Notes on installing IIS 6.0 with PHP 5

Installing PHP5 on IIS 6.0 has some security issues and some installation tips, which are not easily found by general managers, so if anyone wants PHP 5 at You can refer to this article when IIS is executed above. --- If you install ISAPI Module for PHP5 ( php5isapi.dll ), in the case of anonymous access, the default PHP5 will be executed as anonymous access ( IUSR_MachineName ). However, if you install FastCGI Extension for IIS6.0 and execute it with PHP5, in the case of anonymous access, it is executed as NETWORK SERVICE. The difference between the two is very important for you to set the access control list (ACL) of the website directory. If you accidentally set the error, your PHP program can easily create a directory and write the file to your website. For example, if PHP finds any security vulnerabilities and you don't have time to update the PHP version, and the site directory permissions are not set correctly, it will be easily implanted into the Trojan. This is very dangerous and has to be cautious. Acting. --- In addition, if you install multiple different PHP websites on one IIS, it is also recommended not to use the same identity for site settings. Otherwise, everyone sharing the same permissions is also risky for website security. --- I personally recommend using FastCGI to execute PHP. In addition to being more stable, the execution speed will be faster. --- If you want all *.htm files to be executed in PHP, the application file name in the custom application settings corresponds to the FastCGI installation. The steps are as follows: Add a new .htm Corresponding value, and set the executable file path to C:\\WINDOWS\\system32\\inetsrv\\fcgiext.dll Open C:\\windows\\system32\\inetsrv\\fcgiext.ini Profile [Types] php=PHP-All htm=PHP -All Note: You do not need to restart IIS will take effect! --- If you need to upload files via PHP and use the move_uploaded_file function, if User uploads "Medium Document Name", the file will not be saved. To solve this problem, you must rewrite the program. The original program: move_uploaded_file($file['tmp_name'], $dir . mb_basename($file['name'])) Modified program: move_uploaded_file($file['tmp_name'], $dir . mb_basename(mb_convert_encoding( $file['name'], "big5","utf8")))--- After PHP 5 is installed on the Windows platform, there will be a "time zone" problem. The time zone is normal when the Linux platform is executed. , which is the standard Taiwan time zone GMT +0800, but will be reset to GMT +0000 (Greenwich Mean Time Zone) when moved to the Windows platform. To solve this problem, the TZ variable must be added to the WIndows system environment variable, and Assign the variable value to Asia/Taipei, as shown below: After the setting is completed, remember to execute the iisreset command to take effect! If you want to query the time zone variable values ​​of other countries, please refer to the following website: http://www.theprojects.org/dev/zone.txt Please read the following documents when installing PHP 5.x on Windows Server 2003/IIS 6.x. The process of getting it working is really frustrating, so I hope that my experience can make others less detours. Before installing PHP 5 according to the web tutorial (there is a good one here: http://www.peterguy.com /php/install_IIS6.html) Please read the following tips: These are the permission settings I found to work safely: NTFS permissions (right click on a file or folder, select Properties, open the security page) 1) PHP installation directory -> You need to give NT users: 'Network Service' read/run permissions (eg C:\\PHP). If you have a tmp or session directory in the installation directory, you need to read/run these directories to the 'Network Service' user and Write permissions. * (You don't need any permissions on the PHP installation file for anonymous Internet users 'IUSR_[name]'. 2) You need the actual WWW root directory and web page .php file (if you want to apply to all sites) Or the root directory of each site and the .php file (if multiple running sites) to the anonymous Internet user 'IUSR_[name]' read/run permissions 3) For the IIS6.0 console, if the site properties (right click on some Separate site or site root node to apply to all sites -> Select properties) On the Directory Security page -> Click Edit, if you want the site to be accessed anonymously, select the checkbox for anonymous access and enter the username: 'IUSER_[name]' (IUSER_[name] is customized according to the user settings of your server) 4) *The most important * According to other people, when installing and setting PHP.INI, do not open any extension EXTENSIONS first. The reason is that if an extension extension fails, the error prompt will pop up outside the remote desktop, you will not be able to close the dialog, and your PHP page will hang indefinitely (after this problem occurs, in order to solve me almost Go crazy) Then after you successfully open the test PHP page, go to the extended extensions in the PHP.INI file all at once. If you have any tips that I didn't mention, please email me. Again Ming, I am not a professional, but also learning.