9 Replies Latest reply on Oct 10, 2013 1:17 PM by vinopat

    PCI Compliance

    vinopat

      Title

      PCI Compliance

      Your post

           Where do I make changes to the "php.ini" file? I use FMP and FM Server for my POS and I am failing my PCI Compliance scan.

            

           Thank you.

           Pat

        • 1. Re: PCI Compliance
          JonJ

               It will be in the folder containing your php install ;)

               If you installed php as part of your original filemaker server install, it will be in the filemaker server folder (i.e. where your database files are stored by default), under FileMaker Server/Web Publishing/publishing-engine/php/ 

               On the Mac, it may be in a subfolder in this location (e.g. /mountain lion/lib/php.ini) on the PC I think it's just in the root folder.

               Failing that, create and host a page called test.php, containing the text <?php  phpinfo(); ?>

               When you open the page via a browser, it will display all the details of the php install that the web server is using, including the location of php.ini

               Obviously, don't leave this page up for longer than you need to--it's a security risk, as any hacker could get information on your server set up!

                

          • 2. Re: PCI Compliance
            vinopat

                 Jon,

                 Thanks so much for your help. I found the file in FM Server: Web Publishing-engine: PHP Lion: include PHP: main: PHP.ini. How do I open this file with my browser to make changes in the settings?

                 Pat

            • 3. Re: PCI Compliance
              JonJ

                   It's a text file. It looks like you are using a Mac, so Just open it in TextEdit (or the editor of your choice), make any changes you need, save it, then re-start apache.

              • 4. Re: PCI Compliance
                vinopat

                     I don't have Web Publishing capability and don't have Web Publishing activated on FM Server.

                     Pat

                • 5. Re: PCI Compliance
                  JonJ

                       Which server is running PHP? That's the one where you need to edit the php.ini, and restart its web server application (usually apache on OSX and unix/linux, and IIS on Windows). 

                  • 6. Re: PCI Compliance
                    JonJ

                         It's possible to have more than on PHP install on a server—but the web server app will only use one of them. 

                         It's also possible that php was installed (or overwritten) as part of your FM server install—the web server app will be pointing to the php copy in the FileMaker folder, regardless of whether you have FIleMaker web publishing turned on. If the web server needs to use php, it knows where it is located, and doesn't care why it happens to be in the FIleMaker folder.

                         Cheers,

                         J.

                    • 7. Re: PCI Compliance
                      vinopat

                           Jon,

                           I am still struggling with this issue. I can find the php.ini file in Library>FM Server>Web Publishing>Publishing Engine>php>Lion>lib>php.ini.

                           I am supposed to "set the value for 'expose_php" to 'Off.' I can't figure out how to do that. I am using FM Server 12.0.3.

                           Thank you.

                            

                           Pat

                      • 8. Re: PCI Compliance
                        JonJ

                             Hi,

                             No trouble!

                             php.ini is just a text file with a series of settings for how php should behave. Every time php is used, it opens the file, reads through it line-by-line and runs according to the instructions it reads.

                             Fortunately, php.ini is pretty easy for humans to read, too. Everything is simply written as:   setting_name = desired_value , with one setting per line.

                             Some lines may begin with a semicolon. This is a signal for php to ignore what's written on that line. It's used to write notes and comments for human readers, and to deactivate ('REM') instructions that you don't need (this more handy than deleting the line altogether, as you can re-activate it again in a hurry, just by removing the semicolon)

                             So, to edit your php.ini...
                              
                             First, before you make any changes (and just to be on the safe side) duplicate your php.ini file -- call it php.ini.backup, or something similar. That way, if you get into a mess, you can put things back as they were!
                              
                             Second, open php.ini in TextEdit (mac) or Notepad (windows).

                             From the menu, select Edit->Find, and search for 'expose_php'

                        You should find a line that looks something like:

                             expose_php = On

                             Just change the 'On' to 'Off' .

                             While you're there, make sure the line doesn't begin with a semicolon!

                             Once you're done, just save the file. 

                             You may need to re-start your web service for the changes to come into effect  (Apache or IIS... if you're uncertain just restart the whole computer), but next time php is used, it should read-in your new setting for expose_php.

                             If not, it most likely means that you are not editing the php.ini file that php is actually reading. To make sure, you could do my trick of creating and hosting a page called test.php, containing the text <?php  phpinfo(); ?>. When you look at this page in a browser, it will display a big table with everything about your php instal, including exactly where php is finding its copy of php.ini--that's the copy you must edit!

                        Hope this helps,

                        J.

                               

                        • 9. Re: PCI Compliance
                          vinopat

                               Jon,

                               I found it. expose_php was already set to "Off" and there was no semicolon before the line!

                                

                               I have requested a new scan.

                               Thanks for your help.

                               Pat