Turn Off Register_globals On A Shared Server

My shared server provider has register_globals on. I checked by running
php_info(); from within a file. I would like to turn this off, but
asking them to turn it off just for me will not work.

I tried adding the following lines to the .htaccess file:
<IfModule mod_php4.c>
php_flag register_globals off
but that did not work. I thought that maybe the file is called
something else, and I could not find any file containing mod_php
anywhere on the server. Also, I can see that the addmodule line for
mod_php4.c is commented out in the httpd.conf file for the shared

I do not know how the server can serve php if that line is commented

Bottom line is: is the .htaccess approach the correct one? and does
anyone know how I can find out if I am using the correct filename?

phpinfo() says that I have PHP Version 4.3.11

I will leave phpinfo() running on the main page so that if someone
needs more information,


Web Server On Windows, With Register_globals On, How To Turn It Off Just On My Site?

web server is on windows, with register_globals on, how to turn it off just on my site?
I cannot access the configuration file, and I cannot use .htaccess because it is on windows. How to turn off the register_gobals in this case?

View 2 Replies View Related

How To Turn Off Register_globals

I used phpinfo() and I found that register_globals variable is ON. I don't have any .htaccess file in the directory provided so there is other way to turn this OFF?

View 11 Replies View Related

Turn On Register_globals?

for a stats program for a game, logs are sent to a perl file which saves data into a MySQL database then interpreted by PHP. when i try to check the stats it gives the error register_globals must be ENABLED

i went into php.ini and checked for a register_globals variable and i found this:
register_globals = Off
so of course i change it to:
register_globals = On
that didnt work so i also tried:
register_globals = ON
register_globals = on

it keeps saying that register_globals is still disabled though.... what is wrong? php.ini is in the windows folder where it should be.

View 1 Replies View Related

Turn Register_globals Off?

I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with

php_flag register_globals off

in the .htaccess file.

I did this without recoding the script and the script still worked, so
I am assuming I did not turn them off.

View 17 Replies View Related

Turn Off Register_globals In Php.ini?

I am running an ecommerce theme on wordpress on a hostgator server, and coming up with this error.

Security warning: set the value
*register_globals* in the php ini to Off !! This theme will not work correctly otherwise.

I can't find the php.ini in any of the folders. I tried creating a file with the added command and putting it in root as suggested via google

View 3 Replies View Related

Turn Off Register_Globals?

I'm running PHP 5.3.2, and I've checked the ini file, and it has register_globals Off, but when I check phpinfo();, it says that it's on as a Local Value, but Off as a Master Value. I tried echo $ID and inputed ?ID=2 into the URL and it echoes 2, so I'm pretty sure that it's still on. Can anyone tell me how to turn it off?

View 7 Replies View Related

Why Is A Taboo To Turn On Register_globals..

in php.ini?

View 3 Replies View Related

Linux - Turn On Register_globals For Local Scripts Only?

I am using php as a command line scripting language for executing various system commands.

How can I turn on register_globals locally - to a single script only perhaps? Can this be done via the script itself?

I would prefer not to change global settings if possible.

View 2 Replies View Related

Turn Off Safe_mode Off For A Particular Directory In A Shared Hosting Environment?

I want to turn off php safe_mode off for my site. My provider gave me a php.ini file and asked me to put it with my settings in my public_html folder to override the settings, but it didn't work.

View 3 Replies View Related

PHP Shared Server Security

I have a client that brought to my attention a very interesting problem. If he has a website (www.domain.com) and he has a php page on it (order.php) that connects to the database. He has the user and pass in the page.

This is a linux server. It seems that another person on the server could just figure out what directory he is in. Then just do "vi order.php" so they could read the user and pass and then connect to the database and steal information.

View 2 Replies View Related

Drupal On A Shared Server

I recently installed the Drupal CMS on my shared server. My problem is with "clean urls". When I run the clean urls test it seems to pass ok, but when I then enable clean urls the page loses all of its design (ie. logo, color, links do not work, etc.). I know there are some server things that need to be done and my host is telling me I cant do them because this is a shared server. They then told me that Drupal was not going to work for me. Will Drupal work on my shared server? Why is the site having this clean url problem? If Drupal will not work is there another CMS that already has clean urls?

View 1 Replies View Related

Setting Up Yii On Shared Server?

I wish to use a PHP Framework such as Yii, however, it seems to set this up I need access to a terminal or console. Unfortunately my only access to the server is via an FTP client as it's shared hosting. Does this rule Yii out as a framework?

View 3 Replies View Related

Ftp _ Connect On Shared Server?

I have a client that would like to FTP a file from his website on a shared server to another site. We are able to FTP the file manually using FileZilla from my computer to the other site and would like to build the same functionality into a PHP script that executes on the website via a CRON job. The goal is automatic file transfer on a specific date.

The problem I am having is that ftp_connect command in the PHP script fails to connect.

Should I use a port other than 21 in shared environment?

The ISP (Bluehost) says that they are not preventing the connection.

View 9 Replies View Related

PHP Libraries On Shared Server

I'm currently using a shared web server for projects, and only have FTP access to it.

I'd like to take advantage of PHP libraries like PEAR, and I was wondering if theres a way to install them on a shared server?

View 7 Replies View Related

Server Signuture Turn Off Need Access?

I want to add the following settings to my server:

ServerSignature Off
ServerTokens Prod

However after research I have to add these settings in my httpd.conf or apache2.conf file. It wont work in my php.ini or .htaccess on my public webroot. If I have not got access to these two server files (httpd.conf or apache2.conf) how can I get access or is there an alternative way to get these settings to work. It is a security issue I need to sort out ASAP.

View 1 Replies View Related

Enable Php Extensions On Shared Server?

I have a very cheap php-enabled linux hosting account.

Unfortunately, this host does not have some extensions enabled which I
need, namely, the dom-xml and xslt extensions.

Assuming that the server admins ignore my pleas, is there a way to
enable these extensions for my account, with a local copy of php.ini,
local copies of the proper *.so files, or some magic in the .htaccess

View 4 Replies View Related

Setting Include_path On Shared Server

My shared host used to have Php configured such that I could place a
php.ini file into any directory on my site and that was the php.ini file
that the Php cgi would use when it ran scripts.

Since upgrading to Php5.1 that is no longer possible (not allowed in
Php5.1 (?) ).

Anyway, ... this was a very handy way for me to set the include path so
that I could keep files with sensitive data (e.g., database usernames,
passwords) out of the site's public path.

My hosting service has actually rolled back to Php5.0 so that I could
continue doing as I had been ... with the caveat that they will
ultimately have to go with 5.1.

So, I have a set of questions.

1. Is there another way that I can set the include path globally for my
site? (Adding them to htaccess throws a 500 server error.)

2. How much security is really gained by moving sensitive include files
out of the site path (my include files all use the .php extension)?
Should I even be that concerned about this capability?

3. Would I gain the same security if I changed my current include files
(which I would have to put back into the public site path) to do nothing
but set include_path outside the public site and then include a new,
secondary file which actually contains the sensitive data?

4. Does anyone know why I *can* use local php.ini files in 5.01 and not
in 5.1?

View 2 Replies View Related

Securing Sessions On Shared Server

My website uses sessions for the usual malarkey - user logins, etc. I'm on a shared server, with sessions saved in '/tmp'. I've been told that this is prone to sessions hijacking, since the whole server's session files are stored in that directory, not each domain/subdomain having its own '/tmp' directory. (The server's using Red Hat)

If they're vulnerable in here, what's the best course of action to take? I can't create directories outside my webroot (except in cgi/bin) so a custom directory is out of the question (again, unless I can use cgi/bin? doesn't seem a good idea). I'm thinking then, of a database/cookies solution, storing a 'session' cookie on the user's computer with the value of a hashed session id, which then points to the appropriate row in a 'sessions' table in the database.

Can anyone point me in the direction of a suitable session database class, incidentally?Could anyone advise me on this? What do you gurus do about session handling (please don't say "buy a dedicated server" because I can't! :D ) I've been using the /tmp dir for nearly two years now without any problems, but have only just got round to think seriously about session security.

View 1 Replies View Related

URL Rewriting On A ISAPI Shared Server?

I need to rewrite URLs. The problem is that I am developing in PHP on an ISAPI server. An additional problem is that I am not the owner/manager of the server.Is there any way to rewrite URLs for PHP on a shared ISAPI server?

View 1 Replies View Related

Install Symfony On Shared Web Server?

I have created a project(on my Localhost) in symfony(PHP Framework), and need to upload it on server(i.e the WEB Server), but i dont know how to do that, i got many methods on net, but i was not able to follow that.

View 3 Replies View Related

Creating Web Services On Shared Server

i want to create a web service on shared server using php

View 2 Replies View Related

Shared-server Security For Python?

Shared-server environment for various and sundry web services.I think we've settled on setting disable_functions and disable_classes site wide in php.ini and php_admin_value to force open_basedir in each app's httpd.conf for php scripts, and passenger's user switching for ruby scripts.We still need to find something for python though.Passenger does support python, but not for per-application security for specific sub-directories(it's all or nothing at the domain level).(And if any of the previous doesn't make sense-well, I'm the guy who's supposed to set up the python support, not the guy who set up the php or ruby support, so there's still some "and then some magic happens" steps in there from my perspective).

View 3 Replies View Related

Networking - Turn Website Into A Proxy Server?

i was wondering if there is any way to turn my website into a proxy server ..i found plenty of scripts using PHP but they all require navigating to site in order to use the proxy, but what i really want is a script that enables me to access the site via browser configuration like in firefox when you enter the IP and port number in the options dialog, is there any kind of scripts that does that ?

View 1 Replies View Related

Http - Turn A Script Into A Proxy Server?

We all know that HTTP uses port 80, what if i put my server's ip and the port 80 in the browser's proxy setting, will the browser sends the HTTP requests to my index.php which will fetch the website from server side and return response headers and body?

View 2 Replies View Related

Calculate Server Load - Turn This Server Load Into A Percentile Scale?

How do you calculate the server load of PHP/apache? I know in vBulletin forums there's the server load displayed like 0.03 0.01 0.04 but it's not really understandable to a average joe. So I thought about a 1-100 percentile scale. I wanted to display a server load visual that reads from a DIV:

$load = $serverLoad*100;
<div class="serverLoad">
<div style="width: $load%;"></div>//show visual for server load on a 1-100 % scale[code]....

However, I don't know how to detect server load.Is it possible to do turn this server load into a percentile scale? I don't know where to start.

View 4 Replies View Related

Secured Hosting On A Shared Server - Impossible?

I'm just throwing this question out here as there hasn't been much
discussion recently on the topic of shared hosting. Most people, it seems,
just assume that it's secured. Companies don't sell services that's
insecured by design, right?

Those of us who know better know, of course, that that's not the case. Two
main challenges of sharing a server with other people are hiding your
database login/password and securing session files. Both of these are
necessitated by the fact that Apache runs as the same user for all virtual
hosts. Files that your scripts have access to, those of your server-mates
can access as well.

My questions are thus

(a) Is it possible to host a PHP site securely using a typical (read
"cheap") web hosting account?

(b) Is it possible to set up Apache so that virtual sites are protected from
one and other?

View 10 Replies View Related

Cannot Instantiate Non-existent Class - Shared Server

I'm having problems with include. I wrote a small example which shows
what's going on...

I should say that the problems started after I moved to a shared
server. All was working fine in my local server...

file test.php

echo '<html>'
echo '<head>'
echo '</head>'
echo '<body>'

echo "including inc.php<br>";


echo "inc was included<br>";

$clsIncClass = new ClsIncClass;

echo '</body>'
echo '</html>'


file inc.php
class ClsIncClass {
function ClsIncClass() {
echo "ClsIncClass constructor<br>";

result in browser:

including inc.php
class ClsIncClass { function ClsIncClass() { echo "ClsIncClass
"; } }inc was included

Fatal error: Cannot instantiate non-existent class: clsincclass in
/home/ke000067/public_html/test1.php on line 21

Note that it seems that inc.php was included as if it were a text file,
but as you can imagine, it's not my intention...

So, i decided to change




but the result was

including inc.php

including inc.php

Warning: main(/opt/apache/htdocs/~ke000067/public_html/inc.php): failed
to open stream: No such file or directory in
/home/ke000067/public_html/test1.php on line 15

Warning: main(/opt/apache/htdocs/~ke000067/public_html/inc.php): failed
to open stream: No such file or directory in
/home/ke000067/public_html/test1.php on line 15

Warning: main(): Failed opening
'/opt/apache/htdocs/~ke000067/public_html/inc.php' for inclusion
(include_path='.:/opt/apache/lib/php') in
/home/ke000067/public_html/test1.php on line 15
inc was included

Fatal error: Cannot instantiate non-existent class: clsincclass in
/home/ke000067/public_html/test1.php on line 23

View 8 Replies View Related

Session IDs Not Working On GoDaddy.com Shared Server?

Server: Windows IIS7
Host: godaddy.com shared "deluxe"

I'm having trouble with a login script that uses PHP sessions to store a Session ID on the server. I have used this same exact script on both a Dreamhost site and a Bluehost site without any problems. This is my first time using godaddy.com and I've had nothing but problems. Godaddy does allow you to easily switch over to a Linux server but my client has other sites hosted that were written with ASP.NET and when I switched over those sites didn't work so I had to switch back to Windows.

I've basically used the exact code that I found here:

and I've only changed the login, password, and the location to store the session ID.

The code is split up into 4 files.

a bit of code that you put at the head of a file you want to password protect

here's the error I'm getting:
Object Moved
This document may be found here ("here" is a link that just points back to login.php)

The Class_session.php has a $log variable that allows you to troubleshoot. When I echo it out I get this:
session() called
exists() called
sid: 00fada16b0fb755ea1df7928592c7272
load() called
D:Hosting2556240htmlsid_00fada16b0fb755ea1df7928592c7272 does not exist.
Could not restore session.
save() called
Could not create or open D:Hosting2556240htmlsid_00fada16b0fb755ea1df7928592c7272

I'm thinking the issue is happening in the Class_session.php file so here is the code so you don't have to click on the link:

and I've tried a million variations on the sessdion ID save path here to no avail:
$this->dir = realpath("../")."/";

* Filename.......: class_session.php
* Author.........: Troy Wolf [troy@troywolf.com]
* Last Modified..: Date: 2005/06/18 14:20:00
* Description....: A session management and password protection class.

This class can be used to perform 2 major functinos:

1. Create and maintain session state between page hits. This class does this using simple session cache files into which the session is stored as a serialized array. This is similar to how PHP's built-in sessions store session data. One big advantage of this class is that you have full control over the session time-out.

2. Password protect PHP pages by requiring authentication. Simply pass in "true" when creating a new session object to use this functionality. You'll also need to create your own login.php script. A sample login.php is packaged with this class.

Be sure you look at the cleanAll() method in this class.

class session {

var $id;
var $data;
var $log;
var $dir;
var $filename;
var $login_page;
The class constructor.
function session($login_required=false) {
$this->log = "session() called<br />";
$ret = true;

All the session variables are available in the data[] array. Unless you know what you are doing, Do not use these array keys as they are used internally by the class:
logged_in page_destination*/
$this->data = array();

If you will have some pages that require login, set your login page here. Defaults to login.php in current dir.

$this->login_page = "login.php";

Define the directory to save session files in. This defaults to the current dir, but this is probably not what you want. For one thing, it is INSECURE! It also will prevent your sessions from working between scripts in different dirs. It is highly recommended that you set this to a non web-accessible dir. End this value with a "/".

$this->dir = realpath("../");
if ($this->exists()) {
$this->log .= "sid: ".$this->id."<br />";
if (!$this->load()) {

This is not necessarily a show-stopper. This will happen if you've previously started a session, but never saved it. This would also occur if you delete the session's cache file during a live session.

$this->log .= "Could not restore session.<br />";
$ret = true;
} else {
if (!$this->newId()) {
$this->log .= "Could not create new session.<br />";
$ret = false;
$this->log .= "sid: ".$this->id."<br />";
if ($login_required) {
$this->log .= "Require login requested<br />";
if (!$this->data['logged_in']) {
$this->log .= "Not logged in, redirecting to "
.$this->login_page."<br />";
$this->data['page_destination'] = $_SERVER['SCRIPT_NAME'];
header("Location: ".$this->login_page);
return $ret;
expire() is useful for a logout feature. It will empty the session data,
delete the session file, and expire the sid cookie.
function expire() {
$this->log .= "expire() called<br />";
$ret = true;
$this->data = array();
if (!file_exists($this->filename)) {
$this->log .= $this->filename." does not exist.<br />";
$ret = false;
} else {
if (!@unlink($this->filename)) {
$this->log .= "session file delete failed for "
.$this->filename."<br />";
$ret = false;
if (!setcookie('sid' ,$this->id, time()-3600, "/")) {
$this->log .= "sid cookie expire failed. This may be due to browser"
." output started prior.<br />";
$ret = false;
return $ret;
exists() checks if sid cookie exists on user's computer. If so, set id.
function exists() {
$this->log .= "exists() called<br />";
if (!isset($_COOKIE['sid'])) {
$this->log .= "sid cookie does not exist.<br />";
return false;
$this->id = $_COOKIE['sid'];
$this->filename = $this->dir."sid_".$this->id;
return true;
newId() generates a 32 character identifier that is extremely difficult to
predict. Save to a cookie to persist between pages.
function newId() {
$this->log .= "newId() called<br />";
$this->id = md5(uniqid(rand(), true));
$this->filename = $this->dir."sid_".$this->id;
if (!setcookie('sid' ,$this->id, null, "/")) {
$this->log .= "sid cookie save failed. This may be due to browser"
." output started prior or the user has disabled cookies.<br />";
return false;
return true;
load() reads in session data stored in session file.
function load() {
$this->log .= "load() called<br />";
if (!file_exists($this->filename)) {
$this->log .= $this->filename." does not exist.<br />";
return false;
if (!$x = @file_get_contents($this->filename)) {
$this->log .= "Could not read ".$this->filename."<br />";
return false;
if (!$this->data = unserialize($x)) {
$this->log .= "unserialize failed<br />";
$this->data = array();
return false;
return true;
save() stores session data in session file to persist data between pages.
function save() {
$this->log .= "save() called<br />";
if (count($this->data) < 1) {
$this->log .= "Nothing to save.<br />";
return false;
//create file pointer
if (!$fp=@fopen($this->filename,"w")) {
$this->log .= "Could not create or open ".$this->filename."<br />";
return false;
//write to file
if (!@fwrite($fp,serialize($this->data))) {
$this->log .= "Could not write to ".$this->filename."<br />";
return false;
//close file pointer
return true;

cleanAll() will clean up your session dir removing all 'sid_' files with a modified date older than the number of minutes passed in. This method is here as a convenience. You probably want to create a cron job that cleans this up on a daily basis.

function cleanAll($minutes) {
$this->log .= "cleanAll() called to delete sessions older than "
.$minutes." minutes<br />";
$ret = shell_exec("find -type f -name 'sid_*' -maxdepth 1 -mmin +".$minutes." -exec rm -f {} ;");

View 2 Replies View Related

Upload Progress Bar For Shared Server User?

i have seen lots of solution, but what is the best stable solutin for no-administrator user who cant config server. i found some of these:

using apc extension perl cgi instead of php flash based using js framework

im not sure i could use extension, not understand perl to control over the process, and totally not use flash in mywebsite because significant percentage of user have not flash. and im not want to use framework because of growing mywebsite size.

i think must be a better ajax | js | php portable solution.

View 1 Replies View Related

Htaccess Mod_deflate Does Not Work On Shared Server?

I'm developing a website in PHP and I have large JS files that I want to compress. So, I added this in my .htaccess file:

<FilesMatch ".(js|css|html|htm|php|xml)$">
SetOutputFilter DEFLATE

It works great on my local wamp server install but once I move the files on my shared server, the DEFLATE command does not work. I don't know why... mod_deflate is enabled on the webserver, aswell as bz2, gzip. I am allowed to user htaccess, I've cheched...Plus that I have other rules and commands running in htaccess. So the DEFLATE is the only one that does not work... Does anyone know why it works on my localhost and not on my webserver too ? Is there any module/extension that I need to enable on my webserver that I don't know of ?

View 4 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved