Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Turning off Register Globals


zoeticlight

Recommended Posts

I'm thinking about using Pair Networks as my host so I sent them an email with a few questions. One of them was whether Register Globals was set to on or off. They replied with the following:

 

Register Globals is on by default. This should be something that you can

disable through a .htaccess entry. If need be, you can even run your own

PHP, with your own php.ini in your cgi-bin.

 

I wasn't exactly sure how to do this, so I did a search through these forums and discovered the following (http://www.oscommerce.com/forums/index.php?showtopic=156768&hl=):

 

just add the following line to your .htaccess file in the web directory (public_html or www) folder:

 

php_flag register_globals on

 

That sounds like an easy fix!!! So, I just want to verify if anyone has done this and if it works?

 

Also, with regards to the second option, I'm curious as to how I would run my own php.ini in my cgi-bin. Does anyone have any experience with this? What are the advantages/disadvantages?

 

Thanks a bunch!!!!

 

Mike

Link to comment
Share on other sites

If register globals is set on by default, then you are fine with the default oscommerce package.

 

 

Thanks, but I already know that, and I'm not using the default osCommerce package. Hence, the reason I want to turn it off.

 

Getting back on topic, I want to know specifically if anyone has turned off Register Globals via .htaccess and if they're successfull. I also want to know if anyone has used PHP in they're cgi-bin and if there are any advantages/disadvantage other than being able to customize the php.ini file.

 

Thanks again.

 

Mike

Link to comment
Share on other sites

I have run PHP as a CGI on a Pair account. If you are using SSL you will need to provide the proper path in your PHP setup. Otherwise no disadvantages that I can see, and no advantages other than being able to control your settings to suit your needs.

 

I haven't tried turning Register Globals off in the .htaccess file, but I see no reason why this would not work just as well.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Thanks Jim.

 

I just got another email from Pair Networks. I think it's really informative so I thought I'd copy it here for others to read.

 

 

You can turn off register globals in you ..htaccess file with the

following directive:

 

php_value register_globals 0

 

 

 

I belive you can use php_value register_globals off as well.

 

PHP running as cgi and not as an apache module will not run as efficiently.

However, running it as cgi will allow you to compile features into it that

we have not complied in the default php install, and allow you to use a

php.ini file to control aspects that cannot be changed through a .htaccess

file.

 

There is a step-by-step tutorial for installing php as cgi on your pair

account at http://www.vttrains.com/phphelp/ .

Link to comment
Share on other sites

I'm not using the default osCommerce package

 

Getting back on topic

 

This is the osCommerce Support Forum - we don't deal with 'loaded' versions here.

 

Vger

Link to comment
Share on other sites

This is the osCommerce Support Forum - we don't deal with 'loaded' versions here.

 

Vger

 

Please excuse me, but I don't understand your reply. For some reason I'm sensing a touch of sarcasm, yet I don't see the reason. If I'm mistaken, then please accept my apology and explain what you mean by 'loaded' versions and why you don't support them(whatever that means).

 

Respectfully,

 

Mike

Link to comment
Share on other sites

We get lots of posts from people who are not actually using osCommerce (the default version) but have installed what is called a 'loaded' version, something that started out life as osCommerce but then got heavily amended with lots of contributions actually included in the install.

 

The place to go if you have one of those packages is to their forum. It's policy here not to answer questions (actually its policy to delete those questions) about 'loaded' versions.

 

There are very good reasons for this, some of which are:

 

1. People here know about osCommerce, and can't be expected to know about the differences in 'loaded' versions

2. It's very annoying when you're trying to help someone out with a problem they have, only to find out after 5 or 6 posts that the problem they have doesn't even exist in osCommerce - and that's why you can't track it down for them.

 

Vger

Link to comment
Share on other sites

We get lots of posts from people who are not actually using osCommerce (the default version) but have installed what is called a 'loaded' version, something that started out life as osCommerce but then got heavily amended with lots of contributions actually included in the install.

 

The place to go if you have one of those packages is to their forum.  It's policy here not to answer questions (actually its policy to delete those questions) about 'loaded' versions.

 

There are very good reasons for this, some of which are:

 

1.  People here know about osCommerce, and can't be expected to know about the differences in 'loaded' versions

2.  It's very annoying when you're trying to help someone out with a problem they have, only to find out after 5 or 6 posts that the problem they have doesn't even exist in osCommerce - and that's why you can't track it down for them.

 

Vger

 

First off, I sincerely apologize if I 'posted' in the wrong forum. Can you please educate me as to which forum is the 'correct' one? Thank you.

 

Next, this particular forum topic is titled "Installation and Configuration". So how is a question specifically about the installation of osCommerce with regards to Register Globals irrelevant, whether it's 'loaded' or not? If the situation was reversed, and the hosting provider had their default set to "off" and I needed it "on", then the same question applies. "Has anybody used and had success with an .htaccess file in the webroot directory to override the Register Globals directive in php.ini?" Of course, I didn't word it quite the same way, but the root of the question and the knowledge of the subject is the same nonetheless.

 

Third, I find your response about not helping people with 'loaded' versions a little hypocrytical. Quite specifically, you offered suggestions with regards to customization of osCommerce in the following posts (all under this same forum topic):

 

http://www.oscommerce.com/forums/index.php?showtopic=157365

http://www.oscommerce.com/forums/index.php?showtopic=157335

 

Last, you didn't directly respond to my feeling of your response as being sarcastic or not. Now I'm not trying to pick a fight or anything with any of my words, but I don't feel I did anything wrong. All I did was ask a couple of questions. Where's the harm in that? Isn't the more polite way to tell me that I'm posting in the wrong forum to simply tell me such and then move it to the correct one?

 

In closing, considering that you've submitted over 5000 posts on this forum, I'm sure you get tired of all the newbies asking the same questions over and over again or asking the wrong questions or asking stupid questions or not doing a search through the forum before posting or ultimately posting in the wrong forum. But please remember that there is a human on the other side of that computer monitor in front of you and sometimes the words might not come across as intended. So let me apologize for all of these 'mistakes' from all of the newbies and also say thank you for all the time and hard effort you've put in. I know it's a thankless job that you probably ask yourself repeatedly why you do it, but it's greatly appreciated.

 

Anyway, I've personally been designing and customizing my website using osCommerce for over a month now and this is the first question I've ever asked on this forum. Because I know a little about PHP code, I've been able to figure things out on my own or simply do a search through the forums. This place is a wealth of knowledge, but I never felt like I needed to take up the bandwidth to ask a question that has been asked before. However, I thought that my post was a fair, legitimate, and unique question worthy of asking. I guess I was wrong. Quite frankly, I'm offended by your sarcastic response and wish I never asked.

 

Regards,

 

Mike

_____________________________________

 

Tao Te Ching - Translation by Stan Rosenthal

 

17. LEADERSHIP BY EXCEPTION

 

Man cannot comprehend the infinite;

only knowing that the best exists,

the second best is seen and praised,

and the next, despised and feared.

 

The sage does not expect that others

use his criteria as their own.

 

The existence of the leader who is wise

is barely known to those he leads.

He acts without unnecessary speech,

so that the people say,

"It happened of its own accord".

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...