PHP Configuration: Difference between revisions


No edit summary
No edit summary
Line 5: Line 5:
'''IMPORTANT''' - Changing the PHP configuration options may make result in decreased security for your website and its users. Furthermore, certain scripts may cease to function depending on their PHP configuration requirements.
'''IMPORTANT''' - Changing the PHP configuration options may make result in decreased security for your website and its users. Furthermore, certain scripts may cease to function depending on their PHP configuration requirements.


[[Image:php_configuration.png|right]]
[[Image:php_config.png|right]]


==Changing Your PHP Configuration==
==Changing Your PHP Configuration==

Revision as of 15:19, 28 November 2008

In some cases, a PHP script will require a specific configuration in order to function properly. Many such settings can be changed in your website's PHP Configuration settings. Each of your websites has its own PHP configuration.

For specific settings for specific scripts, you should refer to the requirements or the installation instructions of your script. We have tested several of the more popular scripts and collected our recommendations in the supported PHP scripts article.

IMPORTANT - Changing the PHP configuration options may make result in decreased security for your website and its users. Furthermore, certain scripts may cease to function depending on their PHP configuration requirements.

Php config.png

Changing Your PHP Configuration

  1. Log into your Bravenet account
  2. Click on the Websites tab
  3. Select the website you wish to change the settings for from the list
  4. Now, click on the Page white php.png PHP Configuration link
  5. Change the settings as you need. A brief description of the available options are listed below.
  6. When done, click on the Save Configuration link. Note that it takes up to 15 minutes for the options to take effect on your site.

Resetting Your PHP Configuration

If you've changed your PHP configuration in ways that your PHP scripts do not support, you may find that your site is behaving in unexpected ways. To reset to the default settings:

  1. Log into your Bravenet account
  2. Click on the Websites tab
  3. Select the website you wish to change the settings for from the list
  4. Now, click on the Page white php.png PHP Configuration link
  5. Click on the reset your PHP configuration link on the right of the pop-up.
  6. When done, click on the Save Configuration link. Note that it takes up to 15 minutes for the options to reset to default.

Note that resetting your settings this way does not change any setting you define using .htaccess files or ini_set() PHP commands. See Advanced PHP Configuration for more info.

PHP Configuration Settings

Optimization

This setting changes what optimization engine PHP uses to process PHP files.

Alternative PHP Cache (default) - This is the recommended default. It will significantly speed up your site over using no optimization.

Zend Optimizer - Some PHP scripts are encoded using Zend's PHP technology. To run these scripts, you will need to switch to the Zend Optimizer.

No Optimization - You should only use this option if your script does not run correctly combined with an optimizer. Scripts of this nature are very rare - you shouldn't have to choose this option in most cases.

Memory Limit

This changes the amount of memory your site can allocate to your PHP scripts. For most sites, the default of 32MB is fine, but if you're running a script that involves uploading files, such as an image gallery, you may want to increase this. The maximum is 128MB.

Other Settings

Safe Mode (default - on) - Safe mode restricts what scripts on your site can do. This should be left enabled as long as the script supports it, since it can limit the damage a bug or an expolit in the script can do to your site. Disabling it increases the things that your PHP scripts can do, so many scripts require you to turn this off to function correctly. Note that even with Safe Mode turned on, you still need to take all recommended security precautions.

Register Globals (default - off) - Register Globals changes the way that PHP deals with POST and GET variables. Some older scripts require this to be turned on. Otherwise, this should always be left off. Turning on this setting can cause some pretty large security holes, so if your script requires you to turn this on, consider using a different script, or bug the author/vendor of the script to change their programming to no longer rely on this setting. Note that PHP 6 does not even support this option, so when we upgrade (likely in 2009) any scripts that depend on this setting will no longer work.

Display Errors (default - on) - This setting controls whether PHP errors should be shown. Having this setting turned on is very useful when installing and setting up PHP programs, or when doing PHP development. However, leaving it on in the long run may be a bad idea - certain error messages can give away some information about the workings of your site that you don't want random people knowing.

Allow URL Fopen (default - off) - This allows your PHP scripts to open files that are hosted elsewhere. By default, PHP will only let you access files located on the same server as your main script. Note that to enable this, you also need to disable Safe Mode.

Magic Quote GPC (default - on) - This changes the way PHP handles the contents of GET, POST, and COOKIE variables. In most cases, the default is fine, but some scripts require this to be turned off.

Permananently Disabled Settings

For security reasons, we have disabled several features of PHP.

exec(), passthru(), proc_open(), shell_exec(), and system() - All these functions, and related functions that run or manipulate programs directly on the server, are disabled. They will not, and can not, be enabled for individual users. Scripts that rely on these functions will not run on our servers.

enable_dl - enable_dl is turned off, and thus prevents the use of dl(). This is partially a security issue, and partially due to the way we run PHP. It's not used by most web scripts, as many web servers do not support this.

Advanced Settings

If you don't see the setting that you are looking for on this screen, you will most likely have to enable it through an .htaccess file or through the ini_set() PHP command. See the article on Advanced PHP Configuration for more information on this.