Topic: dotproject anyone

[nefkho]

hi,
anyone tried dotproject, my installation went great except for two things?

session.use_trans_sid -> There are security risks with this turned on
session.save_path does -> not exist any one.

anyone can help me? thanks,

nef kho

[TrevorB]

hi,
anyone tried dotproject, my installation went great except for two things?

session.use_trans_sid -> There are security risks with this turned on
session.save_path does -> not exist any one.

anyone can help me? thanks,

nef kho

I think Adam's quote from dotproject.net answers your question.

The session.save_path should exist on your system, If not you are not going to be able to successfully log in. Sometimes this is incorrectly reported as missing, but you can still log in (not sure why). Just check to see that the /tmp directory exists and is writeable, again by the web server user.

The use_trans_sid can be safely ignored if you cannot update your php.ini, it allows the system to get over the problem of cookies turned off on browsers by rewriting the URL to include what would normally be stored in the session cookie. This means that there is a risk that a saved page, or a link that you email to someone will include your cookie information, allowing them to gain access to dotProject as you. There are several caveats to this, however it is a good idea not to use transparent SID if at all possible. If you can't turn it off you just need to be a little more security conscious when sending links.

Note that the directory you point session.save_path at has to exist AND be writeable by the apache user (www on smeserver). I would suggest that you don't use /tmp (maybe create a sub-directory /tmp/dotproject and make that writeable by user www).

Trevor B
PS. dotproject runs fine on my sme 6.0 & 6.0.1 boxes

[nefkho]

noted,

how do i set the /tmp files to /tmp/dotproject any idea?

thanks

[nefkho]

hi,

i wanna add a module ticket to the dotproject and would required to do some changes anyone an help me how get any of the 2 belows that best suite the latest sme6 and how?

3. Configure your MDA (Mail Delivery Agent) or MTA (Mail Transport Agent)
   to pipe mail for your support mail address to gateway.pl.

   Example 1:  Procmail recipe

      :0
      * ^TO.*support
      | /path/to/dotproject/includes/gateway.pl /path/to/dotproject/includes/config.php

   Example 2:  Using sendmail aliases

      support:   "| /path/to/dotproject/includes/gateway.pl /path/to/dotproject/includes/config.php"
----

thanks,

[TrevorB]

Nef (or is it Kho   ).

I have never bothered to run the System Checks before (as it works fine for me). My box shows the same errors...

What it is indicating is a setting in php.ini that shows where session info should be stored. It is NOT a dotproject thing.

Personally that php.ini parameter looks incorrect (as you shouldn't be able to see anything outside your ibay), but is a standard sme setting.

But, it doesn't seem to impact/impair the performance of dotproject for me.

Trevor B

[nefkho]

thanks, its nef

i will proceed with testing the system and will see if anything comes up?

nef kho

[TrevorB]

i will proceed with testing the system and will see if anything comes up?

I talked with Adam over at dotproject and the check.php is incorrect for our setup (but it is not very easy to do the correct checks), so there should be no issues.

PHP can use /tmp for it's session info, but your php scripts can't access files outside of their container (this is VERY good from a security perspective).

Trevor B

[TrevorB]

session.use_trans_sid -> There are security risks with this turned on

Nef,

this warning is correct. You can google for the security warnings on use_trans_sid, but if you are running > 4.3.2 you should be OK.

What version of php are you running (the dotproject/docs/phpinfo page will tell you)?

According to the security warnings I have seen this is a problem for the standard 4.1.2 installed as part of smeserver. I don't have a suggested fix for this other than upgrading php.

Trevor B

[nefkho]

hi,

am using PHP Version 4.3.9 base on the docs/phpinfo.php

thanks for the info.

[cosy]

Hi all,

  I just check the dotproject site and now i need
how to's for My SME 6.0 server.

Pls help.

[k_graham]

hi,
anyone tried dotproject, my installation

I am trying dotproject but it is not going so great.

I am using sme 6.01 as configured with php 3.23.56

I can not get past the configuration file customization as I am getting the following error when I try to go to the directory from the browser
FATAL ERROR: Root directory in configuration file probably incorrect.

I expect I am getting the following wrong
root_dir
base_url

If I can be pushed over this hurdle I will be glad to write a "How to"

Thanks,

Ken Graham

[TrevorB]

I can not get past the configuration file customization as I am getting the following error when I try to go to the directory from the browser
FATAL ERROR: Root directory in configuration file probably incorrect.

I expect I am getting the following wrong
root_dir
base_url

Ken Graham

I created an ibay called dotproject & expanded dotproject into the dotproject/html directory.

My root_dir is
/home/e-smith/files/ibays/dotproject/html
My base_url is
http://<my domain>/dotproject

Have you set your permissions corectly?

Trevor B

[k_graham]

Trevor B[/quote]My root_dir is
/home/e-smith/files/ibays/dotproject/html
My base_url is
http://<my domain>/dotproject

Have you set your permissions corectly?

I must have made a typo - I had used dotproject and handwritten identical to yours. Yet when I re-did it I was able to get to the log in screen - but not log on.

Now I am guessing its permissions. What are you recommending including Ibay settig.

Thanks, Ken Graham

[TrevorB]

I must have made a typo - I had used dotproject and handwritten identical to yours. Yet when I re-did it I was able to get to the log in screen - but not log on.

Now I am guessing its permissions. What are you recommending including Ibay settig.

From a previous post:
Note that the directory you point session.save_path at has to exist AND be writeable by the apache user (www on smeserver). I would suggest that you don't use /tmp (maybe create a sub-directory /tmp/dotproject and make that writeable by user www).

On the ibay front, I just created it as normal with Write=admin, Read=group;Local Network (no password);Dynamic content enabled

Trevor B

[k_graham]

Experimenting with DotProject in place of PHProjekt,

I see dotproject has a nicer sorting of companies, vendors, etc. Seems to be lacking ability to do email within. Or keep track of time. However a new version is in Beta so it will be interesting to see what the update version has to offer.

For initial setup I suggest using the 5 page installation instructions hidden within the program under docs.

To get that if on Windows you will first have to unzip the files and directories then copy them into your server. The default for SME would be to create a ibay "DotProject" and copy the files and subdirectories of dotproject to the htm directory.

Don't use the more vague instructions on the documentation site.

I also had difficulites with section 5. Populate the database when I was in mysql. I suggest using midnight commander "MC" at command prompt and navigating to the "/db directory.

Exit Midnight Commander  - "F10"

do a "dir" to confirm a file such as "dotproject_102.sql" is there.

enter the following without the quotes. And without being in mysql at the time.

"mysql -udotproject -pyourpassword dotproject < dotproject_102.sql;"

Nothing should show different if it worked but if you have any typo it will indicate an error


To enter mysql at the prompt, simply type mysql

If you still have trouble 3 useful commands for mysql once having entered mysql are

show databases       (to see if dotproject really exists)

drop database dotproject (to delete and to start again)

quit             (to get out of MYSql)


As mentioned earlier in the thread it appears the correct root_dir assuming you use a default of dotproject for ibay is

/home/e-smith/files/ibays/html


I still have to figure out file management configuration but this at least has got me to the stage where I can get into DotProject and see if I want to go further. Please feel free to expand on the above explanation so it becomes a full featured How To.

Ken Graham