warning, register_globals is On

Everybody who is sick of this topic please raise their hand  <raises hand high in the air>

This error occurs in the file inc/header.inc.php which is called both by the install program and the cron job. The message usually includes formatting text which right away lets you know that something isn't quite right.

<font color="red">register_globals is On (warning, you should have this param in Off state, or your site will unsafe)</font> <br /> <font color="red">allow_url_include is On (warning, you should have this param in Off state, or your site will unsafe)</font> <br /> <font color="red">get_magic_quotes_gpc is Off, enable it</font> <br />

I've been searching the forum on and off for months now and I've read some very interesting solutions to this issue, none of which were truly solutions. My feeling is if phpinfo.php says that register_globals is off, then its probably off. I've checked phpinfo.php from the Dolphin admin program, ran it from the main dolphin directory, the periodic directory and my root directory of my server and it always reported register_globals as "off".

As of php 4.2.0 the default value for register_globals is "off" and its hard for me to imagine why any shared hosting service would want to turn this on. But I don't want to turn this into a discussion of core php.ini directives because there has been quite enough of that. What we need to talk about is how to fix it.

I really don't want to start quoting solutions because they rarely seem to work. So far some have been able to get around the problem with "creative" cron jobs such as:

cd /home/yourusername/Public_html/yourdomainname.com/community/periodic /user/local/bin/php -c /home/yourusername/public_html/yourdomainname.com/php.ini -q cron.php

But if you're having the issue during install that's not going to help you.

Others have tried moving the php.ini file around (like to the periodic directory in the case of cron jobs) but that doesn't always work.

For me personally, I had the problem with the cron jobs on my hosted Dolphin install and the above command seemed to resolve it. But on my local server it occurred during the install and I have yet to remedy it.

But again, warning messages don't start out with "<font color="red">" and end with "</font> <br />" so most likely when we figure out what's causing the code to fail we'll solve the issue.

We need to get a ticket open on this that's marked something other than "invalid" please.

The issue in the cron can be fixed  if you disable checking register_globals by commenting the line in the
inc/header.inc.php file:

//$aErrors[] = (ini_get('register_globals')..

However, that is probably not a great solution.  If this is not a problem any of the "pundits" have, then it will be hit or miss getting it into trac.

what i had to do was add the php.ini file and the .htaccess file to every folder in my directory it fixes it but i would suggest finding hosting that supports Dolphin i would suggest arvix that is who i use now

Are you getting a message that you need to change the register_globals to off before continuing an installalation?  I had a similar problem with the allow_url_include being on when it should have been off.  After about two weeks, I was finally able to solve the problem.  I can share how I fixed it if that's the information you're looking for.

That is the most sensible solution I've heard, if we are using for example notepad++ and looking at the file:

inc/header.inc.php

line #98 $aErrors[] = (ini_get('register_globals') == 0)..

...( just add "//" in front of the line to make it a comment )

...and we better add to the list:

line#105 $aErrors[] = (ini_get('allow_url_include') == 0)..

line#108 $aErrors[] = (get_magic_quotes_gpc())..

...because most people get all 3 warnings.

Remember to have the correct values set:

register_globals is Off

allow_url_include is Off

magic_quotes_gpc is On ( there is no "get" on this directive )

A better solution to this might be found by looking at other software that has automated installation systems.  In this instance, we can look to phpBB3 as an example. 

In an install, it checks the permissions and server settings to ensure they are in line, if they are not in line it pauses the install until they are.  This is found to be basically the best overall solution for them.  Now, I could place the whole file in here, but here's an example of how it's been done to check the php version and register globals and such right at the beginning of the install.  Pay attention Boonex, this is what we're looking for in the end, not a hack around the function, but truly useable functionality that opens the door for Dolphin to run on more servers.

$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

// Report all errors, except notices
error_reporting(E_ALL ^ E_NOTICE);

// @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it
if (version_compare(PHP_VERSION, '4.3.3') < 0)
{
 die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0');
}

/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
 $not_unset = array(
  'GLOBALS' => true,
  '_GET'  => true,
  '_POST'  => true,
  '_COOKIE' => true,
  '_REQUEST' => true,
  '_SERVER' => true,
  '_SESSION' => true,
  '_ENV'  => true,
  '_FILES' => true,
  'phpEx'  => true,
  'phpbb_root_path' => true
 );

 // Not only will array_merge and array_keys give a warning if
 // a parameter is not an array, array_merge will actually fail.
 // So we check if _SESSION has been initialised.
 if (!isset($_SESSION) || !is_array($_SESSION))
 {
  $_SESSION = array();
 }

 // Merge all into one extremely huge array; unset this later
 $input = array_merge(
  array_keys($_GET),
  array_keys($_POST),
  array_keys($_COOKIE),
  array_keys($_SERVER),
  array_keys($_SESSION),
  array_keys($_ENV),
  array_keys($_FILES)
 );

 foreach ($input as $varname)
 {
  if (isset($not_unset[$varname]))
  {
   // Hacking attempt. No point in continuing unless it's a COOKIE
   if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
   {
    exit;
   }
   else
   {
    $cookie = &$_COOKIE;
    while (isset($cookie['GLOBALS']))
    {
     foreach ($cookie['GLOBALS'] as $registered_var => $value)
     {
      if (!isset($not_unset[$registered_var]))
      {
       unset($GLOBALS[$registered_var]);
      }
     }
     $cookie = &$cookie['GLOBALS'];
    }
   }
  }

  unset($GLOBALS[$varname]);
 }

 unset($input);
}

Now that is how you set an install file to test server settings from the getgo without causing a ton of issues for us.  Notice, the phpBB3 (if this file was up in it's entirety) actually gives us a useable page that we can work with even when the server settings are wrong.  Dolphin has headers/footers and a ton of other items that make it far more advanced than phpBB3 but it falls extremely short of communicating with the installers when it's not happy. 

You guys listened on the clearing cache issue for D7 and gave us a button in the Admin Panel when we asked, now please give us an install panel that is truly user friendly and install files that actually are end user friendly and inform what needs to be done when settings are wrong, not just a cheesy 4th rate error that really tells us no more (actually less) than an sql DB error.

I'd like it to be like the Wordpress install - where you just wipe every thing out,  have the script upgrade the database, and overwrite everything else.  Their "famous three minute install" or whatever they call it.

You are right about the "clear cache" button though - they listened to the user community about that one, and it is certainly nice to have.

Rob

riorick - it seemed sensible to me too, and to my hosting company, but when I wrote Dolphin technical support and mentioned that I had done this, I got a letter back saying my site would be in great danger if I did this.  That is why I included a "disclaimer".  So far, nothing horrible has happened though.  Glad it worked for you.

They have had a variety of responses to the problem... or lack of a problem they seem to think.

Please read the security chapter on Using register_globals for related information.

I've been fighting this for awhile and now I get to the end of the install and it starts me back at the beginning of the install