Register Globals & PHP4

Using register_globals with PHP4

Customers using PHP4 with “Register_Globals” need to be aware of this!

This update is to provide notice to all customers that we have now disabled the PHP setting register_globals. As exploits increase which rely on this setting we have now made the change to make our servers more secure.

It’s now common for hosts to have register_globals switched off and script makers to use code which doesn’t rely on it. Customers who code their own PHP scripts should read the following where the security issues are detailed.

http://uk.php.net/register_globals

We are still able to provide hosting for customers who may still need this enabled.

Anyone affected should see if an updated script is available which uses secure code and doesn’t require the setting to be on. If this is a custom made script we suggest altering the code to make it secure with regard to register_globals.

If register_globals really needs to be “On” this can be done by adding the following line to a .htaccess file in the public_html directory

INSERT THIS INTO A .HTACCESS FILE: “php_value register_globals 1”

Any client making this change should be aware of the security risks of doing this. Also be prepared to take responsibility should a script compromise occur as a result of the setting. Customers are asked only to make the setting when really vital and not carry out the change on each and every account when not required.

What is difference between php4 and php5?

PHP4 is powered by Zend Engine 1.0, while PHP5 is powered by Zend Engine II. Constructors have the same name as the Class name in PHP4 while we can declare Constructor as _construct and Destructor as _destruct() in PHP5.

PHP5 allows to declare a class as abstract while PHP4 not.

If you have any questions about Migrating to PHP5 then please do raise a support ticket or Contact us.