I am trying to set the include_path specifically for a given script in a given configuration.
Per Directory Values would be ideally suited for the task, so I am trying this:
[HKEY_LOCAL_MACHINE\SOFTWARE\PHP\Per Directory Values\c\phpDevScripts]
"include_path"="c:\\path\\to\\dev\\lib"
It doesn’t seem to work for CLI scripts but the docs say nothing about this.
Quoted from the "User Contributed Notes":
Being able to put php directives in httpd.conf and have them work on a per-directory or per-vitual host basis is just great. Now there's
another aspect which might be worth being aware of:
A php.ini directive put into your apache conf file applies to php when
it runs as an apache module (i.e. in a web page), but NOT when it runs
as CLI (command-line interface).
Such feature that might be unwanted by an unhappy few, but I guess
most will find it useful. As far as I'm concerned, I'm really happy
that I can use open_basedir in my httpd.conf file, and it restricts
the access of web users and sub-admins of my domain, but it does NOT
restrict my own command-line php scripts..
Related
Working with WordPress, I often come across the same issue where hosting companies set the initial PHP settings for things like upload_max_filesize and max_execution_time to very low values. This becomes an issue when trying to import large demo content or migrate data from another server. I'm trying to find a way around it using only a PHP script (no FTP access, can't recompile PHP etc...). How can this be accomplished?
Here are a few things to consider:
Using ini_set() only works for certain directive, which makes it useless in my case.
Creating a php.ini or php5.ini file in the root of WordPress only works if PHP is set to scan this directory for additional ini files, which is rarely the case.
Modifying the .htaccess file is an excellent way to achieve this, however, if PHP is run in "CGI mode" and not as an Apache module, this won't work.
Is there a solution that can work regardless of the host's settings? Is there a way to force PHP to scan an additional directory for php.ini files?
I'm almost sure that PHP is always able to go anywhere on the server and do anything with any files but I'm wondering if there's a way to restrict it to work only in one folder and what would be requirements?
I mean I've got let's say 50 WordPress installations, 50 folders. If a virus from untrusted plugin affects only 1 installation - it instantly goes to 49 other, too (because PHP can scan all the directories on server).
Is there any way to prevent that? If virus breaks into 1 installation of WordPress - I want it to stay only there.
My hosting provider said it's not possible without buying another server. What is your opinion?
With php-fpm you can chroot php workers (for absolute separation) and give every php application its own user and php configuration (timeouts, memory limits, etc.). You don't have to use chroot to have unique users. With simple file permissions you can make the webroots unreadable to anyone not the dedicated user for that webroot. Also this is not specific to Apache, works any other webserver that supports fastcgi.
A little easier to set up way could be relaying on php's open_basedir (there's a dispute of how secure open_basedir is since php's developers frequently fixes bugs related to this feature)
You can install suEXEC and run PHP in FastCGI mode. With this configuration you are allowed to run the PHP instances under different users.
I didn't try this tutorial myself but it looks good to me: How to set up PHP FastCGI with suEXEC on Debian
I recently purchased domain name and hosting from "www.domain.com". My hosting is "Linux Hosting". I prepared a web site with PHP. While I was looking hosting features, there was PHP5 support. After that, in web site configuration, I noticed that PHP5 support is only avaible as a cgi application. Up till now, I didn't know what cgi is. I researched a bit. I noticed that there is a directory called cgi-bin. I put my php files in it but gave internal server error.
But in cgi-bin directory, .cgi extensions work. when I looked from Internet, I understood that there must add some handler into .htaccess or into httpd.conf. I am not authoritized to access these files but I can add some handler from "web site configuration" in my hosting.
Iknow I am doing something wrong but I don't know what it is. Thanks...
CGI means that PHP is configured to run as a separate process from your web server (apache usually), as opposed to the module of the web server.
You should be able to simply place the php file at your web root (usually in /var/www), navigate to the file in your browser, and it should all work.
Also, make sure you check your apache logs, in /var/log/
Search the hosting documation. I bet you will need to add #!/path/to/php at the first line of your scripts.
I am coding in PHP on Apache, and I have access to two main areas on the Unix server. I have a personal directory and I have a project directory. I noticed that in the project directory there is a extension/module that I have access to automatically which I don't have in my personal directory (I can see it listed in phpinfo()).
So I'm guessing that the server admins set it up this way because most users wouldn't require this extension in their personal area, but I do.
I have looked through several base level .htaccess files and conf files, but can't seem to find the point that this extension is being initialized for the project area. Is there a way via PHP for me to list not only all the loaded extensions but at what point they are loaded?
I can think of 2 ways for loading extensions
through php.ini with the extension/zend_extension directories. Note that this would not work with user.ini files (per directory configuration)
through the combined usage of auto_prepend_file INI setting and the dl() function. The latter can load extensions dynamically. And auto_prepend can be used to make the PHP interpreter run any code before yours runs. But dl() has been deprecated in PHP 5.3 and will be completely gone in PHP6.
And if all else fails - why don't you ask your server admins?
Is there a way via PHP for me to list
not only all the loaded extensions but
at what point they are loaded?
No. Ask server admin.
My school internal webserver is still running PHP v4.. (Not sure exactly). I went ahead and wrote all the labs and assignments on my local machine, which is running 5.2.5. Now, none of my code works on the school machine because the functionality simply is not there.
I have access to a slew of compilers, and have downloaded the PHP v5.2.9 source code, and am going to compile it for use as a CGI.
My problem? The school has disabled .htaccess files for our accounts, and thus I can't magically redirect all requests to go through my brand new v5.2.9 install.
Does anyone have any ideas, suggestions, hacks, or workarounds to get all requests to go to my cgi version rather than the mod_php version? Is there any way to do this with 301 redirects or something?
Thanks a ton.
See if you have a /cgi-bin directory in your web root. Even if it's not there, try creating it and putting your scripts there. Many web servers will by default assume that files in that directory are scripts.
Additionally, you will want to try:
Renaming your scripts with a .cgi extension
Putting a "shebang line" at the top to indicate what interpreter to use. For example:
#!/path/to/php5
Note that it has to be the first line with no spaces.
You can do the redirect with… PHP4. Use the header function. Or you can execute your CGI from a PHP4 script using passthru.