Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • vinner45
    Sergeant

    • Dec 2007
    • 37

    Security

    Hi ,
    I am very new to web dev.
    Can some one advise , how to set ""PHP register_globals off ""Please
    ,Is it possible thru cpanel or some other way?
    thx
  • navaldesign
    General & Forum Moderator

    • Oct 2005
    • 12080

    #2
    Re: Security

    You need to submit a support ticket
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

    Comment

    • vinner45
      Sergeant

      • Dec 2007
      • 37

      #3
      Re: Security

      Hi
      I did that and they replied

      ''We cannot do this as we use SU_PHP, you would need to upload a
      php.ini file to your public_html folder in order to get around
      this.""
      Please advise
      Thx

      Comment

      • navaldesign
        General & Forum Moderator

        • Oct 2005
        • 12080

        #4
        Re: Security

        Ok, so let's go this way as they have told you:

        To set register_globals off you ned to create a local php.ini file that will override the default values. <however, creating a partial php.ini file, might cause problems, so we will use another method: we will copy the default php.ini file, we will ONLY change the register_globals value to off, and WRITE the file into the folder you like.

        To make things simpler, you should perform the operations that i will describe in the next part, directly into the folder that you want to set register_globals off for.

        1st code:

        <!-- /* SCRIPT NAME: modify_php_ini.php */ -->
        <?php
        // Put all the php.ini parameters you want to change below. One per line.
        // Follow the example format $parm[] = "parameter = value";
        $parm[] = "register_globals = Off";
        // full unix path - location of the default php.ini file at your host
        // you can determine the location of the default file using phpinfo()
        $defaultPath = '/usr/local/lib/php.ini';
        // full unix path - location where you want your custom php.ini file
        //$customPath = "/path/php.ini";
        $customPath = "php.ini";
        // nothing should change below this line.
        if (file_exists($defaultPath)) {
        $contents = file_get_contents($defaultPath);
        $contents .= "\n\n; MODIFIED THE FOLLOWING USER PARAMETERS:\n\n";
        foreach ($parm as $value) $contents .= $value . " \n";
        if (file_put_contents($customPath,$contents)) {
        if (chmod($customPath,0600)) $message = "<b>PHP.INI File modified and copied.</b>";
        else $message = "PROCCESS ERROR - Failed to upadate php.ini.";
        } else {
        $message = "PROCCESS ERROR - Failed to write php.ini file.";
        }
        } else {
        $message = "PROCCESS ERROR - php.ini file not found.";
        }
        echo $message;
        ?>

        Copy this code, paste it in Notepad, and save it as modify_php_ini.php . To achieve this you need to click on Save As, select File Type: All files, and save it as modify_php_ini.php

        2nd code:

        <?php
        phpinfo();
        ?>

        Copy it, paste it in Notepad, and Save As (after selecting File type: All files) phpinfo.php just as you did for the first code.

        Upload both files in your folder (the one for which you wish to change the register_globals value).

        Now, the second code is simply a php command that will display all your php settings. If you want to see for yourself, just type in your browser:

        http://www.yourdomain/com/foldername/phpinfo.php Ofcourse, you need to replace foldername with the actual name of the folder where you have uploaded the files.

        This will display all the info, and will allow you to verify that the loaded php.ini file path is actually /usr/local/lib/php.ini . If the displayed info is, for any reason, different, you need to modify this line:

        $defaultPath = '/usr/local/lib/php.ini';

        in the first code i provided.

        Ok, once you have verified it, let's actually copy, and modify the php.ini file into our folder. We have assumed that you have uploaded the files in the interested folder.

        Type in your browser:

        http://www.yourdomain/com/foldername/modify_php_ini.php

        This will activate the script. It will read the default php.ini file, it will modify the register_globals value to off, and it will place this modified file inside your folder, thus acheiving what you wanted. If the operation is succesfull, you will see this success message:

        PHP.INI File modified and copied.

        Good luck.
        Navaldesign
        Logger Lite: Low Cost, Customizable, multifeatured Login script
        Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
        DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
        Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

        Comment

        • vinner45
          Sergeant

          • Dec 2007
          • 37

          #5
          Re: Security

          thanks Naval
          Please confirm, to make register_global off, do I need to paste the code as it is( as you wrote) or I need to make some changes in it.
          Thanks

          Comment

          • navaldesign
            General & Forum Moderator

            • Oct 2005
            • 12080

            #6
            Re: Security

            Normally, you do not need to make any changes. The only case where a problem could arise, would be if the path to your server php.ini file is not '/usr/local/lib/php.ini' but this is rather improbable. In anycase, the script will report if it has created the local php.ini file or not.

            if you first run the phpinfo.php then you will be able to see the correct path, and if different, modify the other script accordingly.
            Navaldesign
            Logger Lite: Low Cost, Customizable, multifeatured Login script
            Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
            DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
            Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

            Comment

            • Vasili
              Moderator

              • Mar 2006
              • 14683

              #7
              Re: Security

              You make it sound so easy, and as if I should have already known such stuff!
              . VodaWebs....Luxury Group
              * Success Is Potential Realized *

              Comment

              • navaldesign
                General & Forum Moderator

                • Oct 2005
                • 12080

                #8
                Re: Security

                Hi Eric,

                This is a method to override the default settings, that usually is not known to simple users, but are known to whoever builts scripts and needs to perform specific tasks. In example, a client of mine needed to be able to upload files up to 40 Mb, through a form. Normally, VH has this limit set to either 8 or (in some servers) to 20 Mb, so the same method is used to set the max upload file size to a larger number.

                As you understand, i try to provide step by step instructions, because i don't expect the normal user to be familiar with this procedure. However, it actually IS easy when the correct instructions are provided.
                Navaldesign
                Logger Lite: Low Cost, Customizable, multifeatured Login script
                Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                Comment

                • Vasili
                  Moderator

                  • Mar 2006
                  • 14683

                  #9
                  Re: Security

                  Katalveno. Efaristo!

                  (Nikta!)
                  . VodaWebs....Luxury Group
                  * Success Is Potential Realized *

                  Comment

                  • navaldesign
                    General & Forum Moderator

                    • Oct 2005
                    • 12080

                    #10
                    Re: Security

                    Καληνυχτα Eric :)
                    Navaldesign
                    Logger Lite: Low Cost, Customizable, multifeatured Login script
                    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                    Comment

                    • vinner45
                      Sergeant

                      • Dec 2007
                      • 37

                      #11
                      Re: Security

                      Thanks Naval
                      I have downloaded these two codes in my WEB ROOT(public _html)
                      what should I do now Please.
                      How Can I change register global?
                      I am really dumm
                      Thanks

                      Comment

                      • navaldesign
                        General & Forum Moderator

                        • Oct 2005
                        • 12080

                        #12
                        Re: Security

                        Just type in your browser

                        http://www.yourdomain.com/modify_php_ini.php where of course, you replace yourdomain.com with your actual domain name
                        Navaldesign
                        Logger Lite: Low Cost, Customizable, multifeatured Login script
                        Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                        DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                        Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                        Comment

                        • vinner45
                          Sergeant

                          • Dec 2007
                          • 37

                          #13
                          Re: Security

                          Hi Naval
                          I am amazed with quick reply.
                          thx
                          Now when I put following with my domain name
                          http://www.yourdomain/com/foldername/modify_php_ini.php


                          it replied

                          PHP.INI File modified and copied.

                          but when see my cpanel it still says

                          PHP register_globals setting is `ON` instead of `OFF`
                          Please advise
                          THX

                          Comment

                          • navaldesign
                            General & Forum Moderator

                            • Oct 2005
                            • 12080

                            #14
                            Re: Security

                            Seems rather improbable. Did you upload the second file ? if yes, then type in your browser http://www.yourdomain/phpinfo.php to see the actual settings of your site
                            Navaldesign
                            Logger Lite: Low Cost, Customizable, multifeatured Login script
                            Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                            DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                            Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                            Comment

                            • vinner45
                              Sergeant

                              • Dec 2007
                              • 37

                              #15
                              Re: Security

                              I think I made mistake before,I reloaded phpinfo,
                              it worked
                              Now in php configration under php core it shows register-global 'off'
                              but cpanal shows still "on"
                              Please advise

                              Comment

                              Working...
                              X