creating a php.ini file
OS: Linux, php: v4.4.0, scripts are ran as CGI executables
Greetings, I have been trying to set up a cms for a group and I'm pretty new at all of this. here's my problem...
When I run a security mod on the site I am getting the following security errors:
'register_globals' : on Not secure
'allow_url_fopen' : on Not secure
'session.use_trans_sid' : on Not secure
After googling, emailing the host and trial and error I have discovered that I need to create a php.ini file. There is currently no .htaccess or php.ini file in the site.
My latest attempt at the code still gets the errors:
Is my code wrong or do I also need to create a .htaccess file?
register_globals = off;
allow_url_fopen = off;
session.use_trans_sid = off;
Thanks in advance to anyone that can point this newb in the right direction,
I really doubt that. There is only one php.ini file that the entire system looks at... it's configured by whoever installs the webserver & PHP interpreter.
Originally Posted by StevenB
Now, in a hosting environment, an .htaccess file would be the way to go. Create a .htaccess file in the root of your web directory, and use the appropriate command to change each value. For the different commands, see this man page: configuration.changes
Thanks for your response,
The host recomended the phi.ini file. This was thier response:
I got an internal server error when I tried to create the .htaccess. When I contacted the host there reply was:
I'm sorry but we cannot alter these settings for the entire server due to security reasons.
If you wish to change them just for your web site you can do so by creating a php.ini file in the main folder of your site. Once this is done, simply put in the necessary lines in order to alter the troublesome variables (for instance: register_globals=off).
in this way you will overwrite the settings of the server only for your website
Sorry if I'm missing something but it sounds to me that I can have a php.ini for just my site. As I said I am new to all of this, but I refuse to give up!
1. Yes, applying these lines to the .htaccess files will cause the internal server error 500 to be generated because in our system PHP scripts are ran as CGI executables which means that whenever you try to use PHP directives in the .htaccess file they are not correctly recognised which in turn results to the aforemenntioned error.
Ah, didn't expect them to be running it as a CGI binary.
In that case, try creating the php.ini file as they instructed. No <?php ?> tags, no semicolons.
I had previosly tried that..
but I still get the security warnings.
Sorry if this is a stupid question. Do I need to also have a .htaccess file for the php.ini to function?
And another suggested possible solution was to use php_flag. My attempt did not work, but I may have a problem with my code. here it is:
Any ideas or reffrence is greatly appreciated.
I don't work with PHP as a CGI binary much, so I'm in the dark here as well. Since PHP isn't an Apache ISAPI module, the php_flag stuff won't work.
If you followed their instructions to create a php.ini file and it still won't work, I would contact them and have them take a look at the file you created. See if they know what's wrong and can offer any advice.
Thanks for your advice. Unfortunatly the host was not much help. They suggested I google my solution. I've been working on this for days and I might just have to change hosts if I can't find the answer today.
For now I'll keep working on it., but just in case can anyone recomend a good host with php v4.xx, phpmyadmin, mysql, and a very good cp?
I will be monitoring this post for any advice.
As I said, I don't work with PHP as a CGI binary, so I'm out of suggestions. Sorry I couldn't be of much help.
Many hosts that allow you to modify the php.ini file (and run php cgi mode) will have a copy of the php.ini file for you to download - which you can then modify. I would ask for a copy of thiers (or search their KB or FAQ about the issue, perhaps tis linked there).
Then just scroll through, making the changes you need and upload to your root directory.
This is how it was at the host I worked for, as well as 2 other hosts I have used.
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
Ok I got a new host (that allows .htaccess) and I have gotten past the register_global problem, but I am still having problems with the .htacess.
I have enabled .htaccess on the site through the CP and this is my entire .htaccess:
and that immidiately crashes the site. Can anyone point me in the right direction please?
1. allow_url_fopen cannot be set in a .htacces file
2. That's not the correct syntax for a .htaccess file... try looking at this man page: configuration.changes
Can anybody help with directions for that, just for Windows?
Possible Solution to increase your upload file size
I ran into the same problem and came across a great solution that worked for me.
I use godaddy as my hosting solution and they had told me to create my own php.ini file and upload it to the root level of my server. This did not work.
create the php.ini file with the following:
memory_limit = 64M
post_max_size = 64M
file_uploads = On
upload_max_filesize = 64M
You can change the size limit to what you need.
If you're using wordpress like I am, upload this file to the wp-admin folder.
It should work. This solution worked great for me.
If you're using any other solution, try the root first, if that does not work try putting it in the admin folder.
Hope this helps.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)