Ltering The Php.ini File Line To "allow_url_fopen"

software development

#1

Greetings.

I purchased some scripting software and installed it onto my Dreamhost Account. It does not work. After dealing with the script developers and Dreamhost support, the conclusion is:

(From Dreamhost): “Regretfully url_file_access isn’t part of our standard PHP installation.
Our standard installation is pretty lean n’ mean for security and performance reasons since it powers over 350,000 domains. If you need customized settings that aren’t part of our standard installation you will need to compile your own copy of PHP with the setting enabled. This is not something we provide support for, however our customer maintained wiki can offer a lot of assistance with this:
http://wiki.dreamhost.com/index.php/Installing_PHP5> http://wiki.dreamhost.com/index.php/Installing_PHP4

Like most folks in this plug and play world - I haven’t a clue about coding, and didn’t expect to buy a product which my host makes inoperative because, as Dreamhost say:

"We’ve purposely disabled URL access to php system functions (such as copy() open() etc.) because of security and performance problems. We have replaced it with CURL:

http://wiki.dreamhost.com/index.php/CURL

Unfortunately, it’s beyond the scope of our support as how to port your script to use CURL instead of the system calls, but we can definately say it would do the job. We do not offer access to the php.ini . However if you need to make a customized one you are welcome to compile your own copy of PHP:
http://wiki.dreamhost.com/index.php/Installing_PHP5"

Bsically I need help and advice which doe not include going down the path of creating my own php etc. Is there any kind of quick fix work around to this issue? I have tried adding:

ini_set(‘allow_url_fopen’, ‘on’);

at the top of index.php in an attempt to “overide” the block, but it didn’t work.

I like Dreamhost, and I love the product I’ve bought - and I would like to use it in my Dreamhost account, but this not allowing the ability to access the php.ini file to alter the “allow_url_fopen” command is just stopping me dead in my tracks.

Has anyone had any issues/resolutions to this problem before?

Thanks

Paul


#2

One option is to copy the existing DreamHost PHP executable and php.ini files to your domain directory, making the required changes to php.ini and configuring your .htaccess file so that this local install is used. It is not a quick fix, but it is a fair bit simpler than compiling your own PHP from scratch.

More details in the link below;

http://www.wiki.dreamhost.com/index.php/PHP.ini

Note: The cron step in the wiki article is only required if you want your PHP install to automatically update as DreamHost updates theirs.

Mark


Save [color=#CC0000]$50[/color] on DreamHost hosting using promo code [color=#CC0000]SAVEMONEY[/color] ( Click for promo code details )


#3

Mark - thanks for getting back to me so quickly! And you may well be a genius! :slight_smile:

As I’m about to pass this info on to someone else to help me with it, I’ll ask some great questions:

  1. Where do I find the DreamHost PHP executable and php.ini files?
  2. What sort of configuration on the .htaccess file, (so that this local install is used), would I have to do?
  3. I have a resellers account with other users - will this effect them at all?

Thanks again Mark for your help and support. I should have come here, (to these forums), a long time ago! :slight_smile:

Paul


#4

The full paths to both the PHP4 and PHP5 executables (and ini files) are shown in the shell script within the wiki article linked above, but I will list them here, in case you wish to copy them manually without using the script;

[color=#0000CC]PHP4 Path[/color]
/dh/cgi-system/php.cgi
/etc/php/cgi/php.ini

[color=#0000CC]PHP5 Path[/color]
/dh/cgi-system/php5.cgi
/etc/php5/cgi/php.ini

You will need to copy these files (either PHP4 or PHP5) to a directory within the web accessable directory for your domain. The wiki article suggests creating a ‘cgi-bin’ directory and copying the files there.

You simply need to add the following lines to the .htaccess file within the root directory for your domain, or create such a .htaccess file if none exists.

Options ExecCGI
AddHandler php-cgi .php
Action php-cgi /cgi-bin/php.cgi

These lines assume that the PHP executable is within the ‘cgi-bin’ directory within your domain directory and the executable is called ‘php.cgi’

The local PHP install will only affect the domain that you have installed it in, it will not affect any of your other domains (or sub-domains).

Overall, it is probably easier to just follow the step by step instructions in the wiki article.

Edit: The scripts in the wiki article automatically change the ‘post_max_size’ and ‘upload_max_filesize’ settings in php.ini after copying the files, but they are easily modified to alter whatever php.ini setting you desire.

Mark


Save [color=#CC0000]$50[/color] on DreamHost hosting using promo code [color=#CC0000]SAVEMONEY[/color] ( Click for promo code details )


#5

There is no reason whatsoever for you to need “allow_url_fopen” to be enabled. Anything that requires the retrieval of an external/remote resource can be handled by cURL. Anything internal/local can still make use of copy() and file() by simply using relative URLs.


Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#6

I agree with you completely on that point. I also can’t help but worry that if people continue to “work around” this particular safety feature, and site/servers are compromised as a result, it could at some point result in Dreamhost removing the ability to customize PHP. :frowning:

I think, Simon, that might be a bit confusing in that many people think of a “URL” as having an “http://” associated with it and, in that case, whether the file is local or not, allow_url_fopen being “off” will cause it an error.

I think a “better” way to say it might be something like, " Anything internal/local can still make use of copy() and file() by simply using relative paths". OTOH, that’s just my opinion and YMMV :wink: .

–rlparker


#7

That’s exactly what I mean. A URL must have a protocol (such as “http://”), otherwise it isn’t a URL. Even if the file being access is local, attempting to access it with a URL instead of a relative path will result in an HTTP call, and throw up an error.


Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#8

Exactly! Which is why I suggested that it might be “misleading” to say that “Anything internal/local can still make use of copy() and file() by simply using relative URLs.”

If URL’s are used with copy() and/or file(), irrespective of whether they are “absolute” or “relative”, the code will generate an error on Dreamhost’s default PHP installations. That’s way I suggested using the term “relative paths” might eliminate some confusion. :wink:

–rlparker


#9

You’re right. My bad!


Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]