password for you. If you are the only admin, then you must either using the Data Tool to do the reset, or force your site to run the setup routine again, see 2.4.4. Forcing the install routine to run again.

'Secure sockets layer' allows encrypted secure communication between a browser and your web site. This must be setup on your site itself (rather than through Kartris). Kartris cannot use shared SSL; the secure certificate must be for your domain itself where your site is running, and be properly applied through the Microsoft IIS web server (and not via some external layer as some hosts such as GoDaddy do).

The first step is to check your site has SSL enabled. To do this, simply go to the front page of your site and then edit the address in the browser so it uses HTTPS instead of HTTP. For example,

https://www.demo.xyz/

If you see an error in your browser that the site is untrusted, or that the connection was interrupted, or any other browser error, then SSL is NOT running properly on your site. You should contact the host or your developer if you believe it should be.

Only once you have verified that SSL is installed and working should you attempt to activate the SSL support within Kartris.

Once logged in to the back end, find the general.security.ssl config setting. There are four possible settings ('always on' SSL was introduced in Kartris v2.7000, 'external' was introduced in Kartris v2.9008).

  • 'n' = off
  • 'y' = on for pages where sensitive data is transferred (login, checkout, back end, any page when user is logged in)
  • 'a' = always on, SSL for all pages
  • 'e' = external SSL, applied by a platform like Cloudflare, see 3.2.1.3. External SSL

Scope of SSL
SSL puts an additional overhead on a web server and a user's browser, and so in the past it has tended to be used only in places where sensitive data is transferred, especially for credit card transactions. There was seen as little point applying SSL to all traffic such as when a casual visitor is browsing the site, or a search engine is spidering it.

However, in recent years, SSL has become more widespread. Many web sites such as Google use SSL by default, and the revelations by Edward Snowden of pervasive internet surveillance by western security agencies have further highlighted the issues of eavesdropping and user-privacy. In summer 2014, Google indicated that it would start to give slight preference in its results to sites running SSL, which is likely to see a surge in the take up of 'always on' SSL.

Typically running SSL on a .NET web site involves a setup procedure to create a certificate request on IIS, then using this to purchase a secure certificate from a trusted authority, then installing this on IIS. It also requires a unique IP address, which further adds to the cost and complexity of setting it up on a server with multiple web sites.

Furthermore, most basic secure certificates only cover the www and root domain, not other subdomains. A so-called 'wildcard' cert which supports all subdomains too can be purchased, but it's generally around 5-10 times the price.

Nowadays, Google and others are encouraging sites wherever possible to use SSL, and Google claims to boost secure sites in results.

Fortunately there is now another option for SSL. Cloudflare.com provides a free SSL service which can be used if you change your DNS to Cloudflare.

However, Kartris needs some coding to support this. Previously, when set to use SSL, Kartris would check pages to see if they were secure using Current.Request.IsSecureConnection(). Unfortunately if you just turn on Cloudflare SSL without the updates to Kartris, it will go into a loop, because this code will return FALSE (as the site itself on IIS is running with http, not https).

Therefore, Kartris introduced a new 'e' setting for external SSL. In this case, it will format URLs where appropriate with https, but not do any checks to see if a page is secure.

If you want to force http to redirect to https, you can use the Page Rules feature within Cloudflare to do this. One thing to consider is your payment gateway callbacks. You might find that the https redirect rules interfer with these so possibly at rule number one, you may want to exclude the callback from the Cloudflare cache, so it continues to work exactly as before. Then you can put some redirection rules after that - the free Cloudflare offering allows up to three page rules, which should be enough to handle most things.

Cloudflare page rules screenshot

While the username and password system provides a decent level of security, it is not fool-proof. If your computer is lost or stolen, or some spyware passes your access details to a potential attacker, then an attacker could use your details to access your site. An attacker may also attempt a brute force attack - repeated trial and error attempts and logging in.

Since the number of admin users is typically quite small, and they will normally access from one or two locations (e.g. office or home), then it is possible to apply extra security to the back end in the form of an IP address restriction. For this to work, you must have a fixed IP (or one within a relatively narrow range).

Open up the web.config file in the root of the web, and find this tag:

Into the value, add your IP address, or part of your address. Separate multiple values with a comma. For example:

000.000.000.000,111.111.111

(the first number is a single IP address, the second is a partial IP address)

If you have your own server or virtual server, and have admin access to the IIS web server, you can restrict access to the back end through this.

In IIS 6, the ability to limit access by IP is built in. In IIS 7, you might have to activate this feature separately.

Using IIS to enforce security in this way adds an additional level of security because it is completely independent of Kartris. Anyone trying to access the Kartris back end will be turned away unless their IP address matches one of those you have expressly authorized. Kartris pages won't even get run.

You can also ban particular IP addresses and ranges (although it is far better from a security perspective to 'deny all' and then allow specific addresses rather than try to ban problem IPs and ranges).

Diagram of Kartris back end buttons

A. Front/back end toggle - this button takes you to the front end of the web site. A similar button will be visible on the front end if you are logged in as an admin, to take you to the back end. The button is context aware - if you are viewing a product, category, custom page or KB article, the button will toggle you to the same item in the front or back end.

B. Start/stop Kartris - You can open and close the front end of Kartris using this button. When logged in as admin, you can still see the front end, but the public will see a 'site closed' message instead.

C. Main menus - These dropdown menus provide access to all Kartris's back end features.

D. Login status - Your username is displayed here, together with four pips indicating permissions for various roles in Kartris. A solid pip (as above) indicates you have the permission, a hollow pip indicates you don't. You can hover on each pip to see the permission role it corresponds to.

E. Logout button - Does what is says on the tin.

F. Home button - Takes you to the back end home page.

G. Category treeview - this is an expandable navigation menu showing the entire product catalogue. For performance reasons, sections are loaded up if expanded via AJAX, so the entire menu (with all content) does not have to be rendered. Items that are turned off ('Show on site' is unchecked) show with grey icons.

H. Category home page - Displays the top level categories page, you can drill down to any item from here.

I. Refresh cache - For performance reasons, Kartris caches most types of content that change rarely and are not user-specific. In most cases, the caches will automatically be updated when necessary, but this button forces caches to clear just in case. It will also reset the treeview to the default position.

J. To do list - Kartris will flag tasks that need your attention such as new orders, items out of stock, and so on.

K. Search - This handy search box will find most things; products, versions, customers, language strings, config settings, etc. You can of course search for these things from within their respective sections. But generally it's just easier to put an SKU or a customer email address in here and let Kartris to the heavy lifting.

Kartris will create an admin account for you during the setup process. However, many store owners will need to have multiple staff members accessing the back end. Kartris therefore allows an unlimited number of extra back end accounts to be created, with varying levels of access.

The login management page can be found by going to Configuration > Logins. All logins for the site will be displayed in tabular format. Checkboxes show the permissions settings for each account, as well as whether or not the login is live.

The primary login accounts for Kartris don't have any 'delete' option and the permissions for these accounts cannot be changed. This ensures that the main admin accounts are always valid, and that you cannot inadvertently lock yourself out of control by removing the primary accounts or reducing their access level.

Note that anyone with config permissions can create new users with any permissions they wish, or edit their own permissions to give themselves any permissions they choose. Bear this in mind if you grant configuration permissions to a user but deny them 'orders' permission, for example. The user would be able to edit their own permissions to give themselves 'order' permissions if they wanted.

User accounts can be restricted using the permissions checkboxes so that they can only access certain areas in the back end. The back end is divided into four broad areas:

  • Configuration permissions - user can change config values, shipping, tax, countries and other setup details
  • Product permissions - user can view/edit categories, products and versions
  • Orders permissions - user can view/change customers, orders, affiliates and coupons
  • Support permissions - user can view/change support tickets and knowledgebase articles
This permissions structure serves two purposes. Firstly it allows you to prevent certain users from being able to make major changes to site settings, or products, for example, while allowing them to process orders. Secondly, it simplifies the back end somewhat by removing extraneous menus for users who do not need them.

The config settings should not be confused with the web.config, which is a file on the site holding basic configuration for the site including the database connection. Config settings control all kinds of things relating to the functioning of your store, from the sizes of various images to the availability of certain features to users.

Values are stored in the database (in the tblKartrisConfig table); this has a number of advantages over setting values in the web.config.

  • Keeps the web.config relatively uncluttered
  • Works even when there is no 'write' access to the root (where the web.config is located)
  • Does not force the application to restart (which editing the web.config does)
  • Helps config settings to persist when you upgrade Kartris to a newer version
  • Config settings can be searched easily from the main back end search box, or from their own dedicated search box within the config settings section.
Some important config settings are set during the setup routine; most of the others are less critical and can be tweaked later once you have Kartris running and your site under development.

Config settings can be located most easily from any back end page using the general search box. Just enter a part of the name of the config setting, and the system will find any matching records (up to 15 maximum can be displayed). Since config settings are named fairly logically, you can generally find relevant ones by entering a single word search such as 'images' or 'SSL'.

If you are less familiar with the config settings, you will find it easier to navigation to the config settings page (Configuration > Config Settings). From here you can navigate a hierarchical dynamic menu of the config settings. Hovering over either 'frontend', 'backend' or 'general' links will open out the menu – new sections will fold out as you hover over certain entries. This can be a good way to explore and find new settings relevant to particular features.

Once you have located a config setting, you can click to edit it. Be extremely careful to ensure that you do not set config settings to an invalid value. This can cause errors in the operation of Kartris. Great care should be taken to double check values being changed before you click to submit any changes.

There are a huge number of config settings and we won't include them all. But there are some important and useful ones which are worth highlighting.

general.tax.pricesinctax - this determines whether the prices for items you enter in the back end are inclusive of tax or not. In the US, prices would typically be entered exclusive of tax, and this setting would be 'n'. In Europe, it is more common that prices would be inclusive of tax (though business-to-business oriented sites may use ex-tax pricing).

frontend.users.access - this provides control over the level of access to the site that the public has.
'No' = full site viewable
'Yes' = must login to view site
'Partial' = prices & add buttons hidden until login
'Browse' = full site viewable, must login to checkout



frontend.display.images.large.linktype - this determines whether large views of images are launched in a new browser window [n] or within an ajax popup [a]. The latter is generally preferred these days as it's virtually instant and also avoids some of the issues with popup blockers that may interfer with launching new windows depending on browser settings.

Taxation in various countries differs considerably, and requires a quite different structure for the calculation. For technical reasons, Kartris has this value set in the web.config rather than in the config settings, meaning it is not changeable from the back end of Kartris.

This value gets set during the setup routine, and it's unlikely most stores would ever need to change this. But if for any reason you do, you can find the tag in the web.config file and change it manually.

The possible values are:

  • EU
  • US
  • Canada
  • SIMPLE

The tax settings of your store depend to a large degree on where you are based.

To simplify matters, Kartris features a 'Regional Setup Wizard' (found within the 'Regional Setup' menu). This walks you through some simple questions and then sets up the various tax settings for you, including determining which countries/states are activated and set to have tax charged to them.

The currency section ('Regional Setup > Currencies') allows you to set the currencies that you want to use on your web site, and the relative values of these. You can use any currency you wish on your store, including as a default currency.

You will see something like this:

Currencies

The first currency listed is your default one. It is the currency you use to set prices for your products, and the currency customers will see unless they choose to override it.

To change your default currency, simple edit the values in the default slot. You will need to know the ISO codes of your currency, which can be looked up here:

ISO 4217 - currency ISO codes

You can also determine how the currency is laid out using the two format fields as well as choose which decimal separator is used. Some currencies have the unit *after* the value, and in much of Europe, the comma is used instead of a point/period as the decimal separator.

You can edit the other currencies in a similar way, but for these, you can also set the exchange rate relative to the default currency.

If you use multiple currencies, Kartris has an exchange rate lookup feature, which will look up current prices with the click of a button and fill them into the form. You can then make any manual adjustments, if desired, and submit the new prices. Please contact us for more information if you wish to use this.

Live currency update

If you are in Europe, then typically you will want to enter prices on your web site inclusive of tax. Stores based in the US, or European stores that deal primarily with business customers, will normally want to enter prices exclusive of tax.

This is controlled by the general.tax.pricesinctax config setting which should be set to 'y' for tax inclusive prices, and 'n' for ex-tax prices.

Note that for tax inclusive prices, tax is calculated 'per item' rather than per row of the basket. As such, a rounded 'ex tax' price can be calculated. But for ex-tax pricing, tax is applied to each row of the basket. Consequently, it is not possible to show a rounded inc-tax price for individual items, because this would in many cases not quite tally with the actual tax on the order (due to the different rounding used, per-item and per-row) and would be likely to confuse customers or lead to complaints that the site has added up the tax wrongly.  Instead a percentage figure is shown where necessary.

Most stores will typically show a singe price for each item, which might be either inc tax or ex tax. In this case, you should set your frontend.display.showtax config setting to 'n'. If you wish to show the tax associated with an item, set this to 'y'.

The way prices are displayed within Kartris depends on both of the following config settings:

  • frontend.display.showtax
  • general.tax.pricesinctax
The exact format will vary as follows:

Table to show how the two tax config settings affect the display on the site

frontend.display.showtax

y

n

general.tax.pricesinctax

y

Ex tax £8.51 Inc Tax £10.00

Price £10.00

n

Ex tax £10.00 Tax 17.5%

Price £10.00

Note that in all the cases in the table above, the item price is entered in the back end as 10.00, and the tax rate is 17.5%. It is the config setting general.tax.pricesinctax that determines whether this means £10.00 at checkout (£10.00 inc tax) or £11.75 (£10.00 plus 17.5% tax).

Note that if you enter prices into your store ex tax, and then switch to inc tax, the prices won't change (for example, an item entered as £10.00 won't suddenly become £11.75 – it will still be £10.00, just that this will now be considered inc tax instead of ex tax).

To access the shipping page in the back end, go to 'Regional Setup > Shipping'. Shipping is the term we use to refer to all methods of delivering physical products by post, parcel service or courier.

Kartris has a flexible shipping system that lets you define shipping for particular countries/states, order weights/values and for different shipping types. You can also set real-time shipping lookups to handle all or just some shipping possibilities. For example, you may want to ship domestically within the US by one courier, ship orders up to 10kg to Europe by a different courier, and then specify your own pricing for orders to Europe above this weight, and for all other shipping zones.

You can choose to calculate shipping based on the weight of an order, or  value, depending on your frontend.checkout.shipping.calcbyweight config setting. Set to 'y' to calculate by weight, or 'n' to calculate based on order value. Within each band, you can set either a price, or select any real-time shipping provider that you have activated from the Payment and Shipping Gateways section.

You can set up any number of shipping methods for your store, such as 'standard post', 'express post', 'courier' and so on.

You can set up any number of shipping zones for your store. A shipping zone is an area which has its own shipping price levels. Countries and state records will be mapped to the appropriate shipping zone later. At the simplest, you might want a 'home' zone for orders in your own country, a 'regional' zone for countries nearby, and a 'rest of world' zone for everywhere else, for example.

If you want to subdivide your own country into various shipping zones, you can do this by having multiple regional 'country' records each mapped to their own shipping zone. So for example, a store in the UK might decide to have three shipping zones within the UK:

  • United Kingdom - Mainland
  • United Kingdom - Highlands and Islands
  • United Kingdom - Northern Ireland
You would then need to have three corresponding 'country' records, each of which is mapped to its appropriate shipping zone.

Once you have set the methods and shipping zones, you can start to create the actual shipping rates. Click the 'Shipping Methods tab' and then click the 'Rates' link by the first shipping method.

This brings up a list of the bands that are in effect for each shipping zone. You can create any number of bands for each zone to fine tune the shipping price for any weight/value. This process can be repeated for each shipping method.

If a real-time shipping price system like UPS, USPS or Fedex is enabled, you can also specify that this be used for that particular band.

Shipping bands including UPS, USPS and fixed price

Kartris includes support for UPS, USPS and Fedex real-time shipping systems. These use an external web API call to send weight and location details, and then the available shipping method types and their costs are returned. The open plugin architecture of Kartris means other providers can be supported if suitable plugins are crafted. You need a free user account with whichever shipping system(s) you are using, and to set up the plugin within the Payment and Shipping Gateways section of the back end.

To activate UPS as an option, you must first create an account with UPS.

Go to www.ups.com and sign up to create an account. Next, you will need access to the API, and also an 'access key' to retrieve the shipping rates (you need the XML key, when the option is given). You can apply for these here:

https://www.ups.com/upsdeveloperkit?loc=en_US

Note that the UPS web site is almost unfathomably complicated in layout, confusing to find anything, and the forms seem to behave in inexplicable fashion, asking for you to fix errors which are not displayed, wiping your address and other data and so on. Nothing we can do about this unfortunately. You might have to contact UPS support if you cannot figure it out.

Once you have the 'access key', you can start to enter your account details into the UPS settings in Kartris. You will need to refer to UPS documentation with regarding to what values to enter for the various fields.

Once the STATUS field is set to ON, UPS will be available. You can then go to shipping and view the shipping methods and rates. For each band you add, or for the 'all higher orders', you will see an extra text field. You can add 'UPS' or 'USPS' into this, if you want orders meeting this criteria to use real-time shipping. If you want to edit an existing band, you must delete it and create a new one with your preferred shipping provider, or value. This system is therefore very flexible; you can mix both UPS and USPS, specifying one or the other for particular locations (regions) and weights (or costs). You can also have your own static pricing for orders over the limit of what UPS or USPS will deal with (if for example you can use some other provider for large orders, or even hire a truck).

You will need to control not only which countries you will accept orders from, but what tax and shipping will be charged to customers from them. You can access this section at 'Regional Setup > Countries'. This brings up a page showing an overview of countries, like this:

Countries

The default country setting allows you to pre-select a country for users at checkout (and for the basket's shipping price estimate). We generally advise not doing this as customers can sometimes hastily click through the checkout stages without noticing they've just confirmed the default country. By not selecting this setting, you force the customer to actively make a selection and so minimize the chances of them selecting the wrong one.

The USA, Canada and Australia all have provinces or states. If your store is in one of these countries, instead of having a single country record, you will have multiple records - a Country / State record for each state or province. Each of these records has the same country ISO code, but can also accept a regional code (such as two-letter US state code) which may be used by some external systems such as real time shipping price lookups.

You can also view countries by shipping zone. It is up to you which shipping zones you decide to have, and which countries are mapped to them. Each shipping zone is a region of the world (or country, if you have multiple country records) for which the shipping cost will be the same. For example, if your store is in the USA and shipping to France, Germany and Belgium is the same price, then you should have all these countries mapped to the same shipping zone.

If your store is set to EU as the tax regime, you can set for each country whether tax is to be charged or not (boolean). If your store is set to US or Canada, you can set the tax rate that applies for each state.

Countries, expanded

Kartris has a back end section dedicated to various database related tasks. To access this, go to 'Configuration > Database Admin'.

You may find that some tabs referred to below are not visible when you log in. In this case, the backend.expertmode config setting is probably off. This setting hides some back end features, even to those with 'config' user permissions. You can edit the config setting to turn on expert mode, which will show advanced tabs in the db admin section.

Expert mode also allows you to edit certain field details of config settings and language strings that are normally hidden.

From here you can restart Kartris. This works by making a minor change to the web.config file and saving it – ASP.NET will restart a site when this file is changed. Therefore it only works if your site has write permissions to the root. If you need to restart Kartris and this does not work, you can manually change the web.config via FTP.

Kartris keeps logs of certain actions by admins such as logins and changes to config settings.

Kartris will log ASP.NET errors within the Uploads/Logs folder. This tab allows you to view these errors more conveniently from the back end of Kartris. In the event an error means the site is unavailable, you can view the error logs via FTP, in the following location:

Uploads/Logs/Errors/

Error logs are created with a .config extension to ensure the raw files cannot be served to web users (even if they know the location and name of a particular log file).

The presence of errors does not automatically indicate an issue with your site. 404s (file not found), cancelled orders and some other events will be recorded, as well as errors due to partially formed pages being submitted (for example, if a visitor has a slow internet connection and only receives part of the page before pushing a button). The logs are designed to be a useful tool to provide information to help resolve issues rather than a digest of problems on your site that need to be resolved.

In Kartris versions up to 1.4xxx, the records in the database are protected from casual deletion or modification by a series of triggers. The various stored procedures that update data disable a trigger, update the data and then re-enable it again.

To edit data within the database either via your own query or directly into the database tables, you will need to disable either the specific trigger(s) protecting that data, or all triggers - this can be done from this section. Typically triggers will be reactivated over time automatically when queries on those tables next fire up, although you can also reactivate all triggers here too.

If you need to modify data in the database directly and the back end is not accessible, or is on error, you can run the following stored procedure instead:

_spKartrisDB_DisableAllTriggers


To find this, expand 'Programmability > Stored Procedures' for your database in SQL Management Studio, and then right click and 'Execute Stored Procedure'. Then click 'OK' on the popup that appears. The 'Results' window should appear with a return value of zero.

This provides an easy way to clear data related to products, orders or sessions. It's important not to attempt to clear data directly from Kartris by just blanking all the tables in the database, as some hold data such as config settings and language strings that is vital to the operation of Kartris.

This provides an easy way to run a query against the database. A non-expert would typically only use this if Kartris support staff provide a query for them to run to perform a task such as to alter the database in some way, or find some information that is required for a support issue.

From time to time, you may need to export data from Kartris to a file. This might be anything from a customer list, order details, product inventory or statistical data for external analysis. Kartris provides both a built-in export for customers/orders, as well as a flexible export system that lets you write your own custom exports and save them within Kartris.

Export form

You can specify a date range, the file name you wish to export as, the delimiter (marker) for each field and that indicates string values (non-numeric / text as opposed to numbers). You can optionally include the full order details field (text of the confirmation email to customer stored in the system) and incomplete orders (orders where the status checkbox 'complete' is not yet checked to indicate the order has been fully processed).

The file format is CSV - comma-separated values. This is a text format which spreadsheet programs such as MS Excel and Libre Office Calc can open. If you find data shows up in the spreadsheet with single quotes around values, try exporting again but select a double-quote as the 'string delimiter'.

Custom exports are saved reports that you can run to output specific data that you need. If you go to the 'Saved Exports' tab, you can see some pre-written custom exports that come as standard within Kartris - clicking on edit will allow you to see how these are constructed. An export requires the following information:

  • Export name (any name will do, it just lets you identify this export in a list)
  • Field delimiter (separator between different data values, normally a comma)
  • String delimiter (the marker around text / non-numeric values - experiment with a single or double-quote and open up the resulting file in your spreadsheet program such as Microsoft Excel - if you see the single or double-quote mark around data, then try using a different delimiter)
  • Database query

The database query is the key part of the export. This uses 'structured query language'  (SQL), which is a standard common language that is largely similar on different types of databases to specify which data is to be exported. A full explanation and grounding in writing SQL queries is beyond the scope of this manual, but there are plenty of books and web sites dedicated to the subject.

Microsoft Access and MS SQL Management Studio also include graphical tools to help you build queries.

Advanced users may also prefer to create stored procedures and then call these from the saved export - our standard 'Products data for data tool' export which is included in a default installation uses this method.

This gives an overview of your database, and let's you back it up. Note that this fires the backup facility within MS SQL server. It does not enable a remote backup. You should discuss with your hosting provider about the best way to obtain an off-server back up of your MS SQL database.

MS SQL has a feature called 'full text search' that significantly improves the performance of text searches across data, especially on very large databases with many records. This feature of MS SQL is installed with the 'advanced services' version, and therefore may not be available on all installations. For this reason, we don't activate it as standard. On smaller sites, the performance different with and without FTS isn't significant. You will probably find it simpler not to use this feature.

But larger sites will get a huge benefit from this; especially when you have tens of thousands of items, or more.

Before attempting to activate this feature, check that your server supports it by expanding your database and looking for the 'full text catalogs' folder, as shown below.

fts

If the feature is supported, clicking the link within the FTS tab in your Kartris back end will create the required stored procedures and activate the feature. Searches in both the front and back ends of Kartris will use FTS. For this reason, even stores with a relatively small number of products but with a large customer/order database may also decide to use FTS to improve performance of back end searches.

Powered by tomeCMS