Installing Via FTP
Installation Background
- Setting the Permissions
- Setting up your database
Running the install script
- Start Installation
Secure your new site

Installing Via FTP

Installation Background

Upload the /catalog and sub-directories to your server.

The files and directory structure must be uploaded to your web server. This can accomplished in several different ways. Use whatever method is most familiar to you, i.e., unzipping the zip archive to your local computer and using your favorite FTP program to upload those files, or using SSH to tar/unzip on your server to avoid the tedium of downloading and re-uploading.

The files can be uploaded to the document root, or any other subdirectory, like /catalog.

Note: If you are using FTP to upload files, you must upload all PHP files in ASCII mode, not binary. In our examples, we upload the files to the /catalog subdirectory.

If you have never looked at the oscommerce archive before, the basic directory structure looks like this:

         osCMax.zip
               /catalog
                  /admin

First, upload the /catalog directory and all the directories and files it contains to your document root (public_html or www). When you are finished uploading, your basic directory tree should look like this:

             /public_html
                /catalog
                    /admin
                         /images
                         /includes
                    /download
                    /images
                    /includes
                    /install

Setting the Permissions

Set the permissions on /catalog/includes/configure.php and /catalog/admin/includes/configure.php to chmod 777 if on a Unix/Linux system. (Please note there are two files to do here.)

Setting file permissions correctly will allow the installation script to write to the configure.php files. So, after they are uploaded you can use telnet, ssh, or your favorite FTP client to set the file permissions. CHMOD 777 will set the correct permissions for installation.

For osCMax 2.0.15, see the warning on the main installation page

Setting up your database

Using phpMyAdmin or other tool, create your database and user, and assign that user to the database.

This section provides instructions using phpMyAdmin to create a database and user, and assign that user to the database. These steps are necessary BEFORE you run the install script.

Note:You do not need to create the database beforehand if your MySQL account has permissions to create new databases.

On the opening screen of phpMyAdmin, under the MySql heading, you will see a text box. Enter the name of your database here, and click the create button. This creates your database.

Click the Home link in the left frame. Then click the users link.
On the next page, select the database that you want to assign this user to. Enter the host name (usually localhost), enter the username, and password. Check all the privileges available and click go. This creates the user and assigns the user to the correct db.

Note: Many virtual hosts do not allow this type of access through phpmyadmin, and instead provide you with another way to create your databases and users through your hosting control panel. Check with your host.

Running the install script

Start Installation

Watch Installation Video - This video shows the entire installation process start to finish.

Open your browser of choice - (I would recommend using Firefox)
Type http://yourserver.com/catalog/install/index.php into the URL bar - obviously, you need to swap yourserver.com to your actual server!
You should now see this screen.

Screen 1

Click Continue

Screen 2

Fill out all your Database Server information on this page

Click the Continue Button
You should see the yellow box (bottom left) change to say “The database structure is now being imported. Please be patient during this procedure.”
You should now see the yellow box change to say “Database imported successfully”

Screen 3

The information should be pre-populated for you - please check it is accurate.
Click Continue

Screen 4

Enter the information you want for the admin section
- Store Name :: Your store name
- Store Owner First Name :: Your first name
- Store Owner Last Name :: Your last name
- Store Owner's Email Address :: Your store email address
- Administrator Username :: Your login username
- Administrator Password :: Your login password (do not lose this!)

Next, the install script will attempt to access your configure.php files. If the permissions are wrong, you will get error messages, and a “Retry” button. Set the permissions correctly and retry.

Screen 5

FINISHED!
Click on Catalog or Administration Tool

Secure your new site

Please ensure that you read everything in this section and also this page on setting up security.

Re-set the permissions on /catalog/includes/configure.php and /catalog/admin/includes/configure.php to chmod 444

This is important to ensure security of your configuration. CHMOD 444 the above files. This can be done through telnet, ssh, or an FTP client. If on a Windows server, you will need to right click the configure.php files and select 'properties' in the context menu. Once on the properties page, check the 'Read Only' checkbox, click Apply, and OK.

The most common cause of hacks is code inserted into unprotected files and folders.

Folders should be CHMOD to a maximum of 755.
Files should be CHMOD to a maximum of 644.
Both configure files should be a maximum of 444.

However, if you are using suPHP on your server (ask your host if you are not sure or run this suPHP check) then …

Files should be CHMOD to a maximum of 600.
Both configure files should be a maximum of 400

If you are a slightly more advanced user you can use a tip from Michael_S for setting this directly on the server.

These commands can be run from the linux command line or from an executable file via cronjob.

Here is the command run to set all directories:

find . -type d -exec chmod 755 {} ;

Here is the command run to set all php files:

find . -type f -name “*.php” | xargs chmod 644

With this permissions configuration, it is not secure to keep backups on your server. You should download the backup to your local computer, and never store the backup on the web server. Optional Password protect your /catalog/admin dir using .htaccess

Securing your admin directory

Your admin section should be password protected. The easiest way to do this is to use .htpasswd and .htaccess to secure the directory. If you are not sure how to do this, please follow the procedure outlined below:

Add this code to your .htaccess file

          AuthType Basic
          AuthName "Locked Area"
          AuthUserFile /home/youraccount/.htpasswds/admin/passwd
          require valid-user

Next, create your .htpasswd file. There are several ways to do this, but here is a non-linux users way: go to this web site http://www.kelv.net/programming/htaccess/ and follow the instructions!

See Also .htaccess Instructions and setting up security Add to your DirectoryIndex statement and include the following : index.php This can be done in the Apache httpd.conf file if you have root access, or can be done in an .htaccess file in your /catalog dir.

Controlling the index page of your site

This is the .htaccess method for adding the DirectoryIndex statement.

Create a plain text file using a text editor.
Add this statement : DirectoryIndex index.php index.htm index.html
Save the file as .htaccess (note the period before the h)
Upload it to your /catalog directory

This tells the server to look for index.php as the index page in the /catalog directory, so you can access your catalog by the url http://www.yoursite.com/catalog/ instead of having to include the filename like this http://www.yoursite.com/catalog/index.php.

The default, preconfigured login is:
- User name: admin@localhost.com
- Password: admin

It is advised that once you login, you immediately change these credentials to something that only you know. See this document for instructions on how to do this: Changing Default Login