I am trying to use PHP's built-in function get_browser(). I followed the instructions in this useful post, but I'm still getting the error
browscap ini directive not set.
I downloaded the php_browscap.ini file and moved it into the same directory as my .htaccess file, so that its location is home/hostname/subdomain/php_browscap.ini Since I do not have access to my php.ini file, I am trying to edit the browscap property using .htaccess. This is what I entered:
php_value browscap home/hostname/subdomain/php_browscap.ini
I don't know if it matters, but below that there's some Rewrite Engine code.
As forementioned, I am still getting the error above. What did I do wrong?
Thanks.
The browscap PHP value has a changeable mode of PHP_INI_SYSTEM meaning it can only be set in php.ini or httpd.conf (not .htaccess).
Do a phpinfo() to understand your PHP runtime config. If your system is configure as "CGI/FastCGI" then it is probably running suPHP as the PHP initiator. In this case you can specify your own php.ini file. By default suPHP looks in the script directory but you can override this by the following directive in your .htaccess file:
suPHP_ConfigPath (expects a path name)
This option tells mod_suphp which path to pass on to the PHP-interpreter (by setting the PHPRC environment variable). Do NOT refer to a file but to the directory the file resists in.
E.g.: If you want to use "/path/to/server/config/php.ini", use "suPHP_Config/path/to/server/config".
If you don't use this option, PHP will use its compiled in default path.
Also you must use a properly formed path in your browsercap directive e.g.
browscap="/home/hostname/subdomain/php_browscap.ini"
(Note the leading /)
Addendum
I've just check and the Dreamhost shared hosting plan uses suEXEC. With suEXEC you can normally override the php.ini patch by copying the system php.ini (phpinfo() tells you where to find this) into a private directory, say _private as well as the browsercap.ini then adding
SetEnv PHPRC /home/hostname/_private
to your .htaccess file. If this doesn't work then the issue is specific to Dreamhost's suEXEC config and you need to ask this Q on http://discussion.dreamhost.com/
There are two potential problems here.
Perhaps your host does not allow you to override ini settings in the .htaccess file.
Maybe browscap does not like the path you have provided. Try:
php_value browscap /home/hostname/subdomain/php_browscap.ini
And ensure that permissions on that file allow the web user to read it.
If you are on a shared hosting and do not have access to the system php.ini then you can use the following standalone replacement of php's native "get_browser()" implementation.
https://github.com/garetjax/phpbrowscap
Related
I want disable execute some php function like file_put_content,exec,eval on special directory.
I can use disable_functions in php.ini but how can define a special folder like c:\poject\public
If you have a working version of php.ini that disables the functions you want, then you just need to "link" the folder to that specidif .ini file. This means that your web server should, when serving files from that directory, should use that specific .ini file instead of the system one.
If you are using Apache2 as a server, a solution can be found here you can define a specific php.ini file for each virtualhost. Let's say you specific folder is /var/www/web1, you should put the php.ini with the function disabled into /var/www/web1 and use this Apache2 configuration
<VirtualHost 1.2.3.4:80>
[...]
PHPINIDir /var/www/web1
[...]
</VirtualHost>
If you are not familiar with or not using VirtualHosts (but still using Apache2), another possibile solution is putting PHP configuration into a file named .htaccess in the folder, with a syntax like this:
php_value disable_functions "file_put_content,exec,eval"
You can't use the disable_functions setting anywhere other than in a php.ini file, according to the PHP documentation,.
If you need per-vhost or per-directory restrictions on functions, I would suggest using separate instances of PHP-FPM, each of which can have its own php.ini. It also provides additional security benefits, such as complete sandboxing per daemon instance.
EDIT:
You can read about it on official documentation
or
php-fpm example configuration for both UNIX and TCP sockets.
My .htaccess file looks like this:
php_value include_path "/home/username/public_html/site"
and is the same location as the include path.
It's causing a 500 internal service error, but was working fine locally. I'm digging around to try and find something via the host but not having much luck.
Without knowing the exact error message, it is difficult to tell what is going wrong. As Pekka explained, one reason could be that mod_php is not used. This could be the case, for instance if suPHP or any other variant based on PHP's CGI interface is used.
If that's the case AND if you are using PHP 5.3.0 or later, you could create a per-directory configuration using a .user.ini file1. So instead of using a .htaccess file with the line
php_value include_path "/home/username/public_html/site"
you would use a .user.ini containing the line
include_path = "/home/username/public_html/site"
1) Note that this is the default file name. The file may have a different name (the file name is configured through the INI directive user_ini.filename) or may be disabled completely.
In Centos, the default include_path is:
.:/usr/share/pear:/usr/share/php
PHP configuration can be made in a number of different places:
php.ini
httpd.conf
.htaccess
within a php script via ini_set()
any more?
Some configuration settings can only be set in certain places and there's certain Apache and PHP settings that would prevent you from doing any PHP config changes in .htaccess or with your PHP script. But assuming that a given PHP setting can be set in all of the above places, in what order is this configuration read? In other words what overrides what? (I'm assuming that ini_set() overrides any of the previous settings).
There's compile-time settings before php.ini. The rest of the stages aren't really "configuration". They're more of a way to override settings established in a previous stage. PHP will quite happily run without any other config directives in php.ini/http.conf/.htaccess. php.ini does list (almost?) all the configuration settings available, but that's just a courtesy so you don't have to dig around in the docs to find the one setting you do want to override.
You named them in the correct order.
I don't recommend setting configuration in any other place than a php.ini though.
There are also per-directory php.ini configurations and I don't know which comes first, .htaccess or the directory php.ini but I would guess the .htaccess first and php.ini after.
Apache loads PHP, so Apache's config is read first. .htaccess is also handled by the webserver, so I'm guessing that will be second. Thirdly PHP is loaded. It checks for PHP.ini's in several locations. Also see here. Finally the ini_set is checked runtime.
First, You can use a user.ini file.
I think PHP will read it from the bigger to the smaller, I mean from httpd.conf -> php.ini (and then user.ini if set) -> .htacess -> ini_set()
Hi I'm used shared hosting. I want to turn off php safe_mode off for my site. My provider gave me a php.ini file and asked me to put it with my settings in my public_html folder to override the settings, but it didn't work.
You can also try to create a file called php.ini in the root (public_html or other) folder, and putting the following in it:
safe_mode = Off
Depending on server settings, this may or may not work.
Your service provider might have forgot to tell you that you need to enable your user defined php.ini configuration by adding this line in the .htaccess file that you find in your public_html folder:
#Activates php.ini config located in main folder to work also recursively for all subfolders
suPHP_ConfigPath /home/YOUR_CPANEL_USER_NAME/public_html
Obviously replace YOUR_CPANEL_USER_NAME with your cPanel user name.
I'm supposing your server has got suPHP module(which is quite common in nowdays).
BTW: the php.ini file need to be in /home/YOUR_CPANEL_USER_NAME/public_html too and inside you should write this:
safe_mode = Off
And remember that Safe Mode is deprecated in PHP 5.3.0 and is removed in PHP 6.0.0.
TRY:
You can turn it off by adding the following line to a .htaccess file in your root (public html) folder.
If the .htaccess file doesn't exist, you can create it using a simple text editing program.
php_flag safe_mode Off
We have PHP 5.2.6 deployed to c:\php and in that folder there is the php.ini file. On Windows, can a website override these settings similar to the way that apache has .htaccess? e.g.
DirectoryIndex index.php index.html
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag register_globals off
</IfModule>
<IfModule mod_php4.c>
php_flag magic_quotes_gpc off
php_flag register_globals off
</IfModule>
Update:
I was aware of ini_set() but wondered if there was a declarative way to do this in a configuration file in the website rather than in script.
I would recommend doing all you can to avoid changing register_globals to on as it's a major security hole.
But you can try using init_set() to change the settings within your PHP code, although some settings cannot be changed once PHP has started running. (These are somewhat server dependent I believe.)
You can override the directives in the php.ini file several ways, but not all directives can be changed by each method. See the php.ini directives page in the manual for a list of the directives and the methods that will work on each one.
The last column in the table lists the methods that will work on that particular method. In increasing level of access:
PHP_INI_USER - Can be set in user
scripts with ini_set() (or any higher method)
PHP_INI_PERDIR - Can be set using
the .htacess file with php_value
for string values or php_flag for
binary values (or any higher method)
PHP_INI_SYSTEM - Can
be set using php.ini or httpd.conf
only (both require access to the server's configuration files)
PHP_INI_ALL - Can be set using
any of the above methods
ini_set should do what you're after -
$option = 'magic_quotes_gpc';
echo "Value of $option => ", ini_get($option);
ini_set($option,0);
echo "New value of $option => ", ini_get($option);
A caveat here is that just because you can set the value at run-time doesn't mean it will work as expected, e.g. setting register_globals at runtime will be of little use as that setting has already done it's job by the time your script starts.
From http://us.php.net/configuration.changes:
Changing PHP configuration via the Windows registry
When running PHP on Windows, the configuration values can be modified on a per-directory basis using the Windows registry. The configuration values are stored in the registry key HKLM\SOFTWARE\PHP\Per Directory Values, in the sub-keys corresponding to the path names. For example, configuration values for the directory c:\inetpub\wwwroot would be stored in the key HKLM\SOFTWARE\PHP\Per Directory Values\c\inetpub\wwwroot. The settings for the directory would be active for any script running from this directory or any subdirectory of it. The values under the key should have the name of the PHP configuration directive and the string value. PHP constants in the values are not parsed. However, only configuration values changeable in PHP_INI_USER can be set this way, PHP_INI_PERDIR values can not.
...Haven't actually tried this yet, so your mileage may vary.
I just found a new way of doing this.
First of all, I used phpinfo() to find the PHP.ini being used by my Hosting provider.
Thereafter, I uploaded a file containing the following code to my Hosting space:
$fsrc = fopen($pathToIni,'r');
$fdest = fopen($myHostingDir,'w+');
$len = stream_copy_to_stream($fsrc,$fdest);
fclose($fsrc);
fclose($fdest);
echo $len;
This effectively copied the php.ini to my Hosting space. Thereafter, I downloaded that php.ini, changed the register_globals to off (for which I did all this), and uploaded it to the root of my Hosting space. Bingo, there you go.
I have relied on the fact that IIS uses the complete php.ini if available in a directory. You cannot override only specific settings like that using .htaccess on Apache.
For cgi environments, there is a module called htscanner. It basically fakes .htaccess behavior and allows per directory configurations. Unfortunately I have no experience with this on Windows, let alone with IIS6.