auto_prepend_file is used to globally include a file for every php script execution. Its use has been limited in the php developer community. However I might have found a good reason to use it.
Since it's effects are truly global, and there is a good chance that after a while, one may not remember about having set some of these initial scripts/settings to be run. This can cause a great deal of confusion and frustration. Any usually anything global like this is usually trouble, unless you are trying to debug and manipulate something temporarily. It is probably for this reason and may be any other. Anyway, I believe I might have found one good permanent use for this option. A number of times we are forced to hardcode settings in php application config files. One thing I always have to set is the use of remote SMTP for mail delivery. Having set this “host/user/pass” in multiple config files, it is not easy if you decide to use a different SMTP host or if you have to change them often (if you have limits on SMTP usage). Here is where auto_prepend_file gets very useful. You can define a include file that sets these user defined variables and then use these variables in your individual config files instead of hardcoded values.
Below are the steps. Your actual file locations may vary.
<?php # Global include file called in "auto_prepend_file" # $usr_def_smtp_host = 'some-smtp-server.com'; $usr_def_smtp_username = 'some_user'; $usr_def_smtp_password = 'some_password'; # ?>
Security considerations are always interesting - especially in anything global. The file will be read by the user running apache and hence apache needs to at least read priviledges to the file. The suggestion would be to make it
User type | User/Group | Priviledges |
---|---|---|
Owner | root | R W - |
Group | www-data | R - - |
Others | n/a | - - - |
I believe in security only as required. So this setup gives the root RW and apache R and that is all you will need to manage this.
The command line php uses a different ini file setting. So if you want to use these settings for command line make sure you update that as well to use the same or different include. Again validate security considerations based on the user who will run the script.