truenegative Posted March 19, 2007 Share Posted March 19, 2007 Hello, I have been interested in WHMCS for a while now, and I've decided to download the trial and install it, with plans to purchase and use with my hosting site. However, it requires that register_globals be enabled, which can be a huge security risk for poorly coded scripts such as open source software on a site. Are there any plans to update the software not to use register_globals? Thanks in advance. This may mean I will have to look elsewhere for a system. 0 Quote Link to comment Share on other sites More sharing options...
Dominic Posted March 19, 2007 Share Posted March 19, 2007 Bad coding causes what you listed. The setting of register_globals makes no difference, though it does require more rigorous variable control. 0 Quote Link to comment Share on other sites More sharing options...
Dominic Quick Posted March 19, 2007 Share Posted March 19, 2007 To answer your question Truenegative you must make a .htaccess file and add the following 1 line of code: php_value register_globals on upload this to the root of your whmcs installation i.e - /home/YOURNAME/whmcs/.htaccess This will bypass the php.ini file on which your server uses. I dont have register_globals on as it is a really big security risk. Dom 0 Quote Link to comment Share on other sites More sharing options...
truenegative Posted March 19, 2007 Author Share Posted March 19, 2007 To answer your question Truenegative you must make a .htaccess file and add the following 1 line of code: php_value register_globals on upload this to the root of your whmcs installation i.e - /home/YOURNAME/whmcs/.htaccess Dom Thanks I know this hehe, but I was asking about the necessity of it. Hopefully the coding of WHMCS is done well enough so as not to introduce security issues 0 Quote Link to comment Share on other sites More sharing options...
Dominic Quick Posted March 19, 2007 Share Posted March 19, 2007 Put it this way truenegative. I have just purchased a second license from matt the software developer. He is one of the best programmers i know so i can safely say that you are in good hands. I wouldnt purchase the software if i knew about any security issues. Matt takes security as number 1. He even is a proper programmer and secures his script using ioncube. You wont regret using this software over any of its main competitors. Dom 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted March 19, 2007 WHMCS CEO Share Posted March 19, 2007 Are there any plans to update the software not to use register_globals? Yes, by the time PHP 6.0 is released which no longer has support for register globals, WHMCS won't need them either. Matt 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 19, 2007 Share Posted March 19, 2007 ...and secures his script using ioncube. Maybe I read this wrong, but how does securing his code against theft relate to this topic? 0 Quote Link to comment Share on other sites More sharing options...
Dominic Quick Posted March 19, 2007 Share Posted March 19, 2007 ...and secures his script using ioncube. Maybe I read this wrong, but how does securing his code against theft relate to this topic? No bear, Just adding more information so that true negative can get the basic gist of what i was trying to explain 0 Quote Link to comment Share on other sites More sharing options...
truenegative Posted March 19, 2007 Author Share Posted March 19, 2007 I understand. Thanks guys for the responses! I hope I will be very happy with WHMCS 0 Quote Link to comment Share on other sites More sharing options...
Webdomain.com Posted March 19, 2007 Share Posted March 19, 2007 Are there any plans to update the software not to use register_globals? Yes, by the time PHP 6.0 is released which no longer has support for register globals, WHMCS won't need them either. Matt You made my day Matt. This is a wonderful news 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.