Drupal install

[RFH Customer: markcannon]

Folks
First off I'm not a developer, but can generally pick things up with a bit of guidance.

I'm trying to install Drupal and have hit the 'register_globals' issue. I've found an entry from another thread (pasted below), but cannot fathom out where the code given should be placed.

So, if I'm reading the thread correctly, I place the code somewhere, run the Drupal install and it negates the 'register_globals' issue. Is this correct? If so, which php doc does the code get placed in, and, where does it go please?

Or is life harder?

Thanks folks
Mark


We can only change the PHP configuration variables that can be set at runtime using ini_set(), and register globals is not one of these.

Your client can still use drupal or joomla without problems however.

Turning globals off on these programs is more of a security measure than a requirement of function, and until Warren can be convinced that turning globals off will not break too many (old) sites, we are stuck with just ignoring the warnings.

If your client wants to be as safe as possible they can add the following code (provided by Warren in another thread), so that it is executed before any other code in the applications, it should elliminate the security issue entirely (provided there are no ways app code can be called without it):

$_reserved = array("_reserved", "GLOBALS", "_GET", "_POST", "_COOKIE", "_SERVER", "_ENV", "_REQUEST", "_FILES", "argv");

if (is_array($GLOBALS)) {
reset($GLOBALS);
while (list($_key, $_val) = each($GLOBALS)) {
if (!in_array($_key, $_reserved) && ($_key != "_key" && $_key != "_val")) {
unset($GLOBALS[$_key]);
}
}
}

[RFH Reseller: nick]

Just downloaded drupal to check. The file that is called first every time is includes/boostrap.inc, so the code would go in the top of that, however whilst I was looking in the file I noticed they already have a function

PHP Code:

/**
 * Unsets all disallowed global variables. See $allowed for what's allowed.
 */
function drupal_unset_globals() {
  if (ini_get('register_globals')) {
    $allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'access_check' => 1, 'GLOBALS' => 1);
    foreach ($GLOBALS as $key => $value) {
      if (!isset($allowed[$key])) {
        unset($GLOBALS[$key]);
      }
    }
  }
} 


This is called pretty much straight away regardless, so it looks as though the Drupal developers already have it covered and you can probably just ignore the warning message safely and not do anything.

You can still add Warren's code if you like, to the top of that file. I notice the Drupal one allows a fair bit more to remain--not sure how much that affects the safety or whether there will be any problems from clearing more?

It was Drupal 5.7 that I looked at.

[RFH Customer: markcannon]

Thanks for the guidance. Here's where I'm at.
Basics.
• Database created ready for Drupal
• Uploaded Drupal 5.7
• Enter site address to begin install
I then hit the message shown in the attachment

The browser indicates that drupal calls install.php on the first run
http://greenskythinking.net/install.php?profile=default

I've checked install.php and line 4 indicates that the first thing to happen is
require_once './includes/install.inc';

with
require_once './includes/bootstrap.inc';
appearing n line 18

As I said, I'm no developer so I still inserted Warrens code at line 2 of 'includes/bootstrap.inc' but return the same 'Incompatible Environment' report when trying to progress the install.

Unfortunately I'm no further forward at this time.

If there's something I've missed, please do let me know - I'm open to suggestions.
Thanks

PS - am in Canada, hence the delay in responding.

Just downloaded drupal to check. The file that is called first every time is includes/boostrap.inc, so the code would go in the top of that, however whilst I was looking in the file I noticed they already have a function

PHP Code:

/**
 * Unsets all disallowed global variables. See $allowed for what's allowed.
 */
function drupal_unset_globals() {
  if (ini_get('register_globals')) {
    $allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'access_check' => 1, 'GLOBALS' => 1);
    foreach ($GLOBALS as $key => $value) {
      if (!isset($allowed[$key])) {
        unset($GLOBALS[$key]);
      }
    }
  }
} 


This is called pretty much straight away regardless, so it looks as though the Drupal developers already have it covered and you can probably just ignore the warning message safely and not do anything.

You can still add Warren's code if you like, to the top of that file. I notice the Drupal one allows a fair bit more to remain--not sure how much that affects the safety or whether there will be any problems from clearing more?

It was Drupal 5.7 that I looked at.

[RFH Reseller: nick]

Humm. well. I've just had a go at installing drupal 5.x, and you are quite right, they have a check for register globals in their install procedure that is an essential requirement.
The way to get around it is to open up the file modules/system/system.install and comment out the flag that sets this install error, it's line 55 (or remove the line entirely):

PHP Code:

    //$requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR; 


After that Durpal will install fine. You will have to open the 'Advanced' section of the install page and put in the name of the database server you are using, NEON for example, instead of the default of localhost.

Interestingly enough I had a go with the latest release candidate of Drupal 6 and that doesn't complain about globals at all.

Anyway, I hope that helps. It's unfortunate it's a bit of a hack, I see Warren's difficult position on the globals setting, but it is becoming more of a problem these days to have it enabled than disabled.

[RFH Customer: markcannon]

Fantastic. Commented out the line and the install worked fine.

Just gotta figure out how to drive Drupal now!

Thanks for your help, really appreciated

Cheers

[RFH Reseller: nick]

no problem.

[holivar]

Hi, thanks, this thread has helped me out considerably ... I am using Drupal 6 (6.1) and I have hit the register_globals error so Nick, I'd be interested to know which version you tried it on?

Anyway, commenting out the line as indicated does the trick for me too. It is on line 56 of my system.install file.

Mike

[RFH Reseller: nick]

Hi yeah, I ended up trying it with 5 and a release candidate of 6. The RC didn't fall over on the globals thing, though I guess they could quite easily have removed the check in that particular build.

[Pensive]

Followed all of this advice and it got me through to the database section.

Getting these settings right results in a page that reads:

Warning: fopen(./sites/default/default.settings.php) [function.fopen.php]: failed to open stream: No such file or directory in D:\shareourstuff.com\wwwroot\includes\install.inc on line 187

Warning: Cannot modify header information - headers already sent by (output started at D:\shareourstuff.com\wwwroot\includes\install.inc: 187) in D:\shareourstuff.com\wwwroot\includes\install.inc on line 617

Warning: Cannot modify header information - headers already sent by (output started at D:\shareourstuff.com\wwwroot\includes\install.inc: 187) in D:\shareourstuff.com\wwwroot\includes\install.inc on line 618

Confused...? I think this is a Drupal 6 issue. And Drupal 6 now DOES require you to perform this fix to allow the install to take place.

[RFH Reseller: nick]

Are you sure all the drupal files have been copied into your webspace? That error is just saying it can't find a file.
It is looking for:
D:\shareourstuff.com\wwwroot\sites\default\default .settings.php

Ignore the stuff about headers being sent, that happening because you are getting the first error message being output.