2005-08-23 11:10:02
Security and themes problem
Hello,
I just installed ATutor (ATutor-1.5.1.tar.gz) on my Red Hat ES3 server with updated PHP and MySQL.
After untaring the files I see that the owner of all of them is the user "jboss" (I was running as root). (?)
After the installation there are no instructions to change back the settings for the /content and /include/config.inc.php file. It's a big security hole to leave a www directory world-writtable and also the config file with the MySQL user and password as world-readable. The instalaltion directory shouldn't be accesible by everybody either.
Once I logged as administator in everything looked fine. Then I changed the default theme to the other one provided ("classic") and I got a warning that the theme may not be compatible with the Atutor version. So I changed back to the default theme and then I cannot go into any page, I get the error:
Warning: main(include/../themes//theme.cfg.php): failed to open stream: No such file or directory in /home/myuser/html/tutor/include/vitals.inc.php on line 209
Fatal error: main(): Failed opening required 'include/../themes//theme.cfg.php' (include_path='.:/usr/share/pear') in /home/myuser/html/tutor/include/vitals.inc.php on line 209
I checked that in the themes tables both are set to "1", so I tried changing one of them to "0", but it doesn't work. In the admin_log table the only record after the login executes: "UPDATE AT_themes SET status = '1' WHERE dir_name = 'default'"
So that's my expericence so far.
Thanks