ForwardTrack as currently released requires mod_rewrite
and mod_php. That is, it will only run under PHP as an
Apache module. If you try to run it under PHP as a CGI
executable (not uncommon on shared hosting platforms
for security isolation), there are two problems:
1) The php_value directives in .htaccess aren't
recognized, which can cause the script to exit with an
error.
2) $PHP_AUTH_USER and $PHP_AUTH_PW are not available to
PHP running as a CGI executable.
I've made some modifications to work around these
problems and would like to join the development team so
I can share the changes. I'm working actively to get
ForwardTrack working for an active political campaign,
so I expect additional improvements going forward.
The fixes I've implemented:
1) Created an alternate set of .htaccess and
config.inc.php files that convert the php_value
directives from .htaccess into ini_set() calls in
config.inc.php.
2) Changed admin authentication to use PEAR::Auth
instead of basic HTTP authentication.
Some notes:
* ini_set() doesn't work for magic_quotes_gpc in PHP
versions > 4.2.3. That means those versions of PHP
must have magic_quotes_gpc set to zero/Off in php.ini.
I have a plan for removing the dependency on the
magic_quotes_gpc setting completely, so ForwardTrack
will work correctly regardless of the setting.
* PEAR::Auth requires the PEAR:Auth package to be
installed, obviously, so I've included it in the update.
* PEAR::Auth requires a user/passwd table to be added
to the schema. I've updated lib/FT/App/schema.sql to
create this table, ft_auth, with a default admin
user/pass of admin/ft. While not very secure, this is
at least as secure as the default admin security in the
current release of FT (none).
* To change the user/pass currently requires executing
a SQL statement directly against the MySQL database. A
future release will include a "change my password"
function, as well as a designated "super-admin" with
the ability to create additional admin logins. I'm
also considering adding access control to give each
administrator access to a specific set of campaigns, or
to all campaigns, but the UI requirements for that make
it too much trouble for me at the moment.
* The login page is currently hardcoded in
AdminApp.class.php. It should use teh View class to
generate a Smarty template-driven login page, but I'm
having some trouble with scope issues. This should be
addressed, but the hardcoded form is better than
nothing for now.
* There are already login and logout actions listed in
dispatch.php, but with no code behind them. For ease
of maintenance, the login and logout features should be
integrated into the FT state machine in the same way
that other features are.
The attached tarball has the files you need to run FT
under PHP as a CGI executable.
* * * WARNING * * *
Because of the change to PEAR::Auth, this will break
any FT installation that's currently using HTTP
authentication.
* * * * * * * * * * * * *
You'll need to add the ft_auth table and add your admin
user with the following SQL (change the username and
password as appropriate--default is admin/ft):
CREATE TABLE `ft_auth` (
`username` varchar(50) NOT NULL default '',
`password` varchar(32) NOT NULL default '',
PRIMARY KEY (`username`),
KEY `password` (`password`)
);
INSERT INTO `ft_auth` VALUES ('admin', md5('ft') );
