Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SOS on installing osCommerce!


Guest

Recommended Posts

Okay, heres the situation, I got as far as FTPing the files on to the server. But now I have this one BIG problem. when i click on any of the ASP files, I get a message that says "FATAL ERROR: register_globals is disabled in php.ini, please enable it!"

 

So I contact the hosting company, and they say: "You can not, register_globals is disabled by default as a security measure by the PHP Foundation, we have choses to leave this feature disable for the security of our customers."

 

Is there a way to work around this? Or am i out of luck. Do I have to give up on osCommerce? :(

 

If anyones interested:

Their Reason for why the register_globals is disabled is

 

Subject: Why Register Globals are disabled

Article #593

 

 

When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from html forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this.

 

Traditionally with register_globals enabled, one would simply need to call any variable as such $VariableName. To collect your variable information, PHP has SuperGlobals or SuperGlobal Arrays such as $_POST, $_GET, $_SESSION, and $_COOKIE. Using these, you can collect the same information by calling it?s SuperGlobal Name.

 

Examples:

If you have a form, with two fields of Name and Email, and your form method is POST, you would now call your fields as such.

 

$_POST[?Name?]

$_POST[?Email?]

 

Example Echo:

echo "Thank you {$_POST['Name']}, your email is: {$_POST['Email']}."

 

If your form was posting using the GET method, you would call your variables as such.

 

$_GET[?Name?]

$_GET[?Email?]

 

Example Echo:

echo "Thank you {$_GET['Name']}, your email is: {$_GET['Email']}."

Link to comment
Share on other sites

I have downloaded oscommerce aswell and also I had this problem. But

my version is running on localhost, so I changed my local version of

register_globals in the php.ini file to be set to On. This does present

a potential security risk - I believe the oscommerce project requires it

for compatibility reasons with PHP3.

 

Anyway even if you have your oscommerce site on an external host,

I thought you could still change this setting.

 

Martin

Link to comment
Share on other sites

The requirement for register globals has been removed for the install tool and for the catalog in CVS.

 

It will be removed from the admin tool before the release of MS-3.

 

And no there is no official release date for MS-3 yet ;)

Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Link to comment
Share on other sites

After I got really irriated with this program, I e-mailed Mr. Moulton on the development team, and he said if i change the

 

.htaccess file

 

add a line that says

 

php_flag register_globals on

 

I would be fine, but the server i host on happens to be Windows and .htaccess file is a Linux file or something? (As you can see I am very bad with computer programming) So I cant put it on a win server. Is there a way round that?

 

Thanks

 

Tai Dirkse

Link to comment
Share on other sites

Do you host the box yourself?

 

Do you have access to the php.ini file which is found in c:\windows normally

 

If so you can set register globals to on in there.

Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Link to comment
Share on other sites

The .htaccess file is a straightforward text file and there should be one already in the catalog folder which you can modify in a text editor, and upload again.

Regards, Wizzud

"It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt."

Link to comment
Share on other sites

The .htaccess file is a straightforward text file and there should be one already in the catalog folder which you can modify in a text editor, and upload again.

Remember .htacess files only work with apache.... IIS ignores them completly :(

Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Link to comment
Share on other sites

Good point! I forgot that! Duh!

In which case my only advice would be to switch to an Apache-based server!

Regards, Wizzud

"It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt."

Link to comment
Share on other sites

Hey Now!

 

I have a Slackware 9.0 box running latest php , mod ssl, zend optiizer and apache 2.0.49

I have been evaluating open source (free) ecommerce packages for about a month,

and everyone involved has been very helpful when I get into these situations.

 

everything installed great.

 

when I visit http://myhost.com/catalog I get the error:

 

FATAL ERROR: register_globals is disabled in php.ini, please enable it!

 

so I did, in the reloacted php.ini file under /usr/local/Zend

 

restarted httpd, no change.

 

I had read of a hack around, by addign some code to application_top.php

but am unable to loctae such a file.

 

I editted the .htaccess as well, the existing syntax was:

php_flag register_globals on

I changed 'on' to '1' (no change)

 

Any ideas?

 

I'd very much like to give this distro a good review on slashdot

 

Thanks in advance!

 

PKrashovic, despised on the net since 1987.

Link to comment
Share on other sites

what did you set it to in the php.ini?

 

you need to ensure you edited the correct file. php.ini is normally located in /etc/

 

You can check where its getting the settings from by creating a blank text document with the following code in it and running the page in you browser

 

<?php

phpinfo();

?>

Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...