PHPNuke

software development

#1

Has anyone successfully installed PHPNuke? I have used Postnuke and had no problems with it. I like PHPNuke for the templates. I have installed it an get an admin loop to set the initial passwords and finish the install. If I go to the nuke site there are suggestions on modifying the php.ini in my SQL and change the value of “register_globals” flags to “On” But Dreamhost said it would change all databases on their server. Can anyone help me with this?


#2

Hey there,

I successfully installed a similar app, APC Action Apps(http://sourceforge.net/projects/apc-aa). I went through alot of hell to get it to work and had the same kinds of problems (special thanks to SHIN at Dreamhost who gave me some tips for work arounds). APC setup also recycles the same page if register_globals is not set to “On”.

Check the PHPNuke site and see if they mention PHPLIB. PHPLIB is a library of little widgets and classes that you need to initially define stuff for object-oriented programmed php scripts (Is this right, folks?) This is probably the big thing your missing. Here’s what I did for my apps and how I got around the php.ini file:

::Install PHPLIB
Do this by downloading it from http://sourceforge.net/projects/phplib and saving all the files to a folder at the root of your web directory. Then follow their installation instructions, “complete” not “quickstart”. “Quickstart” is for people who have access to php.ini.

Here’s a tip: In the file prepend.php3 make sure references to your web directory start with “/home”. This is the location of your web files specific to Dreamhosts local machine. (you’ll probably see this come up in error messages…).

::Getting around the OPEN_BASEDIR RESTRICTION
I’m not sure if you’ve already run into the open_basedir restriction:
https://kbase.newdream.net/index.cgi?area=2526
You’ll need to create a text file called .htaccess and put this in it to make your PHP scripts act like cgi scripts (users on Dreamhost are only allowed to execute cgi scripts):

AddType php-cgi .php .php3

You should place this file at the top of directories where there are any php or php3 files. It’ll take care of everything for you.

::After you’ve installed PHPLIB…
Read this handy note which I found on the FAQs (http://apc-aa.sourceforge.net/faq/#458) page for the apps I installed, which addresses the php.ini file:

"I have limited access to my box, how do I access PHPLIB?
If you are unable to edit php.ini, then you won’t be able to change the include path to point at PHPLIB, in this case edit the config file (yours may be called config.php) to add the following lines.

PHPlib directory if not on include path

$_PHPLIB[“libdir”] = “/www/mysite/phplib/php/”;

Change the site to point at the location where you have installed phplib.

You can also access PHPLIB by putting the following line in your .htaccess

php_value include_path “.:/usr/local/lib/php:/usr/local/lib/php/phplib”

So as I said it was a really crazy installation (and I ended up reading alot of installation documentation). But it all works now!

I hope this helps, or at least gets you on the right path.

  • Gilbert

#3

yeah i have installed PHPNuke and PostNuke and now i’m testing them both… and it seems that both work alright except one thing… they don’t send email to new registered users!
(its something i just told DH Support about & im waiting for their reply… )

other than that PHPNuke works perfectly and it has “data base backup” and “Optimize DB” links in admin area which are awesome features = that’s why i kind of like PHPNuke more than Post Nuke.
:slight_smile:

T.


#4

How did you go about the install? Did you just upload it and everything worked? Or did you have to go back and CHMOD all of the directorys to 755 and each of the files to 666 like they recommend. I have tried to install it 3 times now. I am a beginner to PHP. So far I have only been able to succesfully install PostNuke. I couldn’t find out anything about PhpLIb on the nuke sites. Thanks for the help…
PK


#5

yes you need to go back and CHMOD All .php files 666 and all directories 777 (not 755)!

& don’t forget to edit “config.php” file to set the
database options…

:slight_smile:

T.


#6

I thought we weren’t allowed to chmod anything 777 for security reasons? And that the suexec made 755 functionally equivalent to it but without the security risk? Or is that only with Perl scripts?

Lynna

Business: http://www.spidersilk.net
Personal: http://www.wildideas.net


#7

755 is just for perl scripts… PHPNuke works a bit different and it need that (777) writing permission for all directories and 666 for all files with .php extension…
if you don’t CHMOD all .php files 666, and All directories 777, PHPNuke won’t be able to read from them so… it won’t work properly
you’ll notice that when u finish the installation and try to access some of the modules or change the configuration settings…
trust me CHMOD 777 all directories and 666 all .php files & it’ll work like a charm :wink:

as for 777 & security… well there’s Always a huge security risk with 777 permission but, unfortunately, PHPNuke ( as almost all PHP portals) works that way! and it simply won’t work with other permission!

Thea


#8

[quote]as for 777 & security… well there’s Always a huge
security risk with 777 permission but, unfortunately,
PHPNuke ( as almost all PHP portals) works that way!
and it simply won’t work with other permission!

[/quote]

That’s not correct. If you run PHP as CGI instead of running it as mod_PHP, you can have the security of 755 and 644 file permissions.

To run a PHP script as a CGI, you can give the script a name ending in .pcgi instead of .php. If you have PHP scripts calling other PHP scripts, though, and are incapable of editing your scripts, you can simply add this line
AddType php-cgi .php
to your .htaccess file.


#9

deke wrote:
“That’s not correct. If you run PHP as CGI instead of running it as mod_PHP, you can have the security of 755 and 644 file permissions.
To run a PHP script as a CGI, you can give the script a name ending in .pcgi instead of .php. If you have PHP scripts calling other PHP scripts, though, and are incapable of editing your scripts, you can simply add this line…”

well, too much work anyway! u can just move your config.php file to some other (secure) place in your root dir and no need to run php as cgi! esp. if it is some large portal like phpnuke or postnuke! it’d be working like some cgi portal then, and it’d be slowing down the server (i think) = worse than some .cgi forums, YaBB for example.

my $0.02

Thea


#10

Moving your config file out of the htdocs directory tree won’t keep anyone from editing your scripts.

If adding one line to your .htaccess file is too much work, how much work is it to repair the damage that vandals can do?


#11

the main question here is…
Why would you use php as cgi script? If the php lack of security bothers you that much isn’t it easier to simply install some cgi portal? and btw i think i said why i think is better to just move the config.php to other location then to run the whole portal as cgi !
well written php scripts are easier on server than any cgi script so if you want to run huge portal like phpnuke or postnuke as a cgi… It’d be a real disaster.

you said:
“If adding one line to your .htaccess file is too much work, how much work is it to repair the damage that vandals can do?”

I just thought = too much work for nothing… if “vandals” want to hack your site they’ll do that one way or another! It’s just a matter of time!
They’ll hack my php site for like one afternoon and it’ll take them two days for your cgi version so why would i bother thinking about it!?

the best way to “protect” your site from hackers is to have a backup! :wink:
but hey! that’s just my opinion!
:wink:

Thea


#12

Is there anyone that can help me fix my PHPNuke?
Everything is loaded… It’s there… But I just get a loop in the Admin section http://www.deviant-racing.com/4V/admin.php
I create a superuser… goes to the next screen is the admin login and the default pass is “God” then password “Password” then goes into a loop. I have gone into Nuke Authors table and reset the password. Still does nothing but loop. I have searched all over the net for a solution and have had no luck. Maybe it’s in my config.php file
$dbhost = “mysql.deviant-racing.com”;
$dbuname = “XXXX”;
$dbpass = “XXXXX”;
$dbname = “4V”;
$prefix = “nuke”;
$user_prefix = “nuke”;
$dbtype = “MySQL”;
I’ve also tried $dbtype = “mysql”;
and has not worked either…


#13

your config.php looks perfectly okay

my suggestion is… firstly go and delete all cookies… close down the browser and when u open it again, go directly to your admin.php page and try to log in with your current admin ID and password.
if it doesn’t work, try this:

step 1: register a new user for example "testuser"
step 2: go to your MySQL MyAdmin and add “testuser” as admin as well ( with the same password)
step 3: go to index.php & login as a "testuser"
step 4: go to your admin.php and try to login as “testuser”.