Eos, Engineering Computing at North Carolina State University

Implementing PHP and MySQL

PHP is the supported scripting language on Eos. It can be used for programming web sites that reside in /afs/eos/engrwww/ (see our list of hosted domains).

You embed PHP scripts inside HTML pages so your coding and HTML reside in the same file. You also name these files with .php extensions, rather than .htm or .html, and place them in your web locker. The server parses them for you automatically, so you do not have to compile anything or install extra tools.

See more benefits from What can PHP do?

PHP and Javascript

PHP is a very powerful language that can do many things with HTML. Clients do not have control over the execution of PHP scripts as they do with JavaScript. If a client has JavaScript turned off, important functions cannot execute. With PHP, they can. In contrast, JavaScript can trigger events within the browser window such at image rollovers and pop-up windows. PHP cannot do this, but it can dynamically generate JavaScript in HTML documents to do a wide variety of functions client-side.

PHP and Perl/CGI?

PHP has replaced Perl-based CGI scripting on our college web sites. Perl and CGI are no longer supported, and anything written in them must be converted to PHP if they are to continue being used.

Security risks are fewere with PHP and control from the server side greater. PHP's behavior can be highly customized, and with configuration directives on the server, we can enforce how much memory a script allocates, how long a script is allowed to execute, what native functions a script is allowed to call, etc.

PHP is generally considered stronger than Perl for database connections, and many users are beginning to hook databases into their sites. MySQL is the supported database in our web infrastructure.

Implementing PHP

Some restrictions exist on the use of PHP in college web space. Read the following very carefully before setting up your site for PHP. Contact ITECS if you have questions.

1. By default, PHP is not able to write files anywhere in your web locker, but you can request that a portion of a site be writable to PHP. It is recommended that you use a folder called _data for storing files with PHP. This ensures that the only way to access this data is controlled by the PHP scripts you write and local users with AFS access, not general web users. Once a PHP script has written a file in _data, other PHP scripts in your site can read and write to this file, see Guidelines for PHP Writeable Web Space.
2. Reading and writing into the file space is limited by the "open base dir = ./ " restriction, another way of saying that the files PHP scripts read and write must be located in the same directory or beneath the directory that contains the scripts that write to it. Your scripts cannot read or write to any directory above the directory that contains the PHP script.

   For example, if you follow "open base dir = ./ " rules:

   /afs/eos/engrwww/engr/news/locker/script.php

   
   can write to:

   
   /afs/eos/engrwww/engr/news/locker/log.txt

   /afs/eos/engrwww/engr/news/locker/_data/log.txt

   /afs/eos/engrwww/engr/news/locker/users/j/jdoe/log.txt

   
   but not:

   
   /afs/eos/engrwww/engr/

   /afs/eos/engrwww/engr/news/

   /afs/eos/engrwww/engr/news/other/

   Note that even if a file can be accessed following "open base dir = ./ " rules, it cannot be written to unless it is in a folder the web server has write access to (see 1 above).

3. Because of security concerns with private data on the web, our servers provide a mechanism to protect a portion of the site. Any folder (directory) called data or _data is blocked from being delivered directly to a browser by the server.  You will need to write a script to make PHP serve content out to the web. The PHP script you write, which is fairly simple and covered in most PHP books, takes requests for files, generates the proper http header, and sends the file.
4. Register Globals is turned off on college web servers. This helps prevent malicious users from setting the values of variables in PHP scripts to control or alter the way the script works. The Register Globals collapses all GET, POST, and Cookie data and "injects" it into the program. Many programs that rely on this feature contain bugs that can be exploited. Using the Super Globals is the new preferred method.
5. Additionally, some PHP functions have been disabled and will not operate when used witin scripts. The set of disabled functions includes:
   • dio_* (All direct I/O functions.)
   • dl
   • escapeshellarg
   • escapeshellcmd
   • exec
   • ini_alter
   • ini_set
   • openlog
   • passthru
   • popen
   • proc_* (All process functions.)
   • putenv
   • set_time_limit
   • shell_exec
   • socket_* (All low-level socket functions.)
   • syslog
   • system

PHP 301 Redirect

Permanent Page Redirection

There are several types of redirection and several means for implementing each of them. However, for
pages that have moved permanently, it’s best to use a status code 301 redirect. Using status code 301
will cause search engine robots to update their records and re‐index the page.

Here are the various status codes available for redirection:

Read more about redirection on Wikipedia.org: http://en.wikipedia.org/wiki/URL_redirection

Redirecting an Entire Site

Say your old site is:
http://oldsite.edu/e-week/

And you wanted to move to:
http://newsite.edu/students/e-week/

1. Move all of your files under oldsite.edu/e-week/ to their new location at newsite.edu/students/e-week/.
2. Remove oldsite.edu/e-week/ entirely. If it is a locker, you must submit a request to eoshelp@ncsu.edu to have it formally removed.
3. After the oldsite.edu/e-week/ directory has been removed, you need to create a file called "e-week.php" file in its place. Inside of e-week.php, you should place the following snippet of code:

<?PHP
Header("HTTP/1.1 301 Moved Permanently");
Header("Location: http://newsite.edu/students/e-week$_SERVER[PATH_INFO]");
exit;
?>

Redirecting a Single Page

Example:

Your old page was:
http://www.my-website.com/description.php

Your new page is:
http://www.my-website.com/about.php

To redirect all visitors (including search engines bots) from description.php to the new about.php, you will need to add this snippet at the top of your description.php file. As long as description.php exists with this snippet of code, it will automatically send visitors to about.php. Heres the PHP code you will need:

<?PHP
Header("HTTP/1.1 301 Moved Permanently");
Header("Location: http://www.my-website.com/about.php");
exit;
?>