PHP Updates

All news regarding Liway can be found here.

PHP Updates

Postby Max » Sat May 26, 2012 4:27 pm


This follows on from our April announcement about the roll-out of PHP 5.4. I have decided to wait a couple of weeks from when PHP 5.4.1 was originally released due to a series of PHP bugs involving URLs, which resulted in several quick releases from the PHP team. I will note that the bugs did not affect our server at any point in time due to our particular setup. Now that it is clear there won't be any more releases in direct relation to that messy affair, I've gone ahead and made the planned updates, as well as others.

Important note regarding MySQL passwords
Prior to MySQL 4.1, MySQL stored passwords as a 16 byte long hash, and with 4.1+ it has been a 41 byte hash. However for various compatibility reasons, these 16 byte long so called "old-style mysql passwords" have been used. In order to proceed forward, we must ask all users to update their MySQL passwords so that they will be stored as 41 byte hashes.

Why is this necessary?
The PHP team has written a new PHP extension to replace the old MySQL client library used previously - libmysql. The new extension is the MySQL native driver for PHP - called mysqlnd. It has significant performance and other improvements due to it's tight coupling with PHP. However it also does away with the compatibility to these old style MySQL passwords. Note also that it does not affect the mysql, mysqli and mysql_pdo APIs in any way.

When is this change happening?
We have compiled PHP 5.4 with the old MySQL client library for now - however we will recompile it with mysqlnd on the 16th of June Delayed indefinitely - by which time you should be ready!!

What do I need to do?
Trying the change your MySQL user passwords in cPanel will not work because cPanel will try to compare the old password you enter which will be hashed using the 41-byte method, with the 16 byte hash stored in the database. You must instead do the following:
  1. Log into cPanel, and go to MySQL Databases.
  2. Delete all your MySQL users (but just the users - no need to touch the actual databases!).
  3. Re-create your MySQL users (you can use the same password as they had before or another, it doesn't matter).
  4. Re-assign each MySQL user to their appropriate database as before you deleted them.
  5. Test that you have done everything correctly by editing the .htaccess file in your /public_html directory and adding this line to make your website run in PHP 5.4 with the new mysqlnd.
  6. Go to your site, if you have multiple scripts/sites/whatever installed which use different MySQL users, then check them all!
  7. If everything is as usual and there are no connection errors, then congratulations you've done everything correctly.
  8. After testing, you should now remove that line from your .htaccess file.

All in all this should not take more than a couple of minutes. You can do all the MySQL users at once or one by one - it doesn't matter. But you do need to do this, otherwise all your MySQL-related PHP code will cease working on the 16th of June! delayed indefinitely

Summary of changes we've made

  • PHP 5.4.3 is now our default PHP offering, running as an apache module
  • PHP 5.4.3 is also running as under CGI separately to allow users to test the new mysqlnd extension
  • PHP 5.3.13 is now running in CGI, and you can enable it for any directory(ies) in your hosting account
  • PHP 5.2.17 is still running in CGI, but it is obsolete, unsupported, and there is no reason to be using it - if you are still using PHP 5.2, please make sure you move off it ASAP, we make no guarantees for how long it will continue to be on our server.
  • ImageMagick has been updated to the latest 6.7.7
  • imagick has been updated to the latest 3.0.1 for the 5.3 CGI install, and to 3.1.0RC1 for the 5.4 PHP install (using RC for compatibility reasons)
  • ionCube loader has been installed for both PHP 5.3 and PHP 5.4 by request
  • We have for the first time disabled E_STRICT for PHP error-reporting. The reason for this is that PHP 5.4 STRICT has changes to OOP standards which are incompatible with PHP 4 - which some script developers unfortunately choose to maintain (for now). All developers are encouraged to enable E_STRICT through the .htaccess file. If you are unaware of how this can be done, your can read about it here, and the error reporting level you are after as of 5.4 is simply E_ALL.

Further Reading & Links
Posts: 1044
Joined: Sat Jul 18, 2009 3:17 pm

Re: PHP Updates

Postby jimmybond » Wed May 30, 2012 11:27 am

Thanks for the detailed explanation! As to the steps to upgrade MySQL passwords,there may be a better way than in the post: First create a new user in Cpanel MySQL Database option (with the same password as old account),then grant the new MySQL user with exactly the same privilege as old ones. And then update the blog/CMS/forum script's MySQL connection tokens with the new user name(password can leave the same ones), check your site to make sure all is working properly. When all is done,you can remove the old MySQL user safely.
This way to change MySQL passwords can avoid the site's downtime due to deletion of old MySQL users and can make the transition almost seamlessly (I've tested above steps on my experimental site), Hopefully this can help someone!
New around here
Posts: 49
Joined: Sat Dec 11, 2010 7:55 am

Re: PHP Updates

Postby Max » Wed May 30, 2012 12:22 pm

That's not untrue, I guess because it is so quick I didn't consider you could do that :P
Posts: 1044
Joined: Sat Jul 18, 2009 3:17 pm

Return to Announcements

Who is online

Users browsing this forum: No registered users and 2 guests