PHP on pages.stern.nyu.edu

Hypertext PreProcessor (PHP) - PHP is a general purpose scripting language used to create dynamic, database-driven websites.

Stern's PHP environment - You can learn about Stern's PHP environment by going to http://pages.stern.nyu.edu/test/php/test.php or by adding this tag to a PHP script: "phpinfo();"
PHP is installed as a compiled Apache module not as a CGI - This was done to prevent certain types of attacks which are specific to PHP when installed as a CGI.
The PHP CLI (command line interface) is not available at this time. - This is because we do not allow logins on web servers for security purposes. In addition, the current Unix terminal server available for users to login to is not suitable for a PHP installation compatible with the web server (ex. PHP scripts run via the CLI on sales would yield different results than what would actually happen when the same script was run on the web server). In the future, we hope to rebuild the current Unix terminal servers which will allow logins with the same PHP environment as the one on the web servers so users can use the PHP CLI.
".inc" files are not viewable - The web server is configured to not display files with a ".inc" extension. These files are usually used in PHP scripts to store sensative data, thus PHP scripts may use them but they are not viewable by themselves via a web browser.
safe_mode = On - This is an attempt to solve the shared-server security problem. Thus, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function (ex. "readfile('mydata.txt');")
(ex. if the PHP script myscript.php is owned by xyz123 and it reads a file called mydata.txt, then mydata.txt must also be owned by xyz123)
Files owned by others (ex. apache, www, covuser) will not be usable.
- To check ownership run the following command: "ls -l mydata.txt"
- To change ownership run the following command: "chown xyz123 mydata.txt" (where xyz123 is your Stern username and mydata.txt is the path and name of the file you need to change ownership on)
register_globals = Off - When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from HTML forms. When coupled with the fact that PHP doesn't require variable initialization, the result is insecure code. It was a difficult decision, but the PHP community decided to disable this directive by default as a standard security measure. When on, people use variables without knowing for sure where they come from and internal variables, (i.e. those defined in the script itself) get mixed up with requests for data sent by users. Disabling register_globals prevents these problems.
display_errors = Off & html_errors = Off - With these directives set to off, errors that occur during the execution of scripts will no longer be displayed as a part of the script output, and thus, will no longer be exposed to remote users. With some errors, the error message content may expose information about your script, web server, or database server that may be exploitable for hacking. Turning off display of error messages is a further security measure.
log_errors = On - Any errors that occur during the execution of your script will be logged to the server's error log (which is available to Stern users only and has its access logged). Along with setting display_errors turned off, this setup gives you the ability to fully understand what may have gone wrong, without exposing any sensitive information to unknown users.
track_errors = On - This sets the variable $php_errormsg to the most recent error message to aid the debugging of PHP scripts.
show_source(), highlight_string(), highlight_file(), error_reporting(), zend_printf(), & zend_error() - are functions which are useful in displaying information used to debug PHP scripts. Additional information on these functions can be found by searching the PHP Manual - http://www.php.net/manual/en/index.php
IDEs (Integrated Development Environment) & Debuggers
- Commercial
- Free
  - VI / VIM (IDE ONLY) - http://www.vim.org/
    Note: this can be installed on the local PC or run from a terminal session; both ways provide syntex highlighting
  - EMACS (IDE ONLY) - http://www.gnu.org/software/emacs/emacs.html
    Note: this can be installed on the local PC or run from a terminal session; both ways provide syntex highlighting
  - PHP DBG - http://dd.cron.ru/dbg/
  - Advanced PHP Debugger - http://pecl.php.net/package/apd
  - Xdebug extension for PHP - http://www.xdebug.org/index.php
PHP Projects, Extensions, & Applications Repositories
For additional information on various PHP issues see the following links: