added: a bunch of PHP related CGI files

Author: paulwratt

config.h

@@ -82,12 +82,61 @@
 ** If this many are already running, then attempts to run more will
 ** return an HTTP 503 error.  If this is not defined then there's
 ** no limit (and you'd better have a lot of memory).  This can also be
-** set in the runtime config file.
+** set in the runtime config file. Default 50 is limited for RPi.
 */
-#ifdef notdef
 #define CGI_LIMIT 50
+
+/* CONFIGURE: PHP scripts must match this pattern to get executed.  It's
+** a simple shell-style wildcard pattern, with * meaning any string not
+** containing a slash, ** meaning any string at all, and ? meaning any
+** single character; or multiple such patterns separated by |.  The
+** patterns get checked against the filename part of the incoming URL.
+**
+** Restricting PHP scripts to a single directory lets the site administrator
+** review them for security holes, and is strongly recommended.  If there
+** are individual users that you trust, you can enable their directories too.
+**
+** You can also specify a PHP pattern on the command line, with the -a flag.
+** Such a pattern overrides this compiled-in default.
+**
+** If no PHP pattern is specified, neither here nor on the command line,
+** then PHP scripts cannot be run at all.  If you want to disable PHP
+** as a security measure that's how you do it, just don't define any
+** pattern here and don't run with the -a flag.
+**
+** By using multiple CGI paterns and CGI PHP programs you can run multiple
+** versions of PHP, however using the PHP pattern will only execute the
+** first 'php-cgi' in $PATH. A combination is also possible, and for testing
+** or speed comparison purposes, it is possible to run v5.0.3 & 5.6.33 
+*/
+#ifdef notdef
+/* Some sample patterns.  Allow scripts only in one central directory: */
+#define PHP_PATTERN "/wordpress/*"
+/* Allow scriptss in a central directory, or anywhere in a trusted
+** user's tree: */
+#define PHP_PATTERN "/testing/**.php|/jef/**.php4"
+/* Allow any PHP script anywhere ending with a .php: */
+#define PHP_PATTERN "**.php"
+/* When virtual hosting, enable the central directory on every host: */
+#define PHP_PATTERN "/*/php5/**.php5"
 #endif
 
+/* CONFIGURE: How many seconds to allow PHP programs to run before killing
+** them.  This is in case someone writes a PHP program that goes into an
+** infinite loop, or does a massive database lookup that would take hours,
+** or whatever.  If you don't want any limit, comment this out, but that's
+** probably a really bad idea. Default uses standard PHP timeout (60 sec).
+*/
+#define PHP_TIMELIMIT 60
+
+/* CONFIGURE: Maximum number of simultaneous PHP programs allowed.
+** If this many are already running, then attempts to run more will
+** return an HTTP 503 error.  If this is not defined then there's
+** no limit (and you'd better have a lot of memory).  This can also be
+** set in the runtime config file. Default 10 is limited for RPi.
+*/
+#define PHP_LIMIT 10
+
 /* CONFIGURE: How many seconds to allow for reading the initial request
 ** on a new connection.
 */

php-cgi/mthttpd.php.conf

@@ -0,0 +1,10 @@
+## usage: sudo mthttpd -u _user_ -C ~/www/thttpd.php.conf
+## note: /home/_user_/www/cgi-bin/php -=> /usr/bin/php-cgi
+## replace _user_ with your username
+dir=/home/_user_/www
+#phpspat=**.php
+cgipat=/php3|**.php3|/php4|**.php4|/php5|**.php5|/php6|**.php6|/php7|**.php7|/php503|**.php
+logfile=/home/_user_/tmp/mthttpd.php.log
+nochroot
+port=80
+

php-cgi/multi-php.txt

@@ -0,0 +1,11 @@
+In mthttpd it is relatively easy to run PHP from '/usr/bin/php-cgi' with the included script 'mthttpd/www/cgi-bin/php.cgi'. It will even work with thttpd and sthttpd. NOT is uses CGI "path overloading".
+
+But what if you develop, test, compare or backport across different versions of PHP. What if you are reviewing or doing time trials.
+
+If any of the CGI programs from 'mthttpd/php-cgi/*' are placed in the root of the webserver, and a CGI pattern is applied, you can run any number of PHP versions, including sub-versions. As long as all the related binaries and libraries are seperated and locatable from the command line, they all can be used from mthttpd at the same time.
+
+The PHP pattern with execute the first 'php-cgi' in the $PATH. The crucial part for multiple PHP versoins is the CGI pattern. 
+
+ mthttpd -c "/php3|**.php3|/php4|**.php4|/php5|**.php5|/php6|**.php6|/php7|**.php7|/php503|**.php" -d /home/_user_/test/www
+
+NOTE: in order for this to work in a secure way, the PHP script must be marked as executable on the filesystem, becuase you will use CGI "path overloading" and it will check that the actual "script" to be executed has the "executable" bit set for that file, only then will it allow the CGI program to execute that script.

php-cgi/php3

@@ -0,0 +1,34 @@
+#!/bin/sh
+# "special" cgi->php redirect for thttpd & php3-cgi
+# eg. http:/localhost/php3/test/index.php
+#  ==  php3-cgi /home/sysop/devel/www/test/index.php
+
+if [ "$PHP_AUTH_USER" = "" ]; then
+  export PHP_AUTH_USER="admin"  ## FIXME:
+fi
+if [ "$PHP_AUTH_PW" = "" ]; then
+  export PHP_AUTH_PW="admin"    ## FIXME:
+fi
+
+if [ "$DOCUMENT_ROOT" = "" ]; then
+  export DOCUMENT_ROOT=/usr/local/www
+fi
+
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.php
+fi
+
+if [ "$SCRIPT_FILENAME" = "" ]; then
+  export SCRIPT_FILENAME=${PATH_TRANSLATED}
+fi
+
+EXT3=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+EXT4=${PATH_TRANSLATED#"${PATH_TRANSLATED%?????}"}
+if [ ! "$EXT3" = ".php" -a ! "$EXT4"= ".php4" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  exec /usr/bin/php3-cgi
+fi

php-cgi/php4

@@ -0,0 +1,34 @@
+#!/bin/sh
+# "special" cgi->php redirect for thttpd & php4-cgi
+# eg. http:/localhost/php4/test/index.php
+#  ==  php4-cgi /home/sysop/devel/www/test/index.php
+
+if [ "$PHP_AUTH_USER" = "" ]; then
+  export PHP_AUTH_USER="admin"  ## FIXME:
+fi
+if [ "$PHP_AUTH_PW" = "" ]; then
+  export PHP_AUTH_PW="admin"    ## FIXME:
+fi
+
+if [ "$DOCUMENT_ROOT" = "" ]; then
+  export DOCUMENT_ROOT=/usr/local/www
+fi
+
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.php
+fi
+
+if [ "$SCRIPT_FILENAME" = "" ]; then
+  export SCRIPT_FILENAME=${PATH_TRANSLATED}
+fi
+
+EXT3=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+EXT4=${PATH_TRANSLATED#"${PATH_TRANSLATED%?????}"}
+if [ ! "$EXT3" = ".php" -a ! "$EXT4"= ".php4" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  exec /usr/bin/php4-cgi
+fi

php-cgi/php5

@@ -0,0 +1,34 @@
+#!/bin/sh
+# "special" cgi->php redirect for thttpd & php5-cgi
+# eg. http:/localhost/php5/test/index.php
+#  ==  php5-cgi /home/sysop/devel/www/test/index.php
+
+if [ "$PHP_AUTH_USER" = "" ]; then
+  export PHP_AUTH_USER="admin"  ## FIXME:
+fi
+if [ "$PHP_AUTH_PW" = "" ]; then
+  export PHP_AUTH_PW="admin"    ## FIXME:
+fi
+
+if [ "$DOCUMENT_ROOT" = "" ]; then
+  export DOCUMENT_ROOT=/usr/local/www
+fi
+
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.php
+fi
+
+if [ "$SCRIPT_FILENAME" = "" ]; then
+  export SCRIPT_FILENAME=${PATH_TRANSLATED}
+fi
+
+EXT3=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+EXT4=${PATH_TRANSLATED#"${PATH_TRANSLATED%?????}"}
+if [ ! "$EXT3" = ".php" -a ! "$EXT4"= ".php5" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  exec /usr/bin/php5-cgi
+fi

php-cgi/php503

@@ -0,0 +1,34 @@
+#!/bin/sh
+# "special" cgi->php redirect for thttpd & php5-cgi v5.0.3
+# eg. http:/localhost/php503/test/index.php
+#  ==  php503-cgi /home/sysop/devel/www/test/index.php
+
+if [ "$PHP_AUTH_USER" = "" ]; then
+  export PHP_AUTH_USER="admin"  ## FIXME:
+fi
+if [ "$PHP_AUTH_PW" = "" ]; then
+  export PHP_AUTH_PW="admin"    ## FIXME:
+fi
+
+if [ "$DOCUMENT_ROOT" = "" ]; then
+  export DOCUMENT_ROOT=/usr/local/www
+fi
+
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.php
+fi
+
+if [ "$SCRIPT_FILENAME" = "" ]; then
+  export SCRIPT_FILENAME=${PATH_TRANSLATED}
+fi
+
+EXT3=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+EXT4=${PATH_TRANSLATED#"${PATH_TRANSLATED%?????}"}
+if [ ! "$EXT3" = ".php" -a ! "$EXT4"= ".php5" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  exec /usr/bin/php503-cgi
+fi

php-cgi/php6

@@ -0,0 +1,34 @@
+#!/bin/sh
+# "special" cgi->php redirect for thttpd & php6-cgi
+# eg. http:/localhost/php6/test/index.php
+#  ==  php6-cgi /home/sysop/devel/www/test/index.php
+
+if [ "$PHP_AUTH_USER" = "" ]; then
+  export PHP_AUTH_USER="admin"  ## FIXME:
+fi
+if [ "$PHP_AUTH_PW" = "" ]; then
+  export PHP_AUTH_PW="admin"    ## FIXME:
+fi
+
+if [ "$DOCUMENT_ROOT" = "" ]; then
+  export DOCUMENT_ROOT=/usr/local/www
+fi
+
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.php
+fi
+
+if [ "$SCRIPT_FILENAME" = "" ]; then
+  export SCRIPT_FILENAME=${PATH_TRANSLATED}
+fi
+
+EXT3=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+EXT4=${PATH_TRANSLATED#"${PATH_TRANSLATED%?????}"}
+if [ ! "$EXT3" = ".php" -a ! "$EXT4"= ".php6" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  exec /usr/bin/php6-cgi
+fi

php-cgi/php7

@@ -0,0 +1,34 @@
+#!/bin/sh
+# "special" cgi->php redirect for thttpd & php7-cgi
+# eg. http:/localhost/php7/test/index.php
+#  ==  php7-cgi /home/sysop/devel/www/test/index.php
+
+if [ "$PHP_AUTH_USER" = "" ]; then
+  export PHP_AUTH_USER="admin"  ## FIXME:
+fi
+if [ "$PHP_AUTH_PW" = "" ]; then
+  export PHP_AUTH_PW="admin"    ## FIXME:
+fi
+
+if [ "$DOCUMENT_ROOT" = "" ]; then
+  export DOCUMENT_ROOT=/usr/local/www
+fi
+
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.php
+fi
+
+if [ "$SCRIPT_FILENAME" = "" ]; then
+  export SCRIPT_FILENAME=${PATH_TRANSLATED}
+fi
+
+EXT3=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+EXT4=${PATH_TRANSLATED#"${PATH_TRANSLATED%?????}"}
+if [ ! "$EXT3" = ".php" -a ! "$EXT4"= ".php7" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  exec /usr/bin/php7-cgi
+fi

php.txt

@@ -0,0 +1,22 @@
+The following works with thttpd, sthttpd and mthttpd and PHP CGI as FastCGI, which is plenty fast enough for even heavy load on a RPi, if all it is doing is serving web pages (1Gb restriction).
+
+ATM the only way to get PHP functioning properly, in such a way that the same code can be used unmodified with Apache or another PHP SAPI web server, is by using CGI "path overloading" and a PHP bounce script that presets a few missing variables, most notably SCRIPT_FILENAME, which although not part of any CGI standard, makes PHP unuable with most CGI web servers (including thttpd) if not set.
+
+This PHP bounce script must also preparse PATH_TRANSLATED when its empty, replacing it with "DOCUMENT_ROOT/index.php", so that SCRIPT_FILENAME gets the correct value (and PHP knows what the hell is going on).
+
+thttpd is a strict CGI/1.1 web server, so it also does not pass along PHP_AUTH_USER or PHP_AUTH_PW. If you are having issues getting this to work with PHP Basic Authentication, you will probably need to provide thttp a .htpasssd which can be generated with the 'htpasswd' tool.
+
+You can use 'mthttpd/www/cgi-bin/php.cgi' where the 'www' would be the web server root, and a test url would be:
+ http://127.0.0.1/cgi-bin/php.cgi/test.php
+
+Note that 'mthttpd/www/test.php' must have executable writes for the same _user_ as the '-u _user' thttpd was started with. This just simplifies security for thttpd, while placing responsibility for who can execute what back on the webserver developer, operator or server admin. The default mthttpd user group is 'www-data' to simplify Apache & NgenX transitions.
+
+CGI "path overloading" simply means "everything in the url after the cgi name is a path from the root of the webserver". With the above example test url, the default thttpd filesystem translation (presented as SCRIPT_FILENAME in the bounce script) would be '/usr/local/www/test.php', and the CGI program would be at '/usr/local/www/cgi-bin/php.cgi', and both would have their executable bit set.
+
+If, for what ever reason, you choose not to have a '/cgi-bin/' folder, you can look a what can be done with the bounce scripts in 'mthttpd/pgp-cgi/*' and the thttpd conf file there.
+
+The last thing the bounce scripts does before passing everything along to PHP, is check the extension, and dump the html, text or download instead.
+
+NOTE: one of the main jobs of mthttpd is to pass common non-CGI standard environment variable, ones that SAPI modules mostly use, eg DOCUMENT_ROOT & SCRIPT_FILENAME.
+
+NOTE: the other main goal of mthttpd is to apply the v2.21 SAPI patch to modern versions of thttpd. This is currently a moot point, because as of late v5.?.? (v6?) the thttpd SAPI code was removed from PHP, because the current developers did not know what thttpd was, or how to enable a SAPI module for it. Plainly they were dickheads, however I did make a patch to reapply it to PHP. ATM Apache is the only PHP SAPI module server.

thttpd.c

@@ -868,6 +868,11 @@ parse_args( int argc, char** argv )
 #else /* CGI_PATTERN */
     cgi_pattern = (char*) 0;
 #endif /* CGI_PATTERN */
+#ifdef PHP_PATTERN
+    php_pattern = PHP_PATTERN;
+#else /* PHP_PATTERN */
+    php_pattern = (char*) 0;
+#endif /* PHP_PATTERN */
 #ifdef CGI_LIMIT
     cgi_limit = CGI_LIMIT;
 #else /* CGI_LIMIT */
@@ -936,6 +941,11 @@ parse_args( int argc, char** argv )
 	    ++argn;
 	    cgi_pattern = argv[argn];
 	    }
+	else if ( strcmp( argv[argn], "-a" ) == 0 && argn + 1 < argc )
+	    {
+	    ++argn;
+	    php_pattern = argv[argn];
+	    }
 	else if ( strcmp( argv[argn], "-t" ) == 0 && argn + 1 < argc )
 	    {
 	    ++argn;
@@ -993,12 +1003,9 @@ parse_args( int argc, char** argv )
 static void
 usage( void )
     {
-/*
     (void) fprintf( stderr,
-"usage:  %s [-C configfile] [-p port] [-d dir] [-r|-nor] [-dd data_dir] [-s|-nos] [-v|-nov] [-g|-nog] [-u user] [-c cgipat] [-t throttles] [-h host] [-l logfile] [-i pidfile] [-T charset] [-P P3P] [-M maxage] [-V] [-D]\n",
+"usage:  %s [-C configfile] [-p port] [-d dir] [-r|-nor] [-dd data_dir] [-s|-nos] [-v|-nov] [-g|-nog] [-u user] [-c cgipat] [-a phppat] [-t throttles] [-h host] [-l logfile] [-i pidfile] [-T charset] [-P P3P] [-M maxage] [-V] [-D]\n",
 	argv0 );
-*/
-    (void) fprintf( stderr, "usage:  paged [-C configfile] [-p port] [-d dir] [-r|-nor] [-dd data_dir] [-s|-nos] [-v|-nov] [-g|-nog] [-u user] [-c cgipat] [-t throttles] [-h host] [-l logfile] [-i pidfile] [-T charset] [-P P3P] [-M maxage] [-V] [-D]\n" );
     exit( 1 );
     }
 
@@ -2178,7 +2185,7 @@ thttpd_logstats( long secs )
     {
     if ( secs > 0 )
 	syslog( LOG_NOTICE,
-	    "  paged - %ld connections (%g/sec), %d max simultaneous, %lld bytes (%g/sec), %d httpd_conns allocated",
+	    "  mthttpd - %ld connections (%g/sec), %d max simultaneous, %lld bytes (%g/sec), %d httpd_conns allocated",
 	    stats_connections, (float) stats_connections / secs,
 	    stats_simultaneous, (long long) stats_bytes,
 	    (float) stats_bytes / secs, httpd_conn_count );

www/cgi-bin/bas.cgi

@@ -0,0 +1,26 @@
+#!/bin/sh
+# "special" cgi->bas redirect for thttpd & bas ANSI BASIC Interpreter
+# eg. http:/localhost/cgi-bin/php.cgi/test/index.bas
+#  ==       bas /home/sysop/devel/www/test/index.bas
+
+export DOCUMENT_ROOT=/home/sysop/devel/www
+if [ "$PATH_TRANSLATED" = "" ]; then
+  export PATH_TRANSLATED=${DOCUMENT_ROOT}/index.bas
+fi
+export SCRIPT_FILENAME=${PATH_TRANSLATED}
+
+EXT=${PATH_TRANSLATED#"${PATH_TRANSLATED%????}"}
+if [ ! "$EXT" = ".bas" ]; then
+  printf "Content-Type: "
+  file -b -i ${PATH_TRANSLATED}
+  echo
+  cat ${PATH_TRANSLATED}
+else
+  date=`date -u '+%a, %d %b %Y %H:%M:%S %Z'`
+  cat << EOF
+Content-type: text/html
+Expires: $date
+
+EOF
+  exec /usr/bin/bas ${PATH_TRANSLATED}
+fi