Guest Posted November 19, 2005 Share Posted November 19, 2005 Warning: I am able to write to the configuration file: ...\http/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. On Windows, if you see this warning at the top of your web pages after installation, and have set the permissions for MACHINE_NAME\IUSR_MACHINE_NAME & MACHINE_NAME\NETWORK SERVICE to read-only, you'll no doubt be puzzled. There is a bugette in the way PHP implements the function is_writeable() on Windows - it doesn't check the true permissions via ACL, it simply checks if the Read-Only flag is set for the file using the Windows stat() function. So right-click the file in explorer, and tick the the Read-only box and osCommerce will believe it. Remember that to edit the file later you'll need to un-tick it. ----- TJ. Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2005 Share Posted November 19, 2005 Do you have access to the file with an FTP program or on your host's control panel? That's where you'll be able to right-click the file and see that setting. Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2005 Share Posted November 19, 2005 I assume the reply was meant for others who might not have direct control of their own server, as I do. I searched the forums for a hint on this before I posted, after I'd found the buggette report at PHP. BTW... thats a grand looking massey-furgie you got there :-" Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2005 Share Posted November 19, 2005 Hi I had the same problem and found an answer that really worked. You just have to comment out the message. it was posted here: http://www.oscommerce.com/forums/lofiversion/i...php/t72457.html and it goes like this: So here it is in full , how to remove the "Warning: I am able to write to the configuration file: /*****/*****/includes/configure.php. This is a potential security risk - please set the right user permissions on this file" warning if you are sure the chmods for config.php are configured properly but message still appearing. MAKE SURE YOU BACK UP THE FILES BEFORE WORKING ON THEM!!!! Step 1 QUOTE Locate this in catalog/includes/language/english.php define('WARNING_CONFIG_FILE_WRITEABLE', 'Warning: I am able to write to the configuration file: ' . dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.'); CHANGE IT TO THIS: // define('WARNING_CONFIG_FILE_WRITEABLE', 'Warning: I am able to write to the configuration file: ' . dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.'); Then go to catalog/includes/header.php and locate this: QUOTE // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } Delete the above section and no more config writeable errors on the top of your page. I hope it works for you, I think it will Regards Johan de Groot Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2005 Share Posted November 19, 2005 Bloody hell no!!! :o The whole point of the warnings is to let the operator know the shop is insecure! If you remove the warnings and don't fix the problem then how the hell can your customers trust your site with their details!? I'd recommend you either learn enough to properly administer osCommerce, or get someone who can to handle the security side. Link to comment Share on other sites More sharing options...
Guest Posted October 28, 2009 Share Posted October 28, 2009 Warning: I am able to write to the configuration file: ...\http/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. On Windows, if you see this warning at the top of your web pages after installation, and have set the permissions for MACHINE_NAME\IUSR_MACHINE_NAME & MACHINE_NAME\NETWORK SERVICE to read-only, you'll no doubt be puzzled. There is a bugette in the way PHP implements the function is_writeable() on Windows - it doesn't check the true permissions via ACL, it simply checks if the Read-Only flag is set for the file using the Windows stat() function. So right-click the file in explorer, and tick the the Read-only box and osCommerce will believe it. Remember that to edit the file later you'll need to un-tick it. ----- TJ. Thanks a lot, finally a good response for me for this topic. Thanks again! Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.