Archives

How to get PHP information when phpinfo() function is disabled

Many web hosting companies choose to block the phpinfo function. When you try to run the function, you will get a PHP warning in the error_log file:

[04-Apr-2018 17:23:48 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /home/test/public_html/test2.php on line 2

The content of the test2.php file being:

<?php
echo phpinfo();
?>

So what you can do to get some PHP values for options like post_max_size, max_execution_time, memory_limit, post_max_size, upload_max_filesize etc? 

You can use two other PHP functions – ini_get_all and ini_get. The first one will list all the PHP registered configuration options. Use like:

<?php
foreach (ini_get_all(null, false) as $option => $value) echo "$option=$value"."<br/>";
?>

The result will be:

allow_url_fopen=1
allow_url_include=
arg_separator.input=&
arg_separator.output=&
assert.active=1
assert.bail=0
assert.callback=
assert.exception=0
assert.quiet_eval=0
assert.warning=1
auto_append_file=
auto_detect_line_endings=0
auto_globals_jit=1
auto_prepend_file=
bcmath.scale=0
browscap=
cgi.check_shebang_line=1
cgi.discard_path=0
cgi.fix_pathinfo=1
cgi.force_redirect=1
cgi.nph=0
cgi.redirect_status_env=
cgi.rfc2616_headers=0
cli.pager=
cli.prompt=\b \> 
curl.cainfo=
date.default_latitude=31.7667
date.default_longitude=35.2333
date.sunrise_zenith=90.583333
date.sunset_zenith=90.583333
date.timezone=UTC
default_charset=UTF-8
default_mimetype=text/html
default_socket_timeout=60
disable_classes=
disable_functions=system,phpinfo,shell_exec
display_errors=
display_startup_errors=
doc_root=
docref_ext=
docref_root=
enable_dl=
enable_post_data_reading=1
error_append_string=
error_log=error_log
error_prepend_string=
error_reporting=32759
exit_on_timeout=0
expose_php=
extension_dir=/opt/cpanel/ea-php70/root/usr/lib64/php/modules
fastcgi.logging=1
file_uploads=1
filter.default=unsafe_raw
filter.default_flags=
from=
gd.jpeg_ignore_warning=0
highlight.comment=#FF8000
highlight.default=#0000BB
highlight.html=#000000
highlight.keyword=#007700
highlight.string=#DD0000
html_errors=1
ic24.api.log_msg_errors=0
ic24.api.max_timeout=7
ic24.api_access_key=
ic24.api_check_ip=1
ic24.cache_path=
ic24.dump_cache=0
ic24.enable=0
ic24.home_dir=
ic24.phperr.enable=auto
ic24.phperr.ignore=0
ic24.sec.approve_included_files=
ic24.sec.block_stdin=1
ic24.sec.block_uploaded_files=1
ic24.sec.enable=auto
ic24.sec.exclusion_key=
ic24.sec.stop_on_error=1
ic24.sec.trusted_include_paths=
ic24.slt=7
ic24.update_domains_retry_interval=30
iconv.input_encoding=
iconv.internal_encoding=
iconv.output_encoding=
ignore_repeated_errors=
ignore_repeated_source=
ignore_user_abort=0
implicit_flush=
include_path=.:/opt/cpanel/ea-php70/root/usr/share/pear
input_encoding=
internal_encoding=
ioncube.loader.encoded_paths=
log_errors=1
log_errors_max_len=1024
mail.add_x_header=1
mail.force_extra_parameters=
mail.log=
max_execution_time=600
max_file_uploads=20
max_input_nesting_level=64
max_input_time=60
max_input_vars=1000
mbstring.detect_order=
mbstring.encoding_translation=0
mbstring.func_overload=0
mbstring.http_input=
mbstring.http_output=
mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml)
mbstring.internal_encoding=
mbstring.language=neutral
mbstring.strict_detection=0
mbstring.substitute_character=
mcrypt.algorithms_dir=
mcrypt.modes_dir=
memory_limit=512M
mysqli.allow_local_infile=1
mysqli.allow_persistent=1
mysqli.default_host=
mysqli.default_port=3306
mysqli.default_pw=
mysqli.default_socket=/var/lib/mysql/mysql.sock
mysqli.default_user=
mysqli.max_links=-1
mysqli.max_persistent=-1
mysqli.reconnect=0
mysqli.rollback_on_cached_plink=0
mysqlnd.collect_memory_statistics=
mysqlnd.collect_statistics=1
mysqlnd.debug=
mysqlnd.fetch_data_copy=0
mysqlnd.log_mask=0
mysqlnd.mempool_default_size=16000
mysqlnd.net_cmd_buffer_size=4096
mysqlnd.net_read_buffer_size=32768
mysqlnd.net_read_timeout=31536000
mysqlnd.sha256_server_public_key=
mysqlnd.trace_alloc=
open_basedir=
openssl.cafile=
openssl.capath=
output_buffering=0
output_encoding=
output_handler=
pcre.backtrack_limit=1000000
pcre.jit=1
pcre.recursion_limit=100000
pdo_mysql.default_socket=/var/lib/mysql/mysql.sock
phar.cache_list=
phar.readonly=1
phar.require_hash=1
phpd=1
phpd.t=1
post_max_size=32M
precision=14
realpath_cache_size=4096K
realpath_cache_ttl=120
register_argc_argv=1
report_memleaks=1
report_zend_debug=1
request_order=GP
sendmail_from=
sendmail_path=/usr/sbin/sendmail -t -i
serialize_precision=100
session.auto_start=
session.cache_expire=180
session.cache_limiter=nocache
session.cookie_domain=
session.cookie_httponly=
session.cookie_lifetime=0
session.cookie_path=/
session.cookie_secure=
session.entropy_file=/dev/urandom
session.entropy_length=32
session.gc_divisor=0
session.gc_maxlifetime=1440
session.gc_probability=0
session.hash_bits_per_character=5
session.hash_function=0
session.lazy_write=1
session.name=PHPSESSID
session.referer_check=
session.save_handler=files
session.save_path=/var/cpanel/php/sessions/ea-php70
session.serialize_handler=php
session.upload_progress.cleanup=1
session.upload_progress.enabled=1
session.upload_progress.freq=1%
session.upload_progress.min_freq=1
session.upload_progress.name=PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix=upload_progress_
session.use_cookies=1
session.use_only_cookies=1
session.use_strict_mode=
session.use_trans_sid=
short_open_tag=1
SMTP=localhost
smtp_port=25
soap.wsdl_cache=1
soap.wsdl_cache_dir=/tmp
soap.wsdl_cache_enabled=1
soap.wsdl_cache_limit=5
soap.wsdl_cache_ttl=86400
sql.safe_mode=
sqlite3.extension_dir=
sys_temp_dir=
track_errors=
unserialize_callback_func=
upload_max_filesize=32M
upload_tmp_dir=
url_rewriter.tags=a=href,area=href,frame=src,input=src,form=fakeentry
user_agent=
user_dir=
user_ini.cache_ttl=300
user_ini.filename=.user.ini
variables_order=GPCS
xmlrpc_error_number=0
xmlrpc_errors=0
zend.assertions=-1
zend.detect_unicode=1
zend.enable_gc=1
zend.multibyte=0
zend.script_encoding=
zlib.output_compression=0
zlib.output_compression_level=-1
zlib.output_handler=

With ini_get you will only get values for specific PHP options. For example:

<?php

echo ini_get('max_execution_time')."<br/>";
echo ini_get('memory_limit')."<br/>";
echo ini_get('upload_max_filesize')."<br/>";
//etc
?> 
Web links to PHP functions discussed in this article: phpinfo ; ini_get_all ; ini_get

Related KB article: Disable dangerous PHP functions on your web hosting server

Share this post:

Disable dangerous PHP functions on your web hosting server

Not dangerous by design, some PHP functions can be used for malicious purposes. Many web hosting providers choose to disable such functions.

Some of the functions are:

apache_child_terminate
apache_get_modules
apache_note
apache_setenv
define_syslog_variables
disk_free_space
disk_total_space
diskfreespace
dl
escapeshellarg
escapeshellcmd
exec
extract
get_cfg_var
get_current_user
getcwd
getenv
getlastmo
getmygid
getmyinode
getmypid
getmyuid
ini_restore
ini_set
passthru
pcntl_alarm
pcntl_exec
pcntl_fork
pcntl_get_last_error
pcntl_getpriority
pcntl_setpriority
pcntl_signal
pcntl_signal_dispatch
pcntl_sigprocmask
pcntl_sigtimedwait
pcntl_sigwaitinfo
pcntl_strerrorp
pcntl_wait
pcntl_waitpid
pcntl_wexitstatus
pcntl_wifexited
pcntl_wifsignaled
pcntl_wifstopped
pcntl_wstopsig
pcntl_wtermsig
php_uname
phpinfo
popen
posix_getlogin
posix_getpwuid
posix_kill
posix_mkfifo
posix_setpgid
posix_setsid
posix_setuid
posix_ttyname
posix_uname
posixc
proc_close
proc_get_status
proc_nice
proc_open
proc_terminate
ps_aux
putenv
readlink
runkit_function_rename
shell_exec
show_source
symlink
syslog
system

For more details on these functions please search the PHP site at http://php.net/
Please let us know of other dangerous functions. Thank you.

You can manually add them to the disabled_functions directive in your php.ini file or use the interface from WHM.

WHM MultiPHP Editor
WHM MultiPHP Editor

To add the PHP functions to the PHP configuration using WHM:

  1. Log in to WHM
  2. Go to Home->Software->MultiPHP INI Editor.
  3. Choose the Editor Mode tab.
  4. From the drop-down list choose the PHP version.
  5. In the configuration window that will be opened, search for “disable_functions”. 
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions =

Add the above functions as:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions ="apache_child_terminate,apache_get_modules,apache_note,apache_setenv,define_syslog_variables,disk_free_space,disk_total_space,diskfreespace,dl,escapeshellarg,escapeshellcmd,exec,extract,get_cfg_var,get_current_user,getcwd,getenv,getlastmo,getmygid,getmyinode,getmypid,getmyuid,ini_restore,ini_set,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerrorp,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_uname,phpinfo,popen,posix_getlogin,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_ttyname,posix_uname,posixc,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,ps_aux,putenv,readlink,runkit_function_rename,shell_exec,show_source,symlink,syslog,system"

6. Click the Save button.

You should add these functions to all of your PHP versions. Repeat steps 4.,5. and 6.
When trying to access a disabled function, users will see a message like:
[12-May-2017 10:16:51 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /home/username/public_html/file.php on line 2
Share this post:

Set up an Apache+PHP+MySQL local environment

You want to have a local Apache web server to test your new site? We’ll show you how to setup a web server and an MySQL server using XAMPP. XAMPP is a software that will install Apache+PHP+MySQL on your computer. Of course, you can download Apache, PHP and MySQL and install them by yourself, but using a suite like XAMPP will make the things much easier.

This tutorial is for XAMPP on Windows OS. XAMPP is also available for Linux and Max OS.

So, the steps to install the Apache+MariaDB(MySQL) development environment are:

1.Download XAMPP from https://www.apachefriends.org/index.html (the Windows Installer is about 110MB)

XAMPP Site

2. Install XAMPP. During the installation, choose the components you want to install.

XAMPP Installer Components

3. Start XAMPP Control Panel. 

4. Start the modules you want to run – in our case Apache(which includes PHP) and MySQL.

XAMPP Control Panel

You can now access the web server on your web browser at http://localhost/. The root folder of the web server is c:\xampp\htdocs\ In this folder you will put your site’s files.

To manage the database server go to http://localhost/phpmyadmin/. phpMyAdmin is a graphical tool that allow you perform various database operations.

And the video tutorial:

Resources: https://www.apachefriends.org/index.html

Share this post:

How to change the PHP version of your domain in cPanel

It’s always a good idea to use the latest version of PHP. For some time 2-3 PHP versions will be supported, but in the end the old ones will be discontinued. So, whenever possible, use the latest version.
We will show below how to change the PHP version for your site from cPanel.

cPanel MultiPHP Manager Interface
cPanel MultiPHP Manager Interface

The steps are:

  1. Log into your cPanel account.
  2. Go to MultiPHP Manager under the Software Section
  3. Select the domain for which you want to change the PHP version.
  4. From the right drop down list select the desired PHP version. If you choose the inherit option the site will use the default PHP version which is listed at the top of the page.
  5. Click the Apply button. The site is using now the PHP version you selected.
Some hosts may block this cPanel feature for end users. If you don’t see this feature in cPanel contact your host.

Please check now the video tutorial. You will also see how to check your current PHP version.

For more details of the PHP function used this tutorial check PHP: phpversion – Manual
Share this post:

How to list compiled PHP Modules

Sometimes is useful to see what modules are compiled in your PHP installation.
Let’s see how we can check this both on the server/root level and on the user level.

1. On the server/root level
On the server level, you can use the command php -m

root@web [~]# php -m
[PHP Modules]
Core
ctype
curl
date
dom
filter
ftp
gd
hash
iconv
imap
ionCube Loader
json
libxml
mbstring
mcrypt
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
readline
Reflection
session
SimpleXML
soap
SPL
sqlite3
standard
tokenizer
wddx
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache
the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured)

root@web [~]#

An improvement of the above command is to list the version of each module. We will use the command:

root@web [~]# php -r 'foreach (get_loaded_extensions() as $ext) echo "$ext : version " . phpversion($ext) . "\n";'
Core : version 7.0.16
date : version 7.0.16
libxml : version 7.0.16
openssl : version 7.0.16
pcre : version 7.0.16
zlib : version 7.0.16
filter : version 7.0.16
hash : version 1.0
pcntl : version 7.0.16
readline : version 7.0.16
Reflection : version 7.0.16
SPL : version 7.0.16
session : version 7.0.16
standard : version 7.0.16
ctype : version 7.0.16
curl : version 7.0.16
dom : version 20031129
ftp : version 7.0.16
gd : version 7.0.16
iconv : version 7.0.16
imap : version 7.0.16
json : version 1.4.0
mbstring : version 7.0.16
mcrypt : version 7.0.16
mysqlnd : version mysqlnd 5.0.12-dev - 20150407
PDO : version 7.0.16
Phar : version 2.0.2
posix : version 7.0.16
SimpleXML : version 7.0.16
soap : version 7.0.16
sqlite3 : version 0.7-dev
tokenizer : version 7.0.16
xml : version 7.0.16
xmlwriter : version 7.0.16
xsl : version 7.0.16
zip : version 1.13.5
mysqli : version 7.0.16
pdo_mysql : version 7.0.16
pdo_sqlite : version 7.0.16
wddx : version 7.0.16
xmlreader : version 7.0.16
xmlrpc : version 7.0.16
ionCube Loader : version
Zend OPcache : version 7.0.16
root@web [~]#

2. How to check loaded extensions as a user
Create and run a PHP file with the following content :

<?php
foreach (get_loaded_extensions() as $ext) echo “$ext : vers ” . phpversion($ext) . “</br>”;
?>

Yo will get a list of installed extensions alongside with their versions. To check if a specific extension is loaded, use the PHP function extension_loaded().

More info at PHP.net for the functions get_loaded_extensions() and extension_loaded()
Share this post:
Page 1 of 2
1 2