Ravens PHP Scripts: Forums


View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> FAQ - PHP5 w/phpSuExec Conversion From PHP4
Was this helpful?
 100%  [ 1 ]
 0%  [ 0 ]
Total Votes : 1

Author Message
Site Admin/Owner

Joined: Aug 27, 2002
Posts: 17072

PostPosted: Tue Nov 27, 2007 9:43 am Reply with quote

To all clients:

As reported earlier to you, the PHP development Team will no longer be supporting PHP4 after June of 2008. PHP4 will have reached what's called End of Life (EOL). As a result, the Data Center Support is ceasing support as of January 1, 2008, except for serious security issues.

Effective 12/1/2007 all servers will be upgraded from PHP4 to PHP5 and PHP5 will become the DEFAULT version for all servers. You will still have access to PHP4 until June of 2008 by using an override directive in your .htaccess file (more about that later). In addition, to help strengthen security even more, php (both PHP4 and PHP5) will no longer be run as an Apache module. PHP will be run as a Common Gateway Interface (CGI) in order to allow the running of a product called phpSuExec. Please note that mosts ISP's and Host's either have or are in the process of doing these very same conversions.

phpSuExec, among other things, will allow PHP to run as the actual user account and not as user NOBODY. That basically means 2 things. Right now, for example, if someone hijacks your account by uploading a script without your knowledge and send out hundreds or thousands of emails it is almost impossible to discover which account has been hijacked because all accounts run as user NOBODY. But, with phpSuExec, we will know immediately who's account has been breached. Secondly, you may have some scripts that actually depend/expect user NOBODY. Those scripts will no longer work. In addition, no folders/files will be allowed to be world writable. In other words, no folder/file can have permission of 777/666. 775/664 is the highest it can go.

phpSuExec has another constraint. The Apache .htaccess file will no longer be allowed to make any PHP overrides using php_flag and/or php_value directives. Instead, each folder that is dependent on any php override directives will have to have its own php.ini file. For example, right now w/o phpSuExec you might have the following in your .htaccess file:
php_flag display_errors on
php_value output_buffering 4096

You will need to remove them from your .htaccess file and add it to a file called php.ini and rewrite the statements as a PHP configuration statement as in:
display_errors = on
output_buffering = 4096

There will be more information on the php.ini file that will be made available to you shortly. As I said above, effective 12/1, PHP5 will be the default version. To run PHP5 you will not have to make any changes other than what has been mentioned above. If you choose to continue to run PHP4 (bad idea) you will have to add this line of code to your .htaccess file:
AddHandler application/x-httpd-php4 .php .php4 .php3 .phtml

Keep in mind that PHP4 will also be running phpSuExec so you will still have the issue of moving the php directives from your .htaccess to your php.ini file.

One last VERY important point with phpSuExec. phpSuExec requires a php.ini file in every folder that needs it. Without phpSuExec you are using the Apache .htaccess file. .htaccess acts recursively in a folder. In other words all files and subfolders inherit the parent or top-level .htaccess. With phpSuExec you will need a separate php.ini folder for each affected folder. But, that does NOT mean that every folder has to have a php.ini file. If you are accessing a multilevel folder structure, something like module/public/images/startrek/clingons/language/males.php and you have need of special php directives for males.php then you only need the php.ini file (as) in module/public/images/startrek/clingons/language/php.ini .

I know there is much to digest in this announcement. There will be conversion forum topics w/i the next day or 2. But, I have covered basically everything you will need to know for those that like to go digging ahead of time.

To summarize:

- 12/1/2007 All servers converting from PHP4 to PHP5. PHP4 will not be removed from the servers until June of 2008 but it will not be supported.

- Both versions of PHP converting from Apache module to CGI mode

- phpSuExec will be installed all servers

- Folders/Files will not be allowed to be world writable

- PHP directives will no longer work in .htaccess file. If left in .htaccess the script will die with a 500 Internal Server Error.

- each folder that needs PHP directives will need to use a separate php.ini file in that folder.

- You will be able to continue to run PHP4 until June of 2008 by using an override Apache directive in your .htaccess file. PHP4 will then be removed from all servers.

- There will be conversion help available in the support forums shortly.

It is imperative that you check with your vendors of any third party applications that are critical to see if they are supported under PHP5 and phpSuExec.

On the day of conversion we will be supporting everyone as usual but we will be concentrating on sites which are down and/or broken.

As a user myself, this is my plan of attack for my sites prior to 12/1/2007:

1) Contact any vendors as to whether their scripts will run under PHP5 and if not I expect as a customer that they either fix it ASAP or provide to me the details on how to fix it myself.

2) Go through all my .htaccess files, remove all PHP directives, and put them in a php.ini file.

For more detailed information on php.ini settings please consult Only registered users can see links on this board! Get registered or login! There is also abundant and excellent material on the Internet by Googling for phpsuexec and/or converting to php5.
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> FAQ - PHP5 w/phpSuExec Conversion From PHP4

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
Forums ©