Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Easy question for one of you...


AMDisgood4me

Recommended Posts

I am new to OSCommerce and have just went through the installation process. I just want to familiarize myself with the software and practice using it. I am physically logged into a local machine running win2000, apache, mysql, phpnuke.

 

During the database setup process i made the username='root' and left the password field blank.

 

I would now like to change those 2 things to practice security. I went to the configuration file and chaged them to soemthing else. After that i couldnt get to the index page anymore. So i assumed that i needed to change another configuration file somewhere to match the OSCommerce one. I am not sure what file that is.

 

Please assist me if u can. much thanks.

Link to comment
Share on other sites

Your user name and password in mysql needs to be the same as the user name and password in both

 

catalog/includes/configure.php

catalog/admin/includes/configure.php

 

HTH

Tom

 

thanks for the quick reply! :D

 

changing this file doesnt seem to affect anything...

 

"catalog/admin/includes/configure.php"

 

even if they both match i cant get to my page.

 

do i need to change another config file somewhere else? Like isnt there a main mysql config file that has a username and pass??? i forget where that is.

 

and here is the message i am trying to get rid of...

 

"Warning: I am able to write to the configuration file: c:/appserv/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

Link to comment
Share on other sites

As I said BOTH

 

catalog/includes/configure.php

catalog/admin/includes/configure.php

 

then change permission to read only via your control panel or chmod to 444 via ftp to get rid of warning messages.

 

Tom

Link to comment
Share on other sites

As I said BOTH

 

catalog/includes/configure.php

catalog/admin/includes/configure.php

 

then change permission to read only via your control panel or chmod to 444 via ftp to get rid of warning messages.

 

Tom

 

yes i did change both files to matching username and pass. Sorry i didnt make that clear. Doing that i couldnt get to my index page. Then i changed the file i posted back to what it was without changing the other one you posted back and my index page would show up again. I am using windows so no CHMOD for me. Currently 'everyone' has full control of the configuration file. I tried restricting everyone and adding the administrator account with full control instead and that made the index page not show up. Does "everyone" need to be there? If so, what kind of rights does "everyone" need?

 

thanks

Link to comment
Share on other sites

Read only on the configure.php files.

 

OK i set the username and pass to what it was before, changing them wont let me get to the index. I changed permissions on both of those configuration files so that "everyone" only has read permissions.

 

i still am getting this warning message: Warning: I am able to write to the configuration file: c:/appserv/www/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

Link to comment
Share on other sites

Well clearly the webserver find that file to be "writable".

 

Worse case you can comment out the warning in the header.php file in the includes directory.

 

$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

 

to

 

// $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

 

HTH

Tom

Link to comment
Share on other sites

Well clearly the webserver find that file to be "writable".

 

Worse case you can comment out the warning in the header.php file in the includes directory.

 

$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

 

to

 

// $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

 

HTH

Tom

 

 

ok, well thanks for all your time and trouble. I might just re install. its fast anyway, i just need to figure out how to completely uninstall it properly.

Link to comment
Share on other sites

You'll still have that permission problem if you can't change the permissions....

 

To uninstall, delete and recreate the mysql database you are using via phpmyadmin. Make note of the user name and password you setup for that database. Delete all the source in install and catalog folders. And begin again by unziping source and running the install/index.php.

 

Good luck

Tom

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...