Get a cup of coffee, some cookies or whatever you need to feel comfortable.
Sit down in your favourite char and relax a minute or so ,-)) Installation
will probably take 15-30 minutes, depending on your experience and is
quite easy to handle.
You should start with untaring the downloaded archive to a location
of your choice. This is likely to be somewhere in you web servers repository.
You end up with a few folders below the cutemarks folder
- \: This is basically where all PHP-scripts, reside
- \doc: Guess what... <g>
- \sql: Just a single sql script needed for creating the tables
- \include: Library files that get included by the php scripts.
- \templates: Every PHP script has a corresponding template, e.g. an
index.php calls a index.tpl in the templates directory to display itself.
Some more templates exist for special purpose, e.g. for displaying links
Set up a MySQL database. Depending on your provider this procedure may
vary so I cannot give any advice to it. There is no other database type
than MySQL supported for CuteMarks right now. But you may accompany me
in developing this tool and provide additional code for other databases
,-)) To configure cutemarks later on you need
- The database server name or IP,
- the dabase name,
- the user name to access the database,
- the user's password on the database server.
Because we just need to install two small tables it should also possible
to use any already existing database.
Now you need to create the two tables in your database. Depending on
your web environment you may perform this action using the mysql client
from the command line directly or use a web based tool like phpMyAdmin.
In the first case you're likely to do something like
mysql -u username database_name -p -h datbase_server <<
CuteMarks configuration settings
There's a single place to do all the configuration settings: The file
"config.inc" in the main directory. This file gets included
in every script and sets the necessary configuration settings; it's content
is very straigt forward:
- Set the database settings according to the stuff you used above to
create the database.
- $tpl_path is the path relative to the main script directory where
templates reside. You have to change it only if you want to rename or
move the templates path.
- $css_file names the style sheet that get's included when displaying
any output. Read below for details. You can also use this default as
a standard stylesheet is part of the distribution.
- $welcome_msg is a header that get's displayed in the head of the public
part of your link collection. Choose something you'd like to see here.
- Please leave $lang_array. This is needed for a future enhancement,
which will provide multi-language support.
You're done so far! If you've made everything all right you may point
your browser to "index.php" or "admin.php" and should
see something already. Please continue with the next section as you may
want to prohibit other users from changing your bookmark collection <gg>.
Web-Server & securing scripts
First of all: There's no built in security checks for CuteMarks. Use
the one's Apache provides. They are fine, they are secure, they are easy
to handle. So there's no need to build something separate. Full stop.
If you don't use Apache as a web server you should read this section as
well to adopt the same security checks for your server.
- The access to the ./templates and ./include directories should be
prohibited completely. As this directory contains only files that will
get included directly using the PHP scripts there's no need to have
this directory accessible for anybody. A small .htaccess is part of
the distribution which will server this needs. This includes especially
the ./includes directory as the file confic.inc.php contains passwords
and so on.
- In the script directory all scripts that server administrative tasks,
start with "admin...", so it's quite easy to protect them
as well (cool idea, isn't it <gg>). E.g. you probably want to
use something like this:
Order allow, deny
requires user admin
- The file ./includes/config.inc.php contains some cleartext password
information. Anybody having access to this file and being able to connect
to the database may act as the database user and do everything he's
allow to do. There various strategies to cope with this problem:
- If you run a dedicated server alone there's no real need to protect
anything as you're probably the only one having access to the server.
If not...well there's probably a peck of trouble where restricting access
to the CuteMarks database is only a minor problem<ggg>...
- If this is a dedicated but shared server you have to restrict the
access to the webserver and you only. Usually both of you share a common
group, so a "chmod 660" should work well.
- If you share a server with other people and can't assign the file
a mod so the others cannot examine the file...consider changing your
provider. No kidding: Not being able to protect your own files on a
shared server is just...pointless.
Of course additionally you have to set the correct group file, user file
and user name in the example . Please check your setup after configuration
by pointing your web browser to any admin or include file and see if the
request gets rejected or if you get asked for a user/pw!
Cleaning the directory after a successful installation
Finally you can delete any unnecessary files. This includes
- The /doc directory
- The /sql directory
- The readme-file in the scripts directory