Using PHP on GridSites
The environment variable GRST_PERM, which is exported to CGI, PHP and other dynamic content by mod_gridsite, holds a bitmask with the permissions the client has in the context of the current page. The permissions defined in gridsite.h are currently (GridSite version 1.1.11):
GRST_PERM_NONE 0 GRST_PERM_READ 1 GRST_PERM_EXEC 2 GRST_PERM_LIST 4 GRST_PERM_WRITE 8 GRST_PERM_ADMIN 16
Page access is denied by mod_gridsite if GridSite access control is enabled and the client does not have the GRST_PERM_READ permission. PHP scripts can test GRST_PERM for additional permissions. GRST_PERM_EXEC is especially useful, since it is not used by mod_gridsite and can be assigned a meaning by PHP or CGI scripts (eg the ability to modify a database through a PHP/HTML form, without giving users GRST_PERM_WRITE and the ability to modify the PHP script itself.)
This example shows a skeleton PHP page which uses the GRST_PERM_LIST permission to decide whether to show the Manage link in the page footer. The rest of the PHP near the footer simulates the standard GridSite footer inserted into HTML pages when mod_gridsite's page formatting is enabled:
<title>Dynamic page title!</title> <?php include "/var/www/htdocs/gridsitehead.txt"; ?> <h1>Welcome to this page!</h1> <p>Interesting, dynamic page content, written in PHP. <?php // Do a GridSite-like admin footer, but in PHP if ($_SERVER["SSL_CLIENT_S_DN"] != "") print "<small>You are " . $_SERVER["SSL_CLIENT_S_DN"] . "</small><br>"; print "<small>"; if ($_SERVER["GRST_PERM"] & 4) print "<a href=\"/gridsite-admin.cgi?cmd=managedir\">Manage directory</a> . "; if ($_SERVER["HTTPS"] == "") print "<a href=\"https://www.dom.ain/\">Switch to HTTPS</a> . "; else print "<a href=\"https://www.dom.ain/\">Switch to HTTP</a> . "; print "<a href=\"/website/gridpp-user.html\">Website help</a> . "; print "Built with <a href=\"http://www.gridsite.org/\">GridSite</a></small>"; include "/var/www/htdocs/gridsitefoot.txt"; ?>
But remember, when you give someone the ability to upload PHP on your site, you are effectively giving them command-line access as the user which runs the PHP - probably apache! It may be better to use gsexec and PHP as a CGI script in some situations.