php working, but now not working

settingsun

I have 2 computers on a private network behind a router. One is a fedora server I'm building, the other runs windows xp/firefox.

I use firefox to see how my code renders. I just finished installing lamp with yum. I have apache up and running on an https connection that exists only between these two computers, so the openssl certificate is self signed.

I had everything installed. Php code was being parsed correctly and rendered correctly.

I used these directives when everything was working:

AddType application/x-httpd-php .php .html
AddType application/x-httpd-source .phps

LoadModule php5_module modules/libphp5.so

Php 5 is located in the file: /etc/httpd/modules/libphp5.so

Everything was going well, so my next step was to practice on the mysql monitor. I learned I had to start it to use it. I used the service command and the chkconfig command to do that.

mysqld works fine.

Now , Php doesn't render at all. I did nothing to php.ini I'm not sure if starting mysqld changed something in php, or I did something else I don't remember doing.

Apache works because the html renders through the https connection.

My document root is: /var/www/html/index.html

Php worked fine before with this document root. Now, nothing php renders at all - not even the php code itself.

My simple practice code:

<html>
<head><title>My Web Page</title></head>
<body>
<p>Do you like the color green?</p>
<form>
<input type="radio" name="atleast18" value="yes">
Yes<br>
<input type="radio" name="atleast18" value="no">
No<br>
</form>

<?php
$str="It Works";
echo "$str";
?>

<?php
echo "It works now";
?>

</body>

</html>

settingsun

I'm replying to my own thread because I think I answered my own question, and I can't find an edit button that will let me add to this post.

A situation I tripped over tells me I'm probably making embed mistakes. I know php is an embedded language. That means there are probably lots of rules that tell us where we can put our php code within our html code.

I have a file with html and php. I have 2 php snippets that have proper syntax. Neither showed up in the browser. I put an html link between them, just to see what would happen. Both php snippets suddenly rendered.

The php worked fine, meaning it was parsed before rendering. My conclusion is php is working fine, and there are a lot of syntax and embedding rules I have to learn.

The turning point for actually starting to solve the problem was forgetting what I thought the problem wasn't, then going back to basics and running tests.

bradgrafelman

settingsun;10990442 wrote:
I know php is an embedded language.

Er... well I guess that depends on your definition of an "embedded language." I certainly wouldn't have ever described PHP with such a phrase... can you elaborate?

settingsun;10990442 wrote:
That means there are probably lots of rules that tell us where we can put our php code within our html code.

Nope, no rules at all. PHP doesn't care about HTML... if you've got a file that's being sent to the PHP interpreter, then any code in <?php ... ?> tags will get parsed and executed. It doesn't matter if there is any other data in the file outside those tags... HTML, CSS, binary, or anything in between.

settingsun;10990442 wrote:
I have 2 php snippets that have proper syntax. Neither showed up in the browser.

What does "proper syntax" mean? And what do you mean they didn't "[show] up" ? Concrete examples of the exact code you tried would probably be quite beneficial.

settingsun;10990442 wrote:
I put an html link between them, just to see what would happen. Both php snippets suddenly rendered.

Then you had something wrong with the HTML syntax, or something of that nature, because PHP neither parses nor cares what HTML code you have in the file outside of the PHP tags.

settingsun

Hello,

Thanks for chiming in. Lots of good information. If I knew how to mark this issue as unresolved I would, because I found a way to get php to work, but I don't know why yet. It's a start.

I'm new to php, and I'm doing my best to make sense out of what the browser shows me - that is, what firefox shows me after apache sends it the results of the php engine reading the php code I wrote in the apache index file.

An example of proper syntax is putting a ";" at the end of each command. I wanted to hide the fact that I was using php, for the security of my future production server.

I used an AddType Directive in apache to tell php to look through html files for php code.

I used:

AddType application/x-http-php .php .html
AddType application/x-httpd-source .phps

My index file is /var/www/html/index.html

I worked at one point then stopped working, until I created another file with .php extension, and went straight to it from the browser.

It worked after I added an ancher tag between php snippets. The code is in this thread. I took out the anchor tag (between php snippets) after it worked to see if it would still work. I think it did.

I don't know what I did right or wrong at this point - especially after getting your feedback. Even with the AddType directive set, the php code did not work in the html index file, because it did not send the php results to the browser, but did send php results to the browser after parsing the file with the .php extension.

Any thoughts?

Thanks!

bradgrafelman

settingsun;10990461 wrote:
If I knew how to mark this issue as unresolved I would

Done.

settingsun;10990461 wrote:
I'm doing my best to make sense out of what the browser shows me - that is, what firefox shows me after apache sends it the results of the php engine reading the php code I wrote in the apache index file.

For starters, I'd suggest not relying on the rendered contents that your browser is showing you to diagnose what the output was. View the source code of the page, e.g. the raw HTML/whatever that was sent back. Do you see the raw PHP code? Something else?

settingsun;10990461 wrote:
An example of proper syntax is putting a ";" at the end of each command.

Just because you're putting a semicolon after each "command" (what's a "command" anyway?) doesn't mean you're anywhere close to using valid PHP syntax. There are about a million other semantic errors that could be made other than that one.

settingsun;10990461 wrote:
I wanted to hide the fact that I was using php, for the security of my future production server.

That sounds more like obscurity that security (and no, I don't believe that the cliché/perjorative "Security through obscurity" has any place in today's world of security and IA/IS).

settingsun;10990461 wrote:
I used an AddType Directive in apache to tell php to look through html files for php code.

I personally always avoid this and often ask others why they want to do this. To me, a file's extension shouldn't be arbitrary or meaningless - it should be related to the content contained within that file. And to me, a ".html" is no different than a ".txt" in that it's just plain text that should be passed directly on through to the requesting client. Plus, you're saving Apache from needing to invoke the PHP interpreter for every single .html file (whether it contains PHP code or not).

settingsun;10990461 wrote:
I worked at one point then stopped working, until I created another file with .php extension, and went straight to it from the browser.

Had you made any changes to Apache's configuration (and, if so, restarted the Apache httpd)? Did you look at the raw data that was sent back rather than just expecting the browser to always render something to signify the result of your PHP code? Did you check the Apache error logs (and PHP's error logs, if you've got error logging enabled)?

settingsun;10990461 wrote:
It worked after I added an ancher tag between php snippets. The code is in this thread. I took out the anchor tag (between php snippets) after it worked to see if it would still work. I think it did.

Sorry, but again I have to suggest that you're missing some of the facts and/or overlooked something you did or didn't do when trying to reproduce this. Perhaps it's even something as simple as forgetting to upload modified files to the web server after every change you've made?

settingsun;10990461 wrote:
Even with the AddType directive set, the php code did not work in the html index file, because it did not send the php results to the browser, but did send php results to the browser after parsing the file with the .php extension.

Any thoughts?

I'd start by not relying on your browser's rendering engine to be your one and only debugging tool. At least look at the raw source of the page.

settingsun

I set php.ini "display_errors" to yes or on. Now errors display in the browser. I do a search for what they mean.

I have a private network that I'm using to build the server. That means right now my server is another laptop sitting in front of me. That means I can see the code I write on that laptop's screen.

If I'm correct, that same code is what we and firefox are calling source code, and it shows up on firefox under Tools -> Web Developer -> Page Source. I don't need to look at the page source in firefox because I can see it on the server laptop's screen as I write it. If this is not the source code your talking about, please advise.

If I'm missing your point, please advise.

I'm not confident enough with my php skills to be able to see php coding errors like I can see written English errors. That's why I thought of using the browser.

I'm using a lot of online tutorials. A lot of them teach outdated stuff. I know I'm learning if I like what I see in the browser.

I understand your point here. Browsers render things differently, so how a browser sees things is not a perfect way to test or see if or how code works.

I'm using the errors sent to the browser to help me learn for now.

Are you saying that improper html coding can prevent otherwise valid php code from being parsed and sent to the browser, even if the php is written correctly?

I noticed the debugging link. That's where I'm going next. If you know any good tutorials for someone at my skill level, I would appreciate a link to them.

Thanks for all your comments. If you can steer me away from some bad habits now, you'll save me a lot of time down the road.

Thanks again!

bradgrafelman

settingsun;10990467 wrote:
I set php.ini "display_errors" to yes or on. Now errors display in the browser.

You might also check to see if error_reporting is set to E_ALL (or better) to make sure PHP is now showing you all of the errors.

settingsun;10990467 wrote:
I have a private network that I'm using to build the server. That means right now my server is another laptop sitting in front of me. That means I can see the code I write on that laptop's screen.

Also note that you don't even need a second computer - many (I might even hazard to say "most") have, at one point or another, used their primary computers as servers and clients simultaneously.

settingsun;10990467 wrote:
If I'm correct, that same code is what we and firefox are calling source code, and it shows up on firefox under Tools -> Web Developer -> Page Source.

Most definitely not. You should never see the actual PHP code in the source of the page in your browser. If you do, that means the PHP code was never parsed. It should be quite obvious that this is true; if not, can you view the source of this page (e.g. /board/showthread.php) and find all of the PHP code used to power these forums?

settingsun;10990467 wrote:
I don't need to look at the page source in firefox because I can see it on the server laptop's screen as I write it. If this is not the source code your talking about, please advise.

As noted above, the two are definitely not the same. The "source" as far as a browser is concerned is the source of the HTML page/document. In other words, the "source" for the browser is actually the end result/outcome of the PHP source code that was parsed and executed.

settingsun;10990467 wrote:
I'm not confident enough with my php skills to be able to see php coding errors like I can see written English errors. That's why I thought of using the browser.

Aesthetics has nothing to do with verifying that your script is producing the correct output. If your PHP code was going unrendered, for example, your browser would start parsing the "<?php ... ?>" PHP syntax as if it were HTML (after all, how is it to know that it isn't?). So while you may see parts of strings and other stray characters on the rendered page, all of it is fairly meaningless since it's all the result of the browser parsing the wrong data (which you wouldn't immediately see if you weren't looking at that raw data itself before the browser misinterpreted it).

settingsun;10990467 wrote:
I'm using a lot of online tutorials. A lot of them teach outdated stuff.

Yup, you'll have that. Some of them are even worse than outdated - they're just plain wrong.

Don't think that this is just due to the ease with which the Internet allows people to publish their ideas, either; you can pay a bookstore money to get a book that can be just as outdated or lacking in peer review.

settingsun;10990467 wrote:
Are you saying that improper html coding can prevent otherwise valid php code from being parsed and sent to the browser, even if the php is written correctly?

No. As I said, PHP doesn't care if you use invalid HTML in a PHP script. In fact, PHP doesn't care if what you're outputting doesn't even resemble valid HTML in the slightest. All of the PHP code is parsed and executed by the server; anything you output (e.g. using echo or print) or anything you leave outside of <?php .. ?> tags is simply passed along untouched and unexamined.

In other words: garbage in, garbage out.

As for the tutorials/coding practices, I'm afraid I don't really have many resources like that at hand. I myself took a fairly practical approach when first learning PHP, either by putting together small projects or dissecting others'. It's been many years of learn-as-I-go and practical, hands-on experience.

Best advise I can offer is to utilize the power of peer review. For example, while PHPBuilder is primarily used for the self-help/troubleshooting sorts of queries, there is also the Code Critique forum available, where you can post your finished (for varying definitions of "finished" 😉) product (or even just a chunk of it) and request comments/critiques.

settingsun

Thanks for your help.

Set error_reporting to E_ALL to see all errors - Got it

View the page source, which is the html and the result of the php, not the php itself - Got it

If I can see the php code itself in the source, the php is not being parsed, and a security vulnerability exists - Got it

What do these lines really mean or really do?

AddHandler php5-script .php

AddType text/html .php

AddType application/x-httpd-php-source .phps

What kind of file has a .phps extension?

Thanks again for your help. Much appreciated.

bradgrafelman

settingsun;10990497 wrote:
If I can see the php code itself in the source, the php is not being parsed, and a security vulnerability exists - Got it

Yup. That's why you might run into a situation where someone suggests you store a PHP config file "above your web root," which essentially means any folder that doesn't have /var/www/html/ as an ancestor.

The idea is that if something were to happen to the webserver config and PHP files started getting spit out as plain text, sensitive files (such as those containing DB credentials and whatnot) would still be protected in the sense that it wouldn't be possible to simply request them directly from the webserver.

settingsun;10990497 wrote:
What do these lines really mean or really do?

AddHandler php5-script  .php

This is telling Apache that any time a request ends up pointing to a file ending with ".php" it needs to invoke the handler called "php5-script" rather than simply serving up the file as plain text (or whatever else it had planned on doing).

This handler is defined by the PHP CGI interface (php-cgi) rather than the module interface (.so/.dll for *nix/Windows). Note the comments on using CGI in the PHP manual here: [man]install.unix.commandline[/man].

See the Apache manual for more info: AddHandler.

AddType text/html  .php

This tells Apache that requests that end up being fulfilled by files with a ".php" extension should result in a Content-Type header value of "text/html". This is rather unnecessary, however, since PHP can already override the MIME type on-the-fly via the "default_mimetype" directive (see PHP manual: Data Handling).

Again, see the Apache manual for more info: AddType

AddType application/x-httpd-php-source  .phps

This is an alternative way of telling Apache how it should handle files as compared to the AddHandler approach above. Instead, this is overriding the MIME type of files with a ".phps" extension and forcing it to be "application/x-httpd-php-source".

If using the CGI, you'll probably also have an "Action" directive in there to tell Apache what it should do for files of type "application/x-httpd-php-source" (since it otherwise doesn't know what to do with such a file).

If using the ISAPI module, this type is registered by the PHP source handler (meaning that Apache will know just based on the MIME type that it should pass ".phps" files on to the PHP source highlighter).

However, step #8 in the Unix install instructions for PHP caution against using the AddType directive due to the possible security risk it presents for files with so-called "multiple extensions" (which I personally find to be a misnomer.... a file consists of a file name (optional, e.g. ".htaccess"), which can include all sorts of characters including periods, and a single extension).

In other words, you wouldn't want someone uploading some dangerous PHP code, calling it "my_script.php.jpg", and then Apache ends up passing it to the PHP interpreter anyway simply because it had ".php" somewhere in the name. Because AddHandler doesn't interpret "multiple extensions," the method you have above for .php files is fine.

settingsun;10990497 wrote:
What kind of file has a .phps extension?

PHP Source files. Basically, take any .php file, rename it to have a .phps file extension, and instead of parsing and executing it PHP will simply output a highlighted version of the raw PHP source code as an HTML document. Also see related PHP functions [man]highlight_file/man/[man]highlight_string/man.