2. Depending on the PHP version that the server is running, there may be some vulnerabilities in the PHP itself, simply find out the PHP version - via php_version() - and search for some vulnerbilities.
3. php.ini only affects PHP files, so simply upload a different web shell (such as Python, Perl, C, etc).