Hi, I uploaded the latest dev-version of PiF 0.08.00
Changelog so far:
-100% utf-8 for database content and Locale files !!!(testing needed)
-Admin Rights for Groups possible (testing needed)
-Admin Rights: Normal Admins need now an "admin right" to moderate the forum (testing needed)
-Thread Description added
-Panel administration rewritten
-Setup: optional for developers: sample database content (not 100% completed)
-Bug Fixes and Local Rewrites
For some reason, I can not install PiF 0.8. I have done everything I need, and when I typed my domain into the browser the setup was launched automatically by jumping into the _install/setup.php, but I got an internal server error: "500;
Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.....com Port 80"
My other pages are at the same provider, on the same account, and they are working well.
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: index.php
| Author: Nick Jones (Digitanium)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
redirect($settings['opening_page']);
?>
When typed in/ _install.setup.php, I got the same answer, like before.
check in your CPanel if u have option to change PHP options - PHP Configuration or such, where u can select which loader (decoder) u can use, and to set various of options. Look for Zend - enabled
allow_url_fopen - On
magic_quotes_gpc -Off
register_globals - Off
Do these settings hide any security issues? My provider gave me the following answer:
"Zend is already enabled in the server. We are not able to change the following values server wide due to security issues. If you need, I can make changes to this particular account.
allow_url_fopen - On
magic_quotes_gpc -Off
register_globals - Off"
I want to avoid from any security risks if possible...
allow_url_fopen - This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers.
magic_quotes - Magic Quotes is a process that automagically escapes incoming data to the PHP script. It's preferred to code with magic quotes off and to instead escape the data at runtime, as needed. - No longer supported in 5.3, eg. removed
register globals should be off due the security reasons - yours is on
As of » PHP 4.2.0, this directive defaults to off.
Please read the security chapter on Using register_globals for related information.
Please note that register_globals cannot be set at runtime (ini_set()). Although, you can use .htaccess if your host allows it as described above. An example .htaccess entry: php_flag register_globals off.
http://www.php.net/manual/en/security.globals.php
register_globals is also removed in 5.3
Edit: syncing with SVN and will do clean install, to see if there any troubles on my CentOS servers.
With register globals, safe mode and magic quotes off - for sure, on CGI/FCGI envioments have to be added some lines to .htaccess, but this can be done later when someone get hacked :)
Register globals is regarding sessions...
Will get full debug on latest svn (today will be released as 0.8.0 RC2 or final) and will see what's wrong.
Bcz of the nature of your HSP, try with .htaccess with only this 2 lines
Code
php_flag register_globals off
php_flag safe_mode off
x 1
x 1
