Hi, 

I have a fresh 2.2.5 install and I want to install a new theme, but I can't because it seems to think that allow_url_fopen isn't allowed. 

running composer diagnose yields the below: 

-bash-4.2$ composer diagnose
Checking composer.json: WARNING
The version field is present, it is recommended to leave it out if the package is published on Packagist.
Defining autoload.psr-0 with an empty namespace prefix is a bad idea for performance
require.magento/product-community-edition : exact version constraints (2.2.5) should be avoided if the package follows semantic versioning
require.composer/composer : unbound version constraints (@alpha) should be avoided
Checking platform settings: FAIL

The allow_url_fopen setting is incorrect.
Add the following to the end of your `php.ini`:
 allow_url_fopen = On



Your command-line PHP is using multiple ini files. Run `php --ini` to show them.
If you can not modify the ini file, you can also run `php -d option=value` to modify ini values on the fly. You can use -d multiple times.

Checking git settings: OK
Checking http connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "http://packagist.org/packages.json" file could not be downloaded: allow_url_fopen must be enabled in php.ini (http:// wrapper is disabled in the server configuration by allow_url_fopen=0
failed to open stream: no suitable wrapper could be found)
Checking https connectivity to packagist: WARNING
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: allow_url_fopen must be enabled in php.ini (https:// wrapper is disabled in the server configuration by allow_url_fopen=0
failed to open stream: no suitable wrapper could be found)
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: allow_url_fopen must be enabled in php.ini (https:// wrapper is disabled in the server configuration by allow_url_fopen=0
failed to open stream: no suitable wrapper could be found)
Checking disk free space: OK
Checking pubkeys: FAIL
Missing pubkey for tags verification
Missing pubkey for dev verification
Run composer self-update --update-keys to set them up
Checking composer version:

 [Composer\Downloader\TransportException]
 The "https://getcomposer.org/versions" file could not be downloaded: allow_url_fopen must be enabled in php.ini (https:// wrapper is disabled in the server configuration by allow_url
 _fopen=0
 failed to open stream: no suitable wrapper could be found)


diagnose

and yet, I KNOW it's enabled:  I created a phpinfo() page, which returns this : 

Core
PHP Version	7.1.20
Directive	Local Value	Master Value
allow_url_fopen  	On	On
allow_url_include	On	On

because I don't trust the UI (I'm running multiple PHs...) and because I've researched this problem before posting, I tried at the CLI level: 

-bash-4.2$ php --version
PHP 7.1.20 (cli) (built: Jul 23 2018 21:23:18) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
 with Zend OPcache v7.1.20, Copyright (c) 1999-2018, by Zend Technologies

-bash-4.2$ php --ini | grep php.ini
Configuration File (php.ini) Path: /opt/cpanel/ea-php71/root/etc
Loaded Configuration File: /opt/cpanel/ea-php71/root/etc/php.ini
-bash-4.2$ grep fopen /opt/cpanel/ea-php71/root/etc/php.ini
; http://php.net/allow-url-fopen
allow_url_fopen = On
-bash-4.2$

I'm at a loss for words here ...