Installing a Discussion Forum
by Dan Langille <[email protected]>
When I first asked about a discussion forum package, everyone seemed to
mention phorum; and with good reason. I'm quite pleased with it. It
seems very configurable, and very well put together. The home page for
phorum is http://www.phorum.org/.
Prerequisites
Note:��I used a soon-to-be-released port of
apache13-php3-fp-modssl, but feel free to use the
apache13-php3 port from
the FreeBSD Ports Collection.
Downloading and Installing
The tarball I used was from the phorum FTP site, but you should check the
phorum home page and get the latest
version.
I then moved this tarball into a subdirectory of an existing website.
Actually, I did this:
cd /path/to/website
mkdir forum
fetch ftp://ftp.phorum.org/phorum308.tar.gz
tar xvfz phorum308.tar.gz
cd phorum308
The first things you will need to read are readme.txt and
security.txt.
Security
I think you should stop and read security.txt now. I mean
NOW. You're not going to take my word and just do what
I did are you? Imagine the security holes I could create in your system
if you did that.
I created a .htaccess file in my forum directory and added the
following to it:
<Files admin.php3>
require group admin
</Files>
<Files forums.inf>
Order deny,allow
Deny from all
</Files>
<Files forums.inf.bak>
Order deny,allow
Deny from all
</Files>
Be sure to follow the directions in security.txt, titled
IV) Securing the Admin Script, and you should not have any
problems.
You might want to read a bit about protected directories with Apache
for a bit of detail. Also see the section of this article entitled
"Additional Security Options".
Database Configuration
The first thing you need to do is create a database. I called mine
forum. I also created a database user,
phorum.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 3.22.22
Type 'help' for help.
mysql> create database forum;
Query OK, 1 row affected (0.13 sec)
mysql> GRANT
-> select, insert, update, create, alter, delete, drop
-> ON
-> forum.*
-> TO
-> phorum@localhost
-> IDENTIFIED BY
-> 'password';
Query OK, 0 rows affected (0.01 sec)
Customization
This example shows you how to track down a particular field if you wish
to customize your phorum. I removed the host name from the message
output. This is a personal preference. Your choice.
If you want to customize a particular aspect of phorum, the first step
is to figure this out which file the settings you wish to modify are in.
The URL for any messages contains something like this:
read.php3?num=1&id=7&loc=0&thread=7
The other point is to locate something contanst in the message which
is near to what you actually want to change. In this case, the domain
name appears just to the right of the author. I chose that as my
target. The correct way to do this is to look at your language
module. In my case, that is english.lang. I searched for
"Author" and found this line:
$lAuthor = "Author";
$lAuthor is what you want to look for within
read.php3. In that file, I found this line:
:��()
See $host? Remove that section of the code and the line
becomes:
:�
That's it. The host is now gone from all messages but is still stored in
the database if you need to find it.
Removing The <html></html> Tags
phorum allows people to post messages with embedded SQL. As phorum is
primarly designed to work with websites, embedded SQL is a good thing.
Another good thing about phorum is that you can optionally choose to have
email replies to a thread sent to your address if you have contributed to
a thread. This mail will contains the message which was just posted to
the phorum. The body of the message will be surrounded by
<html></html> tags. This is something I didn't want. So I
modified post.php3 to remove them. Here's the patch I created
to do this.
--- post.php3.original Fri Jan 21 16:34:31 2000
+++ post.php3 Fri Jan 21 16:44:38 2000
@@ -175,13 +175,13 @@
$email=$Mod;
$author = "<b>$author</b>";
$subject = "<b>$subject</b>";
- $body="<HTML>$body</HTML>";
+ $body="$body";
$host="<b>$StaffHost</b>";
}
else{
$body=eregi_replace("</*HTML>", "", $body);
if($AllowHtml){
- $body="<HTML>$body</HTML>";
+ $body="$body";
}
}
This patch is also available from
The FreeBSD Diary.
Problems and Solutions
These are the problems I've encountered and how I solved them.
- Warning: Access denied for user: 'testuser@localhost' (Using
password: YES) in ./abstract.php3 on line 63
If you browse to admin.php3 and you get the above
message, you have a database issue. Perhaps, you haven't specified
the correct password, your database name is wrong, etc.
- Warning: fopen("./forums.inf","w") - Permission denied in
/www/freebsddiary/phorum/admin.php3 on line 159
Ensure forums.inf is writeable by your webserver. In
my case, I made sure forums.inf was writeable by group
www.
Additional Security Options
There are some security issues associated with phorum, but I feel they
can be adequately handled if you exercise care. The two files which we
secured in the Security section can also be renamed. This will prevent
people from trying to guess the password and gives you an extra layer of
security.
If you are going to rename admin.php3, remember that the
file contains self-references which must also be changed. By my count,
there are 10 instances which need to be changed.
If you are going to rename forums.inf, remember to also
modify the references within:
- code.php3 (both forums.inf and
forums.bak.inf)
- common.inc
And of course, remember to change the .htaccess file to
refer to the new file names.
If I've missed anything, please let me know.
- Dan |
