PHP Scripts

The version of PHP installed on the webserver is 5.3.10. Most common PHP libraries should already be installed. If there is one you need that isn't installed and you can find it in the standard Ubuntu repositories let us know and we can install it for you.

We use Suexec and CGI for running PHP scripts rather than mod_php. This provides a more secure environment but means that downloaded PHP applications may not work out of the box, because most people designing PHP scripts assume that mod_php will be used. However, we view this as an excellent security precaution, as it means that you can't just download a PHP app and install it and let it run without having to think about how to make it run!

The most obvious consequence is that all PHP scripts must start with the line "#!/usr/bin/php" and be executable.

The most common problem users have with pre-written PHP software is that an existing tree of PHP source files will not have #!/usr/bin/php at the beginning of the scripts, and, worse still, PHP makes no distinction between a program (script invoked by a URL) - which needs #!/usr/bin/php adding - and a library (file which is included into another PHP file) - which does not need, and must not have, the #!/usr/bin/php line added. So, in this situation, you need to identify which individual PHP files are programs (scripts, accessed as URLs) and add the #!/usr/bin/php to just those files.

Note that if you download PHP scripts from the Internet, you are responsible for ensuring that the scripts really do what they say they will, do not misbehave and are secure. Bear in mind that by allowing these scripts to run as CGI scripts on our web servers, they will be invoked by untrusted users across the Internet, but will run with your user privileges on our web server, and hence have the same access to files in your home directory as you do!

If you choose to use a well known piece of web software (eg a wiki or a content management system), it is quite likely that particular versions of such software will have vulnerabilities which hackers know how to exploit via web attacks. It is your responsibility for keeping your web-based software up to date and (as far as possible) secure. If you get our webserver hacked because you have not kept your chosen software up to date, we will be extremely annoyed with you. As Terry Pratchett so nearly says:

Our webservers (www.doc.ic.ac.uk and www-homes.doc.ic.ac.uk) currently run Ubuntu 12.04 (aka Precise).

An Example

Here is an example of a basic PHP script that resides in the root of a users public home directory:

$ cd ~/public_html

$ ls -lad /homes/help/public_html
drwxr-xr-x   20 fred    csg          8192 Feb  1 14:10 ./

$ ls -la test.cgi
-rwx------    1 fred    csg            44 Feb  1 13:45 test.cgi

$ cat test.cgi
#!/usr/bin/php
<?php
echo "hello world";
?>

Key points to note:

Group project areas

A few things to note about permissions if you are running scripts from a group project areas (ie. somewhere in /vol/project/...).

guides/web/php (last edited 2014-05-09 18:23:13 by ldk)