Results 1 to 24 of 24

Thread: Security
      
   

  1. #1
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Question Security

    Hi ,
    I am very new to web dev.
    Can some one advise , how to set ""PHP register_globals off ""Please
    ,Is it possible thru cpanel or some other way?
    thx

  2. #2
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    You need to submit a support ticket
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  3. #3
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    Hi
    I did that and they replied

    ''We cannot do this as we use SU_PHP, you would need to upload a
    php.ini file to your public_html folder in order to get around
    this.""
    Please advise
    Thx

  4. #4
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Ok, so let's go this way as they have told you:

    To set register_globals off you ned to create a local php.ini file that will override the default values. <however, creating a partial php.ini file, might cause problems, so we will use another method: we will copy the default php.ini file, we will ONLY change the register_globals value to off, and WRITE the file into the folder you like.

    To make things simpler, you should perform the operations that i will describe in the next part, directly into the folder that you want to set register_globals off for.

    1st code:

    <!-- /* SCRIPT NAME: modify_php_ini.php */ -->
    <?php
    // Put all the php.ini parameters you want to change below. One per line.
    // Follow the example format $parm[] = "parameter = value";
    $parm[] = "register_globals = Off";
    // full unix path - location of the default php.ini file at your host
    // you can determine the location of the default file using phpinfo()
    $defaultPath = '/usr/local/lib/php.ini';
    // full unix path - location where you want your custom php.ini file
    //$customPath = "/path/php.ini";
    $customPath = "php.ini";
    // nothing should change below this line.
    if (file_exists($defaultPath)) {
    $contents = file_get_contents($defaultPath);
    $contents .= "\n\n; MODIFIED THE FOLLOWING USER PARAMETERS:\n\n";
    foreach ($parm as $value) $contents .= $value . " \n";
    if (file_put_contents($customPath,$contents)) {
    if (chmod($customPath,0600)) $message = "<b>PHP.INI File modified and copied.</b>";
    else $message = "PROCCESS ERROR - Failed to upadate php.ini.";
    } else {
    $message = "PROCCESS ERROR - Failed to write php.ini file.";
    }
    } else {
    $message = "PROCCESS ERROR - php.ini file not found.";
    }
    echo $message;
    ?>

    Copy this code, paste it in Notepad, and save it as modify_php_ini.php . To achieve this you need to click on Save As, select File Type: All files, and save it as modify_php_ini.php

    2nd code:

    <?php
    phpinfo();
    ?>

    Copy it, paste it in Notepad, and Save As (after selecting File type: All files) phpinfo.php just as you did for the first code.

    Upload both files in your folder (the one for which you wish to change the register_globals value).

    Now, the second code is simply a php command that will display all your php settings. If you want to see for yourself, just type in your browser:

    http://www.yourdomain/com/foldername/phpinfo.php Ofcourse, you need to replace foldername with the actual name of the folder where you have uploaded the files.

    This will display all the info, and will allow you to verify that the loaded php.ini file path is actually /usr/local/lib/php.ini . If the displayed info is, for any reason, different, you need to modify this line:

    $defaultPath = '/usr/local/lib/php.ini';

    in the first code i provided.

    Ok, once you have verified it, let's actually copy, and modify the php.ini file into our folder. We have assumed that you have uploaded the files in the interested folder.

    Type in your browser:

    http://www.yourdomain/com/foldername/modify_php_ini.php

    This will activate the script. It will read the default php.ini file, it will modify the register_globals value to off, and it will place this modified file inside your folder, thus acheiving what you wanted. If the operation is succesfull, you will see this success message:

    PHP.INI File modified and copied.

    Good luck.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  5. #5
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Question Re: Security

    thanks Naval
    Please confirm, to make register_global off, do I need to paste the code as it is( as you wrote) or I need to make some changes in it.
    Thanks

  6. #6
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Normally, you do not need to make any changes. The only case where a problem could arise, would be if the path to your server php.ini file is not '/usr/local/lib/php.ini' but this is rather improbable. In anycase, the script will report if it has created the local php.ini file or not.

    if you first run the phpinfo.php then you will be able to see the correct path, and if different, modify the other script accordingly.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  7. #7
    Join Date
    Mar 2006
    Posts
    14,683

    Thumbs up Re: Security

    You make it sound so easy, and as if I should have already known such stuff!

  8. #8
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Hi Eric,

    This is a method to override the default settings, that usually is not known to simple users, but are known to whoever builts scripts and needs to perform specific tasks. In example, a client of mine needed to be able to upload files up to 40 Mb, through a form. Normally, VH has this limit set to either 8 or (in some servers) to 20 Mb, so the same method is used to set the max upload file size to a larger number.

    As you understand, i try to provide step by step instructions, because i don't expect the normal user to be familiar with this procedure. However, it actually IS easy when the correct instructions are provided.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  9. #9
    Join Date
    Mar 2006
    Posts
    14,683

    Wink Re: Security

    Katalveno. Efaristo!

    (Nikta!)

  10. #10
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Καληνυχτα Eric :)
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  11. #11
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Question Re: Security

    Thanks Naval
    I have downloaded these two codes in my WEB ROOT(public _html)
    what should I do now Please.
    How Can I change register global?
    I am really dumm
    Thanks

  12. #12
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Just type in your browser

    http://www.yourdomain.com/modify_php_ini.php where of course, you replace yourdomain.com with your actual domain name
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  13. #13
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Question Re: Security

    Hi Naval
    I am amazed with quick reply.
    thx
    Now when I put following with my domain name
    http://www.yourdomain/com/foldername/modify_php_ini.php


    it replied

    PHP.INI File modified and copied.

    but when see my cpanel it still says

    PHP register_globals setting is `ON` instead of `OFF`
    Please advise
    THX

  14. #14
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Seems rather improbable. Did you upload the second file ? if yes, then type in your browser http://www.yourdomain/phpinfo.php to see the actual settings of your site
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  15. #15
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    I think I made mistake before,I reloaded phpinfo,
    it worked
    Now in php configration under php core it shows register-global 'off'
    but cpanal shows still "on"
    Please advise

  16. #16
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Ok, i see that you have now uploaded the file. As you see, register_globals is set to Off as promissed.
    What you see in CP (php settings) is what the server settings are, infact this is why you asked for a workaround.

    Register_globals is ON for the server, but OFF for your own account and site.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  17. #17
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    Hi naval,
    I am working in joomla,when I open CP it says
    Following PHP Server Settings are not optimal for Security and it is recommended to change them:
    • PHP register_globals setting is `ON` instead of `OFF`
    Please check the Official Joomla! Server Security post for more information.


    thats why I need to set it off but it is still "on"

    thx

  18. #18
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    I had suggested that you did these operations in the interested folder. If this folder is "joomla" then there is where you should repeat the above tasks.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  19. #19
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    So how can I set off for my server

  20. #20
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    Hi Naval
    I have downloaded in my domain"s root directory, would that be different in joomla?

  21. #21
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    Hi naval.
    sorry to bother you again.
    Now I have downloaded these both code to my joomla folder.
    when I put in my browser
    http://www.my domail name/com/joomla/modify_php_ini.php
    It says
    Not Found

    The requested URL /joomla/modify_php_ini.php was not found on this server.
    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bigsales Port 80

    Please advise ,where did I make mistake?
    in joomla under php information it is still showing ""on""
    thx

  22. #22
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    If you get such an error, you have probably made a mistake in uploadin the file, OR the file was changed permissions whilst uploading.

    Connect with FTP, browse your Joomla folder, and check to see if the file is there, and, if Yes, check that its permissions are set to 644, if not set them to be so.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


  23. #23
    Join Date
    Dec 2007
    Location
    Auckland ,New Zealand
    Posts
    37

    Default Re: Security

    Hi Naval
    It showing both files in joomla folder with 0644 permission

    ???

  24. #24
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    12,080

    Default Re: Security

    Sorry, but i have no more guesses. I would need to enter your site to see what might be wrong. If you wish, send me your login details and i will see what i can do.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •