≡ Menu


FreeBSD Lighttpd fastcgi php configuration and installation

Q. How do I install and configure php under Lighttpd web server. I'm using

=> FreeBSD 6.2

=> Lighttpd 1.5

=> FastCGI PHP 5.2

How do I configure php under Lighttpd?

A. PHP generally runs on a web server like lighttpd taking PHP code as its input and creating Web pages as output. FastCGI is a protocol for interfacing interactive programs with a web server. Lighttpd has mod_fastcgi to run php application.

Assuming that you have php installed (see these instructions on installing Lighttpd+MySQL+php5 under FreeBSD), open lighttpd.conf file:
# vi /usr/local/etc/lighttpd.conf
Make sure FASTCGI module is enabled:
server.modules += ( "mod_fastcgi" )

Now append following code

fastcgi.server = ( ".php" =>
( "localhost" =>
                        "socket" => "/tmp/php-fastcgi.socket",
                        "bin-path" => "/usr/local/bin/php-cgi"

Save and close the file. Restart lighttpd:
# /usr/local/etc/rc.d/lighttpd restart

Display or view the perl cgi errors in a web browser

Q. I’m currently learning Perl cgi programming and coded a small web site in a Perl. Usually errors are logged in a log file. How can I view the perl cgi errors in a we browser like firefox?

A. CGI scripts have a nasty habit of leaving warning messages in the error logs that are neither time stamped nor fully identified. Tracking down the script that caused the error is a pain.

You need to install and use CGI::Carp module.

With this module the standard warn(), die (), croak(), confess() and carp() calls will automatically be replaced with functions that write out nicely time-stamped messages to the HTTP server error log.

You can also log message to a browser. Now add following two lines before sending any headers to a browser:

use CGI;
use CGI::Carp qw(warningsToBrowser fatalsToBrowser); 

With above lines it is possible to make non-fatal errors appear as HTML comments embedded in the output of your program. To enable this feature, export the new "warningsToBrowser" subroutine. Since sending warnings to the browser before the HTTP headers have been sent would cause an error, any warnings are stored in an internal buffer until you call the warningsToBrowser() subroutine with a true argument.

See official CGI::Carp man page for more information.

PHP encryption symmetric program example using crypt to store password in a text file

Q. Symmetric encryption is a type of encryption where the same key is used to encrypt and decrypt the message. Can you explain how do I use symmetric encryption under PHP to store password in a text file and authenticate the user?

A. Symmetric encryption differs from asymmetric (also known as public-key) encryption, which uses one key to encrypt a message and another to decrypt the message.

PHP crypt() will return an encrypted string using the standard Unix DES-based encryption algorithm or alternative algorithms that may be available on the system. Arguments are a string to be encrypted and an optional salt string to base the encryption on. See the Unix man page for your crypt function for more information.

string crypt ( string $str [, string $salt] )

Consider following example.
$en_password : Stores encrypted password. You need to store this in database or flat text file.
$userPasswordInput : Holds user provided / supplied password via HTML page

If command is use to check encrypted password (hash) with user supplied password.

//Standard DES-based encryption with a two character salt called 'ge'
$en_password = crypt('secrete','ge');
if (crypt($userPasswordInput, $en_password) == $en_password) {
   echo "Password verified, you can login!";

PHP Function to write / store password to a file called /home/secure/.password

function updateAdminLoginPassword($new){
  //This is Blowfish encryption with a sixteen character salt starting with or $2a$
  $encryptedPassword = crypt($new, '$2a$didIL...fpSd78..$');
  // Open the file and erase the contents if any
  $fp = fopen("/home/secure/.password", "w");
  // Write the data to the file
  fwrite($fp, $Password);
  // Close the file
  echo '<h3>Password has been updated!<h3>';
  echo '<SCRIPT>alert(\'Password changed! You must login again to use new password\');</SCRIPT>';
  /* resetSession(); */

Function to verify a password (note we are using hash in both functions $2a$didIL...fpSd78..$):

function verifyPassword($password)
 $username= "admin";
// read encrypted password
 $fp = fopen("/home/secure/.password", "r");
 while ( $line = fgets($fp, 1000) ) { $encryptedpasswd=$line; }
 if ( $_POST["username"] == $username && (crypt($password,'$2a$didIL...fpSd78..$') ==  $encryptedpasswd) )
 { // allow login
		session_start(); //Initialize session data
                //store user login name and password
		$_SESSION['user'] = $username;
                $_SESSION['pwd'] = $encryptedpasswd;
                // display main menu
		header( "Location: /welcome.php" );
 {       // password is not correct or session expired due to password change
	header( "Location: /login.php?sessionnotfound=1" );

Above examples just provides you idea about php password encryptions and hash. You must consider other factors such as SSL http session, MD5 password / hash and mysql database to store password has etc.

Further readings:

Tweaking php For Maximum Execution Time For Scripts

I've been trying to migrate my webblogs using WordPress inbuilt import facility. I've exported current blog as a xml file and downloaded to my desktop. Next I navigated to my new blog's admin area and clicked on Manage > Import. However import failed after importing 50-60% posts only.

I went through Apache and PHP log files and I realized that the script was timed out. How do I fix this problem under Linux / UNIX?
[click to continue…]

Q. I’m trying to install lighttpd 1.5.0 while compiling source code I’m getting an error which read as follows:

checking for GTHREAD... configure: error: Package requirements (gthread-2.0 >= 2.4.0) were not met:

No package 'gthread-2.0' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables GTHREAD_CFLAGS
and GTHREAD_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

How do I fix this issue; I'm using Fedora Core 6.x.

A. You need to install a package called glib2-devel. Lighttpd 1.5.x+ requires glib2-2.4.0 or higher.

Type the following command if you are using Redhat (RHEL) or Fedora Core or Cent OS:
# yum install glib2-devel

If you are using Debian/Ubuntu try following command:
# apt-get install libglib2.0-dev
$ sudo apt-get install libglib2.0-dev

Now compile and install lighttpd:
# ./configure;make;make install