Yii Application On A Server With Php Ini_Set Function Is Disabled.

Hi all,

I’m trying to put My Yii application on a server where the function ini_set is disabled.

I always get this error:

[06-Oct-2013 16:28:57 Africa/Algiers] PHP Warning:  ini_set() has been disabled for security reasons in /home/mywebsite/public_html/testquizz/framework/web/CHttpSession.php on line 89

I searched in Google but I didn’t found anything about this.

Please help !!!

Are you in charge of the server? If so, you’ll need to tweak the disable_functions setting in PHP.

This function was disabled for security reason and the hoster won’t change anything! I must run the application on that server.

There’s nothing you can do than. Except changing the hoster.

Is this the only solution? I am a freelancer developper, and my customer is the hoster. So I can’t change it.

So we can put this as one of the Yii’s weakness?

Unfortunately :-[ !

Ugh! Well, there’s still a chance to modify the settings touched by [font=“Courier New”]ini_set()[/font] via a [font=“Courier New”].htaccess[/font] file. What exactly are you trying to change?

Ini_set is needed for CHttpSession. You may try CDbHttpSession or CCacheHttpSession, but I am not sure it will makes the trick.

You better check the prerequisites on the server before continue, in order to avoid future surprises.

I only want to run my Yii Application on a server which has disabled these functions:

show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, fsockopen, pfsockopen, allow_url_fopen, ini_set

My customer told me that I can use a php.ini right now but for the long term he will disable the use of the overriding of the php.ini

So if there is a way to activate the ini_set() on a .htaccess, I’ll be happy to solve this problem!

That won’t happen. disable_functions can only be altered from within PHP’s config, there is no way for a .htaccess file to override that. However, you can still modify other PHP settings in your .htaccess. See here.

Unfortunately this will not solve the problem, as CHttpSession will continue calling the ini_set.

You have to substitute CHttpSession with another session (CCache or CDb) or you can copy the class in your protected/components, change the name and edit it in order to fit the server requirements.

In a word: CHttpSession REQUIRE ini_set, so you cannot use CHttpSession. Altering the server config in order to fit

CHttpSession will not solve the problem, as it will continue calling.

In my defense: It isn’t entirely clear if him using CHttpSession is really the culprit of his troubles :rolleyes:

Thank you for all your propositions, it helps me a lot.

Just for information: I’m using these two modules: Yii-Auth and Yii-User

I changed the source code where I used the CHttpSession in my application and I can see the login page. But when I try to login I get blank page with this error in my logs:

PHP Fatal error:  Class 'CStringValidator' not found in /home/mdi/public_html/mywebsite/framework/validators/CValidator.php on line 187

And when I refresh, I can see my dashboard, but the ‘model/admin’ pages don’t display entirely.

Help please!

Thanks in advance

Is there any opcode cache in place? This looks a lot like a filled APC cache.

It’s weird because I didn’t use any opcodes cache, and I didn’t install APC cache.

It’s not the question wether you installed APC (or a similar opcode cache). It’s wether the original hoster did so. Got any access to the server’s logfiles?

I found this error:

PHP Fatal error:  Class 'CStringValidator' not found in /home/mdi/public_html/mywebsite/framework/validators/CValidator.php on line 187

in the logfile of the root directory of my application.

But if you want I can ask for any other logfile to my customer.

Do so. I tend to beleive there is something wrong with the PHP installation on your customer’s host.

Before all, I’d like to thank you for all your reponses and helps.

I talked with the hoster, and we found that there were a missed files in the framework directory and we have reuploaded all the files.

Currently he enabled the ini_set() and everything’s going well.

It’s a pity, that we cannot run Yii Applications on secured servers

It is possible. In earlier times, Yii would even work on servers with suhosin enabled.

Calling ini_set is not a security issue, your hoster has his own, strict idea of security that unfortunately in incompatible with some modules in yii.

Let ini_set to work and stay happy!