As you sit and read this you might be wondering, Why would I want to do this? What is this for?

Have you ever tried to upload a file directly from your site but couldn’t because the file was to large?  Does it leaves you grumbling and shaking your fists.  Don’t worry, you’re not alone.

Mercifully there is a 3 step process to get around this, shown below, and the best part is we’re going to walk through it!

1. Create a php document and call it getphpinfo.php
2. Create a php document and call it gettheini.php
3. Modify or create an .htaccess file

While I always encourage following along and creating your own files to get a feel for the process, below is a .zip that has them pre-made.
*Remember you’ll still need to modify the files accordingly with your server values.  Also you will need to rename the htaccess.txt file in this .zip to .htaccess

Click Here to download.

Many hosting providers have updated their servers to run PHP5 in conjunction with PHPSuExec enabled.  Due to this configuration users are no longer able to have php flags in their .htaccess file (which was an alternate method of increasing the file upload size).  Placing PHP flags in .htaccess files is now a common cause of internal server errors on servers with PHPSuExec enabled.

If you have a website chances are you have shared hosting with your provider.  What this means is that multiple individuals share your server and resources.  As such, it’s normal for hosting providers to set a low limit on PHP file upload size.  It’s probably anywhere from 2M – 10M (M = Megabytes).  This probably wouldn’t affect the average user, because you can still upload large files directly to your server via FTP.

What happens though, if you don’t want to upload those large files via FTP? What if you wanted to let your users use a web form or script of some sort to upload large files to you directly from your site?

That’s an excellent question! The answer is you can’t.  Not without a bit of modification.  There are pre-existing settings that control those file size definitions as well as other PHP settings in a file called php.ini.  Some hosting providers give you access to this file and some do not.

Hark!  you cry,  I don’t have access to this file! How do I increase my upload limit?!?! ZOMG I neeeeed this!

Never fear! We are going to walk through how to get around this by creating a custom php.ini file.  Are you ready? Let’s do it!

STEP 1.  *Create a new PHP document. Name it getphpinfo.php, add the snippet below and then upload it to your root directory:

*Note: This step is optional.  It’s only necessary if you don’t know where your default php.ini file is located or if you’re unsure of your direct path to your root directory .  If you already know this information you can skip this.

<?php phpinfo(); ?>

STEP 2. Create a new PHP document. Save it gettheini.php, add the snippet below and upload it to your root directory:

<?php system("cp /usr/local/lib/php.ini /home/YOURUSERNAME/php.ini"); ?>

*Note:  If you’re not sure of the value to enter for where your default php.ini file is located on your server this is where your gettheinfo.php file comes in handy.  In your browser navigate to www.yoursite.com/getphpinfo.php  this will display all the PHP configurations for your site.  The path you need should be under a section called Loaded Configuration File.  Replace /usr/local/lib/php.ini in the snippet above with the path listed under that section.

The second part of the above snippet /home/YOURUSERNAME/php.ini is defining where a copy of the default php.ini will be created.  If you’re not sure what the value of this direct path is you can once again navigate to www.yoursite.com/getinfophp.php in your browser and look for a section called DOCUMENT_ROOT under Environment.  Replace /home/YOURUSERNAME/ with the path found under that section.  This will copy the default php.ini to your root directory.

<!– IMPORTANT–> The safest way to do this is as described in Step 2. where you create a copy of your server’s existing php.ini and modify that.  If you just create a new custom php.ini from scratch and add only the things you want changed (i.e. max_filesize) you run the risk of overriding all the default php modules and settings that some of your scripts may need to function! <!– IMPORTANT –>

In your browser navigate to your gettheini.php file (i.e www.mysite.com/gettheini.php); running this script will generate a blank or white screen but don’t worry that’s normal! Now go to your root directory (or wherever you told your script to copy the php.ini file) and you will see your copy of the php.ini file. Huzzah!

*Note:  Some hosts may disable certain PHP Program Execution Functions such as system() and passthru(). You will know when this happens as you will see a message like the following:

Warning: system() has been disabled for security reasons in /home/USERNAME/public_html/gettheini.php on line 1

Since we use system() in our gettheini.php file, if you’re receiving this error open your gettheini.php and replace <?php system(  with <?php exec(   (In some instances you may have to try shell_exec.)

Open this php.ini file in your editor of choice, find upload_max_filesize (mine is located on line 487 but yours might be different)  and change the value to suite your needs.  (i.e. upload_max_filesize = 20M) and then save.

<!– IMPORTANT –> Change the permissions on this new php.ini file to 644! <!– IMPORTANT –>

While the above does change the upload limit allowed by your server, scripts using PHP and POST data to determine the max file size the script will allow to be uploaded, such as WordPress (WordPress default restriction is something along the lines of 10MB), need an extra step.  In your php.ini file find post_max_size (approx. line 373) set this to something like post_max_size = 20M.  If, for example, you use WordPress, once you make this change, click “Add New” under “Media” in your WordPress admin, it should now say something like “Maximum upload file size: 20MB” (or whatever you set it to).

Right on rockstar! You’ve just increased your PHP upload limit but we have one more step!

STEP 3. Create an .htaccess file, add the following snippet and upload it to your root directory:

*Note: If you already have an .htaccess file then you can simply modify it.

<Files php.ini>
order allow,deny
deny from all
</Files>

SetEnv PHPRC /home/USERNAME/public_html/php.ini

You might be thinking What the earth is that stuff doing? o_0

Weeeeeeell let me tell you!

In this guide we created a custom php.ini file by copying our server’s default one.  However we don’t really want any prying eyes to be able to view that new file.  The first portion of the above snippet handles this.

Additionally, when creating a custom php.ini file the changes will only be effective on scripts in the same directory it was placed in.  We want to make our new php.ini recursive (apply to all sub directories as well).   The second portion of the snippet SetEnv PHPRC /home/USERNAME/public_html/php.ini says “hey! Apply all the configuration values from php.ini to all subdirectories of where you placed me (me = .htaccess file) in!”

Success!  You be finished!  Go ahead and delete getphpinfo.php and gettheini.php from your server.

Update – 09/29/2011

• some hosts may disable certain PHP Program Execution Functions.  Added *Note reference to Step 2 on how to adjust gettheini.php script to accomodate this issue.
• Known Hosts this issue occurs on:  HostPapa – By default HostPapa disables the following functions: dl,passthru,proc_open,proc_close,system,allow_url_fopen.  Once you create your custom php.ini file you can remove some of those functions by deleting them; found around line 199 (If you don’t know what these functions do I would only suggest possibly deleting out system and passthru).

Update – 08/22/2011

• post updated to correct typo in .htaccess snippet. Removed the blank space found on the line order allow, deny that was causing internal error messages.
• post updated to add reference for post_max_size (found before step 3). This is required for scripts (not the server) using PHP and POST data to determine the max file size allowed to be uploaded through the script itself; such as WordPress.