PHP and Codewrap

PHP 5.2.5 is available on Tigger (www.uic.edu) Icarus (www2.uic.edu). Check enabled PHP modules on Tigger. PHP must be executed via codewrap. Scripts can be run from personal accounts or departmental directories. The script will run as your identity. That means if anything goes wrong, it goes wrong with all of your personal privileges, and can harm anything that your personal account can harm. The scripts can run only from certain directories. Any files read or written by the PHP scripts are limited to the directory trees from which they run.

cgi-bin directory

You will need to create a directory named cgi-bin, and set file permissions correctly. Check out our Basic Unix tutorial for information about creating directories and file permissions, or search Lynda for video tutorials.

Personal directory

If you are doing this from your personal account, create the cgi-bin directory in your home directory. Use the following commands if you connect with an SSH client:

cd
mkdir cgi-bin
chmod u+rx,o-rx cgi-bin
Also, be sure your home directory is publicly executable:
chmod a+x ~
The permissions on your home directory should be rwx--x--x (or 711). The permissions on your cgi-bin directory should be rwx------ (or 700). 

Department or group directory

If you are doing this in a departmental directory, it's very similar, but you get a choice of where the cgi-bin directory is placed:
cd /usr/local/etc/httpd/htdocs/depts/mydept   
mkdir cgi-bin
chmod u+rx,o-rx cgi-bin

You only need do all that once. Next, create a PHP script and make sure the filename ends in .php so that codewrap can recognize it as PHP code. Example:

<html>
<head>
  <title>Hello, world!</title>
</head>
<body>

<?php
  echo "<h1>Hello, world!</h1>\n";
?>

</body>
</html>

Upload your example.php to your cgi-bin directory or  a directory within cgi-bin. 

Permissions

Unlike normal HTML files, the PHP scripts do not have to have public read permissions. The have to be executable by the user (file owner):

chmod u+x,o-rx hi.php

URLs

Once your script is set up, all you have to do is run it. This is slightly different, depending on use of a personal account or departmental directory. In the personal case, if your NetID happened to be adabyron, you would use the following URL:

http://www.uic.edu/htbin/codewrap/~adabyron/example.php

In the case of a departmental directory:

​http://www.uic.edu/htbin/codewrap/bin/depts/mydept/cgi-bin/example.php

​Note that unlike in the personal URL, departmental URLs include ​cgi-bin​. On Icarus, substitute www2.uic.edu in place of www.uic.edu in the URL.

Authenticated scripts with Bluestem

To require authentication via Bluestem change the URL to replace codewrap with ​codewrap-auth and http ​with https​. Prior to accessing the URL, the visitor will be prompted to authenticate and upon successful authentication redirected to the script. The authenticated  with NetID is stored in $_ENV['REMOTE_USER'] variable. Example:

<html>
<head>
  <title>Hello, world!</title>
</head>
<body>

<?php
  echo "Hi ", $_ENV['REMOTE_USER'];
?>

</body>
</html>

Debugging

To debug a script with codewrap replace codewrap in the URL with codewrap-d. This will output useful information in addition to STDOUT. To debug authenticated scripts, use codewrap-auth-d.

Examples

Minimal

This example prints out ​Hello, world!. Try the demo. Source code:

<?php
echo "Hello, world!";
?>

Authentication

This script shows how to force the user to use Bluestem authentication. Important points:

  • The authenticated NetID appears in the $_ENV['REMOTE_USER']
  • The URL must start with https, and you must use codewrap-auth.
  • If the user tries to circumvent authentication, then $_ENV['REMOTE_USER'] will not contain a value. The script can take appropriate action, either by issuing an error message or by issuing a redirection.
  • Using the variables $_ENV['SERVER_NAME'] and $_ENV['SCRIPT_NAME'] to reconstruct the URL is good programming. Every now and then, you may copy a script or move it to a new location. This code is nicely portable.

Try the authentication demo. Try to circumvent authentication. Source code:

<!--
##
## Example of using codewrap-auth. This checks for the authenticated NetID
## in $_ENV['REMOTE_USER'], and constructs a new URL if it isn't there.
##
-->

<html>
<head>
  <title>Example</title>
</head>
<body>
<h1>Example Script</h1>

<?php

  if ( $_ENV['REMOTE_USER'] ) {
    echo "<p>Hi, ", $_ENV['REMOTE_USER'], "!</p>\n";
  }
  else {
    $url = "https://" . $_ENV['SERVER_NAME'] . $_ENV['SCRIPT_NAME'];
    $url = preg_replace("/codewrap/", "/codewrap-auth/", $url);
    echo "<p>Hey, you didn't use Bluestem!\n";
    echo "<a href=\"$url\">Try this.</a>\n";
  }

?>

</body>
</html>

Debugging

PHP is easier to debug on the web, because it will send its error messages to the browser. But on occasion, you may want to use the codewrap-d debugging to see some info about the codewrap environment. This example shows what happens if you refer to a PHP script that doesn't exist. Try the demo. Try the debugging option.

Debugging reading and writing files

PHP is configured to allow local input/output of files only if the files are located within the last cgi-bin directory. This example tries to violate the restrictions. Try the demo. Try the debugging option. Source code:

<?php

$fp = fopen("/logme","w"); 
$logstring = "hi bob";
fwrite ($fp, $logstring);
fclose($fp);

echo "<html>";
echo "<head>";
echo "<title>Hello, world!</title>";
echo "</head>";
echo "<body>";
echo "<h1>Hello, world!</h1>";
echo "Hello ";
echo "</body>";
echo "</html>";

?>
Last updated: 

September 21, 2016