The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help needed with php configuration

Discussion in 'General Discussion' started by mpi, Apr 6, 2006.

  1. mpi

    mpi Well-Known Member

    Joined:
    Mar 29, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    after digging through my code a bit more, i found out that it's a problem with php itself installed on the server.....

    for example, on other servers i can do this:

    if ($download_bcn_file)
    {
    .
    .
    .
    }
    <input type="submit" name="download__bcn_file" value="Click Here to start Download">

    php doesn't even let me do that on this server! so i've spent the last hour or so trying to find a way around it......

    if you have even a smallest clue on how to fix this so it allows the above, plz let me know.

    P.S. i have root and shell access.

    thx in advance.
     
  2. mpi

    mpi Well-Known Member

    Joined:
    Mar 29, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    dsads

    nevermind, i figured it out.

    register globals was off. turned it on and the script excecuted fine. :D
     
  3. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Enabling Register_Globals server wide is really a security risk. You would be better enabling it using a .htaccess file.
     
  4. mpi

    mpi Well-Known Member

    Joined:
    Mar 29, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    sadsa

    how can i do it with htaccess? and why with htaccess?
     
  5. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Agreed. register_globals shouldn't really ever be turned on.

    register_globals merely lets POSTed and GETed values to be accessed directly via the same field name.

    For example the URL:

    Code:
    http://www.example.com/example.php?param1=bob&param2=beer
    would give example.php the variables $param1 and $param2 with the respective values 'bob' and 'beer' if register_globals were turned on. If it were turned off, $param1 and $param2 would not, by default, exist.

    However these types of values can, and should, be accessed through the superglobal arrays $_POST and $_GET for, unsurprisingly, POSTed and GETed variables.

    Following the above example URL, you would be able to access the parameters through $_GET['param1'] and $_GET['param2'].

    My advice would be to turn register_globals off, in fact forget it even exists (as of PHP 6 it won't) and use $_POST and $_GET instead.
     
  6. mpi

    mpi Well-Known Member

    Joined:
    Mar 29, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    dsa

    thx for the advice but it would take way to long to recode everything so it works with glob"it" turned off. although i know the right thing would be to re-code.

    lets say i have it turned on, and a user goes to my website like:

    mydomain.com/index.php?id=dangerous-value

    as long as i don't use $id anywhere in my code, i'll be fine...right?

    but it so happens that i am using $id....so i have for example:

    $id = urlencode(stripslashes($id)); //protect against mysql injection

    as long as i do that for EVERY variable, there shouldn't be any "risk"...right?
     
Loading...

Share This Page