WikiSec
Blog Solaris Debian Mobile Unix Development Tools Crypto Papers
Home
Up

DokuWiki
...Installation at Free.fr
...Upgrading DokuWiki
...Securing DokuWiki

DotClear
...on Free.fr
...Captchas

Joomla
...Installing Joomla
......Transfer the Joomla database to Free
......Modify Joomla's configuration.php file
......FTP Transfer
......Joomla Security settings
......Joomla backup
...Using, configuring Joomla

Wordpress

MediaWiki

Twitter

OwnCloud

DokuWiki

GoodBad
DokuWiki does not require MySQL (or any such database). Articles are stored in text files.
  • easy to install on most web servers
  • articles are easy to backup, copy/paste, transfer because they are text files
 DokuWiki is slow on Free.fr because
  • queries in text files are not as efficient as SQL database queries
  • articles are stored on the same server as the rest of the web site, whereas SQL databases are stored on dedicated servers.
This is unfortunately the reason why I no longer use DokuWiki on Free.fr
DokuWiki's securityThe server makes a sensible use of algorithms for authenticationThe password is sent over in clear text unless the Wiki is configured with SSL/TLS
CustomizationEasy to configure, scripts are easy to understand, plenty of templates and plugins

Installation at Free.fr

Honestly, dokuwiki is a great wiki, so I wanted to install it on Free.fr. Unfortunately, it won't work there straight of the box (because of free - to my understanding): you have to install a patch.

  • Download dokuwiki, upload its directories to your home page on free.fr
  • Get there
  • Unzip it, and upload the bin, inc and lib directories to your home page on free. Overwrite previous files.
  • Create a session directory at dokuwiki's root, erase data/locks, enable PHP 5 (php 1 in .htaccess)
  • Launch dokuwiki's install (install.php) and then erase it.
  • It's possible to move out most directories of DokuWiki, see the security page.

It works !

Upgrading DokuWiki

Upgrade messages usually appear when you login. I successfully upgraded DokuWiki using the procedure detailed here. It just works without any problem, though I strongly recommend to backup your wiki first (in particular .htaccess and doku.php). Also, remove unnecessary files listed in that link. Finally, no need to upload install.php when you're doing an upgrade !

Securing DokuWiki

Most of DokuWiki can be moved out of the web server's htdocs as recommended by security. The only remaining directories are:
  • inc
  • lib
  • doku.php
  • feed.php
  • index.php
  • COPYING, README, VERSION
  • .htaccess (and the old .htaccess.dist)

The files that have been moved out are:

  • a prepend.php file has been created with: 
    <?php
define('DOKU_CONF','YOUR-DIR/conf/');
  • conf/dokuwiki.php has been configured with: 
    $conf['savedir']     = 'YOUR-DIR/data';
  • conf/local.php : 
    $conf['template'] = 'desert'; YOUR-TEMPLATE !
Plenty of other things to have a look at: please read my paper in MISC magazine.

DokuWiki templates

Templates are stored in wiki/lib/tpl. If you want to customize a template, you usually have to edit design.css: main CSS layout. Try to re-use colors from settings such as __background_other__. I tried desert and doogie.

DotClear

Dotclear on Free.fr

I use an old version of DotClear on Free.fr: 1.2.7. It installed ok. No problem at all.
  • Download Dotclear
  • Unzip and upload it to Free.fr (via FTP)
  • In your browser, open http://mywebsite/install, the installation procedure starts.
DotClear uses a MySQL base. With Free, use sql.free.fr

DotClear Captchas

In conf/config.php, add for instance: 
$GLOBALS['captcha_logs'] = dirname(__FILE__).'/captcha.err';
$GLOBALS['captcha_level'] = 0;
In themes/default/form.php, add the reference to dcCaptcha as specified in the documentation.
In ecrire/tools/captcha/functions.php, I had to remove the French accents and use the HTML syntax but there should be another neater way to do it. I also did the modifications in ecrire/tools/captcha/l10n/fr and fr-UTF8 but that did not change anything... By the way, this is where you can add customized functions (but this can also been done via a configuration variable in config.php). The ecrire/tools/captcha/postconf.php file must also be changed.
To disable captchas, a quickee is to set captcha_enable to 0: 
$p_info = $plugin->_getPluginInfo($xml_path);
$GLOBALS['captcha_enable']  = 0;
Note that normally you should disable the plugin in the plugin manager, but in my case, it did not work :(

Joomla

This article explains how to transfer a local Joomla website onto Free.fr. Basically, it's just the same as what's already written for MediaWiki ... except it's for Joomla :)

I'm using Joomla's 1.5 beta version and PHP5.

Installing Joomla

Transfer the Joomla database to Free

Export your Joomla database to a gzipped filed (Free doesn't seem to recognize the zipped format):

  • connect locally to http://localhost/phpmyadmin/
  • on the left panel, select your Joomla database
  • on the right panel, click on Export
  • then, select all tables
  • Finally click on Go

Then, transfer this file to your own MySQL Free database:

  • With your web browser, connect to http://sql.free.fr with your Free logon and password. You get to a simplified PhpMyAdmin web page.
  • click on your name (on Free, this actually is the name of your database)
  • click on SQL
  • browse to your gzipped file, and click on Go
  • all Joomla tables are loaded in your own Free database.

Modify Joomla's configuration.php file

On Free, your MySQL server is sql.free.fr. Your database name is your logon name, except dots are replaced with underscores. If your logon is foo.bar, your database name is foo_bar. The password to this database is the same as your Free password.

Consequently modify the following setting in configuration.php: 

var $host = 'sql.free.fr';
var $user = 'foo.bar';
var $password = 'passwd';
var $db = 'foo_bar';

You must also modify the absolute path to your website. On Free, retrieving the root of your own website is possible with the formula: $_SERVER["DOCUMENT_ROOT"]. Append to this name the subdirectories you have put your Joomla website into (or none if your Joomla website is at the root of your site). 

var $live_site = 'http://yourwebsite.free.fr';
var $absolute_path = '$_SERVER["DOCUMENT_ROOT"]'.'/your path';

FTP transfer

Transfer all your local Joomla files to your FTP account: connect to ftpperso.free.fr with your free login and password, and upload the entire Joomla directory.

In addition, don't forget, on Free, to create a "sessions" directory (permissions: drwx——), or you won't be able to initiate a PHP session.

Joomla Security settings

Well, at this stage, it's only very basic security settings...

In the administrator directory of Joomla (or in any directory you wish to protect), create an .htaccess file with the following: 

PerlSetVar AuthFile yourpath/password-file  
AuthName "Acces Restreint"  
AuthType Basic  
require valid-user

This .htaccess requires correct user authentication to access the corresponding directory. By the way, Free's help is wrong: PerlSetVar and AuthFile MUST be on the same line or your .htaccess file won't work !

If you want to restrict access to a particular user, use rather: 

PerlSetVar AuthFile yourpath/password-file  
AuthName "Acces Restreint"  
AuthType Basic  
require user martin

In 'your path' (the place where you've indicated the password file would be), create a password file such as: 

martin:PasSw0rd  
jean:SecR3t  
sophie:H1dDeN

i.e username followed by ':' and then by a clear text password ! Yes, currently Free doesn't not support other authentication modes.

Finally, in that directory ('your path'), create an other .htaccess containing: 

deny from all

so that nobody can move to that directory

Joomla backup

mysqldump -u <username> -p <database> > blah.sql
mysql -u USER -p <database> < dumpfilename.sql

With Free.fr, MySQL tables can be backuped using this URL.

Using, configuring Joomla

  • create a Joomla dedicated database, with permissions set for admin user to SELECT INSERT UPDATE DELETE CREATE and DROP. This can be done with PhpMyAdmin: create database, and then select permissions
  • customize menus in Joomla: Joomla admin -> Menus -> User menu -> New: select articles, create an article.
  • create a new menu entry: Joomla admin -> Menus -> menu manager -> New
  • Associate menu to module: Extensions -> Module Manager -> New. Create a new menu module (mod_mainmenu). For this module, indicate in menu name the name to associate the mneu with and pages: ALL.
  • Creating a menu that gets to a given category: create a menu item "category blog"
  • Nice blue border around the menu: Extensions -> Module Manager -> choose menu, and then in module class suffix, put _menu
  • Why is an article displayed in admin -> article manager with a special icon instead of published ? Because the final publishing date has expired...
  • Don't want to approve all articles: put user as Publisher: site -> user manager -> select user -> group : Publisher.
  • add images: go to site -> media manager, create a new directory (if necessary), and upload images. Then link those images from an article from images/dir
  • disable creation of new account on the website: Admin -> Site -> Global configuration -> users: allow user registration -> No
  • News flash shows empty header for the site. Configure in Extensions -> Module Manager -> Newsflash
  • Modify Joomla's logo: go to template directory (\templates\rhuk_milkyway\images) and modify mw_joomla_logo.png
  • Add a copyright at the bottom: modify the template Extensions -> Template Manager -> select the template and edit HTML.
  • The readmore feature hides part of an article in blog mode. But it does not work ok in the home section when you click on it: HTTP 404. Add: <hr id="system-readmore"/>

Wordpress

To migrate a Wordpress web site to another location:
  • export the old wordpress site with the Export Plugin. This exports the website as an XML file
  • import the XML file in the new wordpress website using the same plugin on the new site
  • there are a few bugs (a few missing media files etc), but globally it works.
The downloaded components are in wp-content.
Plugins are in wp-content/plugins. This is where to unzip plugins.

MediaWiki

Unzip the package somewhere in the web server's directory (/var/apache2/htdocs) 
chmod a+w config
  • open in your browser the setup script (config/index.php)
  • make sure to create a MySQL user with SELECT, INSERT, UPDATE, DELETE and CREATE privileges.
  • mv config/LocalSettings.php to .. : beware that file contains cleartext passwords.
  • The problem with Mediawiki is that I find it a bit slow for the very simple usage I need it for.

So, actually, I use DokuWiki. That wiki does not need MySQL.

Twitter

NameOpenSolaris 2008.11DebianDescription
Tweepy (install notes) Works fine Works fine Python script to tweet from the command line.
Twedge Not supported or would require heavy work Works fine: apt-get install twedge Terminal based client for twitter. Fast and efficient
PeraPeraPrv Works fine Not tried, but should be fine Java based twitter client
Tweepy is simple to install:
  • Download the package
  • python setup.py install
  • Write script that uses Tweepy

OwnCloud

This is how to install OwnCloud on a Raspberry Pi. The configuration consists in setting:
  • server: put hostname
  • path: owncloud/remote.php/webdav
The DavFs path is davs://user@hostname/owncloud/remote.php/webdav/photos
To speed up OwnCloud, it's possible to use APC.
To list the password for a user: 
$ mysql -u root -p
create user owncloud@localhost;
mysql> select password('6TgvaoKS#sdqpapxp04sdq0a7gf');
+-------------------------------------------+
| password('6TgvaoKS#sdqpapxp04sdq0a7gf')   |
+-------------------------------------------+
| *41F268D63E99430646B737A1AC2C35ABC5020311 |
+-------------------------------------------+
1 row in set (0.00 sec)
To modify the password for a user: 
mysql> set password for 'owncloud'@'localhost' = PASSWORD('blablah');
Query OK, 0 rows affected (0.00 sec)
(c) A. Apvrille - 2014
Invisible border