First off, let me begin by saying that I'm not a php programmer. I know almost nothing about php. All I know is that when I want to install something, I drag it into my ftp client. And, occasionally, I read the docs and I have to go to notepad change some words/values (I don't have a clue what they mean--I just try to follow the directions). Okay-- Now I'm trying to install phplist. I was getting a 500 error, so I googled "How to install phplist". The webpage I pulled up says: All php values should be removed from your .htaccess files to avoid the 500 internal server error. Creating a php.ini file to manipulate the php settings will solve this issue. Question 1 -- "All values should be removed from .htaccess files" Umm.... what's a "value"? I'm in notepad and I see: DirectoryIndex index.php <FilesMatch "\.(php|inc)$"> Order allow,deny deny from all </FilesMatch> <FilesMatch "(index.php|dl.php|ut.php|lt.php|download.php)$"> Order allow,deny allow from all </FilesMatch> php_flag magic_quotes_gpc on What's a value-- what do I delete? Question 2 -- It said something about creating a php.ini file. If I use notepad to create a php.ini file, what should it look like? (I'm reading that it should include the line: " magic_quotes_gpc = no " What else should be in a php.ini file? Thanks in advance for any help you can offer. I'm trying to slowly learn about this php stuff, but as you can see I'm struggling. P.S. A nice +rep for anyone who can help me with this.
I am not exactly sure what it means by "values", and as this is a PHPList problem and not a PHP question in general i'm afraid I can't exactly give you any more information in that regard. I can however help you with question 2. The php.ini file gives your server the configuration settings for your PHP installation. Unless you have a dedicated server, and have root access (or your server admins are terrible at their jobs) you shouldn't have access to your php.ini file. Just so you can get an idea of what this file is, go ahead and open notepad and type: <? phpinfo(); ?> PHP: save this as "info.php" (or whatever you want), upload it to your server and access it. You should get a lot of info on your PHP configuration (some of it pertaining to your php.ini file). Now, if you're done looking at that file . . .take it off of your server ;-) Don't want anyone else checking into it! There are several ways you can turn off magic quotes, one is already shown in your .htaccess file, but i'll outline it below anyway. Just a quick note, sometimes it is possible to interact with your PHP settings through your .htaccess file (likely why PHPList is having issues). php_flag magic_quotes_gpc Off HTML: That should go in your .htaccess file. For any more info on PHP check out: http://php.net, or post back here and i'll see what else I can do! EDIT: Well I did a quick little google for you and found the documentation for PHPlist. Here is what it says: In your .htaccess file, delete this portion: php_flag magic_quotes_gpc on HTML: or alternatively, place a pound sign in front of it #php_flag magic_quotes_gpc on HTML: Hope that works
remove this: php_flag magic_quotes_gpc on from .htaccess I just did that and did not create any file and it worked!
You answered a Pretty old thread. Btw... By removing magic_quotes_gpc, you have just invited sql injectors in ur site
Yes I noticed that I replied to an old one, yet it is a good question and deserve to be followed cause any one new to phplist as me will get benefits from such question. Anyway, for the magic_quotes_gpc I had to remove it so to avoid 500 error. I don't understand much about sql injectors, yet is what you are saying dangerous? I have created a separate database for phplist. I also had to modify php.ini file found on the server I'm hosting the site on, to turn the magic quote on. thanks.
htaccess overrides php.ini and httpd.conf (if parameters conflict just by any chance). gpc magic quotes flag is deprecated in php 6.0 as it doesn't sanitize hex values. Nevertheless, if I were you and HAD to turn it off, I would probably re-compile my mysql keeping information_schema not accessible by restricted users, that way, even if an injector gets thru any sql vuln, he cannot get the dbase rip...