====== PHP tips ======
===== Instalation tips =====


FIXME




===== Securing PHP code =====

For a start, put disable_functions = "system, exec" in php.ini. 

<code>
expose_php = Off 
display_errors = Off 
allow_url_fopen = Off 

session.use_trans_sid = 0 
session.use_only_cookies = 1 

#output_buffering = 4096 

#per vhost:
        php_admin_flag safe_mode On
        php_admin_value open_basedir "/var/www/domain_dir/:/home/"
        php_admin_value sendmail_from webmaster@example.com
 
 
        php_admin_flag display_errors On
        php_admin_value safe_mode_include_dir "/usr/share/php/"
#       php_admin_value default_charset "UTF-8"
        php_admin_value default_charset "windows-1250"

</code>

**PHP to secure a setup, a good start is a secure php.ini, for example:**
   * disable the Fopen Wrapper, **allow_url_fopen** = Off
   * use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
   * set **register_globals = off**
   * set log_errors = on, error_reporting and error_log
   * use **open_basedir** and include_path
   * use **safe_mode** if possible

<code>
allow_call_time_pass_reference = Off
magic_quotes_gpc = Off
register_long_arrays = Off
register_argc_argv = Off
allow_url_fopen = Off
expose_php = Off
disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo
</code>


=== see also: ===
   * **[[http://www.hardened-php.net/suhosin/configuration.html|Suhosin Configuration]]**
   * [[http://www.hardened-php.net/|PHP Hardening-Patch]]
   * [[http://phpsec.org/projects/guide/|PHP Security Guide]]
   * [[http://www.infosecnews.org/pipermail/isn/2007-March/014423.html|[ISN] Secure PHP Configuration]] (local {{014423.html|mirror}})




===== Speeding it up =====
Things that will make your PHP code execute a bit faster .. ''remember that blowt code will still remain blowt code!'', so try to do as much optimization as posible inside algorthyms you are coding.

   * See [[http://phplens.com/lens/php-book/optimizing-debugging-php.php|A HOWTO on Optimizing PHP]]
   * See [[http://www.zend.com/zend/trick/trick-optimizing-php.php|Optimizing PHP Scripts]]
   * See [[http://talks.php.net/show/acc_php/0|Accelerating PHP Applications (International PHP Conference 2004 - Ilia Alshanetsky)]]
   * See [[http://www.phpbuilder.com/columns/weerning20021209.php3|Golden Rules for Optimizing Your Pages]]
   * See [[http://www.dynamicwebpages.de/count/1540/tutorials/quebeck-conf-slides_performance-workshop_%5Bpdf%5D/|Quebeck-Conf-Slides: Performance-Workshop (PDF)]]
   * See [[http://www.dynamicwebpages.de/count/1748/tutorials/zend_php_expo_slides_building_scalable_php_applications_%5Bpdf%5D/|Zend/PHP Expo Slides: Building Scalable PHP Applications (PDF)]]

==== Zend Optimizer ====
=== Instalation ===
Get Zend optimizer from [[http://www.zend.com/products/zend_optimizer]] or [[:zend|here (Local mirrors)]]

**''php.ini''**
  [Zend]
  zend_optimizer.enable_loader=0
  zend_optimizer.disable_licensing=0
  zend_optimizer.licence_path=0
=== Configuration ===
**''php.ini''**
  [Zend]
  zend_optimizer.optimization_level=15
  zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0
  zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0
  zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
  zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

''Fix the paths to the Zend libraries''


==== EAccelerator ====
=== Instalation ===
  * Download source from [[http://eaccelerator.net/]]
  * Requirements: apache 1.3, apache 2.0 (prefork), mod_php4/5, autoconf, automake, libtool, m4

  export PHP_PREFIX="/usr"
  $PHP_PREFIX/bin/phpize
  ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
  make
  make install

--without-eaccelerator-use-inode [bug with open_basedir - safe mode]

  * See [[http://eaccelerator.net/SourceInstallationUk|Instalation from source]]

=== Eaccelerator with Zend Optimizer ===
**''/etc/php/*/php.ini''**
  [EAccelerator]
  zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so"
  eaccelerator.shm_size="32"
  eaccelerator.cache_dir="/tmp/eaccelerator"   ; if you use disk cache - folder MUST exist
  eaccelerator.enable="1"
  eaccelerator.optimizer="1"
  eaccelerator.check_mtime="1"
  eaccelerator.debug="0"
  eaccelerator.filter=""
  eaccelerator.shm_max="0"
  eaccelerator.shm_ttl="0"
  eaccelerator.shm_prune_period="0"
  eaccelerator.shm_only="1"                   ; doesn't save cache to disk (cache_dir)
  eaccelerator.compress="0"
  eaccelerator.compress_level="9"

  [Zend]
  zend_optimizer.optimization_level=15
  zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10
  zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10
  zend_optimizer.version=2.5.10a
  zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
  zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

**Be sure to fix the PATH to Zend and eaccelerator libraries**


eaccelerator
php.ini tricks

[[Zend]]