PHP, MySQL, JavaScript & HTML5 All-in-One For Dummies (2013)

Book VII: PHP and Templates

9781118213704-pp0701.eps

Chapter 1: Configuring PHP

In This Chapter

arrow.png Understanding the php.ini

arrow.png Understanding common changes in the php.ini

When PHP is installed, certain default settings are selected. These settings are based on widely used common values. For instance, the default PHP settings might display errors to the screen depending on the system. There are times when you might need to change these settings. To do so, you use the configuration file called php.ini. This chapter looks at the php.ini in more detail and shows some of the common configuration changes that you might perform on your system.

Understanding the php.ini

As discussed in Book I, Chapter 3, the behavior of PHP is controlled through an initialization file called php.ini. Settings such as how sessions are handled, how errors are displayed, and what modules are available are all controlled through the php.ini file.

The actual location of the php.ini file varies depending on the operating system and how PHP was installed. Refer to Book I, Chapter 3, for information on locating the php.ini or search your system for the file.

Working with the php.ini

The php.ini file is a plain text file and should be edited with a plain text editor such as Notepad, Textpad, or Vi.

tip.eps A good practice is to make a copy of the current php.ini before you start your edits. Doing so makes it easy to revert to the original copy if you discover your changes caused a problem.

When you make a change to the php.ini, you should reload the Apache web server in order to activate the changes.

Making changes outside of the php.ini

Changes you make to the php.ini apply globally, to all sites on a server. However, there are times when you want to apply a change either to a site or to an individual page. When this occurs, you have several options, two of which we discuss here.

Using .htaccess or Apache configuration

Some systems allow you to use an .htaccess file to set PHP options. Alternatively, if you control the server you can make a site-level change within the Apache VirtualHost container.

The php_value directive applies changes to the PHP configuration. For example, if you had a site that needed to upload large files, you could set the upload_max_filesize PHP directive like so:

php_value upload_max_filesize 100M

The directive won't be applied server-wide, but rather, only to the files or site to which the php_value directive applies. When you use an .htaccess file, the change is applied immediately. If you make the change in the Apache configuration file, then the Apache server needs to be reloaded for the change to take effect.

Making changes in PHP

PHP offers two configuration-related functions that are useful for this discussion: ini_get() and ini_set(). The ini_get() function retrieves the current value of a given configuration directive, and ini_set() sets the value. For example:

ini_set('upload_max_filesize','100M');

Understanding Common Configuration Changes

The remainder of this chapter looks at some common configuration changes that you might need for a server running PHP.

Changing session timeout

When you use sessions for your application, the data is typically stored in files on the server (though this too can be configured in the php.ini). Sessions are affected by a garbage collection process that cleans up any dead sessions, such as those that haven't been used for a certain number of minutes.

By default, the garbage collection process looks at sessions with a lifetime of 1,440 seconds. This means that the user needs to be idle for 1,440 seconds, and on the next attempt, his session may or may not be expired.

A common change is to that garbage collection process, typically to lengthen it. This change is typically implemented in the server-wide configuration but may apply at the site level too.

The php.ini setting to control this behavior is

session.gc_maxlifetime = 1440

Changing other session parameters

Numerous other parameters can be set to control how sessions behave. Things like where session files are saved on the server and whether they use cookies are available to be changed. Some of the more common changes include setting the domain for the session cookie and the name of the session.

Both of these are typically set at the site level. The default value for the cookie_domain is empty, as reflected here:

session.name = PHPSESSID

session.cookie_domain =

Disabling functions and classes

You can use the php.ini to disable built-in functions or classes. You might find that you don't want people using certain PHP functions or there might be a security vulnerability discovered in a certain function. In any event, you can disable the function or class using these directives:

disable_functions =

disable_classes =

Each function expects a comma-separated list of functions or classes to be disabled. For example, you might want to disable the exec() function. Listing 1-1 shows a simple PHP page to test this functionality.

Listing 1-1: A Simple PHP Page with exec()

<?php

$passwd = exec("ls -la /etc/passwd");

print "{$passwd}<br />\n";

?>

When viewed in a browser, the page looks like that in Figure 1-1.

9781118213704-fg070101.eps

Figure 1-1: Using the exec() function to view a file’s listing.

Changing the php.ini to disable that function means using this directive:

disable_functions = exec

Once Apache is restarted, the change will take effect. Reloading the page now results in the warning shown in Figure 1-2.

9781118213704-fg070102.eps

Figure 1-2: The exec() function has been disabled.

tip.eps If you're using a hosting provider, the exec() function may already be disabled. Also, you may not see the warning from Figure 1-2 if your PHP configuration doesn't display errors.

Changing error display

There are several configuration directives around the error display for PHP. For example, a development server would likely display errors at all times. This is set with the display_errors directive:

display_errors = On

A production server would likely never display errors to the user:

display_errors = Off

A related directive is the error_reporting directive. This complex directive informs PHP what to display for errors. You can configure PHP to report only errors that are fatal or you can display more minor errors like notices.

The error_reporting directive is somewhat complex. See http://php.net/error-reporting for more information if you need to change this directive.

Changing resource limits

There are times when you need to change the maximum file size allowed, for when the file is received through a form POST or uploaded directly or received in another way altogether. The upload_max_filesize directive sets the maximum file size that can be uploaded, while thepost_max_size directive sets the maximum size of a form POST. If you allow forms to upload files, chances are you need to change both directives.

Additionally, you may find that you need to change the memory limits imposed on a given PHP script or the execution time that a script runs. For example, if a user is uploading a large file, it may take several minutes. The memory_limit directive sets the amount of memory that can be used by a PHP program, and the max_execution_time directive sets how long a program can run.

You can change the maximum time for a script by changing the max_execution_time in the php.ini or by using the set_time_limit() function within an individual script. The set_time_limit() function is a common way to solve the problem of a long-running script while preserving the server-wide max_execution_time directive's value.