Hello.
I've RTFM at:
http://de2.php.net/manual/en/security.globals.php
I'm a bit confused though and need a little clarification.
I'm running locally and register_globals is off because it isn't
enabled anymore in new versions of PHP because of potential security
issues, though I understand that the security issues are mainly
programmers not being aware of this and using code that could be
exploited.
As I understand it most hosts have register_globals switched "ON" by
default because of the history of PHP.
From what I have read I get a little confused. I need to turn "ON"
register_globals otherwise I can't finish off my login pages and use
sessions in PHP.
However, the advice in one of the posts in the manual at php.net, says
to make sure register_globals is OFF to 'avoid session problems'. It
also recommend to create a .htaccess file in the document root that
contains the following settings:
1. Set register_globals to off.
2. Load your fixed include paths.
3. Relocate your session file storage folder away from the default
'/tmp'
Firstly, I'm not too sure what exactly a .htaccess file is? Is it
just like an include file that each page references and loads the
settings from?
It suggests the following for the .htaccess file:
php_flag register_globals off
php_value session.save_path /home/user/siteroot/sess/users
php_value session.gc_maxlifetime xxx
php_value include_path .:/home/user/siteroot.com/sess
php_value auto_prepend /home/user/siteroot.com/sess/path_file.php
I'm not too sure on what all the above does, except for the first
line, so if you could break it down for me I'd be very grateful. The
paths are a tad confusing as well. I'm not too sure how that would
relate when I'm running locally, or if I'm with a host? I wouldn't
know what if anything the paths would need changing to.
John
PS. If anyone watches the series Stargate SG-1 I am very much like the
character O'Neil played by Richard Dean Anderson ex MacGyver fame. In
the series he always gets lost with the technical scientific terms and
needs things explaining more simply :)