The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Register globals in php.ini

Discussion in 'General Discussion' started by shanit, Dec 23, 2005.

  1. shanit

    shanit Well-Known Member

    Joined:
    Dec 18, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    how do i do this
    make sure register globals is set to on in the php.ini file

    thats what I have to do to make a site work
    thanks
    shannon
     
  2. bijo

    bijo Well-Known Member

    Joined:
    Aug 21, 2004
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Hello,

    Check your global php.ini file and set the option to "register_globals = On" and then restart apache. If you want to enable it for a particular domain, Edit httpd.conf and select the Vhost entry and add "php_admin_flag register_globals on" then restart apache, It will help you ;)
     
  3. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    To have register globals On in your php.ini is not suggested as it is very insecure...
    either add it in you httpd.conf or you can add it in the .htaccess of that domain
     
  4. shanit

    shanit Well-Known Member

    Joined:
    Dec 18, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    how do you add it to the htaccess file for domain what do i need to add exactly ???

    Thanks

    Shannon
     
  5. WebScHoLaR

    WebScHoLaR Well-Known Member

    Joined:
    Dec 14, 2005
    Messages:
    511
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Planet Earth
    You can do it for your account by adding the following line in the .htaccess file:

    php_flag register_globals on

    But make sure you cannot alter the php.ini settings with .htaccess when running PHP as cgi/phpsuexec.

    Check this link,

    http://webhostingtalk.com/showthread.php?t=421482
     
  6. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    Yes, thats correct.
     
  7. shanit

    shanit Well-Known Member

    Joined:
    Dec 18, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6

    Can someone tell me where to edit the httpd.conf file cause I have several sites that need this register globals on but I dont wanna turn it on in php.ini file cause I hear its really not safe so I wanna edit the httpd.conf

    I need to know where to put
    php_admin_flag register_globals on

    any help is really appreciated thanks so much

    Shannon
     
  8. WebScHoLaR

    WebScHoLaR Well-Known Member

    Joined:
    Dec 14, 2005
    Messages:
    511
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Planet Earth
    Open httpd.conf in any editor pico or vi as

    vi /usr/local/apache/conf/httpd.conf

    search for the domain name for which you want to have register_globals on. Lets say you want to turn register_globals on for domain.com then search domain.com in httpd.conf,you will find a Virtualhost section for domain.com as mentioned below and add php_admin_flag register_globals on in this section as I added:

    Then save the httpd.conf file and restart apache.

    As I mentioned before you can also do this for a particular site by adding the following line in the public_html/.htaccess file of that site:

    php_flag register_globals on
     
  9. ser_pros

    ser_pros Registered

    Joined:
    Oct 8, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    If you have PHP compiled as Apache module just put php_flag register_globals on into VirtualHosts of needed sites in httpd.conf or the .htaccess that is located in the folder where register_globals should be enabled.

    If PHP is compiled as PHPSuExec (CGI) you should put php variables (in our case register_globals) into php.ini in the folder where php scripts are located. Just create php.ini and put the following line:

    register_globals = On

    PHP variables can be also set in httpd.conf, but make sure they are added correctly as in the example below:

    <VirtualHost 127.0.0.1>
    ServerAlias www.domain.com domain.com
    ServerAdmin webmaster@domain.com
    DocumentRoot /home/username/public_html
    BytesLog domlogs/domain.com-bytes_log
    ServerName www.domain.com
    User username
    Group username
    CustomLog domlogs/domain.com combined
    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
    <IfModule mod_php4.c>
    php_flag register_globals on
    </IfModule>

    </VirtualHost>

    or just put the following lines into the file .htaccess:
    <IfModule mod_php4.c>
    php_flag register_globals on
    </IfModule>
     
  10. shanit

    shanit Well-Known Member

    Joined:
    Dec 18, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    ok for the testing lol

    I did set the global registers to on but then i was informed that this is insecure so I changed it back I dont wanna cause anything to make server insecure

    thanks for responses everyone i have searched forum as advised cannot say i have been successful cause every version i have downloaded and attempted to install dont work or says it needs upgraded

    +++++++++++++++++++++++++++++++++++++++++++++

    ihave a test php info page set up http://www.hosting4ptr.com/test.php
    This program makes use of the Zend Scripting Language Engine:
    Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Extension Manager v1.0.7, Copyright (c) 2003-2005, by Zend Technologies
    if you look under the zend it shows its installed

    +++++++++++++++++++++++++++++++++++++++++++++

    but if you go here where i have accountlabs installed i get this
    Zend Optimizer not installed
    This file was encoded by the Zend Encoder / Zend SafeGuard Suite

    In order to run it, please install the freely available Zend Optimizer, version 2.1.0 or later.

    What is the Zend Optimizer?
    The Zend Optimizer is one of the most popular PHP plugins for performance-improvement, and has been freely available since the early days of PHP 4. It improves performance by taking PHP's intermediate code through multiple Optimization Passes, which replace inefficient code patterns with efficient code blocks. The replacement code blocks perform exactly the same operations as the original code, only faster.

    In addition to performance-improvement, the Zend Optimizer also enables PHP to transparently load files encoded by the Zend Encoder or Zend SafeGuard Suite.

    The Zend Optimizer is a freely-available product from Zend Technologies. Zend Technologies is the company that develops the scripting engine of PHP, also known as the Zend Engine.




    Thanks
     
    #10 shanit, Dec 26, 2005
    Last edited: Dec 26, 2005
  11. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    Indeed it is insecure.. but only if you have bad clients on your server and chances for the server to get compromised is high if you provide ssh with register_globals On
     
  12. shanit

    shanit Well-Known Member

    Joined:
    Dec 18, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    with a quickness



    man your fast lol :)
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's insecure for a whole lot of more reasons. Basically any php script that uses global variables has the potential to offer a hacker easy access to the server if php code doesn't do proper sanity checking. I fail to see why having SSH access makes it any more or less secure with register_globals.
     
  14. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Other solutions

    Instead of turning this on globally you have two options: (One of them i used myself on a CPanel account with register globals off) :p

    1.

    Use extract() to great the register globals effect: By putting something like :
    extract($_POST); or extract($_GET); at the top of the php script will probably help you out no end...
    You can do this for every file to make sure the site works.


    I personally use extract on $post and $get but provide sanity checking and validation on the user inputted data first


    2.

    As the other posts mentioned:
    For Apache users or webhosters, you can set the
    php_flag register_globals on/off in a VirtualHost context. This would enable you to enable this on a specific users account and not give everyone register globals access.

    Although it will work in httpd.conf - putting register globals on in .htaccess will cause an internal server error.

    3.

    If you're on a shared environment, and have no way of disabling register_globals, this little "unregister_globals" snippet could come in handy:
    Code:
    <?php
    if (@ini_get('register_globals'))
       foreach ($_REQUEST as $key => $value)
           unset($GLOBALS[$key]);
    ?>
    
    Other very helpful stuff here: Register globals - php.net
    note: Dont forget to do sanity checking and validation of course :) very important stuff...
     
Loading...

Share This Page