register_globals

**hightime** · 04-05-2006, 09:35 PM

A script i have requires register globals to be turned on does anyone know what i have to do to turn it on ...the message i got was:
HTTPAuth Requires "register_globals" to be ON
so im just curious on how to get my script working. Also sry if i posted in the wrong section.

**Galen** · 04-05-2006, 11:52 PM

Um... if the script requires register_globals to be on, then it's probably not a very good script in the first place. Most people here are gonna jump all over you telling you that register_globals ON = "the devil himself!"

Ah, but anyway... Assuming you're on a VPS (and that you did post this in the right forum

), I don't think you're affected by the changes Jag is making to php on their servers. In which case, you just make sure the script is in its own directory and put an .htaccess file in that directory with the following in it:

Code:

php_flag register_globals on

Again, when others reply they'll tell you it's a bad idea (and they're right) and they'll yell at me for telling you to do it (and they'll be right), but there you have it.

**hightime** · 04-05-2006, 11:58 PM

hmm its more of an extra feature of a script to further secure it so a login screen pops up before you can access it. before another one to get into the admin panel of a cms. (PHP nuke btw)

**Vin DSL** · 04-06-2006, 02:38 AM

Um... running PHP-Nuke with globals on is NOT a good idea! I suggest you try try something like...

http://www.lenon.com/admin.php

**Vin DSL** · 04-06-2006, 02:40 AM

Originally Posted by Galen

Again, when others reply they'll tell you it's a bad idea (and they're right) and they'll yell at me for telling you to do it (and they'll be right), but there you have it.

Smarty pants!

**tank** · 04-06-2006, 08:28 AM

Adding Register Globals On to increase security? Sounds like an oxymoron. I wouldn't go as far as to tell you that you "must" do anything. But what I would suggest is to research what turnign it on does, in general.

**jason** · 04-06-2006, 01:17 PM

Not knowing how your script is written and how it is called, it is hard to make suggestions, but maybe this will help...

Is this script something that is called directly from a URL (or by a form submission)? If so, is it or can it be run from its own directory (instead of public_html). For example, can it be called from www.somesite.com/myscript/myscript.php instead of www.somesite.com/myscript.php? If so, you can add a .htaccess file to the "myscript" directory that turns on register_globals for that directory only. Then that script can run with register_globals on while the rest of your site has them off.

Option B: if you have an expeirience with PHP it usually isn't too difficult to modify a script to make it work with globals off, provided it isn't too complex. Just look at what kinds of variables are bassed in to the script and add a block of code that the top such as:

PHP Code:


    $var1 = $_POST['var1'];
    $var2 = $_POST['var2'];
    $var3 = $_POST['var3'];

In this example, each the $_POST variables represent values from a form. Each line declares a the varibale that would have been automatically declared if register_globals was on, but you gain the security of having it off because only those variables that you specify will be declared.

--Jason

LinkBack

Thread Tools

Display

register_globals

Bookmarks

Bookmarks

Posting Permissions