securing config.php

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   securing config.php
Recoil
CZ Addict
Recoil has been a member for over 20 year's 20 Year Member
usa.gif louisiana.gif
Occupation: Manager
Gender: Male
Fav. Sports Team: New Orleans
Website:
Status: Offline
Joined: Jan 17, 2004
0.06 posts per day
Posts: 427
Points: 8,650
   ICQ Number
I am kinda lost with this fix that states:


It's a good idea to put your config.php file outside the
Web Server path, then you can create a new config.php with this line in it:
<?php include("../config.php"); ?>


does this code need to be put in right after the first ?php at the top of the file? Also, when they say "outside the path" do they mean something like /httpdocs/html/CONFIG_FOLDER? and if so how does nuke find it?


Back to top Reply with quote
#2   re: securing config.php
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
When you log into your ftp your generally "OUTSIDE" the server path you have to click on a folder EX: mainsite_html, html, public_html something like that to get into where your site is. Place it right in there with those files (EX: mainsite_html, html, public_html) not in those files but in that directory. Then make a new config.php with the above information in it and it will find it.




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#3   re: securing config.php
Recoil
CZ Addict
Recoil has been a member for over 20 year's 20 Year Member
usa.gif louisiana.gif
Occupation: Manager
Gender: Male
Fav. Sports Team: New Orleans
Website:
Status: Offline
Joined: Jan 17, 2004
0.06 posts per day
Posts: 427
Points: 8,650
   ICQ Number
Coolness!!! Thanks Telli!!! can u please tell me exactly where in the config file the string needs to be placed?



Back to top Reply with quote
#4   re: securing config.php
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
What string? Make a file called config.php put this in it

<?php include("../config.php"); ?>


Now make a back up of your original config.php in another folder on your desktop one thats easy to get to.

Upload that new config.php file to your nuke root and then place your original config.php in the "OUTSIDE" directory.

MAKE SURE YOU HAVE A GOOD BACKUP



_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#5   re: securing config.php
Recoil
CZ Addict
Recoil has been a member for over 20 year's 20 Year Member
usa.gif louisiana.gif
Occupation: Manager
Gender: Male
Fav. Sports Team: New Orleans
Website:
Status: Offline
Joined: Jan 17, 2004
0.06 posts per day
Posts: 427
Points: 8,650
   ICQ Number
where in the file does it go?



Back to top Reply with quote
#6   re: securing config.php
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
What do you mean in the file? Just upload into the "OUTSIDE" directory so in your ftp in the window you will see something like this

mainwebsite_html
cgi-bin
config.php (GOOD CONFIG YOUR PROTECTING)

Then make the above file

<?php include("../config.php"); ?>


Name it the same thing config.php and upload to your mainwebsite_html/ folder where the old one was.



_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#7   re: securing config.php
Recoil
CZ Addict
Recoil has been a member for over 20 year's 20 Year Member
usa.gif louisiana.gif
Occupation: Manager
Gender: Male
Fav. Sports Team: New Orleans
Website:
Status: Offline
Joined: Jan 17, 2004
0.06 posts per day
Posts: 427
Points: 8,650
   ICQ Number
np i mean where in this file...
<?php

######################################################################
# PHP-NUKE: Advanced Content Management System
# ============================================
#
# Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com)
# http://phpnuke.org
#
# This module is to configure the main options for your site
#
# This program is free software. You can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License.
######################################################################

######################################################################
# Database & System Config
#
# dbhost:       SQL Database Hostname
# dbuname:      SQL Username
# dbpass:       SQL Password
# dbname:       SQL Database Name
# $prefix:      Your Database table's prefix
# $user_prefix: Your Users' Database table's prefix (To share it)
# $dbtype:      Your Database Server type. Supported servers are:
#               MySQL, mysql4, postgres, mssql, oracle, msaccess,
#               db2 and mssql-odbc
#               Be sure to write it exactly as above, case SeNsItIvE!
# $sitekey:   Security Key. CHANGE it to whatever you want, as long
#               as you want. Just don't use quotes.
# $gfx_chk:   Set the graphic security code on every login screen,
#      You need to have GD extension installed:
#      0: No check
#      1: Administrators login only
#      2: Users login only
#      3: New users registration only
#      4: Both, users login and new users registration only
#      5: Administrators and users login only
#      6: Administrators and new users registration only
#      7: Everywhere on all login options (Admins and Users)
#      NOTE: If you aren't sure set this value to 0
# $subscription_url : If you manage subscriptions on your site, you
#                     must write here the url of the subscription
#                     information/renewal page. This will send by
#                     email if set.
######################################################################

$dbhost = "localhost";
$dbuname = "name";
$dbpass = "password";
$dbname = "dbname";
$prefix = "nuke";
$user_prefix = "nuke";
$dbtype = "MySQL";
$sitekey = "";
$gfx_chk = 0;
$subscription_url = "";

/*********************************************************************/
/* You finished to configure the Database. Now you can change all    */
/* you want in the Administration Section.   To enter just launch    */
/* you web browser pointing to http://yourdomain.com/admin.php       */
/*                                                                   */
/* Remeber to go to Settings section where you can configure your    */
/* new site. In that menu you can change all you need to change.     */
/*                                                                   */
/* Congratulations! now you have an automated news portal!           */
/* Thanks for choose PHP-Nuke: The Future of the Web                 */
/*********************************************************************/

// DO NOT TOUCH ANYTHING BELOW THIS LINE UNTIL YOU KNOW WHAT YOU'RE DOING

$reasons = array("As Is",
          "Offtopic",
          "Flamebait",
          "Troll",
          "Redundant",
          "Insighful",
          "Interesting",
          "Informative",
          "Funny",
          "Overrated",
          "Underrated");
$badreasons = 4;
$AllowableHTML = array("b"=>1,
          "i"=>1,
          "a"=>2,
          "em"=>1,
          "br"=>1,
          "strong"=>1,
          "blockquote"=>1,
                    "tt"=>1,
                    "li"=>1,
                    "ol"=>1,
                    "ul"=>1);
$CensorList = ");
$tipath = "images/topics/";
if (eregi("config.php",$_SERVER['PHP_SELF'])) {
    Header("Location: index.php");
    die();
}

?>


...would u put this bit of code

<?php include("../config.php"); ?>



Back to top Reply with quote
#8   re: securing config.php
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
You dont put that into the config file. You make it another config file just putting that into then when your Nuke looks to that config file it will call your real one from "OUTSIDE" the server path.




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#9   re: securing config.php
Recoil
CZ Addict
Recoil has been a member for over 20 year's 20 Year Member
usa.gif louisiana.gif
Occupation: Manager
Gender: Male
Fav. Sports Team: New Orleans
Website:
Status: Offline
Joined: Jan 17, 2004
0.06 posts per day
Posts: 427
Points: 8,650
   ICQ Number
OOOO now i understand. LOL Thanks for taking the time to get that through my thick skull notworthy.gif



Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum