Week 11

Updated on 28 Dec 2018

Configuring php.ini

Whether you install PHP and Apache yourself or whether you use a shared web host, the php.ini file will affect how you write your scripts. On your local machine you’ll have access to configure the initialization file for your specific requirements, however this won’t be the case on a shared web-host.

In this lecture we will take a detailed look into some of the recommended settings for the PHP initialization file and what it means to you when you write your code.

descriptor setting
short_open_tag On,Off

If setting is on, php will recognize the short hand version <? to start a php script. If setting is off, you will need to use <?php to start a php script.

short_open_tag = Off

Questions:

  • What disadvantage is there if this setting is On?
  • How could you construct your code so that it would not be affected by this setting? (either on or off)?
descriptor setting
register_globals On,Off

If setting is on, you will be able to access super-global arrays as if you had declared a normal variable (eg $PHP_SELF). If setting is Off, then you will have to use $_POST, $_GET, $_SERVER etc to access the super-global variables (eg $_SERVER[‘PHP_SELF’]).

register_globals = Off

Our server has register globals OFF

Some web hosts will have the register globals setting on, allowing you to access super-global arrays as if they were normal variables. The original purpose for register globals was to make PHP programming easier for newbies. For example, instead of having to use this type of code ($_POST[‘first_name’]) to access a submitted form element, you could use $first_name instead.

Question:

  • What sort of problems could arise if register_globals were on?
descriptor setting
display_errors On,Off

If setting is on, PHP error messages will be displayed onto the browser. If the setting is Off, then no messages will be displayed onto the browser

display_errors = On

display_errors is very useful to have On. This setting is switched on for this unit; and you could imagine the difficulties you would encounter if it were off and no error message(s) were displayed! The only indication you would have of an error is a blank page!

display_errors is also used in conjunction with the error_reporting property. error_reporting allows you to specify the ‘types’ of errors or notices (warnings) that are displayed. Here are some of the settings available for error_reporting.

  • E_ALL - All errors and warnings
  • E_ERROR - fatal run-time errors
  • E_WARNING - run-time warnings (non-fatal errors)
  • E_PARSE - compile-time parse errors

error_reporting = E_ALL is used for this unit. It is also possible to specify error reporting for HTML errors, however it is not normally used. The php.ini file also has settings for logging errors if needed.

Questions:

  • It is usually recommended to have display_errors off for your production website. What is the reason for this?
  • What benefits are there for logging errors?

Directories

Another area of the php.ini file that is important is the Paths and Directories section. This section allows you to specify the PHP include path and extension path. The include path is the path where PHP is installed, and the extension path is where the extensions are installed. One of the most popular extensions used in PHP is the MySQL extension.

On your local machine with PHP (version 5) installed on the C drive (under a folder called php5), you would most likely have these settings:

include_path = ".;c:\php5"
extension_dir = "c:\php5\ext"

File Uploads

If you’re going to build a website that allows file uploads, then the File Uploads section in the php.ini file will be very important to you. In this section you specify the temporary upload directory, maximum file size and whether or not you’ll allow file uploads.

On my local machine, I have these settings.

file_uploads = On
upload_tmp_dir = c:\php5\upload_temp_bk
upload_max_filesize = 2M

Question:

  • What is the significance of the directory name that I’ve chosen?

Dynamic Extensions

This section is important for specifying which PHP extensions you want loaded. A popular extension to have loaded is MySQL. Other extensions include support for Java, LDAP, open_ssl, imap and a number of other vendor database connections such as Oracle, Sybase, dBase and MSSQL.

Questions:

  • What is imap?
  • What is Java, LDAP and why might they be useful in a PHP script?

Sessions

If sessions are stored on the server, then it’s important to tell PHP the location of where you want to store session data. On my local computer, this is the sort of information I have for sessions in the php.ini file.

session.save_path ="c:/php5/sessionData_bk"
session.name = PHPSESSID
session.cookie_lifetime = 0

The values for session.name and session.cookie_lifetime are still the default when PHP was first installed. I’ve mentioned them here because you might want to change their default values.

Questions:

  • What would cookie_lifetime = 0 mean?
  • What is the value of session.name used for?

Over-riding php.ini

Over-riding the settings from the php.ini file can be done via your PHP scripts as they are being executed. Over-riding php.ini settings is usually only necessary if you don’t have access to the php.ini file (like a shared web-host environment) or this particular web-page / site needs a different setting from what had been specified in the initialization file.

In the PHP manual, under PHP Options&Information is a detailed list of many functions at your disposal for retrieving information on configuration settings, and altering those settings if needed.

Some of the more popular functions used in this section are listed below.

  • ini_get
  • ini_set
  • get_magic_quotes_gpc
  • phpinfo

When I was revising these lecture notes I came across a new setting that I hadn’t seen before. It is a scream setting (enabled on or off), and I leave it to you to find out what this intriguing setting is used for.

Questions:

  • What do you suppose the phpinfo() function does?
  • What other ‘options’ functions would be useful?

Examples

ini_set('session.save_path', 
        $_SERVER['DOCUMENT_ROOT'] . '/../sessions');

ini_set('session.cookie_lifetime', 0);

In some cases there are functions available to check or modify specific PHP initialization settings. In other cases the only way to retrieve or modify a value is via ini_get or ini_set functions.

Main Apache Configuration

Warning: These notes are written for Apache 2.2, and may not be suitable for the latest versions of Apache.

Apache is the web-server software that is responsible for serving web-pages to the user. As previously discussed in lecture 1, the browser requests a web-page from a server and the server either returns that page or in the case of PHP, generates the page and returns it.

Apache is a powerful and complex application, and just like PHP, comes with its own configuration file. In fact it comes with 12 configuration files, and we’re going to look at 2 of them. The main configuration file, and the virtual hosts configuration file which is found in the extras folder.

First, let’s look at the main configuration file, and some of the necessary things that are required for a basic web-server and for PHP to be up and running. Please note that this is not an exhaustive list, and where I have left anything out, the default setting should suffice.

descriptor meaning
Listen Allows you to bind Apache to specific IP addresses and/or ports, instead of the default. For a localhost this can be important if you are running IIS as well as Apache.

Example

listen 80
listen 8080

The web-browser listens on port 80 by default. You can serve web-pages over another port if you want, but it means that you need to navigate to your web-page as follows:

http://localhost/mypage.php:8080

descriptor meaning
LoadModule To be able to use the functionality of a module which was built as an external library (DLL / DSO). PHP module in Apache is an external library, so it needs to be added to the DSO section.

Example

LoadModule php5_module 'c:/php5/php5apache2_2.dll'
descriptor meaning
PHPIniDir A non native Apache setting, but one that can be used by the PHP module to determine where the php.ini file is located.

Example

PHPIniDir "C:/php5"
descriptor meaning
<IfModule mime_module> A setting tag that is used to tell Apache how to send certain files based on their file extensions. A web-browser needs to know what type of file it is receiving so that it knows how to handle it. The PHP extension is not native in Apache so it needs to be added.

Example

AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .php

If you installed PHP via an all-in-one installer, then these setting will be made automatically for you by the installer. If you install PHP and Apache separately, then you will need to make these changes manually.

The main Apache configuration file affects the entire server. This is good in the case of running PHP as a module of Apache where we want all hosts to have PHP functionality. However, when it comes to a specific host, we want our settings to affect only that host.

To enable virtual hosts we just need to uncomment the virtual hosts Include line as I have done in the example below.

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

What this command does is include the virtual hosts configuration file, and process the directives inside that.

Questions:

  • The addType added .php and .phps. What is .phps?
  • What innovative uses could we use a port number for? (it may be more apparent when we look at virtual hosts)
  • If you upgraded PHP manually, what settings would you need to change?

Virtual Host Configuration

A virtual host is basically a single IP address holding many domain names. Your computer has a ‘localhost’ with an IP address of 127.0.0.1. These settings can be found in a file called hosts (no extension) in the C:\Windows\System32\drivers\etc directory (/etc/hosts on Linux).

If you open this file up you should see the following entry.

127.0.0.1       localhost

This file is where you can add other virtual hosts, and I’ve done just that by adding applications and manuals as virtual hosts as shown below.

127.0.0.1       localhost
127.0.0.1       applications
127.0.0.1       manuals

applications, manuals and localhost will start to make sense when we look at the configuration options available for our hosts.

Below are the configuration settings that I have in the virtual hosts file for the localhost.

<VirtualHost *:80>
    ServerAdmin admin@localhost
    DocumentRoot "D:/programming/web/localhost/www"
    ServerName localhost
    ErrorLog "logs/localhost-error.log"
    CustomLog "logs/localhost-access.log" common

    <Directory "D:/programming/web/localhost/www">
        Order allow,deny
        Allow from 127.0.0.1
    </Directory>

    <IfModule dir_module>
        DirectoryIndex index.html index.php
    </IfModule>
</VirtualHost>

Let’s have a look at what some of these settings mean.

descriptor meaning
DocumentRoot The directory out of which you will serve your documents. By default, all requests are taken from this directory.

The DocumentRoot is the folder / directory that corresponds with the URL of http://localhost. So with the example above, when I navigate to http://localhost/mypage.php, the web-server is retrieving mypage.php from the directory location of D:/programming/web/localhost/www.

descriptor meaning
<Directory ...> The directory settings for the specific directory. You will need at least one of these settings to correspond with your DocumentRoot to allow users access to that directory. In this example they are only allowed to access from the localhost (127.0.0.1).

In this setting the order is allow and then deny. Therefore the user is allowed access to this directory, but only from the IP address supplied. |

descriptor meaning
<IfModule dir_module> The directoryIndex property instructs Apache what to do if the user specifies a folder but no file. In this example, Apache will first search for index.html and display that if found. If not found it moves to the next file, index.php, and renders that if found.

Setting up the other virtual hosts simply means copying the localhost settings and changing the relevant paths and files for that host.

A very interesting point to note is that nearly all of the Apache directives can reside inside your virtual host. Unfortunately you can only declare PHPIniDir once, and you can’t load a module more than once either; even if the module location is in a different directory.

Questions:

  • What are the ErrorLog and CustomLog setting?
  • In the dir_module, what happens if no file is specified and there is no index.html or index.php file?
  • What implications does the last paragraph have for those that what to run different versions of PHP for different virtual hosts?

Aliases

Aliases are very useful where you want to provide a short-cut URL to a web site or you want to upgrade to a new application version (like phpMyAdmin) without removing the older one in case something goes wrong.

Let’s have a look at the first part of our ‘applications’ virtual host…

<VirtualHost *:80>
    ServerAdmin admin@localhost
    DocumentRoot "D:/programming/web/applications/www"
    ServerName applications
    ErrorLog "logs/applications-error.log"
    CustomLog "logs/applications-access.log" common

    <Directory "D:/programming/web/applications/www">
        Order allow,deny
        Allow from all
    </Directory>

It follows the same syntax as the localhost entry except that we’ve changed a few parameter values. The servername is now applications; the same name as what was entered into the Window’s hosts file. The DocumentRoot points to a new folder, and we’ve got new log files for this host.

Let’s add an alias so that when we navigate to http://applications/phpMyAdmin we automatically go to the correct location of D:\programming\web\applications\www\phpMyAdmin-3.1.3

alias /phpMyAdmin "D:\programming\web\applications\www\phpMyAdmin-3.1.3"

So now we can navigate to this application by one of the following methods:

http://applications/phpMyAdmin-3.1.3
http://applications/phpMyAdmin

The cool thing with the alias is that we can add a newer version of phpMyAdmin and all we need to do to navigate to the latest version is update the alias. Much better than relying on users to update bookmarks!

Questions:

  • Can our alias point outside the DocumentRoot? If so, what other measures need to be taken?
  • Can you see how aliases can be used for versioning?