AMDisgood4me Posted March 3, 2005 Share Posted March 3, 2005 I am new to OSCommerce and have just went through the installation process. I just want to familiarize myself with the software and practice using it. I am physically logged into a local machine running win2000, apache, mysql, phpnuke. During the database setup process i made the username='root' and left the password field blank. I would now like to change those 2 things to practice security. I went to the configuration file and chaged them to soemthing else. After that i couldnt get to the index page anymore. So i assumed that i needed to change another configuration file somewhere to match the OSCommerce one. I am not sure what file that is. Please assist me if u can. much thanks. Link to comment Share on other sites More sharing options...
OceanRanch Posted March 3, 2005 Share Posted March 3, 2005 Your user name and password in mysql needs to be the same as the user name and password in both catalog/includes/configure.php catalog/admin/includes/configure.php HTH Tom Link to comment Share on other sites More sharing options...
AMDisgood4me Posted March 3, 2005 Author Share Posted March 3, 2005 Your user name and password in mysql needs to be the same as the user name and password in both catalog/includes/configure.php catalog/admin/includes/configure.php HTH Tom <{POST_SNAPBACK}> thanks for the quick reply! :D changing this file doesnt seem to affect anything... "catalog/admin/includes/configure.php" even if they both match i cant get to my page. do i need to change another config file somewhere else? Like isnt there a main mysql config file that has a username and pass??? i forget where that is. and here is the message i am trying to get rid of... "Warning: I am able to write to the configuration file: c:/appserv/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file." Link to comment Share on other sites More sharing options...
OceanRanch Posted March 3, 2005 Share Posted March 3, 2005 As I said BOTH catalog/includes/configure.php catalog/admin/includes/configure.php then change permission to read only via your control panel or chmod to 444 via ftp to get rid of warning messages. Tom Link to comment Share on other sites More sharing options...
AMDisgood4me Posted March 3, 2005 Author Share Posted March 3, 2005 As I said BOTH catalog/includes/configure.php catalog/admin/includes/configure.php then change permission to read only via your control panel or chmod to 444 via ftp to get rid of warning messages. Tom <{POST_SNAPBACK}> yes i did change both files to matching username and pass. Sorry i didnt make that clear. Doing that i couldnt get to my index page. Then i changed the file i posted back to what it was without changing the other one you posted back and my index page would show up again. I am using windows so no CHMOD for me. Currently 'everyone' has full control of the configuration file. I tried restricting everyone and adding the administrator account with full control instead and that made the index page not show up. Does "everyone" need to be there? If so, what kind of rights does "everyone" need? thanks Link to comment Share on other sites More sharing options...
OceanRanch Posted March 3, 2005 Share Posted March 3, 2005 Read only on the configure.php files. Link to comment Share on other sites More sharing options...
AMDisgood4me Posted March 3, 2005 Author Share Posted March 3, 2005 Read only on the configure.php files. <{POST_SNAPBACK}> OK i set the username and pass to what it was before, changing them wont let me get to the index. I changed permissions on both of those configuration files so that "everyone" only has read permissions. i still am getting this warning message: Warning: I am able to write to the configuration file: c:/appserv/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Link to comment Share on other sites More sharing options...
OceanRanch Posted March 3, 2005 Share Posted March 3, 2005 Well clearly the webserver find that file to be "writable". Worse case you can comment out the warning in the header.php file in the includes directory. $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); to // $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); HTH Tom Link to comment Share on other sites More sharing options...
AMDisgood4me Posted March 3, 2005 Author Share Posted March 3, 2005 Well clearly the webserver find that file to be "writable". Worse case you can comment out the warning in the header.php file in the includes directory. $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); to // $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); HTH Tom <{POST_SNAPBACK}> ok, well thanks for all your time and trouble. I might just re install. its fast anyway, i just need to figure out how to completely uninstall it properly. Link to comment Share on other sites More sharing options...
OceanRanch Posted March 3, 2005 Share Posted March 3, 2005 You'll still have that permission problem if you can't change the permissions.... To uninstall, delete and recreate the mysql database you are using via phpmyadmin. Make note of the user name and password you setup for that database. Delete all the source in install and catalog folders. And begin again by unziping source and running the install/index.php. Good luck Tom Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.