You can try a custom php.ini and turn register_globals back on, but if that doesn't work at your server config, you will be forced to use the new php version.

globals are a bad idea anyway. Too many open back doors.

To view your PHP config, create a text file containing the following:

<?php
phpinfo();
?>

...name it info.php and upload it to your document root.

Then access this file with a web browser. You now will know your current PHP config and the location of the php.ini file (likely also at document root.)

Next download that php.ini file to your machine and edit it to turn register_globals to true (or 1 if you see a 0) save and upload to overwrite the existing file.

You now have customized your php.ini. As I said before, your server config may not support this change. If so, you're stuck with what they offer.

php.ini seem to be no reachable.

/usr/lib/php5.6/php.ini

You should contact your admin and ask if there is a way to use your own php.ini.

Otherwise, PHP 5.5 is soon to be End-Of-Lifed by php.net so most all hosting companies are upgrading to 5.6 or newer.

If you do hire a programmer to udpdate your scripts, you should consider opting for php 7. That way you'll be good for years.

You can't overwrite the default settings on 1&1. You mentioned it only affected version 5.6 and up. You can opt to retain an older version of PHP, although you will be charged a monthly fee for PHP extended support. If you are happy with your current version then you can continue to use it until you have adjusted your code to work with the more modern version.

As Keyplyr suggested it would make sense to now target PHP 7 as your deployment version. In reality 1&1 will soon be releasing extended support for version 5.6. I am already being encouraged to upgrade to version 7 from within the control panel.

Mack.

1and1 turn off register_globals on PHP on 5.6 and upper.

register_globals was actually removed completely in PHP 5.4+, so unless you are currently on PHP 5.3 or earlier then you're not using register_globals.

Do you know for sure whether you are making use of register_globals?

register_globals has also been "Off" by default for... a long time. So, in order to use it you must explicitly enable it in .htaccess. (Of course, 1and1 could enable this in the server config, essentially changing the default - but that would be a pretty bad security model to follow.) So, check the output from phpinfo() (as mentioned above) and see if register_globals is enabled. No use progressing further if it's not (and your code is working as expected).

To "properly fix" the use of register_globals, there is no quick way. You need to methodically go through all the code! You can try disabling register_globals and enable full error_reporting. If you then get E_NOTICE messages for undefined variables, whereas you did not with register_globals enabled, then that suggests the use of register_globals, but also suggests the code might be insecure so needs fixing anyway! (And you might need to write many unit tests to unearth these error messages.) Secure code that uses register_globals should not generate any E_NOTICE messages, since the variables will be initialised.

However, a quick and dirty workaround is to simply write a bit of code at the top of your script (included on every page) that emulates register_globals. All register_globals does is copy values from the request (from the superglobals) in a predefined order into global variables of the same name. It automatically registers global variables. You can, however, do this "manually" if you want. This is covered in the FAQ section in the manual: [php.net...]

It's dangerous to be using an old version of PHP. Swap your script for something else. Upgrade, use a bridge script to upgrade to something else.

Or you can just wait until a bot scans your site and takes it down and burns your content.

In my opinion, upgrading is the easy path but you can choose the hard way and have your hand forced by a hacker.

Good luck,

Roger