Guest Posted March 22, 2004 Share Posted March 22, 2004 Okay, heres the situation, I got as far as FTPing the files on to the server. But now I have this one BIG problem. when i click on any of the ASP files, I get a message that says "FATAL ERROR: register_globals is disabled in php.ini, please enable it!" So I contact the hosting company, and they say: "You can not, register_globals is disabled by default as a security measure by the PHP Foundation, we have choses to leave this feature disable for the security of our customers." Is there a way to work around this? Or am i out of luck. Do I have to give up on osCommerce? :( If anyones interested: Their Reason for why the register_globals is disabled is Subject: Why Register Globals are disabled Article #593 When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from html forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this. Traditionally with register_globals enabled, one would simply need to call any variable as such $VariableName. To collect your variable information, PHP has SuperGlobals or SuperGlobal Arrays such as $_POST, $_GET, $_SESSION, and $_COOKIE. Using these, you can collect the same information by calling it?s SuperGlobal Name. Examples: If you have a form, with two fields of Name and Email, and your form method is POST, you would now call your fields as such. $_POST[?Name?] $_POST[?Email?] Example Echo: echo "Thank you {$_POST['Name']}, your email is: {$_POST['Email']}." If your form was posting using the GET method, you would call your variables as such. $_GET[?Name?] $_GET[?Email?] Example Echo: echo "Thank you {$_GET['Name']}, your email is: {$_GET['Email']}." Link to comment Share on other sites More sharing options...
rss Posted March 23, 2004 Share Posted March 23, 2004 I have downloaded oscommerce aswell and also I had this problem. But my version is running on localhost, so I changed my local version of register_globals in the php.ini file to be set to On. This does present a potential security risk - I believe the oscommerce project requires it for compatibility reasons with PHP3. Anyway even if you have your oscommerce site on an external host, I thought you could still change this setting. Martin Link to comment Share on other sites More sharing options...
Mark Evans Posted March 23, 2004 Share Posted March 23, 2004 The requirement for register globals has been removed for the install tool and for the catalog in CVS. It will be removed from the admin tool before the release of MS-3. And no there is no official release date for MS-3 yet ;) Mark Evans osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops) --------------------------------------- Software is like sex: It's better when it's free. (Linus Torvalds) Link to comment Share on other sites More sharing options...
Guest Posted March 23, 2004 Share Posted March 23, 2004 After I got really irriated with this program, I e-mailed Mr. Moulton on the development team, and he said if i change the .htaccess file add a line that says php_flag register_globals on I would be fine, but the server i host on happens to be Windows and .htaccess file is a Linux file or something? (As you can see I am very bad with computer programming) So I cant put it on a win server. Is there a way round that? Thanks Tai Dirkse Link to comment Share on other sites More sharing options...
Mark Evans Posted March 23, 2004 Share Posted March 23, 2004 Do you host the box yourself? Do you have access to the php.ini file which is found in c:\windows normally If so you can set register globals to on in there. Mark Evans osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops) --------------------------------------- Software is like sex: It's better when it's free. (Linus Torvalds) Link to comment Share on other sites More sharing options...
Wizzud Posted March 23, 2004 Share Posted March 23, 2004 The .htaccess file is a straightforward text file and there should be one already in the catalog folder which you can modify in a text editor, and upload again. Regards, Wizzud "It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt." Link to comment Share on other sites More sharing options...
Mark Evans Posted March 23, 2004 Share Posted March 23, 2004 The .htaccess file is a straightforward text file and there should be one already in the catalog folder which you can modify in a text editor, and upload again. Remember .htacess files only work with apache.... IIS ignores them completly :( Mark Evans osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops) --------------------------------------- Software is like sex: It's better when it's free. (Linus Torvalds) Link to comment Share on other sites More sharing options...
Wizzud Posted March 23, 2004 Share Posted March 23, 2004 Good point! I forgot that! Duh! In which case my only advice would be to switch to an Apache-based server! Regards, Wizzud "It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt." Link to comment Share on other sites More sharing options...
krash Posted March 24, 2004 Share Posted March 24, 2004 Hey Now! I have a Slackware 9.0 box running latest php , mod ssl, zend optiizer and apache 2.0.49 I have been evaluating open source (free) ecommerce packages for about a month, and everyone involved has been very helpful when I get into these situations. everything installed great. when I visit http://myhost.com/catalog I get the error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! so I did, in the reloacted php.ini file under /usr/local/Zend restarted httpd, no change. I had read of a hack around, by addign some code to application_top.php but am unable to loctae such a file. I editted the .htaccess as well, the existing syntax was: php_flag register_globals on I changed 'on' to '1' (no change) Any ideas? I'd very much like to give this distro a good review on slashdot Thanks in advance! PKrashovic, despised on the net since 1987. Link to comment Share on other sites More sharing options...
Mark Evans Posted March 24, 2004 Share Posted March 24, 2004 what did you set it to in the php.ini? you need to ensure you edited the correct file. php.ini is normally located in /etc/ You can check where its getting the settings from by creating a blank text document with the following code in it and running the page in you browser <?php phpinfo(); ?> Mark Evans osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops) --------------------------------------- Software is like sex: It's better when it's free. (Linus Torvalds) Link to comment Share on other sites More sharing options...
oneforall Posted March 29, 2004 Share Posted March 29, 2004 in linux:s;ackwaare distro it in /etc/apache/php.ini register_globals = on :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.