Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

User permissions


integralworship

Recommended Posts

I'm having the same problem when I try to change index.php through the tools- file manager window, or any function of the file manager tool. In most cases, I get this error:

 

Error: I can not write to this directory. Please set the right user permissions on: /home/biobased/public_html/catalog//images

 

All CHMOD settings have been checked. What I don't understand is the "//" after the catalog directory. These show up in all pages of the file manager if I move to any directory within catalog.

 

If I try to edit any .php file, I get the following error:

 

Warning: file(/home/biobased/public_html/catalog//.ftpquota): failed to open stream: Permission

denied in /home/biobased/public_html/catalog/admin/file_manager.php on line 147

 

 

To me anyway, the 'double slash issue' seems to be the problem or part of the problem. But then again, thinking can be a dangerous thing - and mastering .php files is not my gift in life, so time to ask for help before I change too much and can't get the site back.

 

Any insight or help would be greatly appreciated. Thanks in advance.

Link to comment
Share on other sites

Warning: file(/home/biobased/public_html/catalog//.ftpquota): failed to open stream: Permission

denied in /home/biobased/public_html/catalog/admin/file_manager.php on line 147

 

 

file_manager.php,v 1.42 2003/06/29 22:50:52

 

 

<?php

if ( (($action == 'new_file') && ($directory_writeable == true)) || ($action == 'edit') ) {

if (isset($HTTP_GET_VARS['info']) && strstr($HTTP_GET_VARS['info'], '..')) tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));

 

if (!isset($file_writeable)) $file_writeable = true;

$file_contents = '';

if ($action == 'new_file') {

$filename_input_field = tep_draw_input_field('filename');

} elseif ($action == 'edit') {

if ($file_array = file($current_path . '/' . $HTTP_GET_VARS['info'])) { ***<---LINE 147***

$file_contents = addslashes(implode('', $file_array));

}

$filename_input_field = $HTTP_GET_VARS['info'] . tep_draw_hidden_field('filename', $HTTP_GET_VARS['info']);

}

?>

Link to comment
Share on other sites

  • 1 year later...
Same error... Need help here.

I don't understand what you guys are trying to. Write to the index.php file? Are you trying to do do this via the filemanager. If so, don't. FTP the files to your pc, edit with a test editor, and ftp them back to whence they came.

Link to comment
Share on other sites

  • 3 weeks later...
I don't understand what you guys are trying to. Write to the index.php file? Are you trying to do do this via the filemanager. If so, don't. FTP the files to your pc, edit with a test editor, and ftp them back to whence they came.

 

If we are not supposed to be able to edit files using the File Manager, then why in the hell is there an 'Edit' button?

Link to comment
Share on other sites

If you edit the file with the file manager and make a fubar then where is your backup file?

 

Before I make changes I make a copy like "index.orig.php" and keep one on the server and one on my hard drive as my backup just in case.

 

I would think not being able to edit with the file manager is a good thing.

 

Just my opinion, I could be wrong

 

 

Tom

Link to comment
Share on other sites

The thread isn't about best practices. It is a valid question that deserves a reasonable answer. The fact remains that the File Manager has an 'Edit' button and the edit button should function (if someone chooses to do so) or be removed from File Manager. The feature should be no different than someone editting a file from any other FTP client. However, FTP clients connect through the FTP port and not http. They actually log in to an FTP account so that the server authenticates who the user is and can therefore grant read, write and execute permissions accordingly.

 

The best answer to the question is:

In order for the File Manager to be able to edit files directly through the browser, you would need to change the permissions on all the files you wish to be able to edit in order to allow for write access which is a pretty big security risk. It exposes the files to be written by anyone and is therefore not recommended. But if you really wish to edit your files through osCommerce's File Manager you'll need to make the file permissions at least -rwxrw-rw or 766 (this is because the server cannot identify the user through the browser so you have to give write permission to the world).

 

If I am wrong, someone please share a better answer for this, as I too would be interested in this very same functionality. Sometimes, I just want to make a quick change from out in the field where I don't necesarily have an FTP client to use (I realize I could use command line FTP, but I don't always have usernames and passwords for FTP accounts with me). It would be pretty cool if I could go in and securely make changes to the site. Of course I would need to remember that the files on the server have been changed and should be downloaded back to my PC when I return to my office so that I don't have version control issues (or backup issues - Tom).

Link to comment
Share on other sites

The thread isn't about best practices. It is a valid question that deserves a reasonable answer. The fact remains that the File Manager has an 'Edit' button and the edit button should function (if someone chooses to do so) or be removed from File Manager. The feature should be no different than someone editting a file from any other FTP client. However, FTP clients connect through the FTP port and not http. They actually log in to an FTP account so that the server authenticates who the user is and can therefore grant read, write and execute permissions accordingly.

 

The best answer to the question is:

In order for the File Manager to be able to edit files directly through the browser, you would need to change the permissions on all the files you wish to be able to edit in order to allow for write access which is a pretty big security risk. It exposes the files to be written by anyone and is therefore not recommended. But if you really wish to edit your files through osCommerce's File Manager you'll need to make the file permissions at least -rwxrw-rw or 766 (this is because the server cannot identify the user through the browser so you have to give write permission to the world).

 

If I am wrong, someone please share a better answer for this, as I too would be interested in this very same functionality. Sometimes, I just want to make a quick change from out in the field where I don't necesarily have an FTP client to use (I realize I could use command line FTP, but I don't always have usernames and passwords for FTP accounts with me). It would be pretty cool if I could go in and securely make changes to the site. Of course I would need to remember that the files on the server have been changed and should be downloaded back to my PC when I return to my office so that I don't have version control issues (or backup issues - Tom).

Your answer was good but I'll only add that in the older versions of osc anyone could make their way to the admin of anyone's osc site through and easy exploit trick. The ability to edit through manager was then removed. I used to have a site under that early revision model and anyone was able to edit my filemanager files.

After ability to write through filemanager editor was removed, the exploit was fixed but the editing ability through manager was never restored. Oopsy on the osc-developer's part.

man of a reformed faith.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...