Components not working with Register Globals Emulation off
-
- Joomla! Fledgling
- Posts: 4
- Joined: Fri Apr 27, 2007 3:56 pm
Re: Components not working with Register Globals Emulation off
Hi Guys
I can't set register_globals setting to OFF
HELP
I'M NEW MEMBER
I can't set register_globals setting to OFF
HELP
I'M NEW MEMBER
- pe7er
- Joomla! Master
- Posts: 22928
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Components not working with Register Globals Emulation off
First, ask your host if they would switch it off.ramiotisdimos78 wrote:I can't set register_globals setting to OFF
If you are on Shared Hosting they probably won't as it affect the whole server.
To do it yourself, read the info about Register Globals and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html
PS: please don't use All Caps...
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com
-
- Joomla! Fledgling
- Posts: 4
- Joined: Fri Apr 27, 2007 3:56 pm
Re: Components not working with Register Globals Emulation off
i create a php.ini file .in all folders ...but nothing
My webhost...can't switch it to OFF
Helppp
I want to change it to work mosDirectory .....Now in administartor panel.....when i go to mosdirectory configuration...and change configuration and the hit save button....It's isn't be any change
help me
help me
My webhost...can't switch it to OFF
Helppp
I want to change it to work mosDirectory .....Now in administartor panel.....when i go to mosdirectory configuration...and change configuration and the hit save button....It's isn't be any change
help me
help me
-
- Joomla! Apprentice
- Posts: 40
- Joined: Fri Jan 19, 2007 7:07 pm
Re: Components not working with Register Globals Emulation off
Hello, hello.
Does anyone know why I get an security error
PHP register_globals setting is `ON` instead of `OFF`
I changed rg emulation from 1 to 0 but still has a warning
thanks in advance
Does anyone know why I get an security error
PHP register_globals setting is `ON` instead of `OFF`
I changed rg emulation from 1 to 0 but still has a warning
thanks in advance
-
- Joomla! Intern
- Posts: 63
- Joined: Sun Apr 01, 2007 6:57 pm
Re: Components not working with Register Globals Emulation off
hello, this means that in the server-global php configuration you have the setting on.
you have the following choices:
- ask your webhoster to make the change globally for your web hosting
- (try to) do it yourself as proposed here: http://forum.joomla.org/index.php/topic,168965.0.html
you have the following choices:
- ask your webhoster to make the change globally for your web hosting
- (try to) do it yourself as proposed here: http://forum.joomla.org/index.php/topic,168965.0.html
-
- Joomla! Apprentice
- Posts: 11
- Joined: Sun Jan 28, 2007 10:19 pm
Re: Components not working with Register Globals Emulation off
I use mylinks 1.3 it which i know it does not work with rg_emulaion off, the strange thing is thisIf you have any component that does not work because of this, report them to me by PM or email.
rg_emulaion was off in my site till two days ago when suddenly it turned to ON all on it's own, i see that in the warning in control panel of joomla, but even so My Links do not work.
What is the reason it change to ON and how can i fix it, i have looked already in the php.ini, but it is off, where else should i look for
Last edited by Andresito on Sun May 13, 2007 9:04 am, edited 1 time in total.
-
- Joomla! Intern
- Posts: 63
- Joined: Sun Apr 01, 2007 6:57 pm
Re: Components not working with Register Globals Emulation off
hello,
please defferentiate: register_globals is a php setting. It makes post- and get-arguments variables, so url.com/script.php?abc=1 would result in the variable $abc with the value "1" in your script.
rg_emulation is a jomla setting, which does the same thing.
So - which one is turned ON in your site?and what does phpinfo() say?
please defferentiate: register_globals is a php setting. It makes post- and get-arguments variables, so url.com/script.php?abc=1 would result in the variable $abc with the value "1" in your script.
rg_emulation is a jomla setting, which does the same thing.
So - which one is turned ON in your site?and what does phpinfo() say?
Last edited by lerlacher on Sun May 13, 2007 10:07 am, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
ok i used the code and i still get
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
but it's set to "0"
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
but it's set to "0"

-
- Joomla! Apprentice
- Posts: 7
- Joined: Wed Jul 26, 2006 6:27 pm
Re: Components not working with Register Globals Emulation off
I set register_globals to off in the globals.php file like this:
define( 'RG_EMULATION', 0 );
but I still get this error when i log into the back end of my site and none of the pop ups for the page editor works...
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
Any ideas?
define( 'RG_EMULATION', 0 );
but I still get this error when i log into the back end of my site and none of the pop ups for the page editor works...
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
Any ideas?
- pe7er
- Joomla! Master
- Posts: 22928
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Components not working with Register Globals Emulation off
RG_Emulation & Register Globals are two different settings...Chrissy101 wrote:I set register_globals to off in the globals.php file like this:
define( 'RG_EMULATION', 0 );
but I still get this error when i log into the back end of my site and none of the pop ups for the page editor works...
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
Info about Register Globals & RG_Emulation and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com
-
- Joomla! Apprentice
- Posts: 7
- Joined: Wed Jul 26, 2006 6:27 pm
Re: Components not working with Register Globals Emulation off
Thanks! The error is now gone but i still have some issues with the page editor. When i try to press on the HTML button or insert link button I get a blank pop up window. Any ideas as to why it won't load properly? I thought it was because of the register globals but that's fixed now and i still have the same issue.pe7er wrote: RG_Emulation & Register Globals are two different settings...
Info about Register Globals & RG_Emulation and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html
- paulmark
- Joomla! Enthusiast
- Posts: 143
- Joined: Thu Nov 24, 2005 4:14 am
- Location: Vancouver, Canada
- Contact:
Re: Components not working with Register Globals Emulation off
I am stumped. I still get this message in Joomla Admin (ver 1.0.12):
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP magic_quotes_gpc setting is `OFF` instead of `ON`
* PHP register_globals setting is `ON` instead of `OFF`
My globals.php file is set to:
define( 'RG_EMULATION', 0 );
This is in my .htaccess file:
php_flag register_globals off
php_flag magic_quotes_gpc on
Running:
Apache Web Serve ver: 2.0.52
MySQL ver: 4.1.21
Joomla Ver: 1.0.12
PHP Version 4.4.4
What am I missing?
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP magic_quotes_gpc setting is `OFF` instead of `ON`
* PHP register_globals setting is `ON` instead of `OFF`
My globals.php file is set to:
define( 'RG_EMULATION', 0 );
This is in my .htaccess file:
php_flag register_globals off
php_flag magic_quotes_gpc on
Running:
Apache Web Serve ver: 2.0.52
MySQL ver: 4.1.21
Joomla Ver: 1.0.12
PHP Version 4.4.4
What am I missing?
pe7er wrote:RG_Emulation & Register Globals are two different settings...Chrissy101 wrote:I set register_globals to off in the globals.php file like this:
define( 'RG_EMULATION', 0 );
but I still get this error when i log into the back end of my site and none of the pop ups for the page editor works...
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
Info about Register Globals & RG_Emulation and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html
Building Web Communities[right]KaJoomla.com[/right]
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
I have the same problem, and so for no solutionpaulmark wrote: I am stumped. I still get this message in Joomla Admin (ver 1.0.12):
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP magic_quotes_gpc setting is `OFF` instead of `ON`
* PHP register_globals setting is `ON` instead of `OFF`
My globals.php file is set to:
define( 'RG_EMULATION', 0 );
This is in my .htaccess file:
php_flag register_globals off
php_flag magic_quotes_gpc on
Running:
Apache Web Serve ver: 2.0.52
MySQL ver: 4.1.21
Joomla Ver: 1.0.12
PHP Version 4.4.4
What am I missing?
pe7er wrote:RG_Emulation & Register Globals are two different settings...Chrissy101 wrote:I set register_globals to off in the globals.php file like this:
define( 'RG_EMULATION', 0 );
but I still get this error when i log into the back end of my site and none of the pop ups for the page editor works...
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
Info about Register Globals & RG_Emulation and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html
and now on my other servers i can not use the fast CGI fast PHP script , if i do the same error message comes up in joomla.....

This would not be a problem so much but i have these hackers on my back... so beware of these guys
[Moderator note; info on hacker site removed]
Last edited by Robin on Fri Jun 29, 2007 5:23 am, edited 1 time in total.
- Robin
- Joomla! Master
- Posts: 15753
- Joined: Thu Aug 18, 2005 10:41 am
Re: Components not working with Register Globals Emulation off
Moderator note; at Kingspawn, please do not post such info in public, it will only draw there attention. No need to post this in public.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
sorry...... but they do make me so mad that hackers can get away with changing the contest of my site, and there is nothing anyone can do about it.RobInk wrote: Moderator note; at Kingspawn, please do not post such info in public, it will only draw there attention. No need to post this in public.

- Robin
- Joomla! Master
- Posts: 15753
- Joined: Thu Aug 18, 2005 10:41 am
Re: Components not working with Register Globals Emulation off
No worries, I share your concern. There are some useful topics in the Security forum, to make your site as secure as possible, those are worth a read. Back on topic... 

-
- Joomla! Fledgling
- Posts: 4
- Joined: Thu Mar 22, 2007 3:46 am
Re: Components not working with Register Globals Emulation off
I'm really new at this. I tried some of the settings listed in the posts, and read the security info. I still get the error
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
PHP register_globals setting is `ON` instead of `OFF`
I did have the one about RG EMULATION, but editing the globals.php fixed that one.
I tried a .htaccess file but got this error when I tried to reload the backend Joomla! admin
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webadmin@kundenserver.de and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I also tried creating a php.ini file, no go.
What am I missing?
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
PHP register_globals setting is `ON` instead of `OFF`
I did have the one about RG EMULATION, but editing the globals.php fixed that one.
I tried a .htaccess file but got this error when I tried to reload the backend Joomla! admin
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webadmin@kundenserver.de and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I also tried creating a php.ini file, no go.
What am I missing?
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
I tried all of that too. It has to do with how the server is set. Some providers leave it on now, and your right if it is off then you need the interpreter - PHP.ini file to translate the PHP. my provider says i will not be hacked again if i change my pass word, but there is a hole in the programing of PHP when globals are left on. well that how I undersand it so far.dekstrom wrote: I'm really new at this. I tried some of the settings listed in the posts, and read the security info. I still get the error
Following PHP Server Settings are not optimal for Security and it is recommended to change them:
PHP register_globals setting is `ON` instead of `OFF`
I did have the one about RG EMULATION, but editing the globals.php fixed that one.
I tried a .htaccess file but got this error when I tried to reload the backend Joomla! admin
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webadmin@kundenserver.de and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I also tried creating a php.ini file, no go.
What am I missing?
Does anyone know how they hack Joomla. If i new how , i my be able to pulg the hole some how. sort of re-naming all the directors, and the SQL database and edited all the files to conform to the re-naming.... there must be a better way.

- rliskey
- Joomla! Guru
- Posts: 828
- Joined: Tue Jun 06, 2006 7:41 am
- Location: California, Germany, Norway
- Contact:
Re: Components not working with Register Globals Emulation off
Here are a few of the most common methods that come to mind. I'm probably forgetting many equally good methds:Does anyone know how they hack Joomla.
1. Weak server administration (such as telling you you can't get hacked again if you change your password!) You should get that in writing with a money back guarantee!
2. Vulnerable PHP configuration, such as leaving register_globals on.
3. Cross site attacks from other sites on your shared server. (Related to #1 and #2)
4. Hacked personal computer key logging.
5. No SSL server and packet sniffing.
6. Brute force password attacks, perhaps combined with poor password choices.
7. Vulnerable Joomla extensions installed.
8. Other vulnerable PHP scripts installed. (Also perl, tcl, java, etc.)
9. Vulnerable MySQL configuration (related to #1)
10. Vulnerable backups, such as left in your web directory or grabbed en route during email.
11. Vulnerable tmp and session directories (related to #1)
12. Old version of Joomla! installed.
13. Multiple templates installed, some of which include security hacks.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
guilty of many of these, I have no control over number 2. and yes the site i was talking about was hack yet again, yet on my other two servers Joomla runs fine, and none of thse 9 site have been hacked, but i do get , (spamers) or silent refrigerants signing up who never active that i just delete or block. BUT thanks for this list , I will use a security template for all my sites.rliskey wrote:Here are a few of the most common methods that come to mind. I'm probably forgetting many equally good methds:Does anyone know how they hack Joomla.
1. Weak server administration (such as telling you you can't get hacked again if you change your password!) You should get that in writing with a money back guarantee!
2. Vulnerable PHP configuration, such as leaving register_globals on.
3. Cross site attacks from other sites on your shared server. (Related to #1 and #2)
4. Hacked personal computer key logging.
5. No SSL server and packet sniffing.
6. Brute force password attacks, perhaps combined with poor password choices.
7. Vulnerable Joomla extensions installed.
8. Other vulnerable PHP scripts installed. (Also perl, tcl, java, etc.)
9. Vulnerable MySQL configuration (related to #1)
10. Vulnerable backups, such as left in your web directory or grabbed en route during email.
11. Vulnerable tmp and session directories (related to #1)
12. Old version of Joomla! installed.
13. Multiple templates installed, some of which include security hacks.
- rliskey
- Joomla! Guru
- Posts: 828
- Joined: Tue Jun 06, 2006 7:41 am
- Location: California, Germany, Norway
- Contact:
Re: Components not working with Register Globals Emulation off
"Buyer Beware!"I have no control over number 2 (register_globals ON)
Every site on a shared server with register_globals set ON is potentially a sitting duck. If you use such a server, you should be surprised if your site is NOT compromised.
Note that turning register_globals OFF on your site does nothing to protect you from other sites where it is still on. You do get some cross-site protection from good open_basedir settings, but that's a little like leaving the front door open and hoping everyone's safe because the bedroom doors are closed.
For security reasons, the use of register_globals has been depreciated on the official PHP site for years. Any ISP who doesn't turn it off is just trying to placate lazy customers who don't want to fix vulnerable code.
Note that register_globals is one of the 'features' that makes PHP a joke in many hardcore programmer circles. register_globals breaks one of the cardinal rules of good programming: Always know exactly where, when, and how your variables are set.
Q: How do you write an insecure application?
A: Use PHP!
Often followed by general laughter and very quiet groans.
PHP CAN be secure, but ONLY if nutty options, such as register_globals are tuned OFF!
Best advise I can give is to find an ISP that does not support lazy customers. Rise above that muddle.
Note that your ISP contract will release them from all responsibility in the event of an attack. If your site gets blamed for causing a vulnerability, it may get shut down, and recovery will be your problem.
It's much easier to deal with the relatively minor challenge of using well written code.
Not coincidentally, that's what someone should have pointed out loud and clear when register_globals was first proposed. Note that as of PHP6, register_globals disappears from PHP for good.
Who wants to bet that no fool will write a PHP6 register_globals emulator, and some fool ISP will install it by default (as a convenience), and all that vulnerable code will continue to haunt us?
Last edited by rliskey on Sat Jul 14, 2007 12:58 am, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
Yikes! on my better servers they have installed a FAST CGI script , I had turned it on oops, then noted that there was a security warning in Joomla , i'll have to tell them about it, as Joomla is one of there popular features. .. as for the other server, i'll just have to stick to flash for menu's and html for everthing else,Who wants to bet that no fool will write a PHP6 register_globals emulator, and some fool ISP will install it by default (as a convenience), and all that vulnerable code will continue to haunt us?

- rliskey
- Joomla! Guru
- Posts: 828
- Joined: Tue Jun 06, 2006 7:41 am
- Location: California, Germany, Norway
- Contact:
Re: Components not working with Register Globals Emulation off
That's a new one for me. What are the Joomla security issues with that?FAST CGI
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun May 20, 2007 6:01 am
Re: Components not working with Register Globals Emulation off
you get the same errors G R "on' installed of G R "off"rliskey wrote:That's a new one for me. What are the Joomla security issues with that?FAST CGI
I wonder if that has anything to do with the speed that pages load?
- rliskey
- Joomla! Guru
- Posts: 828
- Joined: Tue Jun 06, 2006 7:41 am
- Location: California, Germany, Norway
- Contact:
Re: Components not working with Register Globals Emulation off
Does fastCGI ignore local .htaccess and php.ini files?you get the same errors G R "on' installed of G R "off"
-
- Joomla! Guru
- Posts: 842
- Joined: Sat Sep 10, 2005 10:31 pm
Re: Components not working with Register Globals Emulation off
MOD EDIT: This information is now a Security and Performance FAQ:
http://help.joomla.org/component/option ... temid,268/
http://forum.joomla.org/index.php/topic ... #msg884365
http://help.joomla.org/component/option ... temid,268/
Probably related:rliskey wrote:Does fastCGI ignore local .htaccess and php.ini files?you get the same errors G R "on' installed of G R "off"
http://forum.joomla.org/index.php/topic ... #msg884365
friesengeist wrote: When PHP runs from FastCGI, that means that your server will run the PHP interpreter like an Apache module, but with the rights of your user account. Usually, the PHP interpreter is either running as the user of the webserver (which is fast, but insecure, since everyone's scripts run with the same rights), or as a CGI program, which is slow. So FastCGI is a good solution for shared hosting.
Now since the PHP interpreter runs just as one single instance, it is (AFAIK) not parsing the .htaccess or php.ini files per directory anymore. To change php.ini settings, your host needs to offer you some method to set up or modify your own php.ini, or at least parts of it. Here is how one of my hosts does this: it parses one php.ini file (which I can modify) once an hour, and puts some well defined settings into the php.ini file which is used by the web-server. Therefore, I am able to change e.g. register_globals, or choose if I want to run PHP4 or PHP5, but I can't set any other php settings on that host.
In your case, I would ask your host if they can either enable a similar method for you, or if they can at least adjust the register_globals php setting for you. That should be fairly easy for them.
Last edited by rliskey on Sun Jul 15, 2007 9:02 pm, edited 1 time in total.
We may not be able to control the wind, but we can always adjust our sails
- .::ErKs::.
- Joomla! Apprentice
- Posts: 18
- Joined: Mon May 15, 2006 5:04 pm
Re: Components not working with Register Globals Emulation off
Hi all!
ArtForms => 2.1b4 works with PHP RG and Joomla RG Emulation OFF.
For more info please see:
http://joomlacode.org/gf/project/jartforms/
ArtForms => 2.1b4 works with PHP RG and Joomla RG Emulation OFF.
For more info please see:
http://joomlacode.org/gf/project/jartforms/
-
- Joomla! Enthusiast
- Posts: 190
- Joined: Tue Jun 10, 2008 6:09 pm
- Contact:
Re: Components not working with Register Globals Emulation off
I am setting up the Expose photo gallery right now, and the System Check feature of the component is telling me I need to change the setting in globals.php to define( 'RG_EMULATION', 0 );
The issue is I my globals.php does not have that line of code in it. I don't understand?
The issue is I my globals.php does not have that line of code in it. I don't understand?