James Titcumb

PHP4 for me since starting at Netbasic has been a mere lifeless form of PHP that I used to get into web development. But reading this article reminded me that PHP4 will soon die.

Well, as I said recently, on a day for the PHP community dubbed as “8-8-8″ (referring to 8th August 2008), PHP4 will officially be halted. This means there will be no more development done for PHP4. Any new bugs will remain forever. Any developers still using PHP4 won’t get the support they used to. There won’t even be any security updates to seal up loopholes and hacks.

But on the upside, PHP5 will be the choice. We’re already on PHP 5.2.6 (stable), and the next version is well on the way. Now the article I linked to poses several questions:

• What if in 2 months time, evil hackers will find a bug in PHP4 that is exploitable?
• What if they write a spider that crawls the internet in search for applications that run PHP4?
• What if they target all those sites with malicious code?
• What if indeed there will be no fix for this exploit?
• What are you going to do?

There’s a simple answer to all these questions :- people really need to upgrade to PHP5. It’s really that simple. For developers, I think there’s actually very little to do (the odd thing is listed in the PHP5 Migration Guide). My move from PHP4 to PHP5 was simple and very very pain free (perhaps I was lucky?). Personally, I think it’s the web hosts that need to get their bums in gear. Following my article about Newnet, they’ve actually started using PHP5 for new hosts, and are offering free migrations from PHP4 to the newer PHP5 UNIX servers, so good on them, I fully back Newnet 100% in this descision.

At the end of the day though, a day will come when web hosts really do NEED to upgrade, perhaps because of some horrific bug that will destroy the universe. If I were those web hosts, I’d do it sooner rather than later. But as is the way with some companies - they use the ethos “if it ain’t broke, don’t fix it”. I used to think that, but I’ve learnt recently that with some things, even if it ain’t broke, you can make it more secure, work faster and work better.

Thankfully, here at Netbasic, we use PHP5 already, so I’m happy as chips.

So after a little hacking at lunch today, I discovered just why half my websites don’t work. It’s a very simple reason…

PHP4 vs. PHP5.

Yes, Newnet are still stuck in the year 2000, and are using the “favourite old shoes” version 4 of PHP. Please, Newnet, PLEASE upgrade to PHP5. Not for me, but for the sake of your hosting service. Not to mention the fact development for PHP4 actually stopped seven months ago! Not only that but security updates will be stopping in August apparently! Surely that’s two really big reasons to upgrade.

And that goes to every other webhost stuck on PHP4. At least provide two hosting options - one PHP4 for those developers stuck in the year 2000, and a PHP5 option for those developers who are modern and up-to-date.

This article is a good debate.

This article I found on the Mind Tree Blog sort of covers old ground for me, but it was interesting nonetheless. It’s interesting the way he doesn’t forward specific things, but rather everything in the URL… so we’d forward something like:

http://www.asgrim.com/channel/Google/news/something/

to:

http://www.asgrim.com/index.php?p=channel/Google/news/something/

and letting the PHP script decode the specifics of the URL, rather than setting up specific forwards like:

http://www.asgrim.com/index.php?module=channel&provider=Google&section=news&article=something

I’m not sure which I prefer. The method mentioned in the article does give extra flexibility without having to modify the .htaccess, but the latter gives more specification as to how the URLs should work. I guess at the end of the day it’s up to opinion.

Everyone already knows about the server downtime when they were trying to break the record blah blah.

The botch I’m talking about is my experience of downloading it this morning and trying it out.

My experience was about 15 minutes…

• 1 minute to download Firefox 3
• 1 minute to install Firefox 3
• 1 minute to find out half of my add-ons don’t work
• 1 minute to try and hack the MaxVersion to work and fail miserably
• 2 minutes to locate a Firefox 2 installer
• 3 minutes to download it from the stupidly slow FTP
• 1 minute to uninstall Firefox 3 and install Firefox 2
• 2 minutes to find out Firefox 2 kept crashing because the Firebug I upgraded to crashes it
• 1 minute to uninstall Firefox 2 and re-install it
• 2 minutes to set it up back to the way I like and restore my previous profile

I think I’ll leave Firefox 3 for a little while to get rid of teething issues.

I’ve always used fancy tools like PhpMyAdmin to create users in mysql etc. as I don’t normally remember the syntax.

Here it is:

CREATE USER 'username'@'hostname'
     IDENTIFIED BY 'password';
GRANT USAGE ON * . * TO 'username'@'hostname'
     IDENTIFIED BY 'password'
     WITH
          MAX_QUERIES_PER_HOUR 0
          MAX_CONNECTIONS_PER_HOUR 0
          MAX_UPDATES_PER_HOUR 0
          MAX_USER_CONNECTIONS 0 ;

For each database you want the user to access, do:

GRANT ALL PRIVILEGES ON `databasename` . * TO 'username'@'hostname';

This basically means: create a user, with password “password”, don’t allow them to access anything except USAGE. Then, allow them to do anything they want in database “databasename”.