cancel
Showing results for 
Search instead for 
Did you mean: 

Please can we get updated PHP?

Adam1V
Grafter
Posts: 223
Registered: ‎31-07-2007

Please can we get updated PHP?

I know its been asked before, but Plusnet are running such a low version of PHP, its barely worth having.
None of the applications we're looking at can run on such an old system.
Im looking for a modern/presentable Open Source commerce platform. OS Commerce just looks too old, there isnt many other applications available Sad
10 REPLIES 10
Chris
Legend
Posts: 17,724
Thanks: 600
Fixes: 169
Registered: ‎05-04-2007

Re: Please can we get updated PHP?

Hi Adam,
It's something we are looking at and making some progress on. Have a look at the blog here for more details.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Adam1V
Grafter
Posts: 223
Registered: ‎31-07-2007

Re: Please can we get updated PHP?

That does sound like good news Chris.
So to get this straight in my head (im not tech savvy), Data will be physically moved from plusnet servers to Plesk servers, the DNS names will be changed to point to the Plesk servers.
So hopefully the outcome will be my User Forum which uses SQL at the backend will still talk to the front end CGI without me having to make any modifications? (providing ccgi.username.force9.co.uk is found on the plesk servers?
oldgustav
Grafter
Posts: 52
Registered: ‎30-07-2007

Re: Please can we get updated PHP?

Hi Adam,
I just came across your post after posting something broadly similar here: http://community.plus.net/forum/index.php/topic,69283.msg566700.html#msg566700. Perhaps we are having similar problems.
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Please can we get updated PHP?

To be clear Adam, you'll need to move your site at some point yourself - There are simply too many differences between the old system and the new one for us to do it automatically.
If you follow the instructions there, you can set that up and take advantage of the newer version of php now.
Ian
Gabe
Grafter
Posts: 767
Registered: ‎29-10-2008

Re: Please can we get updated PHP?

Hmm. The version of PHP on PAYH is newer, but (IMHO) it's not set up securely enough for commerce just yet. I think it's a hobbyists-only zone at the moment.
I'm sure we're all nice people here, but, if you're on the same server as I am, I can read and write to your PHP-generated files and you can read and write to mine.
I'm sure Plusnet will fix this at some point. I hope it's soon.
Gabe
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Please can we get updated PHP?

Hmm -  I think you're going to have that problem, to a lesser or greater degree, with any shared service. By the sounds of it what you need is outside of the realms of the PAYH shared hosting solution and what you need is virtual or co-located hosting?
I'm not saying we won't offer those things in the future, but I can say for sure that they won't be free!
Ian
Gabe
Grafter
Posts: 767
Registered: ‎29-10-2008

Re: Please can we get updated PHP?

I'm sorry, but that is simply misleading. This is not the place to discuss it, but if you are the Ian Wild with the broken WP site at www.ianwild.plushost.co.uk, would you mind if I left you a short list of urgent fixes as a text file in there?
Quite apart from anyone wanting to run a shop on PAYH, there are people running children's nursery sites on PAYH. Do you really find the current state of security acceptable?
Gabe
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Please can we get updated PHP?

That's not actually my site, although it was my test space originally. Anyhow, I'd be most grateful if you could drop me a list of vulnerabilities you're aware of that apply to the service via (PM or email - iwild@plus.net) and I will make sure these are addressed.
Ian
xpcomputers
Grafter
Posts: 461
Thanks: 1
Registered: ‎13-04-2007

Re: Please can we get updated PHP?

Ian,
I might be completely wrong, but I read Gabe's comment as suggesting that they feel the whole PAYH platform is unsafe, and that they could prove it, by adding a file to your webspace from their own webspace account. If I am right in that, then they are asking for your permission to prove that vulnerability by posting a text file into your webspace (as a proof of concept).
Of course I might have got the wrong end of the stick completely, in which case, ignore my mad ramblings!
Mike
Gabe
Grafter
Posts: 767
Registered: ‎29-10-2008

Re: Please can we get updated PHP?

Hi Mike,
You got the right end of the stick, but after sending Ian a more conventional message the point was accepted and acted upon without the need to prove it.
With safe mode off, unless other measures are taken, it opens up a straight-forward way to bypass the open_basedir restriction, allowing users to write to each other’s directories while only changing the mod date on Apache-owned files, which you might not notice.
I had originally assumed that these other measures had been taken, then discovered that they hadn’t, and finally the penny dropped that people were going live with sites that should be more secure, so I made a fuss.
Safe mode is now back on. I hope this is only temporary. IMHO, one or other of the methods for running PHP as the individual user rather than Apache would be the best solution.
Gabe