Using PHP on Panix

PHP is implemented on Panix in two different ways; as an Apache module and as a stand-alone executable.

As an Apache module, PHP runs from within the webserver. To use PHP in this way, you only need to name your files with the .php extension, and they are automatically parsed. However, PHP within Apache is run in safe mode, and there are many functions that are limited by safe mode. For more information, see the PHP Manual. For information on PHP as an Apache module at Panix, see the PHP Apache module info page.

As a stand-alone executable, you need to add the line "#!/usr/local/bin/php" to the beginning of the file and use the .cgi extension, just as you would with any other cgi script. The stand-alone version is not run in safe mode. For more information on the stand-alone version at Panix, see the PHP stand-alone info page.

If you need to use PHP session files, you must take these steps to make it work properly and be secure.

1. You cannot store these files in a public area. You need to define the session directory to be under your web space and read/write only to your username. Also, note that /tmp is unique to each of the two web servers, so a session file written on one will not be seen on the other.
2. You must use the CGI version. The apache mod_php version runs as the user of the web server which makes it possible for another customer to view your session files. (The likeliest scenario for this is if a malicious person breaks into another site.) This also gets around safe mode restrictions.

People who need it to "just work", or specifically need mod_php need their own server. This need not be an actual dedicated machine, as the virtual add-on will provide exactly this functionality. For such users, we can optionally have the web server run as their username and/or turn off safe mode.

For reference material about PHP, please visit PHP's homepage.
And also, a good resource site for PHP developers can be found here.

Return to Index

Last Modified Thursday, 21-Jun-2007 11:54:24 EDT