Tricks for servers running phpsuexec
When a php script requires write access to a
file or directory (like Nucleus does for the 'media'-directory if you
want to be able to upload pictures etc), you have to chmod that
directory (or file) to 777 (or 666 for files) on most servers. This
gives world write access to this folder (file). This is because on most
servers apache (and php) runs as user 'nobody'.
Although giving world write access will make it possible to use the
script, it also means a security hole, which can be used by hackers and
other riff-raff.
To avoid this security hole some ISP's install phpsuexec on their servers (like mine did a few days ago). Using phpsuexec php runs under your own username on the server. This removes the necessity to make files and folders world writable. Instead you can just use 755 for folders (the default) and 644 for files (also the default).
But using phpsuexec has some other consequences: some statements in your .htaccess file will result in an error 500 (internal server error). So here are the two problems of which i know, and how to solve them (btw: these problems are Apache specific, since IIS isn't ass advanced as Apache):
ForceType
When you are using files with (or without) an extension different then the normal extension for that filetype you can use ForceType
in your .htaccess file to make it clear to the server how to handle
that file (or all the files in the folder) (this works on servers without
phpsuexec).
An example: When you have a file called 'item' (like Nucleus uses for
FancyURL's) and want it to be parsed by the server as php you use the
following code in your .htaccess file:
<FilesMatch "^item$">
ForceType application/x-httpd-php
</FilesMatch>
However, when your server uses phpsuexec this will result in an internal server error. To solve this you can simply use SetHandler instead of ForceType, so your .htaccess-file becomes:
<FilesMatch "^item$">
SetHandler application/x-httpd-php
</FilesMatch>
php_value
On a server without phpsuexec it is possible to use the php_value
statement in a .htaccess-file to change settings of php (actually overwrite the settings
from php.ini). On a sever with phpsuexec this will also result in a
server error. To solve this you can use a php.ini file which you put in
the same folder as where you would have put your .htaccess file. In
that php.ini file you can change all the php values. You only have to
put the values you want to modify in that file. By example if you want
to set the short_open_tag to Off you would have used short_open_tag = off in your .htaccess file. Using a php.ini file this results in:
[PHP]
short_open_tag = Off
Comments
Peter Marquis-Kyle on 2004-11-10 10:47 reply
I am delighted to find this
I am delighted to find this page! At last, here are some clues how to fix my site. My web host suddenly introduced phpsuexec, which required me to remove some directives from my .htaccess file -- in particular, "AddType application/x-httpd-php .htm" -- which meant various bits of php not working.
Following your suggestion, and with my rudimentary understanding of regular expressions, I added this to the .htaccess file in my public_html directory:
<FilesMatch "\.htm$">
SetHandler application/x-httpd-php
</FilesMatch>
This worked for .htm files in that directory (that is, the php code in them was executed). But when I browsed to files in sub-directories I got 500 server errors.
Have you any suggestions for me, please? (I'm not a programmer, as you might have guessed).
TeRanEX on 2004-11-11 12:17 reply
Maybe try creating a
Maybe try creating a .htaccess file in every subdirectory? I only found this info by googling a bit, so i don't now much more about it...
Erik on 2005-03-01 15:49 reply
In a .htaccess I would this
In a .htaccess I would this piece of code (working :P)
php_flag short_open_tag Off
Comment Atom Feed