Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

config.php permissions


transistorboy32

Recommended Posts

Hi -

 

I can't seem to figure out why the config.php permissions warning message still appears after I try chmod-ing the file. I've done quite a bit of looking through the forums, and all of the issues I have read about are usually fixed by contacting the web hosts and having them manually change permissions. I've tried chmod-ing the config.php file in a couple different ways:

*Using Windows ftp, right clicking on the file, properties, and check/unchecking boxes,

*Using SmartFTP

*Using the hosting services' online web control panel

 

Each method seems to work, except when I go to my store that message still appears. I have tried setting permissions to Owner Read only, and the message still appears. Owner Read seems to be the only setting that matters; if I disable it, I can't get to the page (it's a blank page). If I enable it, the warning appears. I have tried several combinations as well - 644 seems to be the general suggestion on the forums, and I've read 444 works as a more secure solution, but it's not a solution for me.

 

I have read that sometimes the web hosts just don't allow you to change permissions past a certain level. Thus, I contacted my web hosting company and asked them if they put restrictions on chmod-ing. I gave the tech support my store's front page URL so he could see the problem for himself, and after 10 minutes I got this message:

 

I am sorry I was not able to help you at this time. I will escalate this issue to our Tier 2 support team for further investigation. Please hold and I will provide you with a ticket reference number.

 

Today I got an email with the following message:

 

We have tested the link [link removed] and have tried resetting the permissions several times, however we have concluded that the error message you are receiving is not being caused in our servers. This seems to be an issue within the coding itself. You will need to contact "osCommerce" for assistance, since they seem to have information and a possible resolution to this error message.

 

By doing some research on their site, regarding that error message, the suggestion seems to be to 'chmod the configure.php file to 644'; but again, please check with them for additional assistance.

 

So here I am, checking for additional assistance. I've tried setting permissions on config.php without success, gone through the forums, and contacted my web hosting people, and I haven't found the solution yet. Is it possible there is an error in the coding of osCommerce? I'm beginning to think that I should just disable the warning message, because nothing else seems to work. I've seen this suggested before, and you change (in the includes/application_top.php file)

define('WARN_CONFIG_WRITEABLE', 'true');

to

define('WARN_CONFIG_WRITEABLE', 'false');

 

I would prefer to get the real issue solved, rather than to pretend it's not there. Any help solving this issue would be greatly appreciated! Thanks!

 

-Seth

Link to comment
Share on other sites

Check that header.php has the correct code:

 

  // check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
   if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
     $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
   }
 }

 

There's a note on the PHP manual page for the is_writeable() function:

 

Note: The results of this function are cached. See clearstatcache() for more details.

 

You might try adding clearstatcache() just before the if( WARN_CONFIG_WRITEABLE == 'true' ) line. If that doesn't work, see what PHP thinks the file permissions are by outputting the file permissions in the error message:

 

  // check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
   if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
     $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE.'<br>'.substr(sprintf('%o', fileperms(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')), -4) , 'warning');
   }
 }

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Thanks for the debugging tips, kgt. I tried adding "clearstatcache()" before the if( WARN_CONFIG_WRITEABLE == 'true' ) line, and when I go to the page, it's blank. I also tried changing the code to your suggested format and it did output the file permissions: 0644. I chmoded configure.php to 444, and the output became 0444. I then tried chmoding to 400, and the output was 0400 (same warning message every time).

 

Why does it think that it can write to configure.php when it is obvious that the file permissions are set correctly? Could I change the code that checks file permissions? Setting up this store is the first experience I've had with PHP, so if anyone could provide some sample code that checks file permissions some other way, that would be great. The store is on a shared server, so am I correct in saying that it would be better to chmod the configure.php file to 444 instead of 644? Maybe I can just disable the warning because I can see that the file permissions won't allow it to be written to. Thanks again!

 

-Seth

Link to comment
Share on other sites

You could change it to check the file permissions, if is_writeable() is not returning correctly.

 

  // check if the configure.php file is writeable
if (WARN_CONFIG_WRITEABLE == 'true') {
  if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (substr(sprintf('%o', fileperms(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')), -4) != '0444' ) ) {
    $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE.'<br>'.substr(sprintf('%o', fileperms(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')), -4) , 'warning');
  }
}

 

This way, you'd still get an error if configure.php is writeable.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

  • 2 months later...
Check that header.php has the correct code:

 

  // check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
  $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
}
 }

 

I changed it from 'true' to 'false' & it took the message away. Thanks for this tip.

Link to comment
Share on other sites

I changed it from 'true' to 'false' & it took the message away. Thanks for this tip.

 

If you simply do that, I would recommend also doing the tweak mentioned in the fourth post. Otherwise, if anything ever messes up the permissions on your configure.php files (like restoring backups) and you don't remember to change them back, you won't get a warning until someone hacks your site.

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

If you simply do that, I would recommend also doing the tweak mentioned in the fourth post. Otherwise, if anything ever messes up the permissions on your configure.php files (like restoring backups) and you don't remember to change them back, you won't get a warning until someone hacks your site.

 

I only did this on my localhost for a simple fix. When I upload it to the live server, I can just simply set the chmod by ftp program.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...