Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
I found the config.lib.php file under config directory with 644 permissions ( -rw-r--r-- 1 root root 4319 Aug 16 16:04 config.lib.php ). That means it is world readable and it contains mysql user's password in clear text under "C_DB_PASS". Is it a security hole or it is perfectly fine? Please guide.
Thanks for reply. Well, I used the std version. I want to implement plus version now. But really don't understand how to configure it. I could not find the setup.php under the directory after unzipping it. Also the chat directory doesn't contain necessary stuff all the stuffs are scattered into root directory called 'plus'. Also, don't understand which version should I use, phpMyChat-Plus_1.90_fixed_070414 OR phpMyChat-Plus_1.90_fixed_060917. Also the fixes provided are confusing, should it be implemented after extracting the zip files? Any help would be highly appreciated.
Well, there is an install folder into the main archive (phpMyChat-Plus_1.90_070414) - read the Instructions.txt file included in that folder. Also docs folder contains some documentation.
The archives you downloaded contain only the patched files, for those running a previous version. You won't need it if you get the latest full pack from the same download page.
For further help you can contact me on YM (ciprianmp).
Hope this helps,
As far as I tried, I couldn't retrieve nothing out of config.lib.php content. It is protected by .htaccess file, as well as several indexes that redirects. It shouldn't be readable from a remote address.
Please take your time and knowledge and try to get a word out of that file. If you/anyone else succeed, please let me know asap.
PS: I checked that on both versions, don't know if you're using std or plus.