Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

register_globals Unsafe?

pbostick

By pbostick
in Security

Recommended Posts

pbostick

pbostick

Posted
Posted

Hi,

 

I have a shared ssl and and am unable to run osCommerce. Here is the reason why:

 

"osCommerce will not run on this server because it requires a PHP function called register_globals

Register_Globals has severe security risks, and is therefore, disabled.

Any software that requires the use of register_globals will not function."

 

Needless to say, I would like to find a way around this issue. Any suggestions?

 

Thanks!

MrPhil

MrPhil

Posted
Posted

Upgrade to osC 2.2 RC2a (the final version), which does not need register global variables (you can turn them off in your system configuration). Don't forget that with shared SSL, your URL will be something like https://server.hostname.com/~accountname/...your osC path and filename, instead of https://www.yoursite.com/your osC path and filename. Both configure.php files need to be updated -- talk to your host for the specifics. This presumes that your host's shared SSL certificate is compatible with PHP applications (like osC). Some aren't. I've never heard of register global values themselves disabling SSL, but I suppose it's possible that your host has a security policy to disable register globals if shared SSL is being used.

pbostick

pbostick

Posted
  • Author
Posted

Upgrade to osC 2.2 RC2a (the final version), which does not need register global variables (you can turn them off in your system configuration). Don't forget that with shared SSL, your URL will be something like https://server.hostname.com/~accountname/...your osC path and filename, instead of https://www.yoursite.com/your osC path and filename. Both configure.php files need to be updated -- talk to your host for the specifics. This presumes that your host's shared SSL certificate is compatible with PHP applications (like osC). Some aren't. I've never heard of register global values themselves disabling SSL, but I suppose it's possible that your host has a security policy to disable register globals if shared SSL is being used.

 

Hi,

 

I went back to the server so they could check the ssl, sure enough it was not installed right. That issue is fixed but here is what is going on. I installed the osC2.2RC2a, and here is the following:

 

still saying it can write to the config file, even though it's set a 644, so I set it at 755 and still go the same error. I changed it back to 644. Why is it not accepting anything? Everything is set to ssl (https://mysite.com/store and in the includes file is where the config was changed. I've never had trouble with osc before and this one has caught me off guard. My host says everything looks great from their end, they even "checked" to make sure osc installed properly, but they could not offer a suggestion on how to fix it. The server is compatable with php applications (tested a differnt shopping cart and did not like it, but it worked). They prefer their customers to use Fantastico. But that is where the problem started so I manually installed it and got the welcome message with the links to the catalogue and admin. The new install did not fix this problem. Did I miss something else?

 

Thanks!

germ

germ

Posted
Posted

Try permissions in this order until the warning message abates:

 

644

 

444

 

400

 

And I wouldn't use an FTP program to make permission changes as they usually won't work in this situation.

 

Use the web hosts cPanel instead - much more reliable.

 

And be aware that anything less than 644 makes the file "read only" even to you.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Siterack_net

Siterack_net

Posted
Posted

Pbostick,

 

This is Chris from Siterack.net.

I think we found your confusion.

 

Your SSL certificate is not a shared certificate.

Nor was it installed wrong. Your certificate is dedicated

to your domain. https://domain.com/

 

Also I accessed your site at https://yourdomain.com/Shop

and I had not received any SSL errors. The only error I can see

is the configuration file permission error, which you did not

mention, in the support tickets.

 

I will take a look at setting the correct permissions for the file.

As well as see why you are unable to set the permissions yourself.

But I do agree with the other poster, who said use cPanel, not FTP.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...