symfony

How to Enable and disable phpinfo()

The phpinfo() function is mostly disabled in the shared hosting service due to security reasons as it displays information which can be used to compromise the server. By disabling the phpinfo() one can take a step to secure the server, but it becomes difficult for debugging.

Here are steps for enabling and disabling the phpinfo() :-

If phpinfo() is disabled and you want to enable it

Considering you have access to the server’s php.ini file then change the disable_functions directive from disable_functions = phpinfo to disable_functions =

Considering you don’t have access to your server’s php.ini file (most likely case), you may be able to create your own php.ini file and change the disable_functions directive that way. If that doesn’t work, learn “How to debug php application with phpinfo() disabled ?

If phpinfo() is enabled and you want to disable it

Considering you have access to the server’s php.ini file, then change the line that includes the disable_functions directive so that it says disable_functions = phpinfo

Considering you don’t have access to your server’s php.ini file, you may be able to create your own php.ini file and change the disable_functions directive that way. Or, add a line in the application that says

ini_set('disable_functions', 'phpinfo');

How to debug if phpinfo() is Disabled ?

Some server (hosting) providers choose to disable the PHP function phpinfo() for security reasons or say vulnerability in PHP 5.3 CVE-2014-4721, because it displays information which can be used to compromise the server that your site is running on. phpinfo() outputs almost every information about PHP’s configuration, such as the values of PHP directives, loaded extensions and environment variables.

In cases where phpinfo() is disabled, debugging problems in PHP is much more difficult. But, even though phpinfo() is disabled, you can still find that information using php’s core functions:

<?php
//PHP directives
echo ini_get(upload_max_filesize); // 2M
//Extensions/modules
print_r(get_loaded_extensions());
//Environment variables
print_r($_ENV);
//PHP or extension version
echo phpversion(); // 5.3.26
echo phpversion('pdo_mysql'); // 1.0.2
?>

In case you have SSH access to the server, “php -i” can also be used to get PHP configuration settings. For example, to get the configuration for the PDO – MySQL extension:

$ php -i|grep pdo_mysql

Or to get the version of PHP:

$ php -v

Though you can get lot of information without need of enabling phpinfo() but still if you want to enable it, learn “How to Enable and disable phpinfo()“.