Internal Server Error because of .htaccess file

[striker9099]

Hey everyone,

I'm trying to run a website which was not coded by me on my hosting. The coder that actually wrote the code said I should include the following in my .htaccess file so the website would run as it should:

php_flag register_globals on
php_value session.auto_start on
php_value session.use_only_cookies off
php_value allow_url_fopen 1
php_value allow_url_include 1

When I did that, I started getting Internal Server Error 500. Is there anything wrong with the configuration?

 

[lemon-tree]

Changing PHP settings is not available through .htaccess on free, so it is little surprise that this is causing an error. The minimum package that lets you have this sort of control over the PHP setup is a VPS.
Also, the options you are trying to setup are pretty much all of the ones that are set to the opposite for a very good reason.

- Register globals basically leaves all of your variables open to injection. Use $_GET or $_POST is you need to get user input.
- Sessions can be started within PHP with a single function, so there is little need to add it to the config.
- If you need to open a file, you can use file_get_contents with an external url. fopen may already be enabled though.
- Url includes are a bad idea, they leave your site completely at the mercy of an external source and if they change their script to e.g. a password grabber then your site is instantly compromised.

If this is all for a script you have downloaded, I recommend you delete it and look for something different. Any script that requires these to be enabled will have been written to the lowest possible standards.