Php.ini Per User Or Per Directory
I am running phpsuexec on the server and it seems all php.ini settings are being applied per directory, I would like to have them running per user.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
How To Allow PHP.ini
how I can allow customers to place a PHP.ini in certain directories to override some basic settings like "upload_max_filesize" and what not. I have seen this done before but not sure how to get it working.
View Replies!
View Related
Php.ini
I am unable to find php.ini on my server. [root@sml101 ~]# whereis php.ini php: /usr/bin/php /etc/php.ini /etc/php.d [root@sml101 ~]# cat /etc/php.ini memory_limit = "32M" include_path = "".:"" short_open_tag = "On" file_uploads = "On" safe_mode = "Off" [root@sml101 ~]# But in above php.ini file there is nothing to do, i want to change register_global on but php.ini seems to be missing or hidden. I have taken php info function on a domain and it is showing following path: Configuration File (php.ini) Path /etc/php.ini
View Replies!
View Related
Allow Custom Php.ini
I would like to know how to allow customers to use their own php.ini file. I have had hosts in the past that allowed you to use a custom php.ini file so long as you put it in every directory that you would need to use it. I was just trying to figure out how this is done as I am new to all of this and trying to learn.
View Replies!
View Related
PHP.ini Override
i use Cpanel/WHM , how can override php settings when php run az CGI ,when i put php.ini in root of any website the setting didn't override main php.ini settings.
View Replies!
View Related
How To Custom Php.ini
I'm using CentOS 5, Cpanel/WHM with php as cgi, when i try to put a php.ini file to to custom php for one account and it overwrite main setting on our server, someone use this bug to run c99 and try local attack other account, i've try fix this problem by edit /opt/suphp/etc/suphp.conf and set phprc_paths to /usr/local/lib/. But when i do this, php.ini in my custom account doesnt work any more... How can i custom php for one account and it not effect to main setting to prevent local attack?
View Replies!
View Related
Local Php.ini
I run multiple domains/sites on my linux server. I know there is a php.ini files that comes with the php installation package. But I have heard that there is a way to create a local php.ini file for each domain. Does anyone knows how to create local php.ini files for each domain. Is there a special setting i need to do to make it run?
View Replies!
View Related
Php.ini Being Truncated
Whenever I edit the /etc/php.ini file and change something, (like Off to On, or vice versa), it always becomes truncated, going from approximately 38kb to about 3kB. Almost everything gets erased. Would anyone know how this could be caused, or more importantly, how it can be fixed? I have a Linux CentOS 4.4 VPS with Virtuozzo.
View Replies!
View Related
Customised Php.ini
There is a shared server running PHPSuexec, and we need to change some php settings, and therefore doing that in .htaccess is not possible. We copied php.ini from /usr/local/lib/, made a modification and placed it in the web root path. I thought that any settings that have been changed would 'propagate' throughout the rest of the website (i.e. all paths underneath the web root, in the heirarchy), but unfortunately, we have found out that this is not the case. The settings that were modified, were only reflected in the web root path. Is there some method to ensure that the php modifications are reflected throughout the entire website ? We don't really want to have to place a copy of the entire (modified) php.ini in every path.
View Replies!
View Related
Suhosin And Php.ini
i have a dedicated server and i have installed suhosin through els well els never asked me for configurations or anything ,, it just installed it any way i'm trying to install AWBS on my server ,, AWBS needs safe_mode to be off so i went (pico /usr/local/lib/php.ini) all the lines were commented suhosin added this to every line at the begining PHP Code: ;suhosin.version=0.9.20 so everyline became commented any way i was trying to turn off the safe mode so i searched for it and replaced On with Off but the changes didn't take effect (locate suhosin) found bunch of folders and suhosin.so files that i couldn't manage is installing this extension ,, replaces the php.ini effect with another one ??? how can i configure php.ini to turn off the safe mode and also disable some functions while suhosin is there + how to remove suhosin without losing any data which command shall i use
View Replies!
View Related
Change Php.ini
I have a problem that am not able to connect with mssql_connect() function to MSSql server. Error is: undefined function mssql_connect(). On local this problem is get solved by uncomment extension=mssql_php.dll and extension=mssql_pdo_php.dll line by removing ";" in front of it. ::But how do i same on the online server?. ::If possible with coding or is thr any other way to do this plz let me know? ::If thr is a way to change .htaccess file to make this change or any better solution with .htaccess.. ::If thr ia a way to change the path for php.ini and we put our php.ini file in other folder and access that rather than php.ini on server.
View Replies!
View Related
Custom Php.ini
I have a reseller account on a server, and I have a client who needs to used a custom php.ini file to set the session.save_path variable. He has created this file and placed in the public_html folder, but this path still comes up as 'No Value' and the Configuration File Path still reads '/usr/local/Zend/etc/php.ini '. What do I need to do to get this site to read from the correct php.ini file? I tried setting this in the .htaccess file, to no avail.
View Replies!
View Related
Php.ini On Ubuntu Is Confusing Me
I am all too familiar with php on my win box but now am working on Linux. the extension_dir is commented out (??) however CURL does work but there is nothing about CURL in php.ini. I cant find any php.so files. Also the php.ini file lives in /etc/php5/apache2 Does this look like a standard install? Where do the .so files live? Ultimatly I want to install Turck MMCache which requires some extensions and when ever I try to do phpize there is the error message Cannot find config.m4 (google is not helping solve the problem) apt-get install m4 says I have the latest version. phpize is a shortcut in usr/bin that points to etc/alternatives/phpize which in turn is a shortcut to usr/bin/phpize5
View Replies!
View Related
CPanel Php.ini Override
I am setting a dedicated server for a mate with cPanel/WHM 11. He says he wants a custom php.ini file such that you can override the settings when you upload a php.ini file in /home/site/public_html/ how to allow this in the global settings?
View Replies!
View Related
Php.ini Error Handling
If I have a php page with no errors, everything works fine. If I remove a semicolon so it should give me an error, it displays nothing but a white page... Also, there is no error_log created. php.ini error config: Code: ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; error_reporting is a bit-field. Or each number up to get desired error ; reporting level ; E_ALL - All errors and warnings ; E_ERROR - fatal run-time errors ; E_WARNING - run-time warnings (non-fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and ; relying on the fact it's automatically initialized to an ; empty string) ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ; initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; ; Examples: ; ; - Show all errors, except for notices ; ;error_reporting = "E_ALL" ; ; - Show only errors ; ;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; ; - Show all errors except for notices ; error_reporting = E_ALL & ~E_NOTICE ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = On ; Even when display_errors is on, errors that occur during PHP's startup ; sequence are not displayed. It's strongly recommended to keep ; display_startup_errors off, except for when debugging. display_startup_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below)) ; As stated above, you're strongly advised to use error logging in place of ; error displaying on production web sites. log_errors = On ; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all. ;log_errors = On; ; Do not log repeated messages. Repeated errors must occur in same file on same ; line until ignore_repeated_source is set true. ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; sourcelines. ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on ; stdout or in the log). This has only effect in a debug compile, and if ; error reporting includes E_WARNING in the allowed list report_memleaks = On ; Store the last error/warning message in $php_errormsg (boolean). track_errors = Off ; Disable the inclusion of HTML tags in error messages. ;html_errors = Off ; If html_errors is set On PHP produces clickable error messages that direct ; to a page describing the error or function causing the error in detail. ; You can download a copy of the PHP manual from http://www.php.net/docs.php ; and change docref_root to the base URL of your local copy including the ; leading '/'. You must also specify the file extension being used including ; the dot. ;docref_root = "/phpmanual/" ;docref_ext = .html ; String to output before an error message. ;error_prepend_string = "<font color=ff0000>" ; String to output after an error message. ;error_append_string = "</font>" ; Log errors to specified file. error_log = "error_log" ; Log errors to syslog (Event Log on NT, not valid in Windows 95). ;error_log = error_log;
View Replies!
View Related
About Secure Php.ini Directories
how can i secure the following options in php with whm box this is my php.ini settings Code: open_basedir = /home:/tmp include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:"; safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = i want no one can access other user (User Bypass) with php shell i am running whm with apache 1.3.39 and php 4.4.7 phpsuexec how can i secure these options
View Replies!
View Related
Extension_dir Setting In Php.ini
I have just installed a php download script from rwscripts.com. My web host is netfirms, and I've set it to PHP4 (same as the php script I got). However, after the installation was completed, I'm getting this error messege. "extension_dir does not exists /usr/local/nf/lib/extensions/no-debug-non-zts-20020429" I've found this from rwscript's FAQ: "extension_dir does not exists /usr/lib/php/extensions/no-debug-non-zts-20020429 The extension_dir setting in php.ini should point to the real directory for SourceGuardian loaders to work (as well as any other dynamic PHP extension). This may be any directory on server. Common setting is /usr/local/lib/php/extensions. Please contact your server provider about this issue. They need to create this directory and alter the setting in php.ini and then restart the webserver. " But I don't really understand. I've contacted Netfirms, but they never replied me. Where can I change the php.ini config? Is there any better webhosting who supports php,
View Replies!
View Related
Unable To Make Changes To Php.ini
i'm trying to configure PHP, as I really need to turn magic quotes off and raise the memory limit. i don't want to use .htaccess - too many sites I got plesk 8.2.1, php5.1 well, to make it short, I ran 'phpinfo()' to see where php.ini was: etc/php.ini I change that, restart httpd, nothing happens. restart the server, nothing still. my changes are not applied when I run 'phpinfo()' again. i try 'locate php.ini' from the terminal, there are a few! /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/conf/php.ini.def /usr/local/sitebuilder/php.ini /etc/php.ini /etc/php.ini. /etc/php.ini.saved_by_psa /etc/php.ini.rpmsave ... plus some in the opt folder (that should be just the cache, uh?) the problem is that I tried to open all of them, to see where the hell php was getting the settings from, but none of them seem to reflect php's settings. meaning, I don't know what file I can use to configure PHP. all of them, for instance, say 'memory_limit: 32M', but php is set at 8M, and phpinfo() tells me memory_limit 8M. any idea why this might be happening? does Plesk have some tool to configure PHP that makes PHP ignore my changes?
View Replies!
View Related
How To Disallow Php.ini Overriding
if i enabled phpsuexec the client can remove all disable_functions and every thing if he just uploaded php.ini to his public_html folder i thought about this: ln -s /usr/local/lib/php.ini /home/user/public_html/php.ini and it work perfectly but if the user triad to make edit via FTP to the file he will see the file content but can't edit i triad to chmod to 0 but it will stop PHP is there any solution to stop the user see the content for the file?
View Replies!
View Related
Php.ini Store Sessions In Database
Is there a way in the php.ini file to force all sessions to be stored in a database? For example, in ColdFusion you can configure sessions to be stored in a db. Can you do this in PHP? Thereby forcing all sessions no matter what the customer specifies to be stored in a db.
View Replies!
View Related
Php.ini And .htaccess File Permissions
I'm on a shared FreeBSD server, running Apache with Drupal, and vBulletin. I had to create a local php.ini file in my public_html folder for Drupal, and another in my forum folder for vBulletin. Now my question is, what should I set the permissions of these files to? Also, what should I set .htaccess permissions to as well? I'd like to keep them invisible to the public. But, I don't want any problems with Drupal, or vBulletin ether. I'm used to using Linux and I know how permissions work on a desktop. I just don't know what they do when used on a server. I'm guessing 640, but I'd like to make sure before I change anything.
View Replies!
View Related
Changing Settings For Php.ini On IIS
I have IIS on my computer and I want to start using a php driven forum (SMF) on my web site. Before I upload the files I need to check the following settings are on: the engine directive must be On. the magic_quotes_sybase directive must be set to Off. the session.save_path directive must be set to a valid directory, or empty. the file_uploads directive must be On. the upload_tmp_dir must be set to a valid directory, or empty. I cant find anywhere within IIS where these directions maybe found. Can anyone point me in the right direction?
View Replies!
View Related
Php.ini - Editing It Messed My Whole Server Up
I have changed one value in /etc/php.ini safe_mode = On then restarted apache. Now, when I try to access any mysql based sites, like forum or gallery - I get a blank page. I went back and changed safe_mode back to 'Off'. Restarted the server - but I am still unable to load any pages. Running CentOS.
View Replies!
View Related
Accessing PHP.ini On A Dedicated Server
I'm using a dedicated server for the first time and I want to access the PHP.ini file so that I can set up the mail() function and also enable error reporting. However, all access has to be done remotely through a KVM console and I'm unsure what I need to do in order to get to the file that I want.
View Replies!
View Related
I Want To Use Individual Php.ini For 1 Of My Website In Hsphere
I have hsphere working on my server. Now I need to install phpacution. After the installation of php auction I am getting this message Extension dir /hsphere/shared/apache/libexec/php4ext/ You must to place ixed files at/hsphere/shared/apache/libexec/php4ext// I tried to copy php.ini in the root of my website but it has take down all of my websites. So will youlet me know how can I get php.ini working for 1 on my website from its root?
View Replies!
View Related
How To Edit Php.ini? Dedicated Server
linux hosting. Basically i want to edit php.ini inside my dedicated box to include Code: disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, base64_decode, base64_encodem, proc_terminate but how can i edit php.ini? I know where my php.ini and I have root access.
View Replies!
View Related
Is It Secure To Let The Customer Use Thire Own Php.ini
while i'm running php as a cgi moudle and running SuExec , is it secure to let the customer use thire own php.ini file , for example /home/someuser/public_html/php.ini ?? while putting in mind that using thire own php.ini will let them to change the disable_function , so if there is any disable_functions in the original php.ini they can remove it for thire website. So is that action is secure for the server?
View Replies!
View Related
Session Errors - Php.ini Related
I have a Cpanel box, in WHM I used the "PHP Configuration Editor" and changed the php execution time (minor change). After clicking save I now get the following error on any php using sessions: Warning: session_start() [function.session-start]: open(/tmp /sess_1d374c43a0f726cd43776f9f92485bec, O_RDWR) failed: No such file or directory (2) in /home/continou/public_html/control/index.php on line 4 One thing I noticed it did was turn on PHPSuexec which generally causes problems for me. I turned that off and the error response changed slightly (to above) but the problem is not solved. I tried rebooting the server. /tmp does exist, I am now rebuilding apache in hopes that corrects the problem.
View Replies!
View Related
How To Secure Your Php.ini File Safe Mode ; Disable_functions ; Etc
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF? or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ... let's make this subject for the most important issues for secure your php.ini from script-kids as we can ... here i have some important question's for anyone has or controlling a server ; vps .... #0x01 ; what the most important disable_functions for the php.ini? #0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly? #0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ... #0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like Server : SECURE BY US .COM OR SECURE SERVER .. uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux sysctl : linux 2.6.9-023stab040.1 Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?] id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?] pwd : /home/host/public_html/ #0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !] #0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ... #0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US ! #0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!] these question every one had a server ; vps , need to know and secure his box from other ... and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
View Replies!
View Related
Prevents Users From Overriding System Php.ini In SuPHP Mode
this is simple steps to Prevents users from overriding system php.ini in suPHP mode .... in CPanel servers first : you must make sure that suphp is installed as default handler than just edit your httpd.conf file or php.conf file ( will be better to use php.conf ) now add this line : Quote: suPHP_ConfigPath /usr/local/lib or ( Zend ) Quote: suPHP_ConfigPath /usr/local/Zend if you need to use only php.ini config file : Quote: suPHP_Config /usr/local/lib/php.ini
View Replies!
View Related
Howto Convert Ini_set Function In Code To Php.ini Setting
I have a website that was running fine for a month or two until my host recently changed some settings on the server, and now it shows a bunch of errors. I contacted the host and they said > "To avoid the errors, please do not use disabled function. If you need such functionality, you can have your own php.ini on your root http folder containing only necessary option" Since I'm not a programer, I have no idea what they're talking about. So, I asked them how to do that, they're reply of course was> "Please consult with the script writer on how to convert ini_set function in your code to php.ini seting. As the script is not encrypted, you can do it with commenting all ini_set calls and write a substitute on php.ini (Create php.ini file in webroot folder)." I tried to contact the developer, but it appears he has gone MIA! So, now I am left with no clue how to fix the website, so I turn to you guys! The website is [url]. You can see the errors in the header, but I'll post them here as well>> "Warning: ini_set() has been disabled for security reasons in /home/buymydom/public_html/includes/global.php on line 3 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/buymydom/public_html/includes/global.php:3) in /home/buymydom/public_html/includes/global.php on line 32 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/buymydom/public_html/includes/global.php:3) in /home/buymydom/public_html/includes/global.php on line 32" My question is, How do I convert ini_set function in my code to php.ini?
View Replies!
View Related
Make Php Nonexecutable In A Directory
I have an upload feature in my site.. On upload i check the file extention of the uploaded file.. But recently a person uploaded a file like xx.php.jar and as the extention is jar it got uploaded.. But when we go to the file through url it gets executed as php... So any solution how can i stop execution of php files in my upload directory
View Replies!
View Related
Site Hacked Via Php Script Placed In WordPress Uploads Directory
First of all, I discoverd this forum during my quest to unravel the mysteries of how my site was hacked. I hope this is an appropriate forum to discuss the issues even though I am not a web hosting provider, but merely a customer of a web hosting company, hostrocket.com I have an installation of WordPress 2.1 WordPress creates a couple world writable directories such as Uploads and Cache which are owned by nobody. Apparently (according to the tech support at hostrocket.com) someone was able to insert and exectue a php script in my world writable Uploads directory. Over 40MB of scripts, executables and files were uploaded. As best I can tell, my space was being used as some sort of link farm or perhaps acting as a server in my webspace. I do not have much knowledge about these things and consequently can't talk very inetlligently about them. But I am trying to grasp what little I am able to absorb about how this could have happened, what I can do to mitigate it from reocurring in the future. Some of the stuff that was in the directory is as follows... 2421 bindz h4ckerz mass.pl p trace-kmod 2421.1 brk help.php mybindshell ptrace24 99.php coredump idf.php netcat pwned CMD.php dc.pl index.html online r0nin TMT.htm elfdump kmod2 online.tar.gz raptor TTdummyfile gcc krad3 prctl2 uselib24 bind.pl g cc.1 list.txt ptrace The "online" directory contained over 40MB of directories such as... abortion diethylpropion accounting diflucan accupril diovan acne distance-education actonel dospan actos dovonex acyclovir doxycycline adderall drug adipex drug-rehab adventure-travel drug-test adware dvd adware-spyware e-pathto affiliate-program effexor air-travel elavil aldara enalapril alprazolam equity-loan altace estradiol amaryl evista ambien fioricet amitriptyline flexeril amoxicillin flonase amoxil florida-lottery antivirus fluoxetine atenolol fosamax ativan free-poker avandia free-slots avapro free-spyware baclofen furniture bankruptcy gambling bextra home-equity-loan biaxin home-loan bingo hosting black-jack hotel blackjack hydrocodone blackjack-game images bontril imitrex britney-spears insurance-life business internet-betting buspar internet-gambling buspirone loan butalbital loans buy-hardware lortab buy-phentermine lottery california-lottery lotto captopril mesothelioma car mortgages car-insurance online-black-jack carisoprodol online-casino cars online-gambling cartia online-loan cash-loan online-pharmacy casino online-poker casino-games online-roulette casino-las-vegas online-slot celebrex payday-advances celebrex-online phentermine celexa poker celexa-online poker-chips cephalexin poker-game cialis poker-tables cigarette refinance cigarettes refinance-house cipro refinance-loan claritin refinancing clindamycin ringtones clonazepam roulette clonidine slot-machine codeine slot-machines consolidate-card slots cozaar steroids credit structured-settlement credit-card texas-holdem credit-card-debt texas-holdem-poker credit-card-debt-consolidation texas-holdem-rules creditcard texas-lottery cyclobenzaprine tramadol darvocet travel dating travel-insurance debt-consolidation ultram debtcard valium denavir viagra diazepam vicodin diclofenac video-poker didrex wagering diet-pills xanax As you can see, I was had in a BIG way. So the first thing my webhost had me do was to change ownership of the directories owned by nobody to me. Then I was able to change permissions from 777 to 755. However in so doing, I am no longer able to use the Dashboard of WordPress to upload images anymore, unless I temporarily change permissions back to 777. The other thing the tech support guy did is to create an .htaccess file with, php_flag engine off I guess this basically renders php scripts impotent from running. So without flaming me, can you help me understand how someone in a shared server environment is able to put a php script into one of my directories? What amazed me was this particular script, "99.php" actually when viewed in a browser window titled phpshell was called "c99adult v. 1.0 pre-release build #16". It basically enabled whoever had access to the URL, to view my webspace, and do all sorts of nasty things. Talk about a wake-up call! Obviously this enabled the hacker to view my config.php file and ascertain my database password and everything else. Whether he did, or whether there is a logfile of that info that could enable him to hack the database at some time in the future is unknown to me but it's really freaking me out.
View Replies!
View Related
PHP: Uploading As Apache User, And Chmod 600
I've recently moved to a new server in which I don't have root, so bare with me. For some reason when I upload a file with 'move_uploaded_file($tmpName,$new_filename)', it seems to work fine - but when I check it, try to download it (http or ftp), or change the permission - I can't, because its set to 600 for some odd reason, and owned by the user Apache is setup on.
View Replies!
View Related
|
TRACKER
