Having the PHP setting
register_globals enabled on your webserver is a bad idea in terms of security.
It's strongly recommended to turn it off. If you don't have control over the webserver and therefore can't do that, ask your webhost for support. Most webhosts should be happy to help you turn register_globals "off" because it removes potential security holes in all PHP scripts. In addition, register_globals has been marked a feature to be removed in the next version of PHP and so all scripts need to work with register_globals "off" in the near future. Some webhosts have a simple way to change the register_globals setting on the webhost's control panel. If the webserver is yours to administer (i.e. if you're self-hosting, which the dev team does not recommend), you need to edit php.ini, find the line that starts with
register_globals and edit it accordingly. Save your changes and restart the webserver service/daemon.
Do not ask how to turn register_globals off in this thread nor in other threads on this forum, as we don't know how your webserver is set up and therefore can't answer that question. Usually, you are not able to change that in the first place if you're webhosted, but only your webhost can change it for you. The only place to ask for help is your webhost. Older, badly-written scripts may require register_globals to be enabled. Coppermine is not one of those scripts that require register_globals "on". Although Coppermine works with register_globals turned on or off, it is strongly recommended to turn register_globals
off.
In general, register_globals set to "on" might result in your site getting hacked!For technical information about the security implications of register_globals, go to
this page (on PHP.net).