xxkylexx Posted May 30, 2006 Share Posted May 30, 2006 I know I had to enable register_globals via my .htaccess during the install, but is this something I can turn off now? I have read that it can be a security issue. Kyle 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted May 30, 2006 WHMCS CEO Share Posted May 30, 2006 No, Register Globals is a requirement in order to run WHMCS. Register Globals alone is no security issue. The myth that states it is an issue is one that's been around for a long time but is not really true. There is only ever an issue if there is bad coding. Say for example the user authentication system for the admin area was simply: if($authorised){ dosomethingsensitive(); } Then of course a user could just do ?authorised=true on the end of the URL and then they've got access to run a command, but it's not. All input by WHMCS is properly checked and validated before being used and there aren't any kind of loopholes like that in the login system. There is no need to worry having Register Globals on in your WHMCS directory. 0 Quote Link to comment Share on other sites More sharing options...
lugz Posted July 3, 2006 Share Posted July 3, 2006 My host suggested that I put the following in a php.ini file in the public_html folder: register_globals = On I did this and the install still says that the register globals test failed. Is there something I have wrong here or another way to do this? Thank you 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted July 3, 2006 WHMCS CEO Share Posted July 3, 2006 Using php.ini files like that only enable register globals in the folder you put them in. For WHMCS to function properly, you would need to put the same php.ini file into every one of your WHMCS folders. Matt 0 Quote Link to comment Share on other sites More sharing options...
Volt.Networks Posted July 4, 2006 Share Posted July 4, 2006 Yeah, it took me a while, but just FTP it to every folder. 0 Quote Link to comment Share on other sites More sharing options...
xxkylexx Posted July 4, 2006 Author Share Posted July 4, 2006 Actually you don't need it in every folder, just every folder that contains .php files. 0 Quote Link to comment Share on other sites More sharing options...
lugz Posted July 4, 2006 Share Posted July 4, 2006 Thank you. I'm guessing this may be one of my problems. I think I need some help. Makes me appreciate the installation service. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.