Re: [Phpslash-devel] Re: Phpslash-devel digest, Vol 1 #176 - 1 msg
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
Re: [Phpslash-devel] Re: Phpslash-devel digest, Vol 1 #176 - 1 msg
|
From: Mike G. <mi...@op...> - 2003-03-18 15:47:58
|
Hi Luis, On Mon, 2003-03-17 at 23:28, Luis M wrote: > >Is this posted somewhere to take a look at? mailman's digest garbled > >the attachment pretty badly so I'd need to download it from somewhere > >else. > Working version (revised): > http://www.latinomixed.com/setup.php This looked nice. Might be good to have the setup.php guess the right answers to the location, but other than that it looks quite hopeful. > Script compressed: > http://www.latinomixed.com/setup.php.bz2 I suspect that your server isn't set to recognize .bz2's mime types. I could be way wrong on that, but I couldn't download it. > I figured a better way to parse the file. It now just submit the data to > itself and then the user will have to save the output using the "Save As..." > command from the browser window. This is just my 2c on this issue. But I would think that the easiest thing from the user perspective would be to: 1) check to see if the config.ini.php has write permissions a) if so write to directly to the file (with confirmation) if(is_writeable{config.ini.php}) b) if not send the config to the user via: header ("Content-type: application/txt\nContent-Disposition: inline; filename='config.ini.php'"); Think that this is valid, I had it as application/csv\nContent-Disposition previously. > Save this resulting file as Plain Text, and > give it a valid name "setup.ini". Of course the user will put this file > OUTSIDE of the web server space, thus there is no need to add the "; <?php > die() " lines ... but, to be safe, we could add those lines regardless. For security, the config.php could check to see that setup.php has been deleted before allowing the user to log in. This way they could see that its working and then delete it. either or both of these could be used to add security to make sure someone else can't edit the config afterwards. if(is_file(setup.php)) if(is_writeable{config.ini.php}) > The reason I did this is because sending a header to the browser that this > file is type text/ini or text/whatever, might cause the browser to display > the file anyway. So the "save file" would not do what it's supposed to do. True.. But its also another step for a user to go through.. What browsers would mix up the header? > I added other minor enhancements. I plan to allow the users to "preview" the > file and possibly feed it back to the same form to be re-edited... but > that's in the future. Only so much time.. Does the script populate the database or just write the config.ini.php for you? Mike -- Mike Gifford <mi...@op...> OpenConcept Consulting http://www.openconcept.ca |
