traypup Posted January 9, 2006 Posted January 9, 2006 HI! I'm new at all of this ecommerce stuff (well, i tried osCommerce once years ago and got frustrated and quit, but I'm older and wiser now!) and I've installed osCommerce via Cpanel. When I went to load the shop, I got the following error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! I asked my support guy to enable register_globals and he said he would, but is considered about endangering the security of my entire server. He quoted: ; You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. osCommerce has been highly recommended, so I wanted to come here and have someone reassure me that this is an ok thing to do. I did a couple of searches, but couldn 't find anything on this specific issue. Thanks! tracey
♥Vger Posted January 9, 2006 Posted January 9, 2006 That quote he gave you is direct from the php.ini file - he's just copied and pasted it. However, if this was an automated install via cPanel then it won't be the recently updated version of osCommerce 2.2 MS2 so you'll be able to use the Register Globals Patch Files (link below my name). After you've installed those your Register Globals can stay off. However, you should then go to the downloads section at www.oscommerce.com and download the updated version of MS2, which includes many security patches and bug fixes. Don't install the whole file set, because this will mess up the Register Globals Patch Files, but use the manual instructions to update your version of MS2. Vger
kgt Posted January 9, 2006 Posted January 9, 2006 The register_globals directive may be a security risk. It depends on the code. Read this for more information: http://us2.php.net/register_globals You are not 100% required to enable this, though. Vger's patch will allow you to run OSC on a machine with register_globals off: http://www.oscommerce.com/community/contributions,2957 Contributions Discount Coupon Codes Donations
AlanR Posted January 9, 2006 Posted January 9, 2006 That quote he gave you is direct from the php.ini file - he's just copied and pasted it. However, if this was an automated install via cPanel then it won't be the recently updated version of osCommerce 2.2 MS2 so you'll be able to use the Register Globals Patch Files (link below my name). After you've installed those your Register Globals can stay off. However, you should then go to the downloads section at www.oscommerce.com and download the updated version of MS2, which includes many security patches and bug fixes. Don't install the whole file set, because this will mess up the Register Globals Patch Files, but use the manual instructions to update your version of MS2. Vger I took the 051113 version of osC and applied the Register Globals patches to it. (With the exception of includes/functions/sessions.php because I didn't want to take the time to work through that one. I used sessions.php from the patch set.) It runs just fine with Reg Globals turned off. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
traypup Posted January 9, 2006 Author Posted January 9, 2006 That quote he gave you is direct from the php.ini file - he's just copied and pasted it. However, if this was an automated install via cPanel then it won't be the recently updated version of osCommerce 2.2 MS2 so you'll be able to use the Register Globals Patch Files (link below my name). After you've installed those your Register Globals can stay off. However, you should then go to the downloads section at www.oscommerce.com and download the updated version of MS2, which includes many security patches and bug fixes. Don't install the whole file set, because this will mess up the Register Globals Patch Files, but use the manual instructions to update your version of MS2. Vger I'm starting to remember why I abandoned this the first time around! Ok, I installed the Register Globals Patch Files (HOpefully in the right places), but I still have the error when I try to load my shop into the browser. I then tried to update the link session variable, as instructed in your REad Me First doc, but couldn't figure out where they were supposed to go. I then downloaded the updated version of MS2, hoping to get the update and magically fix everything, but I can't find the manual install instructions you referred to. part of me is wondering if I shouldn't just delete everything and reinstall using the newer version and then that will magically fix everything. What do you think? thanks, Tracey with a headache.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.