OsCommerce Shopping Cart error message

I hope someone can help me with this. I'll try and make this short as possible.

I installed the oscommerce shopping cart twice and still get this error message as follows:

Warning: Installation directory exists at: /www/l/luceroswhls/htdocs/catalog/install. Please remove this directory for security reasons.


Warning: I am able to write to the configuration file: /www/l/luceroswhls/htdocs/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

I followed the path www/l/luceroswhls/htdocs/catalog/install and deleted the install files. I'm still getting this message. What else should I do?

The second one how do I set the right user permissions on this file? and what do i set them to. I am the only user for my store so should I delete the user information that I added when I set up a mysql data base? Would this work?

Thanks for your help.

[stevel]

1. Delete the install folder itself, not just the files in it.

2. Create a file called protect.php with the following contents:

Code:

<?php
chmod('includes/configure.php', 0444);
?>

Upload it to your catalog folder and then in a browser open protect.php on your site. It will set the protection. The only alternative seems to be to ask PowWeb support to set it for you.

I suggest also uploading this to your admin folder and opening that too. Once you have done this, you can delete the protect.php files.

Thanks Stevel

I did what you said and the first warning message disappeared thank you, thank you, thank you! but the second warning is still there:

Warning: I am able to write to the configuration file: /www/l/luceroswhls/htdocs/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

How do I set the right user permissions on this file?

should I delete the user name? change the password?

[stevel]

This has nothing to do with usernames.

After uploading the file, did you open it in the browser? This "runs" the PHP file and changes the protection.

Hi Stevel,

Okay now if feel really dumb. What do you mean by open in a browser?

Thanks for your prompt attention.

P.S. I didn't delete the protect.php file as you instructed me to do though.

Would it make a differance if I just left the protect.php file in place?

I appreciate your expertise. Thanks

jana

[stevel]

I mean - pretend it's a web page and go there in your browser. For example, http://yoursite.com/catalog/protect.php You'll just see a blank page, but that's all you need.

It does no harm to leave the file on the server, I guess. Be sure to do this for the admin folder too, as its include/configure.php also needs to be protected. (You'll get a warning in your admin panel about that.)

Hi Stevel,

Woo Hooo it worked!!! Wow you're SUPER in my book.

Thank You Thank You!!!!

The warning messages are off my website but when I go to my domain name all the files show up how can I get rid of this?Lucero's Wholesale Gifts

[stevel]

You don't have a default page at the top level. Try this:

Create a text file called .htaccess with the following contents:

Code:

Options -indexes
DirectoryIndex default.php
Redirect /index.html http://www.luceroswholesalegifts.com/catalog/default.php

Upload this to your htdocs folder. I *THINK* this will work - haven't tried it myself. An alternative is to upload an index.html file to htdocs that has a redirect meta tag to go to catalog/default.php