shanit

Well-Known Member
Dec 18, 2005
46
0
156
how do i do this
make sure register globals is set to on in the php.ini file

thats what I have to do to make a site work
thanks
shannon
 

bijo

Well-Known Member
Aug 21, 2004
475
0
166
India
shanit said:
how do i do this
make sure register globals is set to on in the php.ini file

thats what I have to do to make a site work
thanks
shannon
Hello,

Check your global php.ini file and set the option to "register_globals = On" and then restart apache. If you want to enable it for a particular domain, Edit httpd.conf and select the Vhost entry and add "php_admin_flag register_globals on" then restart apache, It will help you ;)
 

shanit

Well-Known Member
Dec 18, 2005
46
0
156
how do you add it to the htaccess file for domain what do i need to add exactly ???

Thanks

Shannon
 

WebScHoLaR

Well-Known Member
Dec 14, 2005
510
3
168
Planet Earth
shanit said:
how do you add it to the htaccess file for domain what do i need to add exactly ???

Thanks

Shannon
You can do it for your account by adding the following line in the .htaccess file:

php_flag register_globals on

But make sure you cannot alter the php.ini settings with .htaccess when running PHP as cgi/phpsuexec.

Check this link,

http://webhostingtalk.com/showthread.php?t=421482
 

shanit

Well-Known Member
Dec 18, 2005
46
0
156
bijo said:
Hello,

Check your global php.ini file and set the option to "register_globals = On" and then restart apache. If you want to enable it for a particular domain, Edit httpd.conf and select the Vhost entry and add "php_admin_flag register_globals on" then restart apache, It will help you ;)

Can someone tell me where to edit the httpd.conf file cause I have several sites that need this register globals on but I dont wanna turn it on in php.ini file cause I hear its really not safe so I wanna edit the httpd.conf

I need to know where to put
php_admin_flag register_globals on

any help is really appreciated thanks so much

Shannon
 

WebScHoLaR

Well-Known Member
Dec 14, 2005
510
3
168
Planet Earth
Open httpd.conf in any editor pico or vi as

vi /usr/local/apache/conf/httpd.conf

search for the domain name for which you want to have register_globals on. Lets say you want to turn register_globals on for domain.com then search domain.com in httpd.conf,you will find a Virtualhost section for domain.com as mentioned below and add php_admin_flag register_globals on in this section as I added:

<VirtualHost 192.168.0.1>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
User username
Group username
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
php_admin_flag register_globals on
</VirtualHost>
Then save the httpd.conf file and restart apache.

As I mentioned before you can also do this for a particular site by adding the following line in the public_html/.htaccess file of that site:

php_flag register_globals on
 

ser_pros

Registered
Oct 8, 2004
4
0
151
If you have PHP compiled as Apache module just put php_flag register_globals on into VirtualHosts of needed sites in httpd.conf or the .htaccess that is located in the folder where register_globals should be enabled.

If PHP is compiled as PHPSuExec (CGI) you should put php variables (in our case register_globals) into php.ini in the folder where php scripts are located. Just create php.ini and put the following line:

register_globals = On

PHP variables can be also set in httpd.conf, but make sure they are added correctly as in the example below:

<VirtualHost 127.0.0.1>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
User username
Group username
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>

</VirtualHost>

or just put the following lines into the file .htaccess:
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>
 

shanit

Well-Known Member
Dec 18, 2005
46
0
156
ok for the testing lol

I did set the global registers to on but then i was informed that this is insecure so I changed it back I dont wanna cause anything to make server insecure

thanks for responses everyone i have searched forum as advised cannot say i have been successful cause every version i have downloaded and attempted to install dont work or says it needs upgraded

+++++++++++++++++++++++++++++++++++++++++++++

ihave a test php info page set up http://www.hosting4ptr.com/test.php
This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Extension Manager v1.0.7, Copyright (c) 2003-2005, by Zend Technologies
if you look under the zend it shows its installed

+++++++++++++++++++++++++++++++++++++++++++++

but if you go here where i have accountlabs installed i get this
Zend Optimizer not installed
This file was encoded by the Zend Encoder / Zend SafeGuard Suite

In order to run it, please install the freely available Zend Optimizer, version 2.1.0 or later.

What is the Zend Optimizer?
The Zend Optimizer is one of the most popular PHP plugins for performance-improvement, and has been freely available since the early days of PHP 4. It improves performance by taking PHP's intermediate code through multiple Optimization Passes, which replace inefficient code patterns with efficient code blocks. The replacement code blocks perform exactly the same operations as the original code, only faster.

In addition to performance-improvement, the Zend Optimizer also enables PHP to transparently load files encoded by the Zend Encoder or Zend SafeGuard Suite.

The Zend Optimizer is a freely-available product from Zend Technologies. Zend Technologies is the company that develops the scripting engine of PHP, also known as the Zend Engine.




Thanks
 
Last edited:

Murtaza_t

Well-Known Member
Jan 24, 2005
476
0
166
Earth
cPanel Access Level
Website Owner
shanit said:
I did set the global registers to on but then i was informed that this is insecure so I changed it back I dont wanna cause anything to make server insecure

thanks for responses everyone i have searched forum as advised cannot say i have been successful cause every version i have downloaded and attempted to install dont work or says it needs upgraded
ihave a test php info page set up http://www.hosting4ptr.com/test.php
if you look under the zend it shows its installed

Thanks
Indeed it is insecure.. but only if you have bad clients on your server and chances for the server to get compromised is high if you provide ssh with register_globals On
 

shanit

Well-Known Member
Dec 18, 2005
46
0
156
with a quickness

Murtaza_t said:
Indeed it is insecure.. but only if you have bad clients on your server and chances for the server to get compromised is high if you provide ssh with register_globals On


man your fast lol :)
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,462
25
473
Go on, have a guess
Murtaza_t said:
Indeed it is insecure.. but only if you have bad clients on your server and chances for the server to get compromised is high if you provide ssh with register_globals On
It's insecure for a whole lot of more reasons. Basically any php script that uses global variables has the potential to offer a hacker easy access to the server if php code doesn't do proper sanity checking. I fail to see why having SSH access makes it any more or less secure with register_globals.
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
Other solutions

I did set the global registers to on but then i was informed that this is insecure so I changed it back I dont wanna cause anything to make server insecure
Instead of turning this on globally you have two options: (One of them i used myself on a CPanel account with register globals off) :p

1.

Use extract() to great the register globals effect: By putting something like :
extract($_POST); or extract($_GET); at the top of the php script will probably help you out no end...
You can do this for every file to make sure the site works.

Do not use extract() on untrusted data, like user-input ($_GET, ...). If you do, for example, if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini.

I personally use extract on $post and $get but provide sanity checking and validation on the user inputted data first


2.

As the other posts mentioned:
For Apache users or webhosters, you can set the
php_flag register_globals on/off in a VirtualHost context. This would enable you to enable this on a specific users account and not give everyone register globals access.

To have register globals On in your php.ini is not suggested as it is very insecure...
either add it in you httpd.conf or you can add it in the .htaccess of that domain
Although it will work in httpd.conf - putting register globals on in .htaccess will cause an internal server error.

3.

If you're on a shared environment, and have no way of disabling register_globals, this little "unregister_globals" snippet could come in handy:
Code:
<?php
if (@ini_get('register_globals'))
   foreach ($_REQUEST as $key => $value)
       unset($GLOBALS[$key]);
?>
Other very helpful stuff here: Register globals - php.net
note: Dont forget to do sanity checking and validation of course :) very important stuff...