Each user can create his own file php.ini and place it in the folder of the called script.
This is convenient, so that you can edit your own settings, without contacting the technical support

If you decided to put php.ini somewhere in public_html, then create file .htaccess in site root folder (for example /home/user/public_html, where user is your nickname in cpanel) or if file exists, just add in any place (beginning or end) directives described below to .htaccess file.

<Files php.ini>  
order allow,deny  
deny from all  
</Files>  

These directives prevent others from viewing the php.ini file.

With this installation of PHP as a CGI handler, SuPHP, you cannot use the following directives in the .htaccess file : php_flag, php_admin_flag, php_value and others that change any parameters of the PHP environment it will cause an error code 500, Internal Server Error.

Warning: The native php.ini file is valid only within the directory in which it is placed, unless a special option is specified, see below.

suPHP_ConfigPath /home/user/public_html  

for hostde6 and hostde15 servers

lsapi_phpini /home/user/public_html  

I.e. write this line in the .htaccess file before the code prohibiting the view file php.ini, but replace user with your username.

Access rights to files and folders:

  • 644 - writing to the file is permitted (by default)
  • 444 - Do not write to file (read and execute only)
  • 755 - access rights for folders (default, no need to change them)

Please note that with the access right of 644 the writing is only allowed for the scripts which are being launched in the environment of your account. No one else will be able to do the recording. For even more security hobby you can change file permissions to 444 - in this case even your scripts can't write anything to files, but this is not obligatory.

Thus, you do not need to change permissions when installing scripts, even if the script's instructions say to change them. Just skip the CHMOD permissions change item.

Example of php.ini file and description of some of its parameters:

; File syntax: "directive = value"
; The comment sign in php.ini is ";" (semicolon). Anything after ";" is not accepted by PHP

safe_mode = Off

disable_functions = ; For security reasons, allows you to disable these functions

max_execution_time = 30 ; Maximum number of seconds of script execution

memory_limit = 16M ; Maximum memory the script can take

error_reporting = E_ALL & ~E_NOTICE ; Show all errors except remarks

display_errors = On ; Display errors in the browser. To facilitate script debugging

variables_order = "EGPCS " ; The order in which PHP will register variables (E - built-in variables, G - GET variables, P - POST variables, C - cookies, S - sessions). Missing any of these letters will prevent you from handling the corresponding variables

register_globals = On ; Ability to treat variables coming in via GET/POST/Cookies/sessions as normal variables (e.g. "$variables")

post_max_size = 55M ; Maximum amount of data which can be accepted

magic_quotes_gpc = On ; Enabling automatic handling of quotes coming in via POST/GET/Cookie

file_uploads = On ; Allows file uploads

;upload_tmp_dir = ; The directory for temporary downloaded files (do not forget to create this directory!)

upload_max_filesize = 5M ; Maximum size of an uploaded file

session.save_handler = files ; Store session data in files

session.save_path = /tmp ; A folder to store session files (be sure to create this directory!)

session.use_cookies = 1 ; Use cookies in sessions

session.name = PHPSESSID ; Use session ID as session name and session cookie

session.auto_start = 0 ; Prevent session from initializing when connection starts

session.cookie_lifetime = 0 ; Session cookie lifetime ("0" - until closing the browser window)

session.use_trans_sid = 1 ; Session IDs will be added to all links on the page automatically (if you have cookies disabled)

Updated Jan. 2, 2019