How to turn PHP register_globals to ON

This post is in regards to .htaccess files and php.ini files and phpSuExec.

Because some of our servers are configured to phpSuExec, there are specific things you need to do if you are using OsCommerce for example where you need php register_globals turned to ON.

As default, for security, we have register_globals turned to OFF.

Q: First things first, which file do I use??
A) If your on a non phpSuExec server, then you need to use .htaccess files. An example of this is:

php_value register_globals 1
php_value memory_limit 16M

These two entries would set register globals to on, and set the memory limit of php to 16Mb.

B) If your on a phpSuExec server, then you need to use a php.ini file.
An example of this is:

register_globals = On
memory_limit = 16M

These two entries would set register globals to on, and set the memory limit of php to 16Mb.

Q: How do I tell if im on a phpSuExec server??
The quickest way to tell if your on a phpSuExec enabled server, it to create a .htaccess file in your public_html, and put one of those entries from above into it.

If you get a 403 "forbidden" error when your site is loading, then your on a phpSuExec server. If it works fine, then chances are your on a non phpSuExec server.

Keep in mind the differences between php.ini and .htaccess

php_value register_globals 1
or
register_globals 1

will not work in php.ini

register_globals = On

will work in php.ini.

Q: How do I protect my php.ini file?
To protect your php.ini you should set its permissions to 600. Additionally you can add the following line to your .htaccess file:

Order deny,allow
Deny from All

Q: How do I troubleshoot 500 Errors?
Everytime an internal server error occurs, it will be added to your Error Log in cPanel. (cPanel »» Error Log). This will usually give you a clue on where the error resides. In most cases it will be either a permission error on a bad command in your .htaccess file (remember that all php values have to go to your php.ini file).

Directories that need to be written onto will no longer require 777 as permissions and phpsuexec will refuse to write or read on directories exposed with such permissions. You will have to chmod them to 755 always.

To simplify it, just remember that you should never have a file or folder with world-writeable permissions, because you no longer have to.

Q: What are the differences between phpsuexec and "regular php":
When using the common PHP installation on a webserver, php runs as the user nobody and it doesn't require the execute flag to be enabled.

The problem on this is that if mod_openbasedir is not installed, every user will be able to read your php files because everyone is virtually sharing the same username (nobody).

PHP Files are not meant to be read, but parsed, and that is where the problem resides. PHP Files have to be parsed, otherwise everyone who is able to read your php file will see settings that you would probably want to keep private, such as your MySQL username and password.

PHPSUEXEC fixes all this because it requires php to be run as the file owner's username. (for example: phil)

This is not everything it fixes though. PHPSUEXEC is also here to fix file ownership problems. This has been a common issue on a few Content Management Systems such as Joomla and also on the popular blog software: WordPress.

It also adds security to your files as you can use permissions such as 600 or 700 in your files and your visitors will still be able to view them (parsed) in their browsers.

PHPSUEXEC will also refuse to serve any pages that are at security risk, for example with 777 as permissions. (will generate an Internal Server Error)

Biblioteca de cunoștințe

Categorii

Categorii

Articole similare

Etichete cloud

Asistență

Biblioteca de cunoștințe

Categorii

Categorii