The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 36 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Aug 25, 2008 6:45 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Mar 30, 2006 8:42 pm
Posts: 133
Location: IR.Iran
hi
i changed my host when i installed joomla in my new host site comes up but an error appears:

Warning: ini_set() has been disabled for security reasons in /home/memor/public_html/libraries/joomla/session/session.php on line 649


how can i fix it?
i installed joomla 1.5.4

_________________
http://www.itgate.ir =>The Gate to the Cyber World


Top
 Profile  
 
PostPosted: Mon Aug 25, 2008 7:04 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 18728
Location: Omaha, NE
This is not a Joomla issue. Your host has disabled the php function ini_set(). You will need to talk to them.

_________________
Regards, Dave
http://www.kiwaniswest.org


Top
 Profile  
 
PostPosted: Mon Aug 25, 2008 7:07 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Aug 25, 2008 5:26 pm
Posts: 6
Also, please update to 1.5.6 as soon as possible due to the hacking problems sites have been experiencing!


Top
 Profile  
 
PostPosted: Mon Aug 25, 2008 8:38 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Mar 30, 2006 8:42 pm
Posts: 133
Location: IR.Iran
ok. thanks
i upgrade it to 1.5.6
but nothing changed !! :(

can you help me fix it?

_________________
http://www.itgate.ir =>The Gate to the Cyber World


Top
 Profile  
 
PostPosted: Mon Aug 25, 2008 8:41 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 18728
Location: Omaha, NE
asadallahi wrote:
ok. thanks
i upgrade it to 1.5.6
but nothing changed !! :(

can you help me fix it?

dhuelsmann wrote:
This is not a Joomla issue. Your host has disabled the php function ini_set(). You will need to talk to them.

_________________
Regards, Dave
http://www.kiwaniswest.org


Top
 Profile  
 
PostPosted: Tue Aug 26, 2008 9:19 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Mar 30, 2006 8:42 pm
Posts: 133
Location: IR.Iran
any way to do it?
like writing some code in ".htaccess" file?

_________________
http://www.itgate.ir =>The Gate to the Cyber World


Top
 Profile  
 
PostPosted: Tue Aug 26, 2008 2:59 pm 
User avatar
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Mar 02, 2006 6:48 pm
Posts: 4
asadallahi wrote:
any way to do it?
like writing some code in ".htaccess" file?


Do this:

1. In you joomla root folder, create a file called "php.ini".

2. Edit that file and type "disable_functions =".

3. Save the file and refresh you website.

4. Enjoy every day... It never come´s back.

Serafix

_________________
Happy Joomling

Enjoy every day... It never come's back!

~ : )


Top
 Profile  
 
PostPosted: Tue Aug 26, 2008 5:13 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Mar 30, 2006 8:42 pm
Posts: 133
Location: IR.Iran
Quote:
Do this:

1. In you joomla root folder, create a file called "php.ini".

2. Edit that file and type "disable_functions =".

3. Save the file and refresh you website.

4. Enjoy every day... It never come´s back.

Serafix


i did it but it does not work!

_________________
http://www.itgate.ir =>The Gate to the Cyber World


Top
 Profile  
 
PostPosted: Tue Aug 26, 2008 5:24 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 18728
Location: Omaha, NE
If your host is disabling functions for security reasons you are unlikely to be allowed to run your own copy of php.ini. Have you contacted your host at all??

_________________
Regards, Dave
http://www.kiwaniswest.org


Top
 Profile  
 
PostPosted: Tue Aug 26, 2008 6:23 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Mar 30, 2006 8:42 pm
Posts: 133
Location: IR.Iran
Yes
i contact them they finally accept my request and enable it

and it solved

thanks a lot for you help

_________________
http://www.itgate.ir =>The Gate to the Cyber World


Top
 Profile  
 
PostPosted: Tue Sep 09, 2008 5:41 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Sep 09, 2008 5:25 pm
Posts: 1
Hello,

I am a network admin and I bring answers. First, creating a php.ini yourself and just adding disable_function is a bad idea as you should really pull a copy of the master php.ini. If you have access to your own server with (root) not jail shell access (also assuming it is a linux environment: Redhat or CentOS) you can type the following:

php -i | grep php.ini

The above command will tell you exact path for the true php.ini location. After running it, the system will blurb this to your screen:

root@host [/..]# php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini

So then we just go there: cd /usr/local/lib
Now we copy it: cp php.ini php.2
Now we move it to your root directory:

mv php.2 /home/username/public_html

Now we goto your root directory: cd /home/username/public_html
Now we rename it: mv php.2 php.ini
Now we restore ownership: chown username:username php.ini

Open it up and find disable_functions= If you see init_set listed then it is disabled. If it is there, it is enabled so just remove it then save.
-----

Most of us do not have the luxury of having root access to a machine, so you can ask your host to disable it. However, they will most likely tell you to get a life and put your support request on hold for hours till you give up. If they say no ask them if they can put a custom php.ini file in your root directory /public_html/ then either they can make that change or you regarding ini_set

UPDATE: Failed to mention that sometimes the custom php.ini needs to be placed within the directory of the calling script.

Hope this helps. Cheers!

- Justin
Mobiuz Digital Media
http://www.mobiuz.com


Top
 Profile  
 
PostPosted: Wed Nov 12, 2008 5:24 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Oct 07, 2005 1:02 am
Posts: 192
Woa, thanks mobiuzhost for your detailed and clear explanation. It's really appreciated.
It's nice to have network admins sharing their experience with every body in such simple and easy to understand words.

cheers for that.

just a quick one: i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
And it's sound strange to me.

Does anybody have a comment on that?

thanks

bob


Top
 Profile  
 
PostPosted: Wed Nov 12, 2008 10:04 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Wed Sep 20, 2006 7:48 pm
Posts: 344
Location: Tehran,Iran
Hello

you must create php.ini and copy it into joomla root and administrator folder

good luck ;-)

_________________
Joomfa Team(Joomla farsi) ==> http://joomfa.org


Top
 Profile  
 
PostPosted: Mon Nov 17, 2008 7:45 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Oct 07, 2005 1:02 am
Posts: 192
thanks guys.

and indeed, on my server i had to copy php.ini in my administrator folder. it was not sufficient to have it at the root.

cheers


Top
 Profile  
 
PostPosted: Wed May 05, 2010 1:32 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 22, 2009 12:02 pm
Posts: 16
thank you guys this did help the problem :)


Top
 Profile  
 
PostPosted: Wed May 19, 2010 12:14 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat May 17, 2008 4:26 pm
Posts: 7
serafix wrote:
asadallahi wrote:
any way to do it?
like writing some code in ".htaccess" file?


Do this:

1. In you joomla root folder, create a file called "php.ini".

2. Edit that file and type "disable_functions =".

3. Save the file and refresh you website.

4. Enjoy every day... It never come´s back.

Serafix


Nicely Done!!!! U Saves Lifes!!!


Top
 Profile  
 
PostPosted: Thu Aug 12, 2010 12:52 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Mar 12, 2010 3:21 pm
Posts: 5
bobthebob01 wrote:

just a quick one: i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
And it's sound strange to me.

Does anybody have a comment on that?

bob


I faced this problem after upgrading from 1.5.10 to 1.5.20:
"ini_set() has been disabled for... line 102, 105 and 688"

I did exactly what Bob said: just simply add "@" in front of those 3 line and everythings fixed.
Just don't know how to explain...
But it works!!!

By the way, adding php.ini file with "disable_functions =" doesn't work!
And if it were caused by your hosting, i suggest asking your hosting provider as the best solution.

_________________
A vasectomy means never having to say you're sorry :) :) -- Anonymous
http://langbian.net


Top
 Profile  
 
PostPosted: Mon Aug 16, 2010 5:59 am 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Mon Jul 14, 2008 1:39 pm
Posts: 67
Greetings,

This thread is most interesting and educative.

Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.

Not complaining of course (joomla is free :P), but it seems that they are so quick to react to security flaw and give so good advise on how to set servers the right way... why don't they solve this ini_set issue?

Kindly
Mat

_________________
http://www.rootshosting.net


http://www.khmer-dev.com



Top
 Profile  
 
PostPosted: Mon Aug 16, 2010 9:05 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12423
Location: The Girly Side of Joomla in Sussex
reggaebkk wrote:
Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.

one reason is a lot of people dont have access to php.ini and are on shared servers

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Mon Aug 16, 2010 9:38 am 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Mon Jul 14, 2008 1:39 pm
Posts: 67
Thanks for this reply Miss MandVille.
Still, not having access to php.ini for some users is not a reason why VPS users (and it is advised to run Joomla on VPS), should have to go and tweak libraries/joomla/session/session.php in order to have their joomla/vps run safely.
Knowing all this maybe there should be a option in configuration to manage this session.php tweak...
does that make sense?
or not at all?

Kindly
Mat

_________________
http://www.rootshosting.net


http://www.khmer-dev.com



Top
 Profile  
 
PostPosted: Sun Aug 29, 2010 9:01 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
Why?

ini_set, in itself, is not a security risk, if the server and php are configured correctly and with limits. The users cannot exceed what the admins set as a maximum, even if they try. So disabling ini_set is only "Security through Obscurity" not actually "Security"... on a properly configured server.

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Top
 Profile  
 
PostPosted: Fri Nov 12, 2010 12:41 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Sep 12, 2005 5:23 am
Posts: 309
Location: Stockholm, Sweden
Just to follow up on this issue:

I received the same warnings as described in previous posts. The problem occurred suddenly and for no apparent reson. I solved the problem by adding @ to the mentioned lines 102, 105 and 655 in the sessions.php file in libraries/joomla/sessions.

What I would like to know is:

a) Why the problem occured in the first place (i.e. if the cause is Joomla-related after all)
and
b) If the remedy used (adding the @) has any security or other implications

Anyone's advise is most appreciated!

I am using Joomla 1.5.22 in a Linux environment.


Top
 Profile  
 
PostPosted: Fri Dec 03, 2010 9:04 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Dec 03, 2010 8:48 pm
Posts: 1
I doubt if this subject has gone away - I've applied the Joomla patch to take it to 1.5.22 on a Zymic host and this problem appeared. However there appears to be a worthy explanation at:
http://www.zen-cart.com/forum/showthread.php?t=121807
Summarizing: The "fix" by adding the @ only suppresses the PHP error messages and does not fix the problem. A solution is quoted, which relates to the ability to send e-mails, if the hosting comapny refuses to make PHP setting changes.
I am not yet in a position to have checked it out, but it seems worth checking out.


Top
 Profile  
 
PostPosted: Sun Dec 18, 2011 7:43 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Oct 14, 2011 8:15 am
Posts: 166
mandville wrote:
reggaebkk wrote:
Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.

one reason is a lot of people dont have access to php.ini and are on shared servers


I agree with you mandville, Shared hosting has its own repercussions.... I am also having such problem at the moment. Tough i have supressed the error message by adding // to those lines, however no one is able to login either into frontend, not into admin. Any Suggestions for this.
As a footnote, the website is working perfectly fine on my virtual LAMP server by turnkey linux. I know this mess has been made by my hosting provider, but they are not ready to co-operate. Is it possible to resolve this at all????

_________________
http://z9it.com....Bringing the best of www, in a gist...


Top
 Profile  
 
PostPosted: Thu Dec 22, 2011 5:24 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13796
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Z9iT wrote:
I agree with you mandville
Why are you Necroposting? This is a over 12 month old and dead thread

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Sat Dec 24, 2011 2:00 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Feb 10, 2010 1:37 pm
Posts: 12
Location: Cairo, EGYPT
Hello every body ,

The solution for putting a file ( php.ini ) is great ,
and it is better to allow you hosting provider give you a copy from this file and you can modify it and remove the part of "ini_set"

but be care to protect your website , it is not good to make your php.ini settings available for every one ,

with the upper solution any hacker can see your php settings from an easily link http://yourdomain/php.ini

Please every one , be care to set your file php.ini permission to be ( 640 )

This will prevent any one form see it and be available to download

Regards

_________________
Network EGYPT
Pioneers of Web Services in EGYPT
http://www.networkegypt.com/


Top
 Profile  
 
PostPosted: Sun Dec 25, 2011 7:19 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Oct 14, 2011 8:15 am
Posts: 166
leolam wrote:
Z9iT wrote:
I agree with you mandville
Why are you Necroposting? This is a over 12 month old and dead thread


My friend, recently i've been targetted with this... my host has done this sin on me, and now its been more than a month that i am trying to compensate this, however everything fails... none of my users including me can login either to frontend or backend... I was thinking to start a new thread, however i came across this... infact my host has also denied me with a copy of php.ini....

_________________
http://z9it.com....Bringing the best of www, in a gist...


Top
 Profile  
 
PostPosted: Mon Dec 26, 2011 2:43 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13796
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Z9iT wrote:
infact my host has also denied me with a copy of php.ini....
change host than. waiting a month is no solution

Leo 8)

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Mon Dec 26, 2011 1:28 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2727
Location: Wisconsin USA
Many hosts will not give a 'copy' of the servers php ini file to you as you would not be allowed to make certain changes to the server anyway. This is especially true on shared hosting (including VPS which is still shared hosting) where you are unlikely to make certain changes to the php installation on the server.

In most cases though, you can create your own php.ini file with a certain common subset of php commands that is made available. Exactly what the subset of commands is will be determined by your host. Also, unlike htaccess files and in general, php.ini files for a site have to be placed in every single directory on your domain to be effective.

If your web host is proving to be lacking in certain skills, difficult to work with, etc. then it would be best to find a new host that does know how to properly set up a server, maintain the server and provide reasonable customer service.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator


Top
 Profile  
 
PostPosted: Mon Dec 26, 2011 3:28 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Oct 14, 2011 8:15 am
Posts: 166
Is there any standard php.ini file which i can download any use.. The server is running on cpanel

_________________
http://z9it.com....Bringing the best of www, in a gist...


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 36 posts ]  Go to page 1, 2  Next



Who is online

Users browsing this forum: Google Adsense [Bot] and 23 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group