How enable register_globals in your web account using php.ini?

• Posted by Namsahaz Team on October 11th, 2007 filed in DIY

[Don’t want to read all these jargons? Skip to the Step-by-Step instruction] 

As a webhosting service who tries to satisfy all our customers, we had to face a lot of dilemma every now and then especially when there are some users who wants to use older scripts in their websites which may not be compliant with the, say, latest version of PHP that we use in our servers.

One example is when it comes to register_globals. A lot of old - and unprofessionally programmed - scripts rely on the availability of the register_globals function being turned on in our servers. But unfortunately for them, register_globals is turned off by default in all our servers for the simple reason of it being a security risk to the web application which uses it. On the other hand, if we turn on register_globals in our servers, customers who uses the Joomla CMS will start to complain because register_globals will be flagged as a security risk in their administration dashboard (the same applies to any other latest version of CMS scripts out there). Like what’s being said earlier, it’s a dilemma.

So what we do is basically turn off register_globals completely in our servers, but still allow our users to turn it on in their own accounts only (in case they still want to use the unsecured scripts). There are a few ways to turn on register globals in your account, such as using the .htaccess file.

However, sometimes problem occurs when you mess up with the .htaccess file and a 500 error will be returned, especially in a server that has PHPSUEXEC installed. Since most of our servers have PHPSUEXEC installed, we would suggest that instead of using .htaccess, try using the php.ini configuration file to enable register_globals. Simply include the line below in a file called php.ini.

In php.ini:

register_globals = On

To use php.ini, you will need to place this file into all folders and subfolders that you have in your webroot directory in order to have it working correctly with your script, or else register_globals will only be available in certain paths and this might cause problems in the future. To copy the php.ini file one by one into each directories is very tedious, so we provide a simple script called “ConfigurePHP” that will help create symlinks of the php.ini file into all directories on your behalf.

Follow the instruction below to enable register_globals safely using php.ini:

(Applicable to any other servers out there, not just our servers)

1. Download the zip file here which contains (1) the php.ini file, and (2) a PHP script called ConfigurePHP.php which will create the symlinks of php.ini in all your subdirectories.

2. Unzip and upload both files into your public_html directory, and then run ConfigurePHP.php. That means if your domain is abc.com, go to http://www.abc.com/ConfigurePHP.php to run it.

3. (Optional) In the interface that’s being displayed, click “Scan” to scan through your directories and to detect which directories that hasn’t got the php.ini file.

4. After that, go back and click “Create” to create the symlinks of php.ini into all your directories.

5. If everything works fine (which it normally would), register_globals would have been turned on in your account at this point. Proceed to delete the ConfigurePHP.php file so that no one can access it in the future.

We however most recommend that you use alternative scripts that doesn’t need to have register_globals to be turned on due to security issues.

Hope you find this information useful. Cheers!~