I'm attempting to help a buddy moving an internet-site in one web-hotel to a different. That old place has already been closed, I've merely a flat tar file of the items is at it.

I apologise if this sounds like a fundamental question. I'm a new comer to this...

The site contained html paperwork and something could download just a little java application (to become loaded on cell phone) to transmit data to the net site.

The mobile java application sent a string to URL=/php/register.php This php script incorporated another php script, "../corporation/db_login.php" which attached to a SQL DB using "$link=mysql_connect().". register.php did the SQL place for putting the brand new sent data within the DB.

My real question is basicaly, where I ought to put this 2 PHP files around the new website and what permissions the sites and files must have.

That old web server clearly were built with a /php and /corporation sites. None of those is available around the new webserver... Must I create them? What permission when they have? I suppose the reason behind getting the password inside a separate php file was security... The /php and /corporation directory most likely had different permissions...

The brand new server has sites: /httpdos, /httpsdos, /cgi-bin, /conf (plus some others most likely irrelevant)

1) does the files-extension (.php) means something towards the server: as PHP scripts are "incorporated" in Web coding (between , does the server may need to look in the file suffix or perhaps is it irrelevant? (I realize the server responds around the , obviously)

2)if the "public" file (register.php during my situation) go within the httpdocs directory or does the server (apache I believe) responds on something and brings it in another directory?

3)If the PHP script have permission R-X, --X or R-- ? From on OS perspective I suppose apache is simply reading through this files, and therefore they must be R--, but this indicates if PHP services are "stopped" the customer would get all of the PHP code in the browser(?). I'd prefer it being --X but because this is neither a binary nor includes a #!, I suppose it should be --R...?

4)When the public PHP script can be put in another dir (e.g /php rather than /httpdocs) what should /php (and also the script) have for permission?. I Suppose the server needs to learn about this /php directory (or exist usual defaults?)

5)The PHP script incorporated (../corporation/db_login.php, that contains SQL password) shouldn't be under /httpdocs I suppose. Which means that my register.php is together with a file which isn't underneath the /httpdocs subtree... All of this? Does the server have to know?

I realize you may want to be aware of server configuration... Just assume the default inside your answer (and you will tell where it's transformed if it's).

I'm a new comer to this (PHP/SQL/ apache/ Site) so be descriptive about this please. I understand perl, python, C and linux rather well, less description needed there :-)

Thank you.


Sites should have execute permissions to become functional. Usually this really is 0755. PHP scripts run via mod_php aren't performed but instead read 0644 will suffice with this. Sites that must be completed to be possessed through the user the net server is running as. There might be additional concerns regarding permissions, e.g. SELinux, however the above will enable you to get with the fundamentals.

Documents that mustn't be utilized by other customers or exterior clients ought to be 0600, possessed through the web server user, and situated outdoors the DocumentRoot. Observe that running mod_php in Safe Mode may prevent scripts from ever including anything outdoors the DocumentRoot a lamentable flaw.

I have coded a function to deal with the permissions issues both in of PHP / SuPHP and other alike:

function realChmod($path, $chmod = null)
    if (file_exists($path) === true)
        if (is_null($chmod) === true)
            $chmod = (is_file($path) === true) ? 644 : 755;

            if (in_array(get_current_user(), array('apache', 'httpd', 'nobody', 'system', 'webdaemon', 'www', 'www-data')) === true)
                $chmod += 22;

        return chmod($path, octdec(intval($chmod)));

    return false;

It can be helpful for you personally.