phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] FAQ? and admin authentication bugs


From: Patrick Price
Subject: [Phpgroupware-users] FAQ? and admin authentication bugs
Date: Mon, 09 Sep 2002 23:21:56 -0400
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020618 Netscape/7.0b1

Is there a phpGroupWare FAQ?

Some things I'd like to see or which would have helped during installation:

ICONS
Instructions to install alternate application icons. The navbar is one style while the app icons look like they were designed for the web from 10 years ago. Is there a collection?

INSTALLATION
Integration of generating header.inc.php and the setup/config functions. They seem to be two different functions and having one login for each doesn't make sense from a user standpoint. They are both critical to getting the basic site working. Why cannot header admin be called from one main config setup screen? Failing this, a quick install quide to explain this clearly, however....

... there is a BIG problem how these two (Header manage and setup/config admin) authenticate. I can login to header admin, hit back button, then hit reload, and I get the setup/config screen! No setup/config password required!

The reverse also works. Login (after closing browser) to setup/config screen, then enter URL /phpgroupware/setup/manageheader.php. No password required! The third problem with this is that once logged into setup/config admin, you cannot get the header admin login nor any links to header admin - you always get the setup/config admin if you go to /phpgroupware/setup until you close your browser and try again.

This is obviously broken. This works the same way even if the two admin passwords are not the same. Why two separate logins for two admin functions which are both critical and basically do the same things? Dependencies of setup admin on the header having been generated? Bah.


DOCUMENTATION
Better documentation! There's no information on security during install. I'll contribute if someone tells me how. If I can figure out how to make something work, I can document what I learn about it.

1: A quick TEXT install guide in the /phpgroupware root directory instead of having to dig around for /doc/en_US/html/admin/ to find the directions. UNIX people always look for an INSTALL or README file and there's nothing of the sort. I did find the /doc/README which contains:

PLEASE SEE THE index.html OR index.txt files.

which doesn't tell you where these files are.

2: No mention of file ownership for other files, only the /files subdir. It is implied that the webserver only needs to write to the /files and /tmp directories but not sure if this is true. Do I chown all /phpgroupware files to be owned by the webserver process? The docs don't mention this. Security...


I'm not carping on the project, but see instead a lot of Easily Solved things that will scare people away, and I want to find a good PHP groupware platform to work with.
Patrick Price
West Virginia University









reply via email to

[Prev in Thread] Current Thread [Next in Thread]