Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Urgent help needed


sweetyjenny

Recommended Posts

Hi. I'm Jenny. I need some help.

 

I just recevie a message after successfully installed the osecommerce.

 

The messages goes :

 

Warning: I am able to write to the configuration file: /home/content/m/i/c/mickng73/html/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

What do I do next? :blink:

 

Then how do you .htacess your /catalog/admin directory so that it is password protected? :blink:

 

Sorry. I know - this is kinda spoon feeding.

Link to comment
Share on other sites

You need to change the perrmissions on the /catalog/includes/configure.php to 644 with your ftp client or your hosting company's control panel.

 

6 Owner (you) can read and write.

 

4 Group can read

 

4 Others can read

 

About the .htaccess. Your are going to have to search google for htaccess password protect. It's not to tough.

 

http://www.google.com/search?q=htaccess+password+protect

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

Hi. I'm Jenny. I need some help.

 

I just recevie a message after successfully installed the osecommerce.

 

The messages goes :

 

Warning: I am able to write to the configuration file: /home/content/m/i/c/mickng73/html/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

What do I do next? :blink:

 

Then how do you .htacess your /catalog/admin directory so that it is password protected? :blink:

 

Sorry. I know - this is kinda spoon feeding.

 

Hi,

 

This is one of my first posts here. In factm I found this somewhere around. Sorry, I dont remeber where.

 

You will need to edit "catalog/includes/header.php"

 

FIND: (around line 20 in vanilla)

// check if the configure.php file is writeable

if (WARN_CONFIG_WRITEABLE == 'true') {

if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {

$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

}

}

 

 

REPLACE WITH:

// check if the configure.php file is writeable

if (WARN_CONFIG_WRITEABLE == 'true') {

if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')& 18) ) {

$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');

}

}

 

Thank you.

 

John

Retail Consultant

 

Dream! till you acheive.

Try! till you succeed.

Link to comment
Share on other sites

msr9 is simply telling you to modify the source code, that is not a proper solution, since the config file still remains exploitable.

 

I did a

chmod 644 configure.php on it and the problem went away.

Link to comment
Share on other sites

Editing the source still remains the best option if chmod doesnt work. (I am saying this after after several osC installations...)

 

However, if chmod works fine, you wont need to edit anything.

 

My post applies to only those situtations where chmod failed.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...