[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-users] FAQ? and admin authentication bugs
From: |
Patrick Price |
Subject: |
[Phpgroupware-users] FAQ? and admin authentication bugs |
Date: |
Mon, 09 Sep 2002 23:21:56 -0400 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020618 Netscape/7.0b1 |
Is there a phpGroupWare FAQ?
Some things I'd like to see or which would have helped during installation:
ICONS
Instructions to install alternate application icons. The navbar is one
style while the app icons look like they were designed for the web from
10 years ago. Is there a collection?
INSTALLATION
Integration of generating header.inc.php and the setup/config functions.
They seem to be two different functions and having one login for each
doesn't make sense from a user standpoint. They are both critical to
getting the basic site working. Why cannot header admin be called from
one main config setup screen? Failing this, a quick install quide to
explain this clearly, however....
... there is a BIG problem how these two (Header manage and setup/config
admin) authenticate.
I can login to header admin, hit back button, then hit reload, and I get
the setup/config screen! No setup/config password required!
The reverse also works. Login (after closing browser) to setup/config
screen, then enter URL /phpgroupware/setup/manageheader.php. No
password required!
The third problem with this is that once logged into setup/config admin,
you cannot get the header admin login nor any links to header admin -
you always get the setup/config admin if you go to /phpgroupware/setup
until you close your browser and try again.
This is obviously broken. This works the same way even if the two admin
passwords are not the same. Why two separate logins for two admin
functions which are both critical and basically do the same things?
Dependencies of setup admin on the header having been generated? Bah.
DOCUMENTATION
Better documentation! There's no information on security during
install. I'll contribute if someone tells me how. If I can figure out
how to make something work, I can document what I learn about it.
1: A quick TEXT install guide in the /phpgroupware root directory
instead of having to dig around for /doc/en_US/html/admin/ to find the
directions. UNIX people always look for an INSTALL or README file and
there's nothing of the sort. I did find the /doc/README which contains:
PLEASE SEE THE index.html OR index.txt files.
which doesn't tell you where these files are.
2: No mention of file ownership for other files, only the /files subdir.
It is implied that the webserver only needs to write to the /files and
/tmp directories but not sure if this is true. Do I chown all
/phpgroupware files to be owned by the webserver process? The docs
don't mention this. Security...
I'm not carping on the project, but see instead a lot of Easily Solved
things that will scare people away, and I want to find a good PHP
groupware platform to work with.
Patrick Price
West Virginia University
- [Phpgroupware-users] PHP 4.2.2 supported?, (continued)
Re: [Phpgroupware-users] Installation - cannot login, Chris Weiss, 2002/09/09
Re: [Phpgroupware-users] Installation - cannot login, Dave Hall, 2002/09/09
Re: [Phpgroupware-users] Installation - cannot login, Chris Weiss, 2002/09/09
Re: [Phpgroupware-users] Installation - cannot login, Chris Weiss, 2002/09/09