KICS: Web Site Management

Non-profits that don't have their own domain name, however, will use youraccount.kics.bc.ca.
In this case, replace youraccount with your KICS Account name.

Please review these pages carefully. If you still can't find the information you need, request assistance by submitting a Support Ticket.

Web Site Management

Uploading files

The easiest way to get started is to open your browser and type in this address:

ftp://yoursite.com

(click to enlarge this image)

The first screen shows you the main directory with mail folders and your home folder. Double-click the folder labeled yoursite.com.

(click to enlarge this image)

Double-click the folder containing your web site.

After you open the yoursite.com folder, you can add, read, modify and delete your web site files.

To upload new files to your web site using Internet Explorer, drag the new files into the browser window. If you're updating an old file, you will be asked whether you want to overwrite the existing file. As soon as you have uploaded the files, you will be able to view them on your web site.

(click to enlarge this image)

Drag HTML files into your web site folder.

A much better, long-term solution is to use a specially designed FTP client program. Several such programs can be downloaded for free on the internet (see

You can also use a secure (encrypted) file transfer program such as WinSCP.

Find a web designer

You can find many local web design businesses listed on Discover Nelson. Choose one that suits your style and budget.

Here is a good article from ABC's of Small Business to get you started.

Make your own website

The first step to making your own web site is to get an idea of what you want on paper. Start with pen and paper; brainstorm for a while.

After you draw a mock up of your site, start story-boarding. Story-boarding is a mapping exercise which illustrates the connections among the pages of your site—just like the components of a story.

When it's time to begin coding your pages in HTML (the programming language understood by web browsers) you will find the following resources helpful.

A Beginner's Guide to HTML
http://archive.ncsa.uiuc.edu/HTMLPrimerP1.html

A Beginner's Guide to CSS
http://wdvl.internet.com/Authoring/Style/Sheets

HTML and web development tutorials
http://www.htmlgoodies.com

Free HTML and web development tutorials
http://www.devshed.com

A web designer's paradise
http://www.desktoppublishing.com/webparadise.html

Javascript
http://www.javascript.com

the www standards body
http://www.w3c.org

online technical dictionary
http://www.whatis.com

online technical dictionary
www.webopedia.com

HTML editing and authoring tools

These tools allow you write out an .html document and look at it using a browser. A WYSIWYG ("What You See Is What You Get") editor is a plain text editor and a browser tool rolled into one; it will show you your site as you build it.

WYSIWYG *free

*CoffeeCup HTML Editor
http://www.coffeecup.com

*Arachnophilia
http://www.arachnoid.com

*1st Page 2000
http://www.evrsoft.com/company

*CoolPage
http://www.coolpage.com

Dreamweaver
http://www.macromedia.com/software/dreamweaver

File Transfer Protocol (FTP) programs *free

*Commander FTP Client
http://www.internet-soft.com

*WS FTP
http://www.ipswitch.com

A Beginners Guide to FTP
http://www.ftpplanet.com/ftpresources/basics.htm

Cute FTP
http://www.cuteftp.com

Traffic Statistics

Visit your tools page:

    http://yoursite.com/tools

FrontPage Support

We don't support (or recommend using) the FrontPage server extensions. However, you can design your site using FrontPage. When you upload files to the server, use FTP instead of the default FrontPage protocol.

Using Server-Side Includes (SSI)

You can use server side includes in any HTML file. For example, to include the contents of a file at a given point in a page, do this:

    <!--#include 
	  file="includethisfile.html" -->

To insert the output of a CGI program, do this:

    <!--#include 
	  virtual="includethisprogram.cgi" -->

For more information, read the Server Side Includes section of the Apache web server documentation.

Installing CGI Programs

CGI execution is enabled by default on the KICS server.

Make sure the CGI program's filename ends with ".cgi".

When you use FTP to upload the CGI file, make sure to use ASCII mode (it might be called "text mode"). Don't use binary mode. If your FTP program has an "automatic" setting, that should work.

Almost any FTP program with have a function to change "Properties", "Permissions" or to CHMOD—essentially these are all synonomous ters. It should be fairly straight-forward to select a file and change its CHMOD. In this case, change it to 700 to make it executable.

If you log into your website using Telnet, SSH or Linux, simply use the following command:

chmod 700 example.cgi

Installing PHP programs

Make sure the PHP program's filename ends with ".php" or ".php3".

Make the file executable by using the "chmod" command, just like you would for a CGI program (see above).

PHP programs will only work if you have a file called "php.cgi" in your "yoursite.com" directory. This file is provided when your KICS Account is set up. If you delete it, you can restore it by logging in to your account via telnet or SSH and typing the following command:

    cp 
	  -p /usr/local/bin/php ~/yoursite.com/php.cgi

Learn more about CGI/ PHP/ SSI

CGI programs are often written in Perl. You can learn more about Perl by visiting www.perl.com.

For information about PHP, try www.php.net. Note that the KICS server uses the CGI version of PHP, not mod_php.

The Apache web server documentation contains a section about Server Side Includes.

Password protecting a folder

If you want to restrict part of your web site, so that a password is required to use it, you can use HTTP authentication.

user@kics: ~ $ cd yoursite.com/secretplace/
user@kics: ~/yoursite.com/secretplace $ htpasswd -c .htpasswd userone

New password: (type password here)
Re-type new password: (type password again)
Adding password for user userone
user@kics: ~/yoursite.com/secretplace $ htpasswd .htpasswd usertwo
[...]
user@kics: ~/yoursite.com/secretplace $ htpasswd .htpasswd userthree
[...]

The first time you use htpasswd, you need "-c" meaning "create". Subsequent times you can leave it out. For more info, type "man htpasswd"; for a summary of options, just type "htpasswd" by itself.

Create a file called .htaccess containing the following text. Put this file in the directory which you wish to protect.

Require valid-user
AuthUserFile /home/user/yoursite.com/secretplace/.htpasswd
AuthGroupFile /dev/null
AuthName "the secret place"
AuthType basic

Now, when you visit http://yoursite.com/secretplace, your browser will say something like "type username and password for the secret place at yoursite.com".

Use a custom PHP config file

The easiest way to do this is to put a php.ini file in the same directory as the PHP programs which require the custom configuration. For example, any settings in /home/example/yoursite.com/custom/php.ini will apply to files like http://yoursite.com/custom/bar.php.

However, if you want your settings to apply to http://yoursite.com/custom/foo/bar.php as well, then you must have another copy of php.ini in /home/example/yoursite.com/custom/foo/php.ini.

You should use chmod to set your php.ini file's mode (permissions) to 600. This prevents hackers from finding security weaknesses by reading your configuration file.

You can customize the PHP configuration for your entire web site -- rather than just one folder -- by creating an .htaccess file in your web site directory with the following code:

SetEnv PHPRC /home/example

. In this case, your configuration file should be stored in /home/example/php.ini.

The system's default configuration file is /usr/local/lib/php.ini—you may wish to use that file as a starting point for your custom php.ini.

You'll find a more detailed explanation in the next section.

Installing a custom php.inifile

Contributed by John Pritchard

Situation

It is sometimes desirable to have the ability to customize your PHP installation.

For example, you might want to turn "register_globals" off or on, modify the level of error reporting, add "include" pathways, or other such details. While this ability might not be of interest to the everyday user, it can provide an individual with adequate technical knowledge a lot of power and flexibility.

However, utilizing a customized php.ini file also involves RISK. Make sure you know what you are doing, and be willing to accept the responsibility that comes with using a modified "php.ini" file.

Mission

You will configure your Kootenay Internet Communications Society web hosting environment to utilize a custom php.ini.

Execution

The first thing you need to decide is WHERE you are going to put your custom php.ini file. I would strongly recommend that you place this file OUTSIDE of your web directory. While it might be convenient to place php.ini in your webroot, it is an obvious location and it may be possible for someone to read your php.ini file and look for security vulnerabilities. Instead, place your customized php.ini file outside of your webroot. [You can also avoid exposing your php.ini file by changing its permissions to 600 (-rw-------) but it is better to use more than one safeguard!]

For example, let's assume your KICS username is "testbed" and your webroot directory is "testbed.kics.bc.ca". We will create a directory named "php_customization" to hold your custom php.ini file. In the following steps, I'll outline what you'll want to do once you've established shell access to your account via SSH or Telnet.

See where you're at.
```
testbed@kics:~ $ pwd
/home/testbed
```

Create the directory and add a "default" php.ini file.

testbed@kics:~ $ mkdir php_customization
testbed@kics:~ $ cd php_customization
testbed@kics:~/php_customization $ cp /usr/local/lib/php.ini .
testbed@kics:~/php_customization $ chmod 600 php.ini
testbed@kics:~/php_customization $ ls
php.ini
testbed@kics:~/php_customization $ pwd
/home/testbed/php_customization

Create a PHP Information File.

Now, we'll place a file in our webroot that will tell us what php.ini file is being used. [From now on, I'll just use a "$" to refer to the shell prompt. Comments will be in square brackets].
```
[switch to your webroot directory]
$ cd /home/testbed/testbed.kics.bc.ca
[create the file "report-php.php"]
$ echo >report-php.php '<?php phpinfo(); ?>'
```
We can now visit the "report-php.php" file in our webroot to view our php configuration settings. This is accomplished by simply opening the page in any web browser. You'll want to look for the line titled "Configuration File (php.ini) Path". By default, it should read:
```
/usr/local/lib/php.ini
```
Keep in mind that the information displayed by the "phpinfo();" command can also provide people with sensitive information about your setup. So, as with your custom php.ini file, you'll want to take steps to protect it. I recommend naming the file something cryptic and deleting it when you are finished.
Point to your custom php.ini file.

To complete your setup, we simply need to add an .htaccess file that redefines the PHPRC environment variable. Place this file in your webroot.
```
$ cd /home/testbed/testbed.kics.bc.ca
$ echo >.htaccess 'SetEnv PHPRC /home/testbed/php_customization'
```
Visit PHP Info File and Confirm Customization

Visit the PHP Info file you created (i.e. report-php.php), give it a refresh, and see if the Configuration File (php.ini) Path has changed. If you've done everything correctly, it should now read:
```
/home/testbed/php_customization/php.ini
```
Modify your custom php.ini file

You can now modify the php.ini file in your "php_customization" directory and this file will be used by PHP in your webspace. Again, you need to know how to customize your php.ini file, but we're assuming you've got that one covered. Good luck!

Create a MySQL database

Please let us know if you'd like a MySQL database and we'll set it up for you. Send a request through our Support Ticket System.

Change your MySQL password

Log in by telnet or SSH and type this command:

    mysql -p youraccount

(Replace youraccount with your KICS Account name.)

You will be prompted for your old password. When you reach the " mysql>" prompt, type this MySQL statement:

    set password=password('new-password-goes-here');

Don't forget the semicolon at the end. To quit the MySQL client and return to the shell prompt, type control-D.

Secure your files

Each file and directory (folder) has a mode which determines who can read, write, and execute it. In the case of a file, "execute" refers to running the file as a program; in the case of a directory, the "execute" permission is required to use anything inside the folder.

If a folder is executable, but not readable, then the files inside can only be used if their exact names are known (getting a directory listing counts as "reading").

The absolute minimum workable permissions are:

dr-x-----x (501) for a directory containing php scripts
-------r-- (004) for .htaccess and .htpasswd
-r-------- (400) for a .php script
-r-x------ (500) for a .cgi program in perl/sh/etc
---x------ (100) for a .cgi program in a compiled language like C
-------r-- (004) for an .html file

Taking away the owner's permissions tends to be extremely annoying for the owner to work with, and provides a minimal security benefit, so these are more reasonable:

drwx-----x (701) for a directory containing php scripts
-rw----r-- (604) for .htaccess and .htpasswd
-rw------- (600) for a .php script
-rwx------ (700) for a .cgi program
-rw----r-- (604) for an .html file

For example:

$ cd
$ chmod 701 yoursite.com
$ chmod 604 yoursite.com/.htaccess
$ chmod 600 yoursite.com/example.php
$ chmod 700 yoursite.com/example.cgi
$ chmod 604 yoursite.com/example.html
$ ls -ld yoursite.com yoursite.com/* yoursite.com/.htaccess
drwx-----x  2 example  example  512 Dec 5 15:27 yoursite.com
-rw----r--  1 example  example   83 Dec 5 15:27 yoursite.com/.htaccess
-rwx------  1 example  example  540 Dec 5 15:27 yoursite.com/example.cgi
-rw----r--  1 example  example  900 Dec 5 15:27 yoursite.com/example.html
-rw-------  1 example  example  899 Dec 5 15:27 yoursite.com/example.php