Hello,shanit said:
Check your global php.ini file and set the option to "register_globals = On" and then restart apache. If you want to enable it for a particular domain, Edit httpd.conf and select the Vhost entry and add "php_admin_flag register_globals on" then restart apache, It will help you
To have register globals On in your php.ini is not suggested as it is very insecure...
either add it in you httpd.conf or you can add it in the .htaccess of that domain
either add it in you httpd.conf or you can add it in the .htaccess of that domain
You can do it for your account by adding the following line in the .htaccess file:shanit said:
php_flag register_globals on
But make sure you cannot alter the php.ini settings with .htaccess when running PHP as cgi/phpsuexec.
Check this link,
http://webhostingtalk.com/showthread.php?t=421482
bijo said:Hello,
Check your global php.ini file and set the option to "register_globals = On" and then restart apache. If you want to enable it for a particular domain, Edit httpd.conf and select the Vhost entry and add "php_admin_flag register_globals on" then restart apache, It will help you
Can someone tell me where to edit the httpd.conf file cause I have several sites that need this register globals on but I dont wanna turn it on in php.ini file cause I hear its really not safe so I wanna edit the httpd.conf
I need to know where to put
php_admin_flag register_globals on
any help is really appreciated thanks so much
Shannon
Open httpd.conf in any editor pico or vi as
vi /usr/local/apache/conf/httpd.conf
search for the domain name for which you want to have register_globals on. Lets say you want to turn register_globals on for domain.com then search domain.com in httpd.conf,you will find a Virtualhost section for domain.com as mentioned below and add php_admin_flag register_globals on in this section as I added:
As I mentioned before you can also do this for a particular site by adding the following line in the public_html/.htaccess file of that site:
php_flag register_globals on
vi /usr/local/apache/conf/httpd.conf
search for the domain name for which you want to have register_globals on. Lets say you want to turn register_globals on for domain.com then search domain.com in httpd.conf,you will find a Virtualhost section for domain.com as mentioned below and add php_admin_flag register_globals on in this section as I added:
Then save the httpd.conf file and restart apache.
As I mentioned before you can also do this for a particular site by adding the following line in the public_html/.htaccess file of that site:
php_flag register_globals on
If you have PHP compiled as Apache module just put php_flag register_globals on into VirtualHosts of needed sites in httpd.conf or the .htaccess that is located in the folder where register_globals should be enabled.
If PHP is compiled as PHPSuExec (CGI) you should put php variables (in our case register_globals) into php.ini in the folder where php scripts are located. Just create php.ini and put the following line:
register_globals = On
PHP variables can be also set in httpd.conf, but make sure they are added correctly as in the example below:
<VirtualHost 127.0.0.1>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
User username
Group username
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>
</VirtualHost>
or just put the following lines into the file .htaccess:
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>
If PHP is compiled as PHPSuExec (CGI) you should put php variables (in our case register_globals) into php.ini in the folder where php scripts are located. Just create php.ini and put the following line:
register_globals = On
PHP variables can be also set in httpd.conf, but make sure they are added correctly as in the example below:
<VirtualHost 127.0.0.1>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
User username
Group username
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>
</VirtualHost>
or just put the following lines into the file .htaccess:
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>
ok for the testing lol
I did set the global registers to on but then i was informed that this is insecure so I changed it back I dont wanna cause anything to make server insecure
thanks for responses everyone i have searched forum as advised cannot say i have been successful cause every version i have downloaded and attempted to install dont work or says it needs upgraded
+++++++++++++++++++++++++++++++++++++++++++++
ihave a test php info page set up http://www.hosting4ptr.com/test.php
This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Extension Manager v1.0.7, Copyright (c) 2003-2005, by Zend Technologies
if you look under the zend it shows its installed
+++++++++++++++++++++++++++++++++++++++++++++
but if you go here where i have accountlabs installed i get this
Zend Optimizer not installed
This file was encoded by the Zend Encoder / Zend SafeGuard Suite
In order to run it, please install the freely available Zend Optimizer, version 2.1.0 or later.
What is the Zend Optimizer?
The Zend Optimizer is one of the most popular PHP plugins for performance-improvement, and has been freely available since the early days of PHP 4. It improves performance by taking PHP's intermediate code through multiple Optimization Passes, which replace inefficient code patterns with efficient code blocks. The replacement code blocks perform exactly the same operations as the original code, only faster.
In addition to performance-improvement, the Zend Optimizer also enables PHP to transparently load files encoded by the Zend Encoder or Zend SafeGuard Suite.
The Zend Optimizer is a freely-available product from Zend Technologies. Zend Technologies is the company that develops the scripting engine of PHP, also known as the Zend Engine.
Thanks
I did set the global registers to on but then i was informed that this is insecure so I changed it back I dont wanna cause anything to make server insecure
thanks for responses everyone i have searched forum as advised cannot say i have been successful cause every version i have downloaded and attempted to install dont work or says it needs upgraded
+++++++++++++++++++++++++++++++++++++++++++++
ihave a test php info page set up http://www.hosting4ptr.com/test.php
This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Extension Manager v1.0.7, Copyright (c) 2003-2005, by Zend Technologies
if you look under the zend it shows its installed
+++++++++++++++++++++++++++++++++++++++++++++
but if you go here where i have accountlabs installed i get this
Zend Optimizer not installed
This file was encoded by the Zend Encoder / Zend SafeGuard Suite
In order to run it, please install the freely available Zend Optimizer, version 2.1.0 or later.
What is the Zend Optimizer?
The Zend Optimizer is one of the most popular PHP plugins for performance-improvement, and has been freely available since the early days of PHP 4. It improves performance by taking PHP's intermediate code through multiple Optimization Passes, which replace inefficient code patterns with efficient code blocks. The replacement code blocks perform exactly the same operations as the original code, only faster.
In addition to performance-improvement, the Zend Optimizer also enables PHP to transparently load files encoded by the Zend Encoder or Zend SafeGuard Suite.
The Zend Optimizer is a freely-available product from Zend Technologies. Zend Technologies is the company that develops the scripting engine of PHP, also known as the Zend Engine.
Thanks
Last edited:
Indeed it is insecure.. but only if you have bad clients on your server and chances for the server to get compromised is high if you provide ssh with register_globals Onshanit said:
It's insecure for a whole lot of more reasons. Basically any php script that uses global variables has the potential to offer a hacker easy access to the server if php code doesn't do proper sanity checking. I fail to see why having SSH access makes it any more or less secure with register_globals.Murtaza_t said:
Other solutions
1.
Use extract() to great the register globals effect: By putting something like :
extract($_POST); or extract($_GET); at the top of the php script will probably help you out no end...
You can do this for every file to make sure the site works.
I personally use extract on $post and $get but provide sanity checking and validation on the user inputted data first
2.
As the other posts mentioned:
For Apache users or webhosters, you can set the
php_flag register_globals on/off in a VirtualHost context. This would enable you to enable this on a specific users account and not give everyone register globals access.
3.
If you're on a shared environment, and have no way of disabling register_globals, this little "unregister_globals" snippet could come in handy:
Other very helpful stuff here: Register globals - php.net
note: Dont forget to do sanity checking and validation of course very important stuff...
Instead of turning this on globally you have two options: (One of them i used myself on a CPanel account with register globals off) :p
1.
Use extract() to great the register globals effect: By putting something like :
extract($_POST); or extract($_GET); at the top of the php script will probably help you out no end...
You can do this for every file to make sure the site works.
I personally use extract on $post and $get but provide sanity checking and validation on the user inputted data first
2.
As the other posts mentioned:
For Apache users or webhosters, you can set the
php_flag register_globals on/off in a VirtualHost context. This would enable you to enable this on a specific users account and not give everyone register globals access.
Although it will work in httpd.conf - putting register globals on in .htaccess will cause an internal server error.
3.
If you're on a shared environment, and have no way of disabling register_globals, this little "unregister_globals" snippet could come in handy:
Code:
<?php
if (@ini_get('register_globals'))
foreach ($_REQUEST as $key => $value)
unset($GLOBALS[$key]);
?>note: Dont forget to do sanity checking and validation of course
very important stuff...