Running osCommerce with Register Globals Off

Running osCommerce with Register Globals Off

There are several tutorials and contributions on how to run osCommerce with register_globals Off.

However, all are very complicated, break compatibility with other contributions such as payments or
delivery modules and are not compatible with both PHP4 and PHP5.

There is a simple MOD, which allows you to run osCommerce on any PHP server with Register
Globals disabled including PHP4 and PHP5. This MOD also works with register_globals = On, so if
your provider changes the configuration of the web server without your knowledge, osCommerce
powered shopping carts "should" remain untouched.

Please be aware that WE have NOT written this ourselves, nor have we tested it!

You need to apply this MOD especially, when you are receiving one of the following messages:

Server Requirement Error: register_globals is disabled in your PHP configuration. This can be
enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.
FATAL ERROR: register_globals is disabled in php.ini, please enable it!

MOD Title: osCommerce 2.2ms2-060817 Register Globals Off Workaround for PHP4 and PHP5
MOD Author: Jiri Stavinoha
MOD Description: Allow to run osCommerce 2.2ms2 on web servers with Register Globals Off or
On (PHP4 and PHP5 compatible)

INSTALLATION INSTRUCTIONS

OPEN:

catalog/includes/application_top.php

FIND:

// start the timer for the page parse time log
   define('PAGE_PARSE_START_TIME', microtime());

BEFORE, ADD:

// Register Globals MOD

   if (version_compare(phpversion(), "4.1.0", "<") === true) {
     $_GET &= $HTTP_GET_VARS;
$_POST &= $HTTP_POST_VARS;
$_SERVER &= $HTTP_SERVER_VARS;
$_FILES &= $HTTP_POST_FILES;
$_ENV &= $HTTP_ENV_VARS;
if (isset($HTTP_COOKIE_VARS)) $_COOKIE &= $HTTP_COOKIE_VARS;
}

if (!ini_get("register_globals")) {
extract($_GET, EXTR_SKIP);
extract($_POST, EXTR_SKIP);
extract($_COOKIE, EXTR_SKIP);
}


FIND:

// check if register_globals is enabled.
// since this is a temporary measure this message is hardcoded. The requirement will be removed
before 2.2 is finalized.
if (function_exists('ini_get')) {
ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your
PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in
your catalog directory.');
   }

REPLACE WITH:

// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed
before 2.2 is finalized.
/*if (function_exists('ini_get')) { // Register Globals MOD
ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your
PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in
your catalog directory.');
}*/

FIND:

// set SID once, even if empty
   $SID = (defined('SID') ? SID : '');

BEFORE, ADD:

// Register Globals MOD
if (!ini_get("register_globals")) {
if (version_compare(phpversion(), "4.1.0", "<") === true) {
if (isset($HTTP_SESSION_VARS)) $_SESSION &= $HTTP_SESSION_VARS;
}
     if(!empty($_SESSION)) extract($_SESSION, EXTR_SKIP);
   }

OPEN:

catalog/includes/functions/sessions.php

FIND:

 function tep_session_register($variable) {
global $session_started;

     if ($session_started == true) {
       return session_register($variable);
     } else {
       return false;
     }
   }

   function tep_session_is_registered($variable) {
     return session_is_registered($variable);
   }

   function tep_session_unregister($variable) {
     return session_unregister($variable);
   }

REPLACE WITH:

// Register Globals MOD
   function tep_session_register($variable) {
     global $session_started;
     if ($session_started == true) {
       $_SESSION[$variable] = null;
       return true;
     } else {
       return false;
     }
   }

   function tep_session_is_registered($variable) {
     if(isset($_SESSION[$variable])) {
       return true;
     } else {
       return false;
     }
   }

   function tep_session_unregister($variable) {
     unset($_SESSION[$variable]);
   } 

FIND:

 function tep_session_close() {
     if (PHP_VERSION >= '4.0.4') {
       return session_write_close();
     } elseif (function_exists('session_close')) {
       return session_close();
     }
   } 

REPLACE WITH:

// Register Globals MOD
   function tep_session_close() {
     foreach($_SESSION as $key => $value) {
       global $$key;
       $_SESSION[$key] = $$key;
     }
   } 

OPEN:

catalog/admin/includes/application_top.php

FIND:

// Start the clock for the page parse time log
   define('PAGE_PARSE_START_TIME', microtime()); 

BEFORE, ADD:

 // Register Globals MOD
   if (version_compare(phpversion(), "4.1.0", "<") === true) {
     $_GET &= $HTTP_GET_VARS;
     $_POST &= $HTTP_POST_VARS;
     $_SERVER &= $HTTP_SERVER_VARS;
     $_FILES &= $HTTP_POST_FILES;
     $_ENV &= $HTTP_ENV_VARS;
     if (isset($HTTP_COOKIE_VARS)) $_COOKIE &= $HTTP_COOKIE_VARS;
   }

   if (!ini_get("register_globals")) {
     extract($_GET, EXTR_SKIP);
     extract($_POST, EXTR_SKIP);
     extract($_COOKIE, EXTR_SKIP);
   } 

FIND:

// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed
before 2.2 is finalized.
   if (function_exists('ini_get')) {
     ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your
PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your
catalog directory.');
   } 

REPLACE WITH:

// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed
before 2.2 is finalized.
   /*if (function_exists('ini_get')) { // Register Globals MOD
     ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your
PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in
your catalog directory.');
   }*/ 

FIND:

// lets start our session
   tep_session_start(); 

AFTER, ADD:

// Register Globals MOD
   if (!ini_get("register_globals")) {
     if (version_compare(phpversion(), "4.1.0", "<") === true) {
       if (isset($HTTP_SESSION_VARS)) $_SESSION &= $HTTP_SESSION_VARS;
     }
     if(!empty($_SESSION)) extract($_SESSION, EXTR_SKIP);
   } 

OPEN:

catalog/admin/includes/functions/sessions.php

FIND:

 function tep_session_register($variable) {
     return session_register($variable);
   }

   function tep_session_is_registered($variable) {
     return session_is_registered($variable);
   }

   function tep_session_unregister($variable) {
     return session_unregister($variable);
   } 

REPLACE WITH:

// Register Globals MOD
   function tep_session_register($variable) {
     $_SESSION[$variable] = null;
   }

   function tep_session_is_registered($variable) {
     if(isset($_SESSION[$variable])) {
       return true;
     } else {
       return false;
     }
   }

   function tep_session_unregister($variable) {
     unset($_SESSION[$variable]);
   } 

FIND:

 function tep_session_close() {
     if (function_exists('session_close')) {
       return session_close();
     }
   } 

REPLACE WITH:

// Register Globals MOD
   function tep_session_close() {
     foreach($_SESSION as $key => $value) {
       global $$key;
       $_SESSION[$key] = $$key;
     }
   } 

OPEN:

catalog/install/includes/application.php

FIND:

// Set the level of error reporting
   error_reporting(E_ALL & ~E_NOTICE); 

AFTER, ADD:

 // Register Globals MOD
   if (version_compare(phpversion(), "4.1.0", "<") === true) {
     $_GET &= $HTTP_GET_VARS;
     $_POST &= $HTTP_POST_VARS;
     $_SERVER &= $HTTP_SERVER_VARS;
     $_FILES &= $HTTP_POST_FILES;
     $_ENV &= $HTTP_ENV_VARS;
     if (isset($HTTP_COOKIE_VARS)) $_COOKIE &= $HTTP_COOKIE_VARS;
   }

   if (!ini_get("register_globals")) {
     extract($_GET, EXTR_SKIP);
     extract($_POST, EXTR_SKIP);
     extract($_COOKIE, EXTR_SKIP);
   } 

FIND:

// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed
before 2.2 is finalized.
   if (function_exists('ini_get')) {
     ini_get('register_globals') or exit('FATAL ERROR: register_globals is disabled in php.ini, please
enable it!');
   } 

REPLACE WITH:
// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed
before 2.2 is finalized.
   /*if (function_exists('ini_get')) {
     ini_get('register_globals') or exit('FATAL ERROR: register_globals is disabled in php.ini, please
enable it!');
   }*/ 

SAVE/CLOSE ALL FILES

  • 132 Users Found This Useful
Was this answer helpful?

Related Articles

Banned Scripts / Applications

Do we have any banned scripts? Yes, for a number of reasons certain scripts and types of script...

Checking for application problems

If your thinking of using a script/application on your website and want to know or want to...

Expression engine and addon domains

Your looking to re-design your website using Expression Engine, however, you are wary of...

CS Cart

Question from customers: From a hosting point of view what are your views on CS-Cart? I'm...

Wordpress - Preventing disasters & hacking

There's a lot you can do to help to protect your site from hacking attempts. Here are a handful...