php.ini and questions help please...

[euroiplayer]

Hi all,
I searched around and even googled it, but where in the world is php.ini located at?
I have installed PHP-Nuke 8 and would like to have Display Errors ON, thats why I need to edit it.
Also what other things do you recommed I should change in php.ini to make it more secure.

I noticed that when I installed PHP-Nuke 8, it showed Safe Mode ON, which is required by PHP-Nuke to be turned OFF.  What does this mean (I have no clue about Safe Mode ON/OFF).  Is it secure to have it turned OFF?  If I turn if OFF does that mean my website is in any harm?  At last where can I turn OFF Safe Mode?

Also I would like to know what changes to make in PHP-Nuke 8 files in order for me to know that I am 99.9% secure.  What files should I rename, edit, replace -- that way they're not just in default directory.
If I rename admin.php what files will I need to edit to update its new name?

In what way can I protect my files, in a way that they could never get to my passwords (mysql, phpadmin, php-nuke etc...)?

I know I asked too many questions, but any help is appreciated very much, thanks alot  :).

[trq]

The location of your php.ini really depends on your php install and your OS. Im running Gentoo Linux for instance and my php.ini is located at /etc/php/php5/php.ini. Ive no idea where it might be on Windows sorry.

The php.ini file itself is very well commented so you will find allot of helpfull infomation within.

As for your php-nuke specific questions.... probably best asked on a php-nuke help site or at very least, in the 3rd party forum.

[php_in_use]

This is purely for Windows...

My php.ini file was origonally called "php.ini-dist" which I then made a copy of as a backup and renamed the original "php.ini".

Everything worked fine with the renamed file. I have even edited it and it still works!

The location of my php.ini file is C:\php, but it depends where you have saved your php files.

Hope that helps.

Ste

[wildteen88]

The location of the php.ini can be found by running a function call phpinfo() in php script and looking at the line that starts with [b]Configuration File (php.ini) Path[/b]. To the right of that line it'll show you the full path to the php.ino. If you are looking to edit this file then you'll need to check with your host whether you have access to this file. Most shared hosts prevent users from editing the php.ini however sometimes they do allow you to use a custom php.ini agin you'll need to check with your host on this one.

If you are not allowed access to the php.ini then they only way you change the php settings is by addinga  php_flag/value to a .htaccess file to change a certain setting. Such as turning on display_errors:
[code]php_flag display_errors On[/code]

However not all PHP settings can be changed via a .htaccess file. Another option is use the ini_set() function which you can add to your PHP scripts to temporarily change a PHP setting for your script. Again this function can only change a few PHP settings.

You don't have to protect your PHP files that have your mysql login credentials as no one can see the actual source code of these files from a web browser, you'll only see the output from these files. However if you store your private login details in files that don't have a php extension then anyone can view the contents of the file.

For renaming admin.php I'd recommend thorpe's suggestion of asking it on the php-nuke support site or asking in our Third Party PHP Scripts forum.

[euroiplayer]

Hello,
First off I'd like to say thanks for the replies.

I made a file named info.php with the following function phpinfo(); and after all I found where the php.ini was located at :) but useless.. you ask why? Why, because I have a shared host, I emailed them and they said that I couldn't change the Safe Mode to ON for security reasons. (BTW it was located at /etc/php4/apache/php.ini)

Wildteen88, since I am not an expert to all this, would I just add the following code to the .htaccess:
[code]php flag display errors On[/code]
Also to which .htaccess directory should I add the following* code to?:
www/ www/phpnuke or some other directory?
After that, how could I possible know if adding the code* to .htaccess actually has enabled the display_errors?
And if this function* above you mentioned doesn't work please explain what you exactly mean by:
[quote]However not all PHP settings can be changed via a .htaccess file. Another option is use the ini_set() function which you can add to your PHP scripts to temporarily change a PHP setting for your script. Again this function can only change a few PHP settings.[/quote]
Where would I add the function ini_set()?

One other thing, the host replied with this email telling me how to turn ON display_errors
[quote]Please insert the following line of code into the PHP files you wish to display errors on, including the code into a php file which is used for every page such as a header or config file.


error_reporting(1);[/quote]
^If thats actually true and works, to which file(s) should I add that, www/phpnuke/index.php or all?


I know its alot of questions sorry :), and thanks for taking your time to reply.

(BTW this is a great website I love it !)

[wildteen88]

You'd add the following:
php_value error_reporting 8191 # E_ALL Error reporting
php_flag display_errors On

To the .htaccess in the www/ folder. This will apply to all subsequent folders below the www directory too. If you added it in the phpnuke folder (www/phpnuke/) it'll only affect the phpnuke folder and the subsequent folders below the phpnuke folder and not the folders in the www folder.

You might be able to disable safe_mode too by adding [b]php_flag safe_mode Off[/b] to the .htaccess file too, however I don't think you can change safe modes setting from outside of the php.ini

You can check whether the php_flags/values you have changed in the .htaccess file has made an affect by looking at the [b]Local Value[/b] column when running the phpinfo() function. So if display_errors is turned off in the php.ini and you turned it on in a .htaccess file you should find that the Local Value column will be set to On and the Global Value column will be set to Off when looking at the display_errors row.

NOTE: You'll need to run the phpinfo() function in the directory in which you added the php_flag/value in the .htaccess file. As this is the nature of the .htaccess file, as quoted from apache:
[quote=http://www.phpfreaks.com/forums/index.php/topic,113111.0.html].htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.[/quote]

About the following:
[quote]One other thing, the host replied with this email telling me how to turn ON display_errors
[quote]Please insert the following line of code into the PHP files you wish to display errors on, including the code into a php file which is used for every page such as a header or config file.


error_reporting(1);[/quote]
^If thats actually true and works, to which file(s) should I add that, www/phpnuke/index.php or all?


I know its alot of questions sorry Smiley, and thanks for taking your time to reply.

(BTW this is a great website I love it !)[/quote]
Yes you can do that. However you'll need to add [code=php:0]error_reporting(1);[/code] in the main file that is used by phpnuke in order for it to work. It is no point in adding it to index.php as it'll show errors from index.php and nowwhere else. Thatsd why it is easier to turn display_error in the .htaccess file as then it is on through out your site.

[euroiplayer]

Hello,
The code [b]php_value error_reporting 8191 # E_ALL Error reporting[/b] gave me error to that directory in which .htaccess file was (www/phpnuke), [b]php_flag safe_mode Off[/b] didn't work, and still stayed On (I guess you're right, couldn't overwrite that of the hosts :)) and Display Errors turned On with [b]php_flag display_errors On[/b].

Well I guess the important thing was setting up display_errors On. BTW I have no idea what Safe Mode On/Off is, can you give me a brief explanation.

Thanks for all the great help wildteen88.
[I got another question related to .htaccess code, should I PM you, post here, or post somewhere else?]

[wildteen88]

You can scrap the following command in the .htaccess:
[b]php_value error_reporting 8191 # E_ALL Error reporting[/b]
I accidentally copied it in.

More information about safe_mode can be found [url=http://uk.php.net/manual/en/features.safe-mode.php]here][/url]

You may ask your questions related to .htaccess here

[euroiplayer]

Hello everyone,

I need some help again with turning safe_mode to Off, since I would like to install phpSysInfo [url=http://sourceforge.net/projects/phpsysinfo/]http://sourceforge.net/projects/phpsysinfo/ [/url].  When I use your following code above* wildteen88 to turn safe_mode off, I get error on all of the directories I go to.

Is there any other way to work this around through the .htaccess file.. or any other way?  Any ideas ???.

PS:Remember, I don't have access to the file php.ini

Thanks

[wildteen88]

As .htaccess files work on a per-directory bases and effects all sub-directories with in the same directory as the .htaccess file in. I should place a .htaccess file in the root of the folder in which you files are viewable via the browser which would be the www/ directory. Add the following to it:

[code]php_flag safe_mode Off[/code]

It should now turn off safe_mod throughout your site.

[euroiplayer]

For some reason it doesn't work :-\  But its okay I guess, forget the phpSysInfo :)
Thanks alot for your help though wildteen88