php-windows Digest 5 May 2002 09:53:20 -0000 Issue 1128
Topics (messages 13544 through 13550):
Security Alert! PHP CGI cannot be accessed directly. HELP
13544 by: Roberto Valverde
Session
13545 by: Ib Helmer Nielsen
13546 by: Ib Helmer Nielsen
Re: Good Book for PHP ??
13547 by: Manuel Lemos
Re: Security Alert!-cgi.force_redirect=0
13548 by: Roberto Valverde
How do i get SSI (Server Side Include) to work
13549 by: jerico
PHP4.04 Methodes mkdir(), fopen() brings an Error on a WinXP/IIS5.0 PC "Permission
denied"
13550 by: Thorsten Hodes
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi all,
please I need help, the Message error is:
Security Alert! PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set. This variable is set, for example, by Apache's Action directive
redirect.
You may disable this restriction by recompiling the PHP binary with
the --disable-force-cgi-redirect switch. If you do this and you have your
PHP CGI binary accessible somewhere in your web tree, people will be able to
circumvent .htaccess security by loading files through the PHP parser. A
good way around this is to define doc_root in your php.ini file to something
other than your top-level DOCUMENT_ROOT. This way you can separate the part
of your web space which uses PHP from the normal part using .htaccess
security. If you do not have any .htaccess restrictions anywhere on your
site you can leave doc_root undefined. If you are running IIS, you may
safely set cgi.force_redirect=0 in php.ini.
--- End Message ---
--- Begin Message ---
Hi
I am new in programming in PHP, so my question is purhaps stupid but never
the less.
The problem is the following, when i run the program below ther is made a
file in the directory for saving session var.
<?php
session_start();
$userID = "ihn";
if (session_register("userID"))
{
echo("User : $userID");
} else
{
echo("Could not set the session variable!");
}
?>
but i cannot read the var back with th followng pogram
<?php
session_start();
eccho("User : $userID");
?>
thanks in advance
escuse my english
Ib Helmer Nielsen
--- End Message ---
--- Begin Message ---
Hi
I am new in programming in PHP, so my question is purhaps stupid but never
the less.
The problem is the following, when i run the program below ther is made a
file in the directory for saving session var.
<?php
session_start();
$userID = "ihn";
if (session_register("userID"))
{
echo("User : $userID");
} else
{
echo("Could not set the session variable!");
}
?>
but i cannot read the var back with th followng pogram
<?php
session_start();
eccho("User : $userID");
?>
thanks in advance
escuse my english
Ib Helmer Nielsen
--- End Message ---
--- Begin Message ---
Hello,
Then wrote:
> Could some one please suggest a good book on PHP for a newbie with no
> idea of OOP and CGI. I am in the process of reading the PHP manual
> online, but a more book would help me a lot.
You may want to look here for reviewed PHP books:
http://www.phpclasses.org/products.html
But if you are looking for a more than just for beginners book, I
recommend "Professional PHP 4 Programming".
http://www.phpclasses.org/products.html/id/1861006918.html
Regards,
Manuel Lemos
--- End Message ---
--- Begin Message ---
I've got the some problem too, but with Xp pro and IIS 5
"Scott Hurring" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have absolutely no idea if this will help, but i've
> never seen that "Security Alert", and this is the way
> i've always configured Apache:
>
> Try routing PHP requests through a ScriptAlias like so:
>
> ScriptAlias /php-bin/ "C:\PHP"
> Action application/x-httpd-php "/php-bin/php.exe"
>
> ---
> Scott Hurring
> Systems Programmer
> EAC Corporation
> [EMAIL PROTECTED]
> Voice: 201-462-2149
> Fax: 201-288-1515
>
> > -----Original Message-----
> > From: Webmaster [mailto:[EMAIL PROTECTED]]
> > Subject: [PHP-WIN] Re: Security Alert!-cgi.force_redirect=0
> >
> > You might need to have the second line in PHP.INI too:
> >
> > cgi.force_redirect=0
> > cgi.redirect_status_env ENV_VAR_NAME
> >
> >
> > Cor van de Veen
> >
> >
> > "Matthew Gotth-Olsen" <[EMAIL PROTECTED]> schreef in bericht
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I'm running IIS on a WinXP box, I've got everything
> > installed, however
> > > whenever I try to access a php script I get this error
> > which I'm sure you
> > > all are familiar with:
> > >
> > >
> > ----------------------------------------------------------------------
> > > Security Alert! PHP CGI cannot be accessed directly.
> > > This PHP CGI binary was compiled with force-cgi-redirect
> > enabled. This
> > means
> > > that a page will only be served up if the REDIRECT_STATUS
> > CGI variable is
> > > set. This variable is set, for example, by Apache's Action directive
> > > redirect.
> > >
> > > You may disable this restriction by recompiling the PHP binary with
> > > the --disable-force-cgi-redirect switch. If you do this and
> > you have your
> > > PHP CGI binary accessible somewhere in your web tree,
> > people will be able
> > to
> > > circumvent .htaccess security by loading files through the
> > PHP parser. A
> > > good way around this is to define doc_root in your php.ini file to
> > something
> > > other than your top-level DOCUMENT_ROOT. This way you can
> > separate the
> > part
> > > of your web space which uses PHP from the normal part using
> > .htaccess
> > > security. If you do not have any .htaccess restrictions
> > anywhere on your
> > > site you can leave doc_root undefined. If you are running
> > IIS, you may
> > > safely set cgi.force_redirect=0 in
> > >
> > php.ini.
> > -------------------------------------------------------------------
> > > -------
> > >
> > > So I reread through the documentation, and I made sure that
> > > "cgi.force_redirect=0" under my php.ini under c:\windows\ is there
> > something
> > > I'm missing? I've tried the insteller and the manual
> > install, and bothe
> > give
> > > me the same message... I've even tried removing php completely and
> > > re-installing it both ways... no dice... an help would be
> > appreciated...
--- End Message ---
--- Begin Message ---
I've tried everything - and I'm desperate and frustrated
I'm using:
Windows XP
Apache 2.035
PHP 4.2.0 installed as Apache module (/experimental/apache2filter.dll)
...using a VIRTUAL HOST in httpd.conf
<VirtualHost localhost>
ServerName localhost
DocumentRoot "c:/web"
DirectoryIndex index.htm index.html index.html.var index.php
index.php3 index.php4
AddType application/x-httpd-php .php .php3 .php4
AddType application/x-httpd-php-source .phps .php3s . php4s
</VirtualHost>
Please help - tell me WHAT is required to get SSI to work and WHERE to place
the definitions ?
Please do not reply if you THINK you know it - only reply if you've got it
working,
Thanks in advance
--- End Message ---
--- Begin Message ---
Hi Newsgroup!
I have a big Problem with PHP-4.0.4 on a WinXP/IIS 5.0 PC, when I want to
write an File or create a Folder with
the PHP-Methodes "mkdir" bzw. "fopen"! The PHP brings me an Error like:
Warning: MkDir failed (File exists) in functions.inc.php on line 56
Warning: fopen("C:/Programme/MyCMS/mainnavi.php","r+") - Permission denied
in functions.inc.php on line 69
Warning: Supplied argument is not a valid File-Handle resource in
functions.inc.php on line 131
Warning: Supplied argument is not a valid File-Handle resource in
functions.inc.php on line 132
...! The Error-Message means, that the File currenty exists. But this is
false! And then the Error means too, that I havn't any Permission to write a
File or a Folder.
This is the code, that I wrote:
...
mkdir("".$GLOBALS["rootpath"]."/contents/c".$area_id."", 0777);
//Erzeugt Contentordner
mkdir("".$GLOBALS["rootpath"]."/contents/c".$area_id."/forms", 0777);
//Enthält Formulardateien f. Content (Datenstruktur usw.)
...
...
$file = "".$GLOBALS["rootpath"]."mainnavi.php";
$fp = fopen($file, "r+");
...
.......
Can someone help me? I don't have any Idea what Settings I must set on IIS
or WinXP? I have give IIS (virtual webfolder) rights to write, execute
and read any Script or File, too but the error is always the same. What can
I do more to fix the Error!
For Testings, I install Apache insteat of IIS, but the Problem was the
same!!
I think it can be a PHP-Bug, or not???
Thank you for your help!!
My E-Mail Address is: [EMAIL PROTECTED] :-)
--- End Message ---
