Tuesday, August 01, 2006

osCommerce 2.2 and PHP 5.2

osCommerce 2.2ms2
PHP 5.2.0RC2-dev

Driven by the desire to be able to use slick web site templates provided by TemplateMonster, I discovered I would need to install osCommerce. TemplateMonster has web site templates that run on osCommerce 2.2.

osCommerce is an online shop e-commerce solution that offers a wide range of out-of-the-box features that allows online stores to be setup fairly quickly with ease and is available for free as an Open Source based solution.

osCommerce can be installed on any server where a web server is running that has been installed with PHP.

NOTE: The following few paragraphs describe my attempt to get this working by manually installing each app. I scrapped my manual installation of these apps and went with XAMPP's installation instead. The details are further down in the post.


So to get started I installed a PHP Hypertext Preprocessor on my server running Apache 2.2. After two failed attempts with PHP 4.4.2 and PHP 5.1.4, I discovered that I had to use PHP 5.2.0RC2-dev, which is the only version that runs on Apache 2.2. I'm hoping for a release version soon.

I unzipped the zip file to c:\php and followed the directions outlined in the install.txt file.

Highlights:
Added "c:\php" to my PATH environment variable.
Added to Apache httpd.conf:
LoadModule php5_module "c:/php/php5apache2_2.dll"
AddType application/x-httpd-php .php
PHPIniDir "C:/php"

Tested the PHP installation with a simple test.php file that I stuck in my default Apache doc folder:
C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\test.php

The contents of test.php are:
<?phpinfo()?>

Then just browse to http://localhost/test.php and you should get a page showing a bunch of system info. NOTE: I had to use the php.ini-dist file instead of the php.ini-recommended file to get test.php to display anything. I didn't compare the two to find out why.

Installing osCommerce
Looks like there are problems getting osCommerce to run with PHP5.

The milestone release that I have claims to have fixed some PHP5 issues. Continuing with installation. Follow directions in documentation.pdf.

php.ini - turned register_globals On

Step 2 of osCommerce install does not work.

Added "php_value register_long_arrays 1" to htdocs/catalog/.htaccess file.
(didn't help)

XAMPP to the rescue!!

After unsuccessful efforts to get it working, I decided to scrap it all and use XAMPP, an easy to install Apache distribution containing MySQL, PHP, Perl and a bunch of other apps, including an add on install for Tomcat.

I used the Windows installer version of XAMPP. Then I used the Windows installer version of the Tomcat add-on.

Other things:
Enabled innodb engine in mySQL because I wanted full transaction support in my databases. Modified ..\xampp\mysql\bin\my (no extension). Commented out:
#skip-innodb
Uncommented all the innodb lines after the skip-innodb line. I also increased most of the memory settings throughout the file since I have more the 64M on my machine.

Set jvm memory settings for Tomcat.
Modified ..\xampp\tomcat_start.bat. Added line:
set JAVA_OPTS=-xms256m -xmx256m

After installing Tomcat as a service as mentioned below, I ran ..\tomcat\bin\tomcat5w.exe to set memory options, since the service does not use tomcat_start.bat.

Enabled name-based virtual hosts.
Modified ..\xampp\apache\conf\httpd.conf. Uncommented lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_http_proxy.so
Include conf/extra/httpd-vhosts.conf

Modified ..\xampp\apache\conf\extra\httpd-vhosts.conf. Uncommented line:
NameVirtualHost *:80

Added in all my virtual hosts.

Used apache -S and apache -t at a command prompt to check syntax.

NOTE: I did have a problem because I copied the sample virtual host entries in httpd-vhosts.conf and then modified them. I assumed that @rel_logfiledir@ was some sort of macro and just left it in my virtual host definitions for the error logs. This caused apache to fail on startup with a message in the Windows Event Viewer as follows:

The Apache2 service terminated with service-specific error 1 (0x1).

After a bit of trial and error, I figured out it was the @rel_logfiledir@ that was causing the problem.

I went through the security section of the docs and secured everything as was suggested. I downloaded and installed mySQL Administrator and mySQL Query Browser from mysql.com since I am more familiar with those mySQL tools than the ones that come bundled with XAMPP.

osCommerce Installation
Unzipped and followed instructions in documentation.pdf.
xampp\apache\bin\php.ini - turned register_globals On
Everything installed fine following the instructions in the pdf and on screen.

Address Some Security Warnings
When I ran the default osCommerce catalog site, I had two warnings at the top. The first advised me to delete the install folder for security reasons. The second said:

Warning: I am able to write to the configuration file: C:/Program Files/xampp/htdocs/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

I just had to make the file read only.

I discovered that the osCommerce administration tools were wide open to anyone savvy enough to browse to the \catalog\admin URL.

Securing the osCommerce Admin Tools
Create an adminosc user in apache. The following command does this and asks for a password:

C:\Program Files\xampp\apache\bin>htpasswd -c "c:\program files\xampp\apache\passwd\passwords" adminosc

Add the following to httpd.conf to secure the admin directory:

<directory>
AuthType Basic
AuthName "osCommerce Admin Files"
AuthUserFile "C:/Program Files/xampp/apache/passwd/passwords"
Require user adminosc
</directory>

Email
Although XAMPP comes with Mercury Mail Transport, I didn't want to deal with configuring a mail server on my server, so I decided to just use my ISP's mail server for all email needs.

I was having trouble getting email to work using my ISP's mail server. I had to:


  • Change php.ini's email settings (SMTP = mail.xmission.com). Left other settings commented out, except smtp_port of course.

  • Changed the tep_mail function in \xampp\htdocs\shop\includes\functions\general.php as suggested here.

  • Changed settings in osCommerce admin's E-mail Options page. Changed "E-Mail Transport Method" to smtp and "E-Mail Linefeeds" to CRLF since I'm running on a Windows box.

Tomcat
Configure Tomcat to run as a service. By default, the XAMPP installation provides batch files to start and stop Tomcat. I want to run it as a service so that when the system reboots, I don't have to login to start Tomcat.

To run Tomcat as a service, simple open a cmd prompt here \xampp\tomcat\bin and type:

service.bat install

Then open the Services control panel, edit the properties of the newly installed service and change startup type to "automatic" instead of "manual".

Changed the Logon user of the service to use a tomcat user account that I setup. Didn't want the Tomcat service running under an admin account for security reasons. I edited the tomcat folder security settings, giving full control to this user as well.

tomcat user
  • Member of "Users"
  • User cannot change password
  • Password never expires

No comments: