The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Turn on register_globals for one account in suphp?

Discussion in 'General Discussion' started by zigzam, May 3, 2007.

  1. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    16
    Is it possible to turn on register_globals for one account only on a server running suphp?
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    These are instructions for doing this with Apache 1.3, not using cPanel's suPHP solution, but I suspect that the directions are the same or very similar.

    You would have to copy the server-wide php.ini to a different directory and then change that new version of the php.ini file so that register_globals is on.

    You would then need to specify that path for that specific VirtualHost within the httpd.conf file using the suPHP_ConfigPath directive to point to that new php.ini file.

    For example, say you have an account domain.com.

    The account has an osCommerce install at domain.com/store that needs register_globals enabled.

    For the sake of argument, your server-wide php.ini file is located at /usr/local/Zend/etc/php.ini.

    Create a new directory and copy that php.ini to that directory.

    Code:
    mkdir -p /usr/local/Zend/register-enabled
    cp /usr/local/Zend/etc/php.ini /usr/local/Zend/register-enabled
    Now edit the new version of that php.ini file (I use vi, but any other command line text editor will suffice)

    Code:
    vi /usr/local/Zend/register-enabled/php.ini
    You will have to find where register_globals is defined and changed Off to On.

    Save the file

    Now edit the Apache configuration file.

    Code:
    vi /etc/httpd/conf/httpd.conf
    Find the specific VirtualHost section.

    If there is a section in the VirtualHost that reads:

    <IfModule mod_suphp.c>
    .
    .
    </IfModule>


    Then add this line of code within that <IfModule> bracket:

    Code:
    <Location /store>
    suPHP_ConfigPath /usr/local/Zend/register-enabled
    </Location>
    The <IfModule mod_suphp.c> would not be completely necessary, but in general is a good rule of thumb.

    The important aspects are the suPHP_ConfigPath line which defines which configuration files to use. And the <Location> bracket which basically says to use this php.ini file when accessing files under the /store directory on this website.

    Important Note: The suPHP_ConfigPath only needs to point to the directory where the php.ini file is located in. It does not need to include the full path including the php.ini filename.
     
  3. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    16
    Thank you very much for that in depth post. Will this work with Apache 2?
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I haven't yet made done any work with Apache2. I would like to test it out on a testing server, now that cPanel 11 is coming out and try and get a general feel for it, but its been difficult finding time to do that. Hopefully I'll get around to that sometime within the next few weeks.

    I don't see why this would not work with Apache2. The suPHP_ConfigPath is a part of suPHP. The only question would be whether or not Apache2 supports <Location> tags within the VirtualHost like Apache 1.3 did (the documentation seems to say so) and whether or not Apache2 support <IfModule> tags within the VirtualHost (which again the documentation seems to say so). I do not see any reason why this would not work.

    If you are using cPanel 11 with Apache2 and with suPHP, then cPanel may have an ultra simple method for doing this that I am just not aware of.
     
  5. mehrdad abed

    mehrdad abed Well-Known Member

    Joined:
    Mar 18, 2006
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    I tried to change php directives it by importing a new php.ini using suPHP_ConfigPath in httpd.conf, but it dosent work,
    apache 2
    php 5.1.6
     
  6. WhmSonic

    WhmSonic Well-Known Member

    Joined:
    Mar 19, 2007
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    If your customer coding his own php script. Tell to use this
    PHP:
    <?
    ini_set('register_globals''on');
    import_request_variables("cpg");
    ?>
    If you add this to any php script head, It will open register_globals for currently running script or page. But your customer will be need to add this code to his/her all php page's. Otherwise register_global will not work.
     
  7. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    16
    That wont work when using suphp.
     
  8. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Yes ... Absolutely

    I use this method to set custom PHP options for individual accounts
    in both Apache 2.0.59 and Apache 2.2.3 servers on a regular basis.
     
  9. shadowspid

    shadowspid Active Member

    Joined:
    Nov 28, 2002
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6

    just checking for the above instructions to be carried out.. what are the pre-requistes?
    enable or install suphp from whm?

    anyone wrote a how-to from this instructions? am not very good at this.. need some step-by-step help.
    just need to enable register_globals=on for 1 site... :(
     
    #9 shadowspid, Jun 17, 2007
    Last edited: Jun 17, 2007
  10. psychodreams

    psychodreams Well-Known Member

    Joined:
    Apr 14, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    :)

    You could try uploading a copy of the php.ini into that user directory that needs it with his specs changed I dont know how you have configured but i have suphp with apache compiled with phpsuexec and users can upload there own php.ini;s to directories that need it works great if for some reason they get hacked it doesnt spread across other users account just theres
     
  11. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    In order for these instructions to work, you have to have suPHP enabled on your server and running PHP through suPHP. I really do not know anything about cPanel's suPHP offering. I think it is only available in EasyApache3 and for Apache2, but I may be mistaken there.

    In short, if you've never explicitly enabled or seen anything in regards to suPHP, chances are that you are not runnning PHP with suPHP. If you've never made any changes to your server, chances are PHP is running as an Apache module. If that is the case, you should be able to just add in the .htaccess file in the public_html directory of the affected account:

    php_flag register_globals on

    However, personally in regards to register_globals (and to go a little off-topic) I would question whether or not the script is up-to-date. If a script is requiring register_globals to be on in order to work, then this raises a red flag that the script is not up-to-date or the developers of the script don't care enough about the security of their product.
     
  12. shadowspid

    shadowspid Active Member

    Joined:
    Nov 28, 2002
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    yes .. the developers of one of my client did not do a good job.
    i had to set register_globals = on
    only for this one client.

    and i would like to secure the rest of my account from being breeched.

    hmm i remembered seeing that suPHP thing somewhere in my server, but i can't remember.
    i think suPHP only avail in php5? i may be wrong on this.

    i am running apache1 w/ php4.4.6 so i guess i will try your method on the .htaccess method.
     
  13. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    This doesn't work for PHP 5.0.5

    The error I get is:

    As you can see, I tried various ways. Any suggestions?
     
  14. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    php_flag, php_admin_value, and other php_ directives will only work if you are running PHP as an Apache module. These directives are part of the PHP apache module. If the PHP apache module is not loaded in your apache configuration, then Apache is not going to know what php_flag means.

    I suspect that you are running php as CGI either with phpsuexec or suphp. In which case, you won't be able to use php_flag or other php_ based directives.

    There are basically two ways of running PHP. As an Apache module or as CGI. If you are running PHP as CGI then you can use various different ways to do this, you need some type of Apache wrapper. This is accomplished by using phpsuexec, suphp, or a custom written wrapper.

    Basically in terms of PHP, it is either run in one of two ways:

    PHP as an Apache Module

    OR

    PHP as CGI

    If you are not running PHP as an Apache module, then you cannot use php_ based directives anywhere, either in your .htaccess files or in the apache configuration file.
     
  15. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Setting custom settings for a specific site is done differently depending
    in any of three ways depending on whether you are using Apache module
    based PHP, phpSuExec (CGI), or SuPHP (CGI) ...

    Apache Module:
    ----------------------
    You would add "php_flag" commands to a .htaccess file in the account
    you want to modify OR add "php_admin" commands in the vhost section
    of the main httpd.conf file for your server for that specific site.

    phpSuExec
    -----------------------
    You would create a custom "php.ini" file with the settings you want to change
    and drop that in the home of the account you want to update.

    SuPHP
    ----------------------
    You would add a "suPHP_ConfigPath" command giving the folder location
    of a custom PHP.INI file with the the vhost section of the httpd.conf file
    for the site you want to modify settings.
     
  16. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    I have installed php4 and php5 (both DSO) and when i put to htaccess that php4 is pharsing .php files and put
    php_value register_globals 1
    php_flag register_globals On

    Everything is ok


    But when php5 is pharsing .php files i cant that method turn ON register globals WHY? Any sugestions?
     
  17. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I'm fairly sure this ini_set example won't work; the reason being that the register_global actions are taken BEFORE the script starts. If you try this method, register_global is indeed set for the rest of that session, but TOO LATE to actually register the globals. You could actually do the "global registering" instead manually via a PHP function - see http://php.net/import_request_variables
     
    #17 brianoz, Jan 6, 2008
    Last edited: Jan 6, 2008
  18. Bluexnet3

    Bluexnet3 Registered

    Joined:
    Jun 11, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi Spiral, can you help me with an example for SuPHP?, I have suPHP with apache5, i made a new folder with a copy of the default php.ini file, have it edited to turn the register globals on and then in the httpd.conf fine i added the line to point to the new folder like
    suPHP_ConfigPath /usr/local/lib/php_register_on
    Restarted apache and still not working

    Thank you
     
  19. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Will the this (above) method work if you have Apache v2 and the php.ini path locked down via:

    /opt/suphp/etc/suphp.conf

    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    application/x-httpd-php=/usr/local/lib/
    application/x-httpd-php4=/usr/local/php4/lib/
    application/x-httpd-php5=/usr/local/lib/


    Probably not, huh?

    Ideally I am looking for either a way of providing custom php.ini files for accounts that need certain features that the owners of those vsites will NOT be able to change. OR, a way of limiting the features that ini_set can enable.

    Is this this impossible dream of securing php but leaving it functional, or what?

    I would dearly love to switch off ini_set except for the vsites who need it WITHOUT allowing them to set up their own php.ini files. I am almost shocked that there is such an "either-or" security question in the php v5.2.10 system and that there is not a more flexible way of dealing with this particular issue. I have been searching for days for a solution in this regard.
     
  20. constantine

    constantine Active Member

    Joined:
    Apr 15, 2008
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Any Update ?
    Same problem for me .
     
Loading...

Share This Page