Using PHP on GridSites

From GridSiteWiki

PHP ( is a popular server side scripting language, which is typically used to generate web pages dynamically by mixing sections of PHP code (similar to C or Javascript) inside HTML. PHP works well on Apache / GridSite servers, and access to PHP pages can be controlled in the same way as CGI programs.

The environment variable GRST_PERM, which is exported to CGI, PHP and other dynamic content by mod_gridsite, holds a bitmask with the permissions the client has in the context of the current page. The permissions defined in gridsite.h are currently (GridSite version 1.1.11):


Page access is denied by mod_gridsite if GridSite access control is enabled and the client does not have the GRST_PERM_READ permission. PHP scripts can test GRST_PERM for additional permissions. GRST_PERM_EXEC is especially useful, since it is not used by mod_gridsite and can be assigned a meaning by PHP or CGI scripts (eg the ability to modify a database through a PHP/HTML form, without giving users GRST_PERM_WRITE and the ability to modify the PHP script itself.)

This example shows a skeleton PHP page which uses the GRST_PERM_LIST permission to decide whether to show the Manage link in the page footer. The rest of the PHP near the footer simulates the standard GridSite footer inserted into HTML pages when mod_gridsite's page formatting is enabled:

 <title>Dynamic page title!</title>
 <?php include "/var/www/htdocs/gridsitehead.txt"; ?>
 <h1>Welcome to this page!</h1>

 <p>Interesting, dynamic page content, written in PHP.

  // Do a GridSite-like admin footer, but in PHP
  if ($_SERVER["SSL_CLIENT_S_DN"] != "")
   print "<small>You are " . $_SERVER["SSL_CLIENT_S_DN"] . "</small><br>";
  print "<small>";
  if ($_SERVER["GRST_PERM"] & 4)
   print "<a href=\"/gridsite-admin.cgi?cmd=managedir\">Manage directory</a> . ";
  if ($_SERVER["HTTPS"] == "")
   print "<a href=\"https://www.dom.ain/\">Switch to HTTPS</a> . ";
  print "<a href=\"https://www.dom.ain/\">Switch to HTTP</a> . ";
  print "<a href=\"/website/gridpp-user.html\">Website help</a> . ";
  print "Built with <a href=\"\">GridSite</a></small>";
  include "/var/www/htdocs/gridsitefoot.txt";

But remember, when you give someone the ability to upload PHP on your site, you are effectively giving them command-line access as the user which runs the PHP - probably apache! It may be better to use gsexec and PHP as a CGI script in some situations.