The Panix Help System -- Web Page Help

Using PHP on Panix

PHP is implemented on Panix in two different ways; as an Apache module and as a stand-alone executable.

mod_php

As an Apache module, PHP runs from within the webserver. To use PHP in this way, you only need to name your files with the .php extension, and they are automatically parsed. However, PHP within Apache is run in safe mode, and there are many functions that are limited by safe mode. For more information, see the PHP Manual. For information on PHP as an Apache module at Panix, see the PHP Apache module info page.

cgi script

As a stand-alone executable, you need to add the line "#!/usr/local/bin/php" to the beginning of the file and use the .cgi extension, just as you would with any other cgi script. The stand-alone version is not run in safe mode. For more information on the stand-alone version at Panix, see the PHP stand-alone info page.

php handler

A clever way to convert existing .php pages into .cgi calls is by using a php-handler script. This is a .cgi script with the following contents:

#!/bin/sh

cd `dirname ${PATH_TRANSLATED}`
exec php

Name it it "php-handler.cgi" and place it in your pcgi-bin directory. Set permissions to u+x, to give yourself permission to execute it.

The directory in which you are running php should have a .htaccess file whose contents include the following:
AddHandler php-handler .php

If you do not have your own domain, add this:
Action php-handler http://www.panix.com/~yourusername/pcgi-bin/php-handler.cgi

and if you have your own domain, add this:
Action php-handler http://yourdomainname/pcgi-bin/php-handler.cgi

For step-by-step instructions in the context of setting up a Wordpress blog, see the WordPress help file. We also provide help pages for Drupal 6 and Drupal 7.

session files

If you need to use PHP session files, you must take these steps to make it work properly and be secure.

You cannot store these files in a public area. You need to define the session directory to be under your web space and read/write only to your username. Also, note that /tmp is unique to each of the two web servers, so a session file written on one will not be seen on the other.
You must use the CGI version. The apache mod_php version runs as the user of the web server which makes it possible for another customer to view your session files. (The likeliest scenario for this is if a malicious person breaks into another site.) This also gets around safe mode restrictions.

virtual server

People who need it to "just work" and specifically need mod_php need their own server. This need not be an actual dedicated machine, as the virtual add-on will provide exactly this functionality. For such users, we can optionally have the web server run as their username and/or turn off safe mode.

For reference material about PHP, please visit PHP's home page.