PHPJunkyard support forum

I've worked on a solution, it can be found @
viewtopic.php?t=1375

My website http://www.vliegennaar.eu has it working already !

Cheers,

Thank you for contacting online support. You should be able to create a custom php.ini file to modify this setting. Please note that we will not be able to assist you in creating such a file.

Also, you will need to upload the php.ini file to the root directory. Let us know if we can help you in any other way.

I did use viewtopic.php?t=1375

and that seems to have fixed it so far Thanks!!

I get the same message link -- http://www.thickmud.co.uk/link/form.html

php.info http://thickmud.co.uk/phpinfo.php

please help

Please try searching first before posting next time. You have the same problem as mentioned several times before, allow_url_fopen is disabled on your server.

You will need to contact your host and ask them to enable allow_url_fopen for you. If they don't find a better host, Linkman or any similar script won't work without it.

Script Version 1.4
topclasshost.com

My host disables allow_url_fopen

I asked them to turn ON allow_url_fopen. They replied

-----------------------------
We can enable the 'allow_url_fopen' variable for your site. Please note that this may increase the possibility of your site being hacked (attackers are able to force the PHP parser to execute malicious code when allow_url_fopen is used). Very few hosts now permit this option to be enabled.
-----------------------------

I can however create a link succesfully from within the admin panel. But I still can not post a link from the links.php page. Is there no way for me to post a link from the links.php page without turning ON allow_url_fopen

Thanks Jack

No, the allow_url_fopen must be enabled.

My opinion (feel free to give it to your host):

It's true there are many known security issues with scripts (for example phpBB, Joomla, ...) where the attacker can take advantage of a script exploit and allow_url_fopen to execute malicious code, BUT simply disabling a PHP feature because of vulnerabilities in scripts (not the function) is not the way a serious hosting company should handle it. There are better and more friendly way of doing it, for example:

1. use mod_security, it will block such attacks based on the query string patterns

2. use safe mode, open_basedir, disable register_globals

3. upgrade to PHP 5 which has option to allow_url_fopen and allow_url_include. The latter is disabled by default which makes it impossible to execute any remotely opened PHP code.



You can always find a more serious host

Klemen

Thanks for the very informative reply. Before I contact my host I have a couple questions.

phpinfo reveals the following:

PHP Version 5.2.4
Loaded Modules includes - mod_security (amongst many others)
safe_mode - Local Value=Off Master Value=Off
open_basedir - /home/myusername/usr/lib/php:/usr/local/lib/php:/tmp
register_globals - Local Value=Off Master Value=On
allow_url_fopen - Local Value=Off Master Value=Off
allow_url_include - Local Value=Off Master Value=Off

What specifically should be changed and what if any risk does this pose. Thanks in advance for your reply.

Jack

Since you already have PHP 5 tell your host that by enabling allow_url_fopen and leaving allow_url_include disabled there is no fear of executing any remotely attained malicious code in hacking (XSS) attempts (it's not the same as in PHP 4, in PHP ). Here's a reference:
http://blog.php-security.org/archives/4 ... clude.html


They could also enable allow_url_fopen for your domain only inside httpd.conf and leave it on the rest of the server disabled, but like said in PHP >= 5.2.0 the allow_url_fopen can't do any harm if allow_url_include remains disabled.

Thanks for the usefull information and the handy script. This is my first php experience and I like it!

Now I've cleared one problem, I'm now presented with the same error message, "Unable to open remote URL".
Test php here Please advise, if my server's php is also incompatible with the linkman script.

Thanks in advance.

phpinfo looks fine, what's the URL of your script?

Heres the link that you requested,
Puniksem.com/link2us

The three links already there were added manually, I and a couple of friends have not had any joy attempting to add links in the normal fashion.
The reason for the splash page is an auto hit count is being added once the feature functions properly.

Once again, thanks in advance.

I was able to add punkisem.com to your exchange, but no external URLs. Although allow_url_fopen is On seems like your host is blocking PHP from opening remote URLs (maybe with a firewall?). Try asking your host why allow_url_fopen is enabled but you still can't open even simple requests lile with PHP.

Klemen wrote:I was able to add punkisem.com to your exchange, but no external URLs. Although allow_url_fopen is On seems like your host is blocking PHP from opening remote URLs (maybe with a firewall?). Try asking your host why allow_url_fopen is enabled but you still can't open even simple requests lile

Code: Select all

$html = file_get_contents('http://www.google.com');

with PHP.

I've sent a request regarding this error and awaiting a reply, I will keep you informed of my results.

I've spent the last few days customizing my installation, with every intention to purchase the script after completion. However, now I find out that Dreamhost and MANY other major hosts do not allow allow_url_fopen:

http://wiki.dreamhost.com/Allow_url_fopen

You really should inform people--in a prominent manner on your main LinkMan page--that LinkMan's core functionality is dependent on a PHP function that is widely considered dangerous, making LinkMan impossible for any novice to use with a host that has disabled allow_url_fopen.