osCommerce Warning Messages after installation

These are the warning messages I received for osCommerce Online Merchant v2.2 RCa:

osCommerce Security Warnings

osCommerce Security Warnings

Warning: Installation directory exists at: [absolute path to]/public_html/ultratrust/asset-protection-book/install. Please remove this directory for security reasons.

Well, the above step is pretty straight forward. The osCommerce documentation.pdf states to rename it or delete it. I’d prefer to simply delete it. I use Ipswitch FTP professional. It’s a pretty good FTP program. I know there is Filezilla which is free but Ipswitch has a good backup and synchronization tool. That’s for another post though.

osCommerce: Delete Install folder using Ipswitch FTP Pro

osCommerce: Delete Install folder using Ipswitch FTP Pro

Warning: I am able to write to the configuration file: [absolute path to]/public_html/ultratrust/asset-protection-book/includes/configure.php. This is a potential security risk – please set the right user permissions on this file.

Reset permissions for configure.php file in /catalog/includes/configure.php

The configure.php for me is located at [absolute path to]/public_html/ultratrust/asset-protection-book/includes/

The osCommerce states the following:
Reset the permissions on /catalog/includes/configure.php to 644 (if you are still getting
the warning message at the top set configure.php to 444 which is read only – this happens
on some servers that have been updated for security reasons).

Here is how to change /catalog/includes/configure.php to 644 using Ipswitch:

osCommerce change permissions of configure.php file using Ipswitch FTP

osCommerce change permissions of configure.php file using Ipswitch FTP

Right-click on the file configure.php and click on Properties.

Change permissions from Properties of Ipswitch FTP

Change permissions from Properties of Ipswitch FTP

You can then change either the Numeric Value field or check off the following:

Owner:Read
Owner:Write
Group:Read
World:Read

If you still have problems the osCommerce documentation.pdf guide states to change the file permissions to 444 which is:

Owner:Read
Group:Read
World:Read

Just an update: I had to change this configure.php file to 444 file permissions.

Change directory permissions for /catalog/images to 777

For my this folder is located at [absolute path to]/public_html/ultratrust/asset-protection-book/images

To change the folder permissions of all the files in Ipswitch I had to open the images folder then select all using CTL+A. Then right-click and select Properties.

Ipswitch Change folder permissions

Ipswitch Change folder permissions

Another window pops up called “Confirm Permission Changes” in Ipswitch and I had to select:
Apply to files and folders inside of it

Ipswitch select Apply to files and folders inside of it

Ipswitch select Apply to files and folders inside of it

Reset the permissions on /catalog/admin/includes/configure.php to 644

For me this is located at [absolute path to]/public_html/ultratrust/asset-protection-book/admin/includes/configure.php

Actually, I didn’t have to change the permissions on this particular file since the file permissions were already set at 644.

Create the dir /catalog/admin/backups and set the permissions to 777

The backups folder in the admin folder was created already. The documentation.pdf for the osCommerce is a bit outdated I think. Again, I’ve installed osCommerce Online Merchant v2.2 RCa. However, I did have to change the folder permissions to 777 as it was previously set at 755.

Set the permissions on /catalog/admin/images/graphs directory to 777

I didn’t have to change the folder permissions here as it was already set to 777.

Change .htaccess your /catalog/admin directory so that it is password protected

This is what the documentation.pdf manual states:
You need to .htaccess your /catalog/admin directory so that it is password protected. You
can use the password manager in your server admin area like cpanel.

I don’t know the intention of adding a password protect for this folder since the version I’ve installed it’s already password protected but not with the .htaccess file. The Administrator needs to login and enter a password once he navigates to:

http://asset-protection-book.ultratrust.com/admin

which redirects to:

http://asset-protection-book.ultratrust.com/admin/login.php

The Administrator and password was set up during the installation of the osCommerce setup.

The osCommerce manual states we’re done.

Congratulations! Now you are really done!

But not really since there are so many options to change and we have to now delete some of the default data (i.e products) that are displaying on the online store.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Share

You must be logged in to post a comment.