Turn on register_globals for one account in suphp?

zigzam

Well-Known Member
May 9, 2005
206
0
166
Is it possible to turn on register_globals for one account only on a server running suphp?
 

sparek-3

Well-Known Member
Aug 10, 2002
2,039
229
368
cPanel Access Level
Root Administrator
These are instructions for doing this with Apache 1.3, not using cPanel's suPHP solution, but I suspect that the directions are the same or very similar.

You would have to copy the server-wide php.ini to a different directory and then change that new version of the php.ini file so that register_globals is on.

You would then need to specify that path for that specific VirtualHost within the httpd.conf file using the suPHP_ConfigPath directive to point to that new php.ini file.

For example, say you have an account domain.com.

The account has an osCommerce install at domain.com/store that needs register_globals enabled.

For the sake of argument, your server-wide php.ini file is located at /usr/local/Zend/etc/php.ini.

Create a new directory and copy that php.ini to that directory.

Code:
mkdir -p /usr/local/Zend/register-enabled
cp /usr/local/Zend/etc/php.ini /usr/local/Zend/register-enabled
Now edit the new version of that php.ini file (I use vi, but any other command line text editor will suffice)

Code:
vi /usr/local/Zend/register-enabled/php.ini
You will have to find where register_globals is defined and changed Off to On.

Save the file

Now edit the Apache configuration file.

Code:
vi /etc/httpd/conf/httpd.conf
Find the specific VirtualHost section.

If there is a section in the VirtualHost that reads:

<IfModule mod_suphp.c>
.
.
</IfModule>


Then add this line of code within that <IfModule> bracket:

Code:
<Location /store>
suPHP_ConfigPath /usr/local/Zend/register-enabled
</Location>
The <IfModule mod_suphp.c> would not be completely necessary, but in general is a good rule of thumb.

The important aspects are the suPHP_ConfigPath line which defines which configuration files to use. And the <Location> bracket which basically says to use this php.ini file when accessing files under the /store directory on this website.

Important Note: The suPHP_ConfigPath only needs to point to the directory where the php.ini file is located in. It does not need to include the full path including the php.ini filename.
 

zigzam

Well-Known Member
May 9, 2005
206
0
166
Thank you very much for that in depth post. Will this work with Apache 2?
 

sparek-3

Well-Known Member
Aug 10, 2002
2,039
229
368
cPanel Access Level
Root Administrator
I haven't yet made done any work with Apache2. I would like to test it out on a testing server, now that cPanel 11 is coming out and try and get a general feel for it, but its been difficult finding time to do that. Hopefully I'll get around to that sometime within the next few weeks.

I don't see why this would not work with Apache2. The suPHP_ConfigPath is a part of suPHP. The only question would be whether or not Apache2 supports <Location> tags within the VirtualHost like Apache 1.3 did (the documentation seems to say so) and whether or not Apache2 support <IfModule> tags within the VirtualHost (which again the documentation seems to say so). I do not see any reason why this would not work.

If you are using cPanel 11 with Apache2 and with suPHP, then cPanel may have an ultra simple method for doing this that I am just not aware of.
 

mehrdad abed

Well-Known Member
Mar 18, 2006
128
0
166
I tried to change php directives it by importing a new php.ini using suPHP_ConfigPath in httpd.conf, but it dosent work,
apache 2
php 5.1.6
 

WhmSonic

Well-Known Member
Mar 19, 2007
46
0
156
Hello,
If your customer coding his own php script. Tell to use this
PHP:
<?
ini_set('register_globals', 'on');
import_request_variables("cpg");
?>
If you add this to any php script head, It will open register_globals for currently running script or page. But your customer will be need to add this code to his/her all php page's. Otherwise register_global will not work.
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
Thank you very much for that in depth post. Will this work with Apache 2?
Yes ... Absolutely

I use this method to set custom PHP options for individual accounts
in both Apache 2.0.59 and Apache 2.2.3 servers on a regular basis.
 

shadowspid

Active Member
Nov 28, 2002
31
2
158
These are instructions for doing this with Apache 1.3, not using cPanel's suPHP solution, but I suspect that the directions are the same or very similar.

You would have to copy the server-wide php.ini to a different directory and then change that new version of the php.ini file so that register_globals is on.

You would then need to specify that path for that specific VirtualHost within the httpd.conf file using the suPHP_ConfigPath directive to point to that new php.ini file.

For example, say you have an account domain.com.

The account has an osCommerce install at domain.com/store that needs register_globals enabled.

For the sake of argument, your server-wide php.ini file is located at /usr/local/Zend/etc/php.ini.

Create a new directory and copy that php.ini to that directory.

Code:
mkdir -p /usr/local/Zend/register-enabled
cp /usr/local/Zend/etc/php.ini /usr/local/Zend/register-enabled
Now edit the new version of that php.ini file (I use vi, but any other command line text editor will suffice)

Code:
vi /usr/local/Zend/register-enabled/php.ini
You will have to find where register_globals is defined and changed Off to On.

Save the file

Now edit the Apache configuration file.

Code:
vi /etc/httpd/conf/httpd.conf
Find the specific VirtualHost section.

If there is a section in the VirtualHost that reads:

<IfModule mod_suphp.c>
.
.
</IfModule>


Then add this line of code within that <IfModule> bracket:

Code:
<Location /store>
suPHP_ConfigPath /usr/local/Zend/register-enabled
</Location>
The <IfModule mod_suphp.c> would not be completely necessary, but in general is a good rule of thumb.

The important aspects are the suPHP_ConfigPath line which defines which configuration files to use. And the <Location> bracket which basically says to use this php.ini file when accessing files under the /store directory on this website.

Important Note: The suPHP_ConfigPath only needs to point to the directory where the php.ini file is located in. It does not need to include the full path including the php.ini filename.

just checking for the above instructions to be carried out.. what are the pre-requistes?
enable or install suphp from whm?

anyone wrote a how-to from this instructions? am not very good at this.. need some step-by-step help.
just need to enable register_globals=on for 1 site... :(
 
Last edited:

psychodreams

Well-Known Member
Apr 14, 2004
84
0
156
:)

You could try uploading a copy of the php.ini into that user directory that needs it with his specs changed I dont know how you have configured but i have suphp with apache compiled with phpsuexec and users can upload there own php.ini;s to directories that need it works great if for some reason they get hacked it doesnt spread across other users account just theres
 

sparek-3

Well-Known Member
Aug 10, 2002
2,039
229
368
cPanel Access Level
Root Administrator
just checking for the above instructions to be carried out.. what are the pre-requistes?
enable or install suphp from whm?

anyone wrote a how-to from this instructions? am not very good at this.. need some step-by-step help.
just need to enable register_globals=on for 1 site... :(
In order for these instructions to work, you have to have suPHP enabled on your server and running PHP through suPHP. I really do not know anything about cPanel's suPHP offering. I think it is only available in EasyApache3 and for Apache2, but I may be mistaken there.

In short, if you've never explicitly enabled or seen anything in regards to suPHP, chances are that you are not runnning PHP with suPHP. If you've never made any changes to your server, chances are PHP is running as an Apache module. If that is the case, you should be able to just add in the .htaccess file in the public_html directory of the affected account:

php_flag register_globals on

However, personally in regards to register_globals (and to go a little off-topic) I would question whether or not the script is up-to-date. If a script is requiring register_globals to be on in order to work, then this raises a red flag that the script is not up-to-date or the developers of the script don't care enough about the security of their product.
 

shadowspid

Active Member
Nov 28, 2002
31
2
158
However, personally in regards to register_globals (and to go a little off-topic) I would question whether or not the script is up-to-date. If a script is requiring register_globals to be on in order to work, then this raises a red flag that the script is not up-to-date or the developers of the script don't care enough about the security of their product.
yes .. the developers of one of my client did not do a good job.
i had to set register_globals = on
only for this one client.

and i would like to secure the rest of my account from being breeched.

hmm i remembered seeing that suPHP thing somewhere in my server, but i can't remember.
i think suPHP only avail in php5? i may be wrong on this.

i am running apache1 w/ php4.4.6 so i guess i will try your method on the .htaccess method.
 

SoftDux

Well-Known Member
May 27, 2006
1,023
5
168
Johannesburg, South Africa
cPanel Access Level
Root Administrator
This doesn't work for PHP 5.0.5

The error I get is:

[Wed Jun 20 11:19:43 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 11:19:43 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 11:06:21 2007] [error] [client 198.54.202.130] File does not exist: /home/itprinte/public_html/call-logging/404.shtml
[Wed Jun 20 11:06:21 2007] [error] [client 198.54.202.130] File does not exist: /home/itprinte/public_html/call-logging/ase.gif
[Wed Jun 20 11:01:58 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 11:01:58 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 11:00:30 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'ini_set('register_globals',', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 11:00:30 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'ini_set('register_globals',', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 10:58:18 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'register_globals', perhaps mis-spelled or defined by a module not included in the server configuration
[Wed Jun 20 10:58:18 2007] [alert] [client 198.54.202.130] /home/itprinte/public_html/call-logging/.htaccess: Invalid command 'register_globals', perhaps mis-spelled or defined by a module not included in the server configuration
As you can see, I tried various ways. Any suggestions?
 

sparek-3

Well-Known Member
Aug 10, 2002
2,039
229
368
cPanel Access Level
Root Administrator
php_flag, php_admin_value, and other php_ directives will only work if you are running PHP as an Apache module. These directives are part of the PHP apache module. If the PHP apache module is not loaded in your apache configuration, then Apache is not going to know what php_flag means.

I suspect that you are running php as CGI either with phpsuexec or suphp. In which case, you won't be able to use php_flag or other php_ based directives.

There are basically two ways of running PHP. As an Apache module or as CGI. If you are running PHP as CGI then you can use various different ways to do this, you need some type of Apache wrapper. This is accomplished by using phpsuexec, suphp, or a custom written wrapper.

Basically in terms of PHP, it is either run in one of two ways:

PHP as an Apache Module

OR

PHP as CGI

If you are not running PHP as an Apache module, then you cannot use php_ based directives anywhere, either in your .htaccess files or in the apache configuration file.
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
Setting custom settings for a specific site is done differently depending
in any of three ways depending on whether you are using Apache module
based PHP, phpSuExec (CGI), or SuPHP (CGI) ...

Apache Module:
----------------------
You would add "php_flag" commands to a .htaccess file in the account
you want to modify OR add "php_admin" commands in the vhost section
of the main httpd.conf file for your server for that specific site.

phpSuExec
-----------------------
You would create a custom "php.ini" file with the settings you want to change
and drop that in the home of the account you want to update.

SuPHP
----------------------
You would add a "suPHP_ConfigPath" command giving the folder location
of a custom PHP.INI file with the the vhost section of the httpd.conf file
for the site you want to modify settings.
 

hekri

Well-Known Member
Oct 14, 2003
147
2
168
I have installed php4 and php5 (both DSO) and when i put to htaccess that php4 is pharsing .php files and put
php_value register_globals 1
php_flag register_globals On

Everything is ok


But when php5 is pharsing .php files i cant that method turn ON register globals WHY? Any sugestions?
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
Hello,
If your customer coding his own php script. Tell to use this
PHP:
<?
ini_set('register_globals', 'on');
import_request_variables("cpg");
?>
If you add this to any php script head, It will open register_globals for currently running script or page. But your customer will be need to add this code to his/her all php page's. Otherwise register_global will not work.
I'm fairly sure this ini_set example won't work; the reason being that the register_global actions are taken BEFORE the script starts. If you try this method, register_global is indeed set for the rest of that session, but TOO LATE to actually register the globals. You could actually do the "global registering" instead manually via a PHP function - see http://php.net/import_request_variables
 
Last edited:

Bluexnet3

Registered
Jun 11, 2008
1
0
51
Setting custom settings for a specific site is done differently depending
in any of three ways depending on whether you are using Apache module
based PHP, phpSuExec (CGI), or SuPHP (CGI) ...

SuPHP
----------------------
You would add a "suPHP_ConfigPath" command giving the folder location
of a custom PHP.INI file with the the vhost section of the httpd.conf file
for the site you want to modify settings.
Hi Spiral, can you help me with an example for SuPHP?, I have suPHP with apache5, i made a new folder with a copy of the default php.ini file, have it edited to turn the register globals on and then in the httpd.conf fine i added the line to point to the new folder like
suPHP_ConfigPath /usr/local/lib/php_register_on
Restarted apache and still not working

Thank you
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Setting custom settings for a specific site is done differently depending
in any of three ways depending on whether you are using Apache module
based PHP, phpSuExec (CGI), or SuPHP (CGI) ...

SuPHP
----------------------
You would add a "suPHP_ConfigPath" command giving the folder location
of a custom PHP.INI file with the the vhost section of the httpd.conf file
for the site you want to modify settings.
Will the this (above) method work if you have Apache v2 and the php.ini path locked down via:

/opt/suphp/etc/suphp.conf

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/


Probably not, huh?

Ideally I am looking for either a way of providing custom php.ini files for accounts that need certain features that the owners of those vsites will NOT be able to change. OR, a way of limiting the features that ini_set can enable.

Is this this impossible dream of securing php but leaving it functional, or what?

I would dearly love to switch off ini_set except for the vsites who need it WITHOUT allowing them to set up their own php.ini files. I am almost shocked that there is such an "either-or" security question in the php v5.2.10 system and that there is not a more flexible way of dealing with this particular issue. I have been searching for days for a solution in this regard.
 

constantine

Well-Known Member
Apr 15, 2008
45
0
56
Will the this (above) method work if you have Apache v2 and the php.ini path locked down via:

/opt/suphp/etc/suphp.conf

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/


Probably not, huh?

Ideally I am looking for either a way of providing custom php.ini files for accounts that need certain features that the owners of those vsites will NOT be able to change. OR, a way of limiting the features that ini_set can enable.

Is this this impossible dream of securing php but leaving it functional, or what?

I would dearly love to switch off ini_set except for the vsites who need it WITHOUT allowing them to set up their own php.ini files. I am almost shocked that there is such an "either-or" security question in the php v5.2.10 system and that there is not a more flexible way of dealing with this particular issue. I have been searching for days for a solution in this regard.
Any Update ?
Same problem for me .