StumbleUpon  Del.icio.us  Facebook  Reddit  Add to diigo  


Follow - Monx007
Article Time Stamp: 02 May 2010, 20:49:04 GMT+7

PHP Syntax Error And Solutions




What if I see a 'URL file-access is disabled in the server configuration' message?



::Solutions::
If you are using the PHP code snippet and you get a 'URL file-access is disabled in the server configuration' error message on your webpage, you can try to change allow_url_fopen and allow_url_include settings.

There's many way to do it, some of them is:
  • directly in PHP code

  • through a .htaccess file


You can see the detail information at Make Your PHP Code Portable

But, if you still receive the same error, you can try to change these settings from:
  • through httpd.conf

  • through php.ini


but, if you can't access to those files due to the permissions problem, you need to contact your webmaster or hosting provider to enable allow_url_fopen and allow_url_include in the PHP server configuration.




PHP Fatal error: Call to undefined function imagecreate() or
PHP Fatal error: Call to undefined function imagecreatefrompng() or
Fatal error: Unknown function: gd_info() or
anything that related to graphics or image



::Solutions::
Find extension=php_gd2.dll syntax at your php.ini file and uncommented that line by deleting comment character (;). Then restart the webserver. Also, you can check your GD library by using this simple script:


$gdinfo = gd_info();

foreach($gdinfo as $key=>$element)
{
print("<br>$key = $element");
}
?>




Notice: Use of undefined constant xxx - assumed 'xxx' in
when related to array syntax, where xxx is the variable name



::Solutions::
If you use an array statement in your PHP script, like this:
$indexed = $indexedpages[xxx][0];

it would be better if your write the code like this:
$indexed = $indexedpages['xxx'][0];

because xxx is a constant text, and must not treated as a variable




Reading the php.ini file for PHP4.2.2 it suggests that turning register_globals to on may present possible security problems if code is not well thought out.

Can anybody offer some examples of the potential security weaknesses regarding the above statement ?



::Solutions::
Example code, with register_globals is on:

PHP Code:
if ($login == 'admin' && $password == 'secure')
{
$auth = true;
}

if ($auth)
{
echo "You're in!";
}


The problem with the code above is that the variable $auth isn't initialized. Although it's a bad programming practice, it is allowed, and uninitialized variables are automatically set to 'false' (or whatever evaluates to false, like the empty string or zero)

With register_globals set to on, a hacker can simply open the page 'login.php' with the code above in it like this:

http://your.domain.com/login.php?auth=1&login=bar&password=foo


The GET-variable 'auth' is introduced into the system, initializing $auth to true. And then you no longer need a valid loginname and password to get in. (Note that the GET-variables 'login' and 'password' can even be ommitted in this example.)

With register_globals set to off, the value $_GET['auth'] will be set, but $auth won't, so it will remain unitialized, so it will evaluate to false. This doesn't help against bad programming practice, but it does close potential security problems.




URL file-access is disabled in the server configuration

Sometimes, for security reasons some web hosting did not allow the PHP fopen, include and require functions to open remote files. If you try to do so, you will receive an error like this:

Warning: main(): URL file-access is disabled in the server configuration in .... on line ....



::Solutions::
Depending on what you are trying to achieve there a couple of alternatives. You can include external pages using Iframes or the PHP CURL library. Here is a code sample using CURL:



// initialise a CURL session

$ch = curl_init();

// set the URL to fetch
curl_setopt($ch, CURLOPT_URL, "http://www.domain.com/file.php");

// set to not include a header in the output
curl_setopt($ch, CURLOPT_HEADER, 0);

// execute the CURL session
curl_exec($ch);

// close the CURL session
curl_close($ch);

?>







If you stumble on PHP error like this:
PHP Fatal error: Call to undefined function imagepng()



::Solutions::
You can unremark at php.ini at this code below:
;extension=php_gd2.dll

Article Source: Monx Digital Library

Copyrighted@ Monx Digital Library, otherwise stated
Use of our service is protected by our Terms of Use



 Back To Previous Page ...  



 

 

 

AQWorlds Nulgath Secret Walkthrough