ExpressionEngine 2.7 + is required to run CartThrob 2.3.7+
We've made it as simple as possible to create advanced dynamic shopping cart sites with ease but there is still a bit of work required on your part. CartThrob comes with default templates to get you up and running fast, but we recommend you review the docs presented on this site and review all of the configuration settings in detail before you build your first site. You can potentially create a shop without ever reading the manual, but it will be much more helpful in the long run to review the materials we have made available.
Many merchant accounts require that you make purchases using a secure connection. This requires the yearly purchase of an SSL certificate, and installation of that certificate on your website. If you require additional information about SSL certificates, please contact us! All fully integrated payment gateways (including PayPal Payments Pro) are generally required to have an SSL certificate, and a secure HTTPS connection to complete transactions. Payment gateways that take payments off-site, including PayPal Standard, and 3-D secure systems may not require an SSL certificate, but it is good practice, when transmitting data to use HTTPS connections.
Installation of CartThrob requires ExpressionEngine. CartThrob is an addon that runs as part of ExpressionEngine 2.7+. To ascertain if your server can run ExpressionEngine, please review the documentation here.
You must use PHP version 5.2 or newer and MySQL version 4.1 or newer
Some off-site payment gateways, including PayPal Standard, 2Checkout.co, or others requiring 3-D secure payments and other off-site payment methods suggest that the PHP setting "session.referer_check" is disabled. You can check phpinfo(), or, using ExpressionEngine you can go to Admin » Utilities » PHP Info and check to make sure it is currently turned off (or set to no value).
You can turn this off using php.ini (if you have access to it… on most shared hosts you won't).
php_value session.referer_check none
If setting referer_check to none causes any issues with other systems then try to leave referer_check enabled. If referer_check is enabled, it's entirely possible to lose track of the contents of your session after being redirected back from another site, but it's not necessarily ensured that this will happen.
cURL must be installed for several of the most common payment gateways to work (including Authorize.net). If you do not have cURL installed on your server, ask your host for more information about cURL, install it yourself, or ask your IT department (cURL is free) or get a new webhost. We recommend Liquid Web, Amazon EC2, and Arcustech. If you really have no way to use cURL, please contact us and we'll see what we can do for you.