Php.ini accessibility

As I have read in several threads concerning the accessibility of the php.ini file, I have noticed that it is inaccessible on a free host. But is it still accessible through an FTP client? Or is it only at a premium host I can do this? Reason why I ask is due to a MyBB plugin that require me to add a line to the php.ini to work properly.

The php.ini file contains the PHP settings of the server. You don’t have full access to this config file on any web hosting service, because the PHP settings are shared between all accounts.

On free hosting, there is almost no possibility to change PHP settings. A very small number of PHP settings (like timezone or error displays) can be set through .htaccess rules.

With premium hosting, you do get some flexibility to override some settings. I’m not sure what line you need to add, or whether you can have custom php.ini rules or only certain settings through .htaccess rules. You would have to ask iFastNet directly about that: https://ifastnet.com/contact.php

It is needed for a MyBB plugin called Minecraft Connect, found here: Extend MyBB - Minecraft Connect

For it to install properly, this line must be added to the php.ini:

curl.cainfo=PATH/TO/cacert.pem

Is this possible to do on either free or premium hosting? Since that is the only reason why I have interest in changing the php.ini.

Judging by the official document from PHP about that setting, I think it can only be set for the whole server, not for individual accounts, websites or folders.

But I also took a quick look at the information from the MyBB plugin, saw this:

Again, if the plugin installed correctly with no errors then you most likely do not need to worry about this part. Most servers should come with a Certificate Authority cert bundle of some kind pre-installed

“Most servers” include ours, so you don’t need to configure this. Did you try to install the plugin already? Did it work? If not, what happened?

When trying to install it, I get this error message:
cURL is not set up with a proper Certificate Authority root certificate bundle. Please view THIS GUIDE on how to add one so that you can install Minecraft Connect

And THIS GUIDE refers to the installation guide for Minecraft connect. And if the cacert.pem is missing, in which directory should I drop it in the FTP client?

You can’t edit that file yourself (doing so would be a huge security disaster).

I took a quick look at the code of the plugin and it specifically looks at whether the curl.cainfo setting is filled, and returns an error if it’s not.

However, you don’t need to specify this setting at all in order to properly validate SSL. If this setting is not provided, PHP will default to the SSL settings of the operating system, which already contain a proper SSL chain.

In other words, this hard check on the PHP setting is a bug in the plugin, because the plugin is wrong to assume that the missing setting means there is no proper CA chain.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.