I have a Joomla problem

I know there is a joomla site but I have had good luck with help here so I am asking for another favor from the users. I have just installed joomla, I am getting this error

PHP magic_quotes_gpc setting is `OFF` instead of `ON`

I dont know how to change this, I have just heard of joomla and started using it so remember im clueless. I know it has to be changes in the htaccess file in my main dir of the site, I downloaded the file from my ftp program now what do i do. Please explain to me like im clueless, lol

In reply to:
PHP magic_quotes_gpc setting is `OFF` instead of `ON`

The DreamHost default setting for magic_quotes_gpc is 'OFF' for PHP 5 and 'ON' for PHP 4, so I assume your domain is configured to use PHP5.

I believe Joomla runs fine under either PHP 4 or 5, so one option would be to simply configure your domain to use PHP 4. You can do this by going to Domains -> Manage Domains in the panel and clicking the small [Edit] link for the domain in the Web Hosting column.

You can change the magic_quotes_gpc setting for PHP 5, but this involves copying the default DreamHost PHP 5 executable and php.ini files to your domain, configuring your .htaccess file to use this local install then modifying the required php.ini settings. The general procedure is detailed in the wiki article linked below, but I should warn you that the procedure does require a fairly good working knowledge of the shell etc.

http://www.wiki.dreamhost.com/index.php/PHP.ini

Personally, I would just change the domain to use PHP 4 and see if that resolves the issue.

Mark

Since Joomla comes as a one-click, and there could be a domain issue (.htaccess or whatever), you could create a fresh subdomain, and put the Joomla one-click there. It should work, or the one-click is broken...

Mark has given you the correct answer. Joomla! will run properly with either PHP4 or PHP5, though *either* of those will give you a "warning" security message. These are *not* errors, they are *advisory* in nature.

In my opinion, the "magic_quotes" issue is not significant, unless you are using a very poorly coded add-on module where the site could be attacked via that vector. The Joomla! core is fine either way.

The *greater* potential security risk is the register_globals_on that is the default for DH's PHP4. If you are concerned with these security advisory warnings, you can modify the necessary setting as Mark described.

There is *no* need to re-install in another subdomain or any other such foolishness, it has nothing to do with the .htaccess, and the "one-click" install is not broken - the messages you see are warnings *only* and will not effect the operation of Joomla!. There are other threads in this forum that discuss this further - just search for Joomla. wink

--rlparker

thanks for the replies. I did actually do a search and didnt come up with anything useful. I got rid of the issue i posted about earlier but now I am getting this

PHP register_globals setting is `ON` instead of `OFF`

:S

As I mentioned before,*each* of the default DH PHP installations on has a setting that Joomla! now reports as being less than optimal for security purposes. Neither of these warnings impact the proper operation of Joomla!; they are included in the latest versions of Joomla! to warn that poorly coded components could expose your Joomla! installation to potential exploits if these settings are not set as recommended.

With DH's PHP4, the register_globals_on setting is reported as being a potential risk, and with PHP5 on DH, the magic_quotes issue is reported.

There are two ways to get either of these PHP versions to have both the magic_quotes (in PHP5) and the register_globals (in PHP4) set the way Joomla! reports are "best". Mark described the method that is the easiest by far, but alternately you could elect to compile and install your own version of PHP (also described in the wiki).

It is my opinion that running Joomla! under PHP5 with the magic_quotes warning still there is not an unacceptable security risk - the Joomla! developers are (correctly I think) choosing to be extremely aggressive in their warnings given the expertise/experience many Joomla! users have with such things. The register_globals warning, which you get if you run Joomla! under PHP4 on DH, is much the same, though I believe it is a *greater* risk for potential exploits than the magic quotes issue is.

If it were me, I would run it under PHP5, magic_quotes warning and all, or I would would do as Mark suggests and modify a copy of php.ini for use on my domain *before* I would run any PHP program with register_globals set ON.

--rlparker

I thought this sounded a little familiar. laugh Here's a blurb from an email from DreamHost's Upgrade Robot:

In reply to:
Note! After upgrading you will receive two warnings in your Joomla management area about
"magic_quotes_gpc" and "RG_EMULATION". Please just ignore these. There is no security threat.

If it's working, don't fix it. wink