cPanel Hosting Stuff

PHP SAFE MODE ON/OFF

The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren’t very realistic, many people, especially ISP’s, use safe mode for now.

The configuration directives that control safe mode are:

safe_mode = Off
open_basedir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions =

When safe_mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function. For example: -

rw-rw-r– 1 rasmus rasmus 33 Jul 1 19:20 script.php
-rw-r–r– 1 root root 1116 May 26 18:01 /etc/passwd

Running this script.php

<?php
readfile(’/etc/passwd’);
?>

results in this error when safe mode is enabled:

Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2

If instead of safe_mode, you set an open_basedir directory then all file operations will be limited to files under the specified directory

For example (Apache httpd.conf example):

<Directory /docroot>
php_admin_value open_basedir /docroot
</Directory>

If you run the same script.php with this open_basedir setting then this is the result:

Warning: open_basedir restriction in effect. File is in wrong directory in /docroot/script.php on line 2

You can also disable individual functions. Note that the disable_functions directive can not be used outside of the php.ini file which means that you cannot disable functions on a per-virtualhost or per-directory basis in your httpd.conf file.
If we add this to our php.ini file:

disable_functions readfile,system

Then we get this output:
Warning: readfile() has been disabled for security reasons in /docroot/script.php on line 2

PHP

Just click on this link http://www.php.net/usage.php

PHP

PHP- A New revolution in Server-side scripting

PHP (recursive acronym for “PHP: Hypertext Preprocessor”) is a widely-used Open Source general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Simple answer, but what does that mean? An example:

Example 1-1. An introductory example

<html>
<head>
<title>Example</title>
</head>
<body>

<?php
echo “Hi, I’m a PHP script!”;
?>

</body>
</html>

Notice how this is different from a script written in other languages like Perl or C — instead of writing a program with lots of commands to output HTML, you write an HTML script with some embedded code to do something (in this case, output some text). The PHP code is enclosed in special start and end tags that allow you to jump into and out of “PHP mode”.

What distinguishes PHP from something like client-side JavaScript is that the code is executed on the server. If you were to have a script similar to the above on your server, the client would receive the results of running that script, with no way of determining what the underlying code may be. You can even configure your web server to process all your HTML files with PHP, and then there’s really no way that users can tell what you have up your sleeve.

The best things in using PHP are that it is extremely simple for a newcomer, but offers many advanced features for a professional programmer. Don’t be afraid reading the long list of PHP’s features. You can jump in, in a short time, and start writing simple scripts in a few hours.

Although PHP’s development is focused on server-side scripting, you can do much more with it.

This is just an introduction to PHP. You can get more info from official site php.net

PHP

Return-path nobody bounced mail in PHP - Solution
Here is the implementation notes for those a little more challenged:

Open “WHM”
Under “Service Configuration” , click “Exim Configuration Editor”
Click “Switch to advanced mode”

In the first editable text box below
#!!# cPanel Exim 4 Config:

ADD:

local_from_check = false
untrusted_set_sender = root

In the textbox that follows (REWRITE CONFIGURATION)
begin rewrite:

ADD:

nobody@lsearch;/etc/localdomains “${if !eq {$header_From:}{}{$header_sender:$header_From:}fail}” Fs
cpanel@lsearch;/etc/localdomains “${if !eq {$header_From:}{}{$header_sender:$header_From:}fail}” Fs

Now Click Save, Exim will restart with the updated config

PHP

Generally we will encounter a problem like ?PHPSESSID= would appear in the URLs while users are browsing, like http://example.com/node?PHPSESSID=7dd1d5d1471fa8be2fea8f163cce3257.

This string is a Session ID at the PHP level.

Having the PHPSESSID in the URL is not only ugly, but also a security risk. If you visit a page from a certain web site that has PHPSESSID turned on, a malicious admin on the site you are visiting can gain your privileges on that certain site.

For these two reason, you do not want the PHPSESSID in your URLs.

Using .htaccess

You need to put the following two lines in the .htaccess file, if your PHP as an Apache module:

php_value session.use_only_cookies 1
php_value session.use_trans_sid 0

Using a local php.ini

To make things more complicated, some hosts use PHP as a CGI executable. Many use this as an suExec environment, such as that from suphp.org.

For PHP as CGI, you need to make the changes in a file called php.ini that has a slightly different format. The above parameters would look like this:

session.use_only_cookies = 1
session.use_trans_sid = 0

PHP

You need to edit httpd.conf and add following line at mime types so that apache can recognize php scripts..

AddType application/x-httpd-php .php

PHP