Hello.-
Probably this is a baby question but I've seen lot of times saying you "you must take register_globals ON".

I don't know what does it mean and what must I modify in order to configure modules wich require this permission on.

Many thanks and sorry... :(

That's not a requirement for the XOOPS Core: it works with register_globals turned off (which is the safer setting).

Herko

I think I don't understand what you mean. I'd like to change this mode in order to use chatMX but I don't know how.

Nevertheless, if it's too dangerous for the system I'll try to use another chat module.

Many thanks... again and again :)

If you are on an apache webserver, you can turn on register_globals selectively for just the parts of your site that need it.

Just create a file called .htaccess in the module's directory with the following contents:


Additional Resources:
Using Register Globals (php.net)

To add to this:
On my server (Apache 2.0.48, PHP 4.3.4) I have to use 1/0 instead of On/Off in .htaccess.

globals On:
"php_value register_globals 1"

globals Off:
"php_value register_globals 0"

For best server performance and safety I first set globals Off in php.ini and then Apache "AllowOverride None" which disallows .htaccess (also safer).

Then I set AllowOverride where I really need it or might need it:

<Directory /server_path/modules/bad_module>
AllowOverride All
</Directory>

On the devel server I lighten up a little:

<Directory /server_path/modules>
AllowOverride All
</Directory>

This prevents Apache from searching for .htaccess except where I specify it. Better performance and safe from rogue .htaccess files.

A followup, my examples are pretty generic, there are more specific settings that are more secure. The best performance and security is to put everything in httpd.conf and php.ini without allowing any more access than actually needed. That can be a pain but after getting a stable server you can migrate .htaccess settings to httpd.conf and then turn off .htaccess access.

Here is a little added security I do on mine. I disallow access to the mainfile.php file in httpd.conf (can also be in .htaccess):

<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>

This causes a 404 error if called from the browser. XOOPS has no trouble since it is called from the filesystem. mainfile.php won't normally parse in a browser but if your PHP were to die you'll get the full text and that isn't good.

You can also set read-only and owned by the server user (chmod 400) so that nobody else can even view the file should they get access by other than root. Again it is a small pain to switch to root long enough to make changes but that is rare. Call me paranoid....