Customizing PHP

Here we will learn some common ways of customizing PHP.

Customizing PHP involves the following steps.
1) Changing the name of per-directory configuration files for users
2) Parsing PHP files with custom extensions
3) Displaying source of a PHP file instead of parsing it
4) Setting custom PHP configurations for a specific Host or Path
5) Changing the maximum size of uploaded file




1) Changing the name of per-directory configuration file
PHP provides a per-directory configuration file named .user.ini. This file is equivalent to the .htaccess file used by Apache HTTP Server. But webhosting companies usually have this file named as php.ini. So most of the end users will first try their luck with php.ini. To change the default value .user.ini to php.ini, perform the following steps.
NOTE: Per-directory configuration files.
• Are only processed by CGI/FastCGI SAPI.
• Are scanned in each directory, if a PHP file is requested; starting with the directory of requested PHP file, working it’s way upto the directory defined by DocumentRoot. In case the PHP file is outside the directory defined by DocumentRoot, only its directory is scanned.
• Have the directives placed in it recognized, only if the directive has mode PHP_INI_PERDIR or PHP_INI_USER.
   View the complete list of php.ini directives.
• Obsoletes the PECL htscanner extension for PHP.

Open the configuration file and look for the line containing the directive user_ini.filename. Change the value of this directive from .user.ini to php.ini. And uncomment the line. Now it must look as shown below.

user_ini.filename = "php.ini"

Save and close the file.


Restart the apache service gracefully.

# service apache graceful




2) Parsing PHP files with custom extensions
Suppose we want Apache HTTP Server to recognize PHP files with custom extensions. For example we have files with extensions .php, .php2, .php3, .php4, .php5, .php6 and .phtml. And we want Apache HTTP Server to parse all of them.

Open Apache HTTP Server‘s main configuration file httpd.conf.

We must us tell Apache HTTP Server, how to parse these PHP files. The straightforward way is to add PHP as a file type under mime_module section, using AddType or AddHandler directives. But this can give rise to a security issue. Because PHP files are executable, an attacker can upload a file like filename.php.jpg, rename it to .php and execute it.
So we must tell Apache HTTP Server to parse PHP files based on file type. Add the following contents to httpd.conf file.

<FilesMatch ".ph(p[2-6]?|tml$">
SetHandler application/x-httpd-php
</FilesMatch>

Save and close the file.


Restart the apache service gracefully.

# service apache graceful




3) Displaying source of a PHP file instead of parsing it
NOTE:
• PHP source files should have .phps extension to differentiate them from normal PHP files.
• Allowing everyone to view the source of your PHP files is not a good thing. Do it only if you know what you are doing.
When a Web server receives a PHP file, the PHP handler executes any PHP commands defined in the PHP file and gives the output to user. So we will never see the code behind a PHP file. Suppose we want someone to view the source of a PHP file with syntax highlight enabled, perform the below steps.

Open Apache HTTP Server‘s main configuration file httpd.conf. Let us tell Apache HTTP Server to parse PHP source files based on file type. Add the following contents to httpd.conf file.

<FilesMatch ".php$">
SetHandler application/x-httpd-php-source
</FilesMatch>

Save and close the file.


Restart the apache service gracefully.

# service apache graceful




4) Setting custom PHP configurations for a specific Host or Path
NOTE:
View the complete list of php.ini directives.
• Directives intended for php.ini only cannot be changed using the described method.

Suppose want to set custom PHP configurations for one or more slected Hosts/Paths, due to any of the following reasons.
• The intended PHP directive has a mode other than PHP_INI_PERDIR or PHP_INI_USER.
• We need to implement certain restrictions/freedom without bothering the user.
Perform the following steps to do so.

Custom PHP configurations for a specific Host
Suppose we want to increase the memory limit of a host example.com from the default value of 128M to 150M. Open PHP‘s main configuration file php.ini. Add the following content.

[HOST=example.com]
memory_limit = 150M

Save and close the file.

Restart the apache service gracefully.

# service apache graceful


Custom PHP configurations for a specific Path
Suppose we want to increase the memory limit for a subdirectory under the public_html directory of user user1, from the default value of 128M to 150M. Open PHP‘s main configuration file php.ini. Add the following content.

[PATH=/home/user1/public_html/dir1/file1.php]
memory_limit = 150M

Save and close the file.

Restart the apache service gracefully.

# service apache graceful





5) Changing the maximum size of uploaded file
The maximum size of an uploaded file is determined by both the configurations of Apache HTTP Server and PHP. To change the maximum size of an uploaded file, we must configure the following directives according to our needs.

  PHP directives
  Apache HTTP directives


PHP Directives
upload_max_filesize
Directive mode: PHP_INI_PERDIR
Development Value: 2M
Production Value: 2M
Defines the maximum size of a single uploaded file. When an integer is used, the value is measured in bytes

post_max_size
Directive mode: PHP_INI_PERDIR
Development Value: 8M
Production Value: 8M
Defines the maximum size for post data allowed. This potentially includes multiple uploaded files.
Value of post_max_size must be smaller than value of memory_limit. To upload large files, this value must be greater than upload_max_filesize. Typically it is set to 400% larger of upload_max_size. However if there are x files uploaded simultaneously, each y M in size, then post_max_size should be larger than x*y M. When an integer is used, the value is measured in bytes.

memory_limit
Directive mode: PHP_INI_ALL
Development Value: 128M
Production Value: 128M
Defines the maximum amount of memory a script may consume. This helps prevent poorly written scripts from tying up the server. When a script execution time exceeded this limit, the server stops the scripts or gives fatal error. For uploading to work, memory_limit must be larger than post_max_size. To have No Memory Limit, set this directive to -1. When an integer is used, the value is measured in bytes.

max_execution_time
Directive mode: PHP_INI_ALL
Development Value: 30
Production Value: 30
Defines the maximum time a script is allowed to run before it is terminated by the parser. This is not affected by System Calls, Stream Operations etc. This helps prevent poorly written scripts from tying up the server. When a script execution time exceeded by this limit, the server stops the scripts or gives fatal error.

max_input_time
Directive mode: PHP_INI_PERDIR
Development Value: 60
Production Value: 60
Default value is 60. The value is measured in seconds.
It defines the maximum time in seconds a script is allowed to parse input data, like POST and GET. It is measured from the moment of receiving all data on the server to the start of script execution.

file_uploads
Directive mode: PHP_INI_SYSTEM
Development Value: On
Production Value: On
Determines whether or not to allow HTTP file uploads.

max_file_uploads
Directive mode: PHP_INI_SYSTEM
Development Value: 20
Production Value: 20
Determines the maximum number of files allowed to be uploaded simultaneously.

upload_tmp_dir
Directive mode: PHP_INI_SYSTEM
This value is not set, which causes the PHP to use the system’s default temporary directory. If the directory specified here is not writable, PHP falls back to the system default temporary directory. If directive open_basedir is On, then the system default directory must be allowed for an upload to succeed.


Apache HTTP Server directives
Timeout
SYNTAX: TimeOut seconds
CONTEXT: server config, virtual host
Default value is 60. The value is measured in seconds.
Provided by core module. It defines the amount of time the server will wait for the following events before failing a request.
• When reading data from the client, the length of time to wait for a TCP packet to arrive if the read buffer is empty.
• When writing data to the client, the length of time to wait for an acknowledgement of a packet if the send buffer is full.
• In mod_cgi.so, the length of time to wait for output from a CGI script.
• In mod_ext_filter.so, the length of time to wait for output from a filtering process.
• In mod_proxy.so, the default timeout value if ProxyTimeout is not configured.

LimitRequestBody
SYNTAX: LimitRequestBody bytes
CONTEXT: server config, virtual host, directory, .htaccess
Default value is 0, which means unlimited. Minimum value is 0 and maximum value is 2147483647(2GB). The value is measured in bytes.
Provided by core module. It specifies the number of bytes that are allowed in an HTTP request message body. If the client request exceeds that limit, the server will return an error response instead of servicing the request.
The size of a normal request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. CGI scripts typically use the message body for retrieving form information. Implementations of the PUT method will require a value at least as large as any representation that the server wishes to accept for that resource. When the module mod_proxy.so is used, this directive only applies to request bodies that the server will spool to disk.
This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

 

 

 

After customizing PHP, you may go to the following section.
Installing phpMyAdmin