Phpinfo() disabled on server

coothead · 2018-06-16 10:48:04 UTC

Hi there Server Configurators,

I have recently converted my site to HTTPS and have discovered
that "phpinfo()" does not work with this configuration.

As my host has unsupported php installed - ( 5.5.7 ) and has
promised to upgrade it in the near future, I need to make
regular checks on this assertion.

I know that I could disable the SSL and then check, but that process
would be an absolute pain in the arse.

Are there htaccess or other methods that would resolve this problem?

coothead

ScallioXTX · 2018-06-16 11:14:02 UTC

What do you want with phpinfo()? What isn't working exactly?

Also if your host is still on PHP 5.5 I would strongly suggest you find a different host.

coothead · 2018-06-16 17:30:47 UTC

I want to see the information that this code...

<?php
   phpinfo();
?>

... creates displayed in my browser when it uses HTTPS.

Here is the link in question...

https://coothead.co.uk/php-info.php

Obviously, as can be seen, the page in question is not working.

That process would also be an absolute pain in the arse.

At my advanced age, I tend to treat each day as though it may be my last.

coothead

John_Betong · 2018-06-16 17:36:34 UTC

Try this instead which hopefully will override the phpinfo() settings and show errors and warnings:

<?php
  ini_set('html_errors', '1');
  ini_set('display_errors', '1');
  ini_set('display_startup_errors', '1');
  error_reporting(-1);

   phpinfo();

// DO NOT USE CLOSING PHP TAG BECAUSE IT MAY PRODUCE ERRORS

Edit:
You could also use this site to check .htaccess is working correctly.

http://supiet2.tk

coothead · 2018-06-16 17:57:12 UTC

Hi there John,

thanks for your reply.

Unfortunately, without or with the closing tag, I now get this information...

Warning: phpinfo() has been disabled for security reasons in
/services/webpages/c/o/coothead.co.uk/public/php-info.php on line 6

coothead

John_Betong · 2018-06-16 18:07:33 UTC

Hi @coothead,

I am glad it worked, it looks as though your service provider is being super careful.

Are you just curious about the phpinfo() results or require specific information? If the latter then there may be other means of obtaining the information.

ScallioXTX · 2018-06-16 18:20:22 UTC

At any rate it doesn't have anything to do with https

So I'll move this over to the PHP forum as it's no longer a server configuration question.

coothead · 2018-06-16 18:33:25 UTC

Hi there John,

Yes it is the latter.

The phpinfo() used to give the server's installed version right at beginning.

This is really all that I require.

Is there an alternative method to ascertain the installed version?

coothead

Mittineague · 2018-06-16 18:33:42 UTC

I agree that exposing that information can be a security risk. IMHO, instead of not exposing the fact that a site has a vulnerability it would be better to upgrade / reconfigure so a known vulnerabilitiy doesn't exist.

In any case, phpinfo is kind of like a "get everything at once" function. It might still be possible to put together your own version of a phpinfo getting the individual information you're interested in. Tedious, but hopefully only a one time job. eg.

<?php 
if ( function_exists('phpversion') ) { 
  echo phpversion(); 
} else { 
  echo 'phpversion does not exist'; 
} 
if ( function_exists('get_loaded_extensions') ) { 
  print_r( get_loaded_extensions() ); 
} else { 
  echo 'get_loaded_extensions does not exist'; 
}

etc. similar with ini_get() for individual settings. And you could put the strings into arrays to reduce repetitive if else code.

coothead · 2018-06-16 18:57:13 UTC

Hi there Mittineague,

thank you for your reply.

This...

<?php
if ( function_exists('phpversion') ) { 
  echo phpversion(); 
}
?>

...solved my problem.

My host, I now see, has upgraded to version 5.6.31 which is
supported for critical security issues only until 31/12/2018.

So I must be thankful for small mercies.

I will now press them shortly for the upgrade to 7.2.

coothead

ahundiak · 2018-06-18 12:03:52 UTC

Just be careful about what you wish for. There are several bc breaks (aka fixes) between 5.6 and 7.2. Especially the count function. Make sure you thoroughly test your code before the update.

m_hutley · 2018-06-18 14:55:02 UTC

<?php echo 1 <=> 2 ?>

if you see a -1, PHP 7 is running.
If you see an error, PHP 5 is running.
If you see the code, PHP is not running.
If you see absolutely nothing, PHP 5 is running and your host has turned off error reporting.

(Simplest version check - find a difference between versions, and run the command. In this case, the 'spaceship operator'.)

coothead · 2018-06-18 15:28:16 UTC

It seems that I am the unfortunate possessor of a naughty host.

coothead

m_hutley · 2018-06-18 15:40:14 UTC

Grab the lines out of @John_Betong's post above, see if you can force PHP into spitting the errors out. Probably an unnecessary step ("Until you see a -1, PHP isnt running version 7"), but not bad practice anyway

MrBaseball34 · 2018-07-02 19:22:27 UTC

Did you think to eval php -i