• IT Services home
• How to connect
• Using IT at York
• Online tools & facilities
  • My IT Account
  • Streaming service
  • Moves and changes
  • Doodle
  • York Wiki Service
  • DropOff Service
• Help & support
• IT training
• Committees, groups & projects
• Policies & reports
• Information for...
• News & social media
• A to Z of IT Services
• Contact us

PHP service information

Registration

The PHP service is available to York web account owners only, by emailing itsupport@york.ac.uk with the web account name for authorisation.

Shared web environment set-up

We provide PHP via Apache 2.2, PHP 5 and SUPHP (suphp.org) so that PHP files run as the user rather than the web server.

URLs

PHP files are accessed via php.york.ac.uk not www.york.ac.uk. You can browse to your PHP site by going to http://php.york.ac.uk/fs/accountname or http://php.york.ac.uk/youryorkweb/path e.g. http://php.york.ac.uk/depts/maths/tt

File and directory permissions

The webserver runs as user "php" and group "php". Therefore files need to be group readable and directories group read and executable.

Nothing should need to be world read, write or executable and it is advised that you avoid granting "other" any privileges.

Third-party applications

It is the account owner's responsibility for all installation, configuration, administration and security of third-party applications. We do not provide support for them.

You must ensure that all security issues are addressed quickly and that patches are applied which fix problems with the application. If this is not done we may de-activate the account until the situation is resolved.

Maintenance

Your PHP applications and code may need updated or revised when the service is upgraded or due to new security risks. You will need someone with PHP knowledge to maintain your site. IT Services doesn't do development work or fixes on individual accounts.

Learning PHP

The following online documentation and books may be of use for PHP beginners.

• php.net documentation
• PHP 101: PHP For the Absolute Beginner
• PHP and MySQL Web Development by Luke Welling, Laura Thomson
• How to Do Everything with PHP and MySQL by Vikram Vaswani
  

MySQL

MySQL databases are often used with PHP. MySQL is a separate service offered by IT Services. You can request a MySQL database by emailing itsupport@york.ac.uk.

Security Advice

• http://php.net/manual/en/security.php
• http://www.sitepoint.com/print/php-security-blunders
• http://phpsec.org/
• Essential PHP Security by Chris Shiflett

Cron jobs (automated tasks)

We will, at our discretion, allow an account to have up to four cron jobs running on the server side. For this we require that the jobs do not run more often than once an hour and that they have detailed comments describing what they are used for. It is advised that cron jobs do not run frequently as this may impact the performance of the PHP service as a whole.

We may need to change the time of your cron jobs to avoid many accounts running automated tasks at the same time. To avoid running jobs at the same time as others, please choose a random time that is not on the hour or at half past.

Data security and backups

As this is a shared hosting environment, you should not upload anything you consider to be private or personal information. PHP is a widely used web scripting language and there are many known vulnerabilities to be exploited. You should take regular backups of your files and MySQL database (if you have one).

PHP configuration

PHP has been installed with the following options: mysql, libxml, zlib, gd, mcrypt, mbstring

Shared user environment security features

safe_mode is not enabled, however, open_basedir restricts file i/o to the shared /usr/phpweb filestore area.

Disabled functions include define_syslog_variables, disk_free_space, diskfreespace, dl, escapeshellarg, escapeshellcmd, enable_dl, exec, fsockopen, ini_set, ini_alter, leak, openlog, proc_close, proc_open, proc_get_status, proc_nice, proc_terminate, proc_open, parse_ini_file, pcntl_exec, phpinfo, passthru, popen, system_exec, shell, show_source, syslog, set_time_limit, shell_exec, system, tmpfile. "register_globals", "magic_quotes_gpc" and "allow_url_fopen" are off. Include files with the extension ".inc" are hidden.

SSL

php.york.ac.uk has a GlobalSign SSL certificate which you can use to encrypt data transmission simply by using https:// instead of http://

Quota

• Check your PHP quota

For more information please contact the IT Support Office.