Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Newbie with install question


Criadoman

Recommended Posts

Hi all,

 

I'm testing this software to see if it will satisfy my requirements for an eCommerce site. I have it running on my local host - and all that is running fine.

 

However, upon attempting to install the actual PHP file - I'm getting an error that reads "FATAL ERROR: register_globals is disabled in php.ini, please enable it!"

 

I have 2 issues regarding this and hope someone can assist.

 

1. Upon changing the .ini file to allow register_globals on, I still get the error,

2. I am concerned that even in allowing the above - upon getting it operational, I'm exposing myself to some security problems.

 

Any assistance would be appreciated.

Link to comment
Share on other sites

Hi all,

 

I'm testing this software to see if it will satisfy my requirements for an eCommerce site. I have it running on my local host - and all that is running fine.

 

However, upon attempting to install the actual PHP file - I'm getting an error that reads "FATAL ERROR: register_globals is disabled in php.ini, please enable it!"

 

I have 2 issues regarding this and hope someone can assist.

 

1. Upon changing the .ini file to allow register_globals on, I still get the error,

2. I am concerned that even in allowing the above - upon getting it operational, I'm exposing myself to some security problems.

 

Any assistance would be appreciated.

 

Hi

Add the following to your .htaccess file

 

#<IfModule mod_php4.c>

# php_value session.use_trans_sid 0

# php_value register_globals 1

#</IfModule>

 

 

it will solve your problem

 

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

1. You must restart your webserver after any changes made to the php.ini file. If you make changes to an .htaccess file (provided you use the Apache webserver and have allow overrides on) then you do not need to restart your webserver. (Note from FIMBLE's post that you need to remove the # from the front of each line. Those have been pulled from a comments section, I'll guess, so they won't have any effect as they are.)

 

2. That is a oversimplification. Register_globals set to ON is not inherently insecure, but it may make it easier to exploit bugs. You're generally safe with an application like OSCommerce, which has a large enough community to catch most serious problems, and is a large enough project that independent security companies monitor for problems. However, many contributions do not follow best practices and can leave security holes open. They're also not tested like OSCommerce is. If you want to keep register globals off, then you can use this contribution:

 

http://www.oscommerce.com/community/contributions,2097

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...