; CMS PHP Config Files ; -------------------------------------------------------------------------------------------- ; These config files attempt to reset PHP and Apache settings to standard values and turn off ; deprecated or problematic features that would otherwise cause errors or problems. ; ; NOTE: These files aren't supported on all servers, but on many they will prevent problems. ; However, they are OPTIONAL and you can safely remove these files if needed. ; -------------------------------------------------------------------------------------------- ; .htaccess - For Apache, Apache PHP module and IIS with .htaccess emulator: http://php.net/configuration.changes ; .user.ini - For servers running PHP in CGI/FastCGI mode: http://php.net/configuration.file.per-user ; php.ini - For servers that support custom php.ini files: http://php.net/configuration.file ; -------------------------------------------------------------------------------------------- ; *** IMPORTANT!!! If you make any changes to this file save a backup copy as .backup ; so you have a backup in case your changes get overwritten next time you upgrade. ; php.ini settings ; -------------------------------------------------------------------------------------------- ; Docs: http://php.net/configuration.file ; Docs: http://php.net/manual/en/ini.php ; EXPERIMENTAL - HOW TO FIX 500 INTERNAL SERVER ERROR (ON CMS INSTALL) ; If you're getting an "Internal Server Error" when INSTALLING the CMS here's what to do: ; 1) Create a temporary phpinfo.php in your website root with this: ; 2) Because that file is above your cms folder it will show default server settings that are unaffected by the CMS config files (php.ini, .htaccess, and .user.ini) ; 3) View that phpinfo.php in your browser and search for this setting: cgi.force_redirect (it may or may not be found) ; 4) If cgi.force_redirect is found and is set to 0 in the left-most column, uncomment the line below (by removing the ;) ;cgi.force_redirect = 0 ; 5) IF THAT DOESN'T WORK: re-comment the line above and try disabling this config file by renaming it to: php.ini.disabled ; 6) Remove temporary phpinfo.php file in website root ; Reference: http://php.net/manual/en/security.cgi-bin.force-redirect.php ; Reference: http://www.hpenterprisesecurity.com/vulncat/en/vulncat/php/php_misconfiguration_cgi_force_redirect.html ; security enhancements expose_php = Off ; disable suhosin extension suhosin.session.encrypt = Off suhosin.simulation = On ; reset php values date.timezone = UTC disable_functions = max_input_vars = 2000 open_basedir = none post_max_size = 103M upload_max_filesize = 103M ; disable output buffering & compression ;output_buffering = Off ;output_handler = Off ;zlib.output_compression = Off ;zlib.output_handler = Off ; Identify loaded config files - repurpose some lesser used php.ini directives to indicate which config files loaded highlight.comment = '#FF8000; CMSB_CONFIG_PHP_INI' date.sunrise_zenith = '22.2222 CMSB_CONFIG_PHP_INI'