Php scripts in cgi bin

CGI and PHP scripts

On the SRCF’s webserver, you can run CGI and PHP scripts! What’s more, we have a brilliant system in operation which allows even your PHP scripts to run as ‘you’ rather than as the webserver. Read on for details.

Location of your CGI files

For personal users, PHP scripts must have a filename ending with ‘.php’ and can be placed anywhere in your public_html directory. CGI scripts must have filenames ending ‘.cgi’ and can also go anywhere in public_html.

For group accounts, both of the above methods also work, however there is an additional method of running CGI scripts which is to place them in the cgi-bin directory in your group account user area (i.e. not in public_html). If you do this, the script names do not need to end ‘.cgi’. The URL to access CGI scripts in the cgi-bin directory is https://.soc.srcf.net/cgi-bin , where is the group account name.

Users

For personal users, both PHP and CGI scripts will run as you, not as the web server’s user id.

For group accounts, rather than running CGI/PHP scripts as an individual, we have introduced a UNIX user for each group account. This user cannot log in, however it is used as the user under which all group account PHP/CGI scripts are run. Outgoing email generated by group account CGI/PHP scripts will, by default, appear to come from -webmaster@srcf.net. See Group email addresses.

Note that any CGI/PHP script which hogs the CPU for more than 2 minutes will be terminated by the system. This should not affect anything other than out-of-control scripts, as CGI/PHP scripts typically execute in a few seconds. It is a measure to prevent the server being excessively slowed down by buggy scripts which go into an infinite loop.

Permissions

For personal users, CGI scripts must be readable and executable by you, and must be owned by you. PHP scripts must be world-readable (but to keep database passwords secret, see the next question). For example:

spqr2@pip$ ls -l -rwx------ 1 saw27 saw27 238 May 5 19:33 env.cgi -rw-r--r-- 1 saw27 saw27 265 May 13 19:34 phptest.php 

CGI scripts and PHP scripts belonging to a group account must have their system (UNIX) group owner set to that of the group account. CGI scripts must be system group readable and executable. Group account PHP scripts must additionally be world readable (but to keep database passwords secret, see the next question). For example:

spqr2@pip$ ls -l -rwxrwx--- 1 saw27 casi 238 May 7 23:49 env.cgi -rw-rw-r-- 1 saw27 casi 265 May 14 23:06 phptest.php 

We recommend that you ensure that group account files are group-writable, so that other admins of the group account can edit them (not least, when your own personal account expires).

Managing secrets

PHP scripts must be world-readable. This requirement is artificially imposed because we felt that if we didn’t require world readability, users might be caught out by assuming that if something (other than a CGI script) is not world readable then it’s not accessible on the web, which wouldn’t be the case for PHP scripts. But it’s easy to get round: put your secret information in a separate file which is not world readable (but is system group readable), and include that file from your main PHP script.

Managing memory

By default we have a maximum memory limit of 64MB set for PHP scripts. You can override this by placing a file called php_override.ini at the top level of your site containing, for example, memory_limit = 128M .

Please consider the memory requirement of other users, system processes, etc. before doing this.

Turn CGI off

Several kinds of file will automatically be interpreted as CGI scripts, and so the CGI handler will try to run them when you visit their URL, even if you just wanted to download them. The following will turn off CGI handling for Python scripts, displaying them as plain text instead:

AddHandler default-handler .py AddType text/plain .py 

Put those lines in a .htaccess file in the same directory as your python files, and they will no longer be considered CGI scripts. You can do a similar thing for other file types by changing the .py to, for example, .php .

Last modified on Monday Feb 28, 2022 by Richard Allitt

Membership

Help and support

The Student-Run Computing Facility is a society at the University of Cambridge run entirely by student volunteers —

Источник

Building blocks for CGI scripts in PHP3

This tutorial provides and explains a kind of erector set for building Common Gateway Interface (CGI) programs with PHP. It is not an introduction to the language (at least, not a good introduction), but describes a collection of program fragments that can be combined, sometimes with slight modifications, to perform common CGI functions. It is intended for users who understand HTML and are willing to explore PHP and the CGI environment together.

Table of Contents

• Recommended background
• Writing PHP CGI scripts without forms
  • Sending an HTML document to the user
  • Putting comments in your PHP scripts
  • Environment variables
  • Sending the contents of files and databases to the user
  • Running other scripts from yours
  • Putting a counter in a document
  • Sharing files among scripts
  • A simple example form
  • A script to work with the simple example form
  • Mailing information to users from a script
  • Recording information in a file
  • Handling checkbox and multiple select variables
  • Doing things selectively

  Recommended background

  PHP is computer language developed for writing CGI scripts for use with the World Wide Web (Web). It is one of a collection of languages that are embedded within HTML documents (ColdFusion, Active Server Pages, etc.). That is, PHP commands are inserted among the lines contained in an HTML document.

  PHP offers good support for document creators who want to integrate information from databases with their Web documents. To that end PHP offers simple interfaces to several database management systems: MiniSQL, MYSQL, Oracle, Sybase, PostGres/PostgresSQL, etc.

  PHP began as a pair of tools: «Personal Home Page Tools,» which later became the «Personal Home Page Construction Kit,» and the «Forms Interpreter,» written by Rasmus Lerdorf. These tools were later combined into PHP/FI, which evolved into PHP3, the topic of this tutorial. PHP implementations exist for Windows 95/NT, Macintosh, and most versions of UNIX.

  For more information about PHP, you might want to review the PHP web site.

  Also, some experience with relational databases is probably necessary before learning to use the PHP interfaces to the various database systems, as well.

  This tutorial is somewhat specific to writing scripts within the environment provided by the Unix operating system, in general, and on systems operated by ACS at The University of Kansas (KU), in particular. The general principles will hold for any environment hosting PHP, but some of the specifics may change.

  Users of ACS systems usually store their HTML documents in a directory called public_html in their login directories. The PHP scripts they create are stored in a subdirectory of public_html called cgi-bin. Programs in this directory can be run as CGI scripts on most Unix systems operated by ACS at the KU (e.g., FALCON, EAGLE, LARK, RAVEN, etc.).

  Writing PHP CGI scripts without forms

  • Send an HTML document to the user
  • Send the contents of a file or database to the user
  • Execute a script and possibly send its output to the user
  • Send a mail message to the user or other recipient
  • Record information submitted by a user in a file

  Most readers will find it useful to review the entire tutorial to get the big picture and then concentrate on those building blocks which they want to use in their own CGI scripts.

  Sending an HTML document to the user

  Most scripts will return a page of information (usually an HTML document) to the Web browser after a user submits a request for the script file. Such a page may do as little as thank the person for filling out the form; it may list the data that the user entered; or it may even contain another form that points to another script file.

  PHP may be used to return an HTML document by using a program that really is just an HTML document. For example, suppose you want to build a script that simply returns the following document every time it is called:

  Thank you for reading this document.

  Such a script could be constructed as follows: #!/usr/local/bin/php My Thank You Page

  Thank you for reading this document.

  If this script is stored in a file called thanks.cgi within the cgi-bin directory within the username home directory on falcon.cc.ku.edu, the URL for the script would look like this:

  The script would be started by the FALCON Web server whenever a Web browser requests this URL. Note that a PHP script can be used only on systems that have a PHP interpreter installed. The location of the interpreter must be specified on the first line of the script following a pound sign (#) and an exclamation point (!).

  As you work through the examples below, remember that the first line of each PHP script must specify the location of the PHP interpreter, and on systems operated by ACS that line will be #!/usr/local/bin/php.

  Note that this short PHP script prints a short HTTP (Hypertext Transfer Protocol) header before it prints the HTML document itself. This header includes the document «content type» (or MIME type) followed by two newlines, which cause a blank line to be sent to the WWW client, indicating the end of the header information and the beginning of the document itself. For more information about the HTTP header, see the references above.

  CGI scripts present several security risks. To protect the user community, Academic Computing Services has installed special software called CGIWrap that must be used to start CGI scripts stored in user home directories. When the script starts, it runs as if you had started it while logged in to your account. That is, it will have potential access to the same files you can access when you run a command. As a result, you must be careful to build scripts that do exactly and only what you expect them to do, which is not always easy.

  You can name the script file anything you want, but you might find it useful to use a name that ends with .cgi to remind you that the file contains a CGI script. You can use any text editor to create your script file. Note, however, that if you create your script file on your desktop system and upload it to one of the ACS systems, you must save it in «text only» mode and upload it in ASCII mode (using FTP or equivalent).

  IMPORTANT: Your script files should probably give access permissions only to the owner. You can assign these permissions by entering

  chmod 700 script_filename

  Putting comments in your PHP scripts

  PHP provides a way to put informational comments in your PHP scripts to help readers understand how the script works. These comments will be seen only by people reading your script file. Users who execute your scripts will not see them. Whenever PHP encounters two contiguous forward slashes (//), it ignores the rest of the line, so you can make your comments without interferring with the execution of the script.

  Environment variables

  Environment variables are variables defined within the operating system or shell at any given time. They typically hold information that may be useful to commands or programs running within the operating environment.

  You may use any UNIX environment variable within a PHP script. To use an environment variable, use the PHP function getenv() send the environment variable name as an argument, as in getenv( variable_name ). For example, to use the REMOTE_HOST environment variable within an PHP script, use the function call getenv( "REMOTE_HOST" ). The following fragment prints the value of the environment variable that identifies the browser the user is using, HTTP_USER_AGENT:

  #!/usr/local/bin/php Print the working directory.

  Источник