Topic: Openupload

[Fidalgo]

Everything is working well (SME 8b6), except when I go to:
Administration
Settings
Options

to change any option, I get this message:

"Configuration file could not be saved, please proceed with the download!"

Authentication was set to "internal", and to problems to create users.

[Stefano]

Hi welcome here..

you should tell us something more.. is there anything interesting in the logs? (/var/log/httpd/error_log for example?)

[Fidalgo]

The only messages in error_log are about RSA server certificate common name does not match server name.

Default options:

WWW_SERVER :   http://www.lxoffices.com
WWW_ROOT :   /openupload
INSTALL_ROOT :   /usr/share/openupload/
DATA_PATH :   /var/lib/openupload
database :   
type :   mysql
host :   localhost
user :   openuploaduser
password :   *no display*
name :   openuploaddb
prefix :   
registration :   
email_confirm :   yes
register :   
nologingroup :   unregistered
default_group :   registered
site :   
title :   Open Upload
webmaster :   admin@lxoffices.com
email :   admin@lxoffices.com
footer :   <a href="http://openupload.sf.net">Open Upload</a> - Created by Alessandro Briosi © 2009
template :   default
max_upload_size :   100
use_short_links :   yes
id_max_length :   10
id_use_alpha :   yes
max_download_time :   0
multiupload :   5
allow_unprotected_removal :   
progress :   none
translator :   phparray
defaultlang :   en
logging :   
enabled :   yes
db_level :   4
syslog_level :   0
plugins :   
0 :   captcha
1 :   compress
2 :   email
3 :   expire
4 :   filesize
5 :   mimetypes
6 :   password
auth :   default
modules :   
0 :   files
1 :   admin
2 :   auth
defaultaction :   u

[cactus]

Since I guess this is a PHP application did you already try this: http://wiki.contribs.org/PHP#Display_Error_Messages

[Buckwheat]

Code: [Select]

WWW_ROOT :   /openupload
INSTALL_ROOT :   /usr/share/openupload/
DATA_PATH :   /var/lib/openupload
Above not recommended, try

Code: [Select]

WWW_ROOT :   /opt/openupload
INSTALL_ROOT :   /opt/openupload/
DATA_PATH :   /opt/openupload/data/tmp
And set httpd.conf base restriction appropriately.

[Daniel B.]

Code: [Select]

WWW_ROOT :   /openupload
INSTALL_ROOT :   /usr/share/openupload/
DATA_PATH :   /var/lib/openupload
Above not recommended, try

No, these settings are correct. It's expected not to be able to change the config file from the web interface, because it's managed by templates. If you want to make some changes to this file, you need to create custom-templates, like explained here: http://wiki.contribs.org/Template_Tutorial

But, just for curiosity, what do you want to change ? I may be able to add what you need with some DB properties.

Regards, Daniel

[Buckwheat]

No, these settings are correct. It's expected not to be able to change the config file from the web interface, because it's managed by templates. If you want to make some changes to this file, you need to create custom-templates, like explained here: http://wiki.contribs.org/Template_Tutorial

But, just for curiosity, what do you want to change ? I may be able to add what you need with some DB properties.

Regards, Daniel

You may want to reread the above, no need for a custom template.
Already have this working in

Code: [Select]

WWW_ROOT :   /opt/openupload
INSTALL_ROOT :   /opt/openupload/
DATA_PATH :   /opt/openupload/data/tmp
These are

Code: [Select]

INSTALL_ROOT :   /usr/share/openupload/
DATA_PATH :   /var/lib/openupload
Not recommended paths for web apps.

[Buckwheat]

Code: [Select]

WWW_ROOT :   /openupload
INSTALL_ROOT :   /usr/share/openupload/
DATA_PATH :   /var/lib/openupload
The above Is the reason why the OP doesn't have the app working.

I have a few issue's remaining with the installer for this app and when done, will release it.

Maybe today, hopefully.

In fact the installer will be released via OpenUpload.

[Buckwheat]

Well here's the script, simply click select and copy paste to openupload.sh and set the perms to run it.
If you have tried to install Openupload, be sure to remove all traces of the install before running this script.

Edit: changed code to ver 1.00.2 -- 10/11/2011 which now includes an uninstall option.
Append uninstall to the command line when running the program.

i.e.       ./openupload_install.sh uninstall

Code: [Select]

#!/bin/bash

url="http://downloads.sourceforge.net/project/openupload/openupload/v0.4/openupload-0.4.2.tar.gz"
dl_url=`dirname $url` # Host part of url
dl_file=`basename $url` # Application download filename

app_name=openupload
app_alias=upload
app_major_ver="0.4"
app_minor_ver="2"
app_ver=$app_major_ver.$app_minor_ver # Version of the application source

wget_path="usr/local/src"
web_root="opt" # SME's root web path /opt
web_app_path=$web_root/$app_name

app_cfg_fname="config.inc.php"
app_cfg_path=$web_root/$app_name/www

hostname=`db configuration get DomainName`
MYSQLPASS=`grep '^\password' /root/.my.cnf | cut --delimiter="=" -f2 | cut --delimiter="\"" -f1`

template_num=98
template_path=etc/e-smith/templates/etc/httpd/conf/httpd.conf

#############
# Functions #
#############

#=======================================================
intro_install ()
#=======================================================
{
cat << EOF
=============== Install Information ===================
 Website_info: Openupload
 http://www.openupload.sourceforge.net/
 
 This scripted created by buckwheat.
 ver 1.00.2 -- 10/11/2011
=============== Installation Started ==================
 
EOF
}

#=======================================================
check_system_requirements ()
#=======================================================
{
sme_req=(8)
OS_conf=/etc/redhat-release

arr=("${sme_req[@]}")
for ix in ${!sme_req[*]}
 do
  if [ -f $OS_conf ]; then
cur_distri=${cur_distri}`cat $OS_conf|grep ${arr[ix]}`
  else
    matched="false"
  fi
 done
   
    if [ "$cur_distri"  = "" ]; then
    matched="false"
  fi

  if [ "$matched" = "false" ]; then
    echo -e "\n ****** Warning: This script requires SME ${sme_req[@]} !! ******\n\n"
    exit 1
  else
echo -e "\n ====== System configuration $cur_distri"
    echo -e "\n ====== System reqirements are OK"
    return
  fi
}

#=======================================================
check_user ()
#=======================================================
{
user_name="root"

iam=`whoami`
if [ "$iam" != "$user_name" ]; then
cat <<!

An error has occured.

You need to run this script as $user_name beer..!!

Failing that, further investigation is required.

!
ERROR=99
exit
fi
return
}

#=======================================================
check_installed ()
#=======================================================
{
test -d /$app_cfg_path/$app_cfg_fname &&
echo -e "\n ****** WARNING >> $app_name currently installed"
}

#=======================================================
wget_app () # wget_app()
#=======================================================
{
 if [ ! -z /$wget_path/$app_name ]; then
if [ ! -f /$wget_path/$app_name/$dl_file ]; then
echo -e "\n ****** Downloading >> $dl_file"
wget -q -P /$wget_path/$app_name $dl_url/$dl_file
echo -e "\n ****** $dl_file download complete"
 else
  echo -e "\n ****** WARNING >> $dl_file already downloaded"
fi
 fi
}

#=======================================================
extract_zip () # extract_files
#=======================================================
{
if [ ! -d /$web_app_path ]; then
mkdir -p /$web_app_path
echo -e "\n ====== UnZipping $dl_file to >>" /${web_app_path}
unzip -q /$wget_path/$app_name/$dl_file -d /${web_app_path}

# The following is only needed if the application zip file contains
# a container directory.
# The code below will move the files and delete that container directory.

zipdir=`ls /${web_app_path}` # check for container directory
if [ -d /$web_app_path/$zipdir ]; then
mv -f /$web_root/$app_name/$zipdir/* /$web_root/$app_name
rm -rf /$web_root/$app_name/$zipdir
fi
fi
}

#=======================================================
extract_tar () # extract_tar
#=======================================================
{
if [ ! -d  /$web_app_path ]; then
mkdir -p /$web_app_path
if [ -f /$wget_path/$app_name/$dl_file ]; then
echo -e "\n ****** Extracting $dl_file to >>" /${web_app_path}
tar -xzf /$wget_path/$app_name/$dl_file --strip 1 -C /${web_app_path}
else
echo -e "\n ****** ERROR >> File: $dl_file .not found"
fi
else
echo -e "\n ****** WARNING >> /$web_app_path not empty,skipping extract"
fi
}

#=======================================================
extract_download () # extract_files
#=======================================================
{
if [ -f /$app_cfg_path/$app_cfg_fname ]; then
echo -e "\n $app_cfg_fname exists, previous install found\n
nothing done, exiting\n"
exit 1
fi

if [ ${dl_file##*.} = "zip" ]; then
extract_zip
else
extract_tar
fi
}

#=======================================================
create_mysqlDB ()
#=======================================================
{
MYSQLUSER="openuploaduser"

#mysqladmin drop $app_name

    echo -e "\n ****** Creating MySQL User and DataBase"
    mysqladmin -u root create $app_name
    mysql $app_name < /opt/openupload/sql/mysql/1_structure.sql
mysql $app_name < /opt/openupload/sql/mysql/2_base.sql

# See /opt/openupload/www/INSTALL for more info MODES AND RIGHTS

mysql $app_name < /opt/openupload/sql/mysql/3_mode_private.sql
#mysql $app_name < /opt/openupload/sql/mysql/3_mode_public.sql
#mysql $app_name < /opt/openupload/sql/mysql/3_mode_restricted.sql
#mysql $app_name < /opt/openupload/sql/mysql/3_mode_service.sql

    mysql -u root -e "SET PASSWORD FOR $MYSQLUSER@localhost = PASSWORD ('$MYSQLPASS')"
    mysqladmin flush-privileges
}

#=======================================================
create_app_config ()
#=======================================================
{
if [ ! -f /$app_cfg_path/$app_cfg_fname ]; then

#cat > /temp/$app_name/$app_cfg_fname << EOF

cat > /$app_cfg_path/$app_cfg_fname << EOF
<?php
\$CONFIG['WWW_SERVER'] = '$hostname';

\$CONFIG['WWW_ROOT'] = '/openupload/www';

\$CONFIG['INSTALL_ROOT'] = '/opt/openupload';

\$CONFIG['DATA_PATH'] = '/opt/openupload/data';

\$CONFIG['database']['type'] = 'mysql';
\$CONFIG['database']['host'] = 'localhost';
\$CONFIG['database']['user'] = 'root';
\$CONFIG['database']['password'] = '$MYSQLPASS';
\$CONFIG['database']['name'] = 'openupload';
\$CONFIG['database']['prefix'] = '';

\$CONFIG['translator'] = 'phparray';

\$CONFIG['auth'] = 'default';

\$CONFIG['defaultlang'] = 'en';

\$CONFIG['site']['title'] = 'Open Upload';
\$CONFIG['site']['webmaster'] = 'admin@$hostname';
\$CONFIG['site']['email'] = '';
\$CONFIG['site']['footer'] = '<a href="http://openupload.sf.net">Open Upload</a> - Created by Alessandro Briosi © 2009';
\$CONFIG['site']['template'] = 'default';

\$CONFIG['registration']['email_confirm'] = 'yes';

\$CONFIG['max_upload_size'] = '100';

\$CONFIG['use_short_links'] = 'yes';

\$CONFIG['id_max_length'] = '10';

\$CONFIG['id_use_alpha'] = 'yes';

\$CONFIG['max_download_time'] = '120';

\$CONFIG['multiupload'] = '1';

\$CONFIG['allow_unprotected_removal'] = '';

\$CONFIG['progress'] = 'none';

\$CONFIG['logging']['enabled'] = 'yes';
\$CONFIG['logging']['db_level'] = '4';
\$CONFIG['logging']['syslog_level'] = '0';

\$CONFIG['register']['nologingroup'] = 'unregistered';
\$CONFIG['register']['default_group'] = 'registered';

\$CONFIG['plugins']['0'] = 'captcha';
\$CONFIG['plugins']['1'] = 'compress';
\$CONFIG['plugins']['2'] = 'email';
\$CONFIG['plugins']['3'] = 'expire';
\$CONFIG['plugins']['4'] = 'filesize';
\$CONFIG['plugins']['5'] = 'grouponip';
\$CONFIG['plugins']['6'] = 'mimetypes';
\$CONFIG['plugins']['7'] = 'password';

?>
EOF

echo -e "\n ====== /$app_cfg_path/$app_cfg_fname template created"
else
echo -e "\n ====== /$app_cfg_path/$app_cfg_fname foundskipping"
fi
}

#=======================================================
# Create http.conf template
# /etc/e-smith/templates/etc/httpd/conf/httpd.conf
create_httpd_conf ()
#=======================================================
{
if [ ! -f /$template_path/$template_num$app_name ]; then

#cat > /temp/$app_name/$template_num$app_name << EOF

cat > /$template_path/$template_num$app_name << EOF
#------------------------------------------------------------
#   $template_num$app_name
#------------------------------------------------------------
Alias /$app_name /$web_root/$app_name
Alias /$app_alias /$web_root/$app_name

<Directory /$web_root/$app_name>
{
    my \$ousec = \$$app_name{'HTTPS'} || "off";
    if (\$ousec eq "off")
    {
  \$OUT .= "  # SSLRequireSSL on";   
    } else {
  \$OUT .= "  SSLRequireSSL on";
    }
}
AddType application/x-httpd-php .php .php3 .phtml
Options FollowSymLinks
order deny,allow
{
    my \$ouaccess = \$$app_name{'PublicAccess'} || "local";
    if (\$ouaccess eq "local")
    {
  \$OUT .= "  allow from \$localAccess";   
    } else {
  \$OUT .= "  allow from all";
    }
}
php_flag register_globals off
php_admin_value open_basedir /$web_root/$app_name/:/tmp
</Directory>

EOF

echo -e "\n ====== $template_num$app_name template created"
else
echo -e "\n ====== $template_num$app_name foundskipping"
fi
}

#------------------------------------------------------------
expand_template_httpd.conf()
#------------------------------------------------------------
{
expand-template /etc/httpd/conf/httpd.conf
echo -e "\n ====== Expanding Templates complete"
}

#------------------------------------------------------------
httpd_service_restart()
#------------------------------------------------------------
{
sv h /service/httpd-e-smith
echo -e "\n ====== Restarting the httpd service done"
}

#------------------------------------------------------------
set_rights ()
#------------------------------------------------------------
{
#Set some rights

chown -R root:root /$web_root/$app_name

chown -R root:www  /$web_root/$app_name/www
chmod -R 775 /$web_root/$app_name/www

chown -R root:www  /$web_root/$app_name/templates_c
chmod -R 775 /$web_root/$app_name/templates_c

chown -R root:www  /$web_root/$app_name/data
chmod -R 775 /$web_root/$app_name/data
chmod  755 /$web_root/$app_name/data
}

#------------------------------------------------------------
end ()
#------------------------------------------------------------
{
cat << EOF

=============== Install Complete ======================

 You may now open $app_name in your favorite browser.
 
http://your-local-domain or IP/$app_name
or
http://your-local-domain or IP/$app_alias

EOF
exit 0
}

#------------------------------------------------------------
uninstall ()
#------------------------------------------------------------
{
cat << EOF
================== Uninstall Started ====================

EOF

rm -rf /$web_root/$app_name/
rm -rf /$template_path/$template_num$app_name
rm -rf /$wget_path/$app_name

expand_template_httpd.conf
httpd_service_restart

cat << EOF

=============== Uninstall Complete ======================
EOF
}


#################################
# Main Program #
#################################

clear

intro_install

if [[ ${1} == "uninstall" ]]; then
echo -e "\n ****** WARNING >> You are about to Uninstall $app_name!!!\n "
read -p " Are you sure you want to continue?(y|Y): "

if  [[ ${REPLY} == "Y" || ${REPLY} == "y" ]] ; then
uninstall
fi
exit 0
fi

check_system_requirements
check_user
check_installed
wget_app
extract_download
create_mysqlDB
create_app_config
create_httpd_conf
expand_template_httpd.conf
httpd_service_restart
set_rights
end

exit 0

[Buckwheat]

@Daniel

I just found your wiki page for openupload.
Would have been nice if someone in this thread did this

http://wiki.contribs.org/OpenUpload

So I gave it a shot.

It's expected not to be able to change the config file from the web interface, because it's managed by templates.

Although it's not a bad idea to template the config, never the less a template won't
stop/prevent a web compromise, the config can still be accessed and changed.

Second issue
Also running apps in locations other then /opt (sme standard) make for difficult admin as well as
opening additional avenues of compromise.

Running a web app in a tree with server side system libs isn't exactly a grand idea.
Well I'm sure the hackers will thinks it's just dandy.

Rule of thumb
All externally available apps should reside in one place on the file system, aka /opt.
Thus if there ever is a compromise, they can play with all the externally available apps in one place.
Thus the open base restrictions aren't scattered all over the file system, to everyone's whim.
i.e. Like in server side lib/share trees. lol

Third issue
There is no need for

Code: [Select]

php_admin_value session.save_path /var/lib/openupload/tmp

The default SME session.save_path is /tmp, which btw is incorrect, should be set to the php default /var/lib/php/session
due in part to that tree maintains the correct rights needed for session data files.

session.save_path=/tmp  is a php vulnerability and highly not recommended.

For one, the rights on /tmp are ridicules.
For two, php is the session handler, so why not let it handle the sessions for you by default, one less thing to worry about.
For three, don't need session data scattered all around the files system, do we now, I'm sure some will want it in /

To check your system

Code: [Select]

grep 'session.save_path' /etc/php.ini
To fix your system 'session.save_path' copy & paste this into fix_php_session.sh -- set rights/perms to 744 & run it.

Code: [Select]

#!/bin/bash

template_fname='80ModuleSettings16Session'
template_path='/etc/e-smith/templates-custom/etc/php.ini'

#=======================================================
intro_install ()
#=======================================================
{
cat << EOF
=============== Install Information ===================
 This scripted created by buckwheat.
 fix_php_session.sh ver-1.00.1 -- 10/11/2011
=============== Installation Started ==================
 
EOF
}

#=======================================================
create_cust_template()
#=======================================================
{
cat > $template_path/$template_fname <<EOF
[Session]
session.save_handler                   = files
session.save_path                      = /var/lib/php/session
session.use_cookies                    = 1
session.name                           = PHPSESSID 
session.auto_start                     = 0
session.cookie_lifetime                = 0
session.cookie_path                    = /
session.cookie_domain                  =
session.serialize_handler              = php
session.gc_probability                 = 1
session.gc_maxlifetime                 = 1440
session.referer_check                  =
session.entropy_length                 = 0
session.entropy_file                   =
session.cache_limiter                  = nocache
session.cache_expire                   = 180
session.use_trans_sid                  = 1

EOF
}

#=======================================================
template_expand()
#=======================================================
{
expand-template /etc/php.ini
}

#=======================================================
httpd_restart()
#=======================================================
{
#sv h /service/httpd-e-smith
service httpd-e-smith restart
}

#=======================================================
display_current()
#=======================================================
{
current=`grep 'session.save_path' /etc/php.ini`
custom=`grep 'session.save_path' $template_path/$template_fname`

cat << EOF
===== Custom Template File $template_fname exists...

The current 'session.save_path' in /etc/php.ini is...

Current = $current

New = $custom

Note: No system changes were made...
EOF
}
#=======================================================
end_prgm()
#=======================================================
{
cat <<EOF
-------------------------------------------------------------------------------
fix_php_session.sh -- complete. `date`
-------------------------------------------------------------------------------
EOF
}

#*****************#
#  Main Program   #
#*****************#
clear

# Create the SME Custome Template $template_fname
if [ ! -f "$template_path/$template_fname" ]; then
echo -e "\n===== Create SME Custom Template $template_fname"
create_cust_template
echo -e "\n===== expand-template $template_fname\n"
template_expand
echo -e "\n===== Restarting the httpd service\n"
httpd_restart
else
display_current
fi
end_prgm




[cactus]

Rule of thumb
All externally available apps should reside in one place on the file system, aka /opt.
Thus if there ever is a compromise, they can play with all the externally available apps in one place.
Thus the open base restrictions aren't scattered all over the file system, to everyone's whim.
i.e. Like in server side lib/share trees. lol

That is not true for SME Server, the /opt location is not even in the default backup scheme.

[Stefano]

That is not true for SME Server, the /opt location is not even in the default backup scheme.

I agree and I suggest Buckwheat to forward his suggestion to the dev's ML and bugzilla.. this is not the right place IMHO

[Buckwheat]

That is not true for SME Server, the /opt location is not even in the default backup scheme.

Most vintage dev's have their apps install in /opt, i.e. mediawiki

Code: [Select]

UPDATE=$(ls /opt | grep -c mediawiki)

Right from the MW spec file.
Search and ye shall find!
GT 5 years.

And do add brady to the search criteria.

/opt location is not even in the default backup scheme

Your point is??

I'll reiterate my statement

All externally available apps should reside in one place on the file system, aka /opt.

Certainly externally available apps should NOT reside in server side lib/share trees.
hth