Using PHP on NCSU Webservers
This document describes how PHP service is setup on NCSU OIT-supported webservers. Campus web developers will learn how to request PHP service for their website, how to maintain AFS permissions for the security of their scripts, what PHP options are available, and what additional help is available.
PHP is a programming language that is used to embed CGI-like dynamic code into HTML-like pages. PHP is often used to handle forms, to dynamically adapt a page to the users browser, and to provide an HTML font-end to database information.
NCSU OIT maintains all of its webservers in pools. Each server machine answers to a number of different domains. Multiple identical servers are pooled together using the Resonate software. When a web request comes in, Resonate chooses the server that has the least load on it, and sends the request along to that machine.
PHP service is available on any of the OIT-run campus webservers, except, it is not availble on the www4.ncsu.edu user server or the WolfWare courses servers. If OIT is hosting your website, you can send an email to firstname.lastname@example.org asking that we enable PHP on your domain. Be sure to send us the URL of the website that you want enabled.
Once we get your request, we will add your domain to the PHP-enabled pool of servers. You will need to make sure that any PHP files you create have a ".php" extension on the filename so that Apache will process them correctly. Any file without the ".php" extension will be treated as a static page and your code will not be run.
We will also add you to the campus PHP users mailing list, as described later in this document.
This section assumes that you are familiar with setting AFS permissions in a unix environment. If you need help getting this setup, please contact email@example.com.
In order for any webserver to read or write to one of your directories, it must first be given those permissions in AFS. To facilitate this, we have created PTS groups for each of our webserver pools. The most commonly used groups are:
We generally recommend that people do not use the system:anyuser group to give access to their web files. Doing so allows anyone in the world to read your raw files, which could be a security or privacy risk. Also, some people will give system:authuser access instead. In practice, this is only barely more secure than using system:anyuser and it doesn't give the necessary access to the servers anyway.
If your directory contains only static page and/or images, you should give www:servers read access to that directory:
fs sa /afs/unity/your/directory www:servers read
If your directory contains only PHP documents or support files, you should give www:servers.php read access to that directory:
fs sa /afs/unity/your/directory www:servers.php read
or if you have to write or modify files from your PHP scripts, use:
fs sa /afs/unity/your/directory www:servers.php write
If you have a directory with both static and PHP files, you need only set the www:servers read permission, unless you are also writing files. However, if any of your scripts contain sensitive information like database passwords, we strongly recommend that you keep them in a separate directory that cannot be accessed by the www:servers group. This will prevent someone from being able to use the static servers to read your source code and learn those passwords.
As an additional security measure, we have configured the static webservers to refuse to serve any files that end in the .php or .inc extensions. This should prevent a user from being able to read your PHP source code from the wrong server, but it is not as good a security measure as setting the AFS permissions correctly as described above.
Some existing PHP programs are written to use the short-form of the PHP tag to indicate code segments, like this:
<? php_code_here ?>Unfortunately, this tag is also used in other related markup languages, including XML. To prevent a potential confusion, we have configured our servers to require that you use the full PHP tags, like this:
<?php php_code_here ?>
If you are trying to use an existing program with the short form of the tags, you will need to convert the tags to the long form. This should be easy to do using a global search and replace in your editor.
By default, our servers do not support the automatic use of an index.php file when a directory is requested in a URL. For example, if a request for http://www.ncsu.edu/myproject/ is given, the server will look for a file named index.html to display, but it will not look for index.php.
You can tell the servers to use a different file as the default index page. You need to create a file in your directory named .htaccess and add a line like this:
DirectoryIndex index.php index.html index.htmThis tells the server to look for index.php first, then index.html and finally index.htm whenever this directory is requested without a specific filename.
Our PHP servers are currently running PHP 5.2.6 with the following optional packages:
If you need any other optional packages, please let us know and we will consider adding them to the server.
OIT will be happy to provide whatever help we can with regards to server problems when running PHP codes. This includes getting database connectivity, resolving permissions problems, and such. Send these questions to firstname.lastname@example.org for help.
We do not have the expertise to help you with learning PHP programming, however. We recommend that you pick up a good book on PHP programming, and or consult one of the many online websites dedicated to PHP. www.php.net is a good place to get started.
We a mailing list for the NCSU web developers community. We will use this list to announce changes to our service. It is also our hope that this list will become a place where users can share their experiences with using PHP and help each other resolve problems.
To subscribe to the list, send an email to email@example.com. In the body of the message, put the line:
The majordomo server will ask you to confirm your subscription, and then you will be subscribed to the list. Questions or discussion on the list should be addressed to: firstname.lastname@example.org.