PHP, MySQL, php.ini and .htaccess info and tips
There are a few tricks you may want to know. Some of these may be
specific to BareMetal.
See this link if you need to install
your own PHP extensions (PEAR, PECL, etc).
The two most common settings that clients will want to change are
the "register_globals" and "allow_url_fopen" settings. For new
accounts both of these default to off. All new versions of php
default register_globals to off and we wanted to copy that. We have seen
several clients have their websites compromised by badly written PHP
code and the "magic" of allow_url_fopen, so we have set this to off.
register_globals = 0
allow_url_fopen = 0
Changing these is easy. You can place a file called php.ini the top
directory of your website containing the settings you want.
If you need to have different settings for different parts of your website,
then you need to use a ".htaccess" file to change the PHPRC environment
variable (and create a second php.ini file). (Please contact
support for help. We also need to re-map the path for the
PHP binary, otherwise the SetEnv doesn't apply.)
(Wondering what register_globals and allow_url_fopen are? register_globals
is covered at the PHP site
allow_url_fopen allows PHP to open http:// and ftp:// URLs the same way
it would normally open a file on the hard drive. In combination
with badly/insecurely initialized variables it can result in PHP running
code off an attackers website (very very bad news).
Zend Guard / Zend Optimizer for PHP
With version 5.3 of PHP, the Zend folks changed their obfuscation system.
Zend Guard works with version of php from 5.3.0 onwards. Zend Optimizer
works with php versions up to 5.2.17 . Unfortunately the encodings are
different and files encoded for Zend Optimizer are not runnable by Zend Guard
and vice versa.
To enable Zend Guard, add the following lines to your php.ini file:
To enable Zend Optimizer, add the following line to your php.ini file:
If you're still using an even older version of PHP (Update! even 5.2
is obsolete!), the previous lines to add were:
We generally support multiple versions of php. Contact to us for
more detail. Changing between them is just a tweak to
your .htaccess file. e.g.
AddType text/x-php54-parsed-html php
Not a lot to say here. Leave the "database host" field blank, or set it to localhost in your applications. If you need to connect to
your MySQL database from offsite, contact BareMetal support. Do the same if you need to create a new database.
We have a number of existing pages covering .htaccess files. The most commonly used .htaccess
page covers redirects, allowing and denying access, setting custom error messages, and changing the mime-types. Another page
describes how to include other pages and scripts in your files. (This can be a nice
way to do headings and footers.) The last page talks about some of the
variables (like the current time) that you can include in your pages.
Tips and Tricks
I can't remember what we wanted to put here right now. Send suggestions to firstname.lastname@example.org! :-)