28 |
)</small> |
)</small> |
29 |
</ol> |
</ol> |
30 |
|
|
31 |
|
<a name="register_globals"> |
32 |
<h2>Register Globals and PHP</h2> |
<h2>Register Globals and PHP</h2> |
33 |
|
|
34 |
<p>Starting with version 2.0 docman doesn't need |
<p>Starting with version 2.0 docman doesn't need |
46 |
<tt>$gblIgnoreUnknownFileType = 0</tt> in |
<tt>$gblIgnoreUnknownFileType = 0</tt> in |
47 |
<tt>realm/http_virtual_host.conf</tt> |
<tt>realm/http_virtual_host.conf</tt> |
48 |
</p> |
</p> |
49 |
|
|
50 |
|
<h2>Force download on view</h2> |
51 |
|
|
52 |
|
<p>If you set options |
53 |
|
<tt>$gblForceDownload= 1</tt> in |
54 |
|
<tt>realm/http_virtual_host.conf</tt> |
55 |
|
it will force download (and save to disk) if user wants to view file (just |
56 |
|
clicks on filename). Checkout will always force download. |
57 |
|
</p> |
58 |
|
|
59 |
|
<a name="path_realm"> |
60 |
|
<h2>Using script path as realm name</h2> |
61 |
|
|
62 |
|
<p>If you don't have ability to use http_virtual_host names for each docman |
63 |
|
installation, you can use path before docman.php as a identifier for a realm. |
64 |
|
To enable this, you will have to create directory named as same as virtual |
65 |
|
host, all directories wish exist before your <tt>docman.php</tt> and then |
66 |
|
<tt>conf</tt>, <tt>htusers</tt> and optionally <tt>trustee</tt> and |
67 |
|
<tt>info.inc</tt> files. |
68 |
|
<blockquote> |
69 |
|
e.g.: if your host is called <tt>dreamhouse.lan</tt> and |
70 |
|
you want to have repositories on URL |
71 |
|
<tt>http://dreamhouse.lan/project/</tt> and |
72 |
|
<tt>http://dreamhouse.lan/documentation/</tt> you will |
73 |
|
have to create following files: <small>(those marked with asterisk |
74 |
|
<sup>*</sup> are optional)</small> |
75 |
|
<br><tt>realm/dreamhouse.lan/project/conf</tt> |
76 |
|
<br><tt>realm/dreamhouse.lan/project/htusers</tt> |
77 |
|
<br><tt>realm/dreamhouse.lan/project/trustee</tt> <i>(optional)</i> |
78 |
|
<br><tt>realm/dreamhouse.lan/project/info.inc</tt> <i>(optional)</i> |
79 |
|
<br><tt>realm/dreamhouse.lan/documentation/conf</tt> |
80 |
|
<br><tt>realm/dreamhouse.lan/documentation/htusers</tt> |
81 |
|
<br><tt>realm/dreamhouse.lan/documentation/trustee</tt> <i>(optional)</i> |
82 |
|
<br><tt>realm/dreamhouse.lan/documentation/info.inc</tt> <i>(optional)</i> |
83 |
|
</blockquote> |
84 |
|
</p> |
85 |
|
|
86 |
|
<a name="path_realm_convert"> |
87 |
|
<h3>Conversion of files to realm with directories</h3> |
88 |
|
|
89 |
|
<p>If you followed <a href="install.html">installation instructions</a> |
90 |
|
and you want now to install docman to your host in directory <tt>projects</tt> |
91 |
|
which will be on disk at <tt>/home/httpd/htdocs/project/</tt> and |
92 |
|
served via URL <tt>http://my.host/project/</tt> |
93 |
|
you have to do few more steps: |
94 |
|
<pre> |
95 |
|
$ cd /home/httpd/docman2/realm/ |
96 |
|
$ mkdir my.host |
97 |
|
$ mkdir my.host/project |
98 |
|
$ mv http_virtual_host.htusers my.host/project/htusers |
99 |
|
$ mv http_virtual_host.conf my.host/project/conf |
100 |
|
</pre> |
101 |
|
That's it. You are ready to go... |
102 |
|
</p> |
103 |
|
|
104 |
|
<a name="info.inc"> |
105 |
|
<h2>Repository information files</h2> |
106 |
|
|
107 |
|
<p>There are special files, called <tt>info.inc</tt> files with informations |
108 |
|
which are local to that repository. Usually they are located in |
109 |
|
<tt>repository/.info.inc</tt> file. However, you can also use |
110 |
|
<tt>realm/http_host/script_path/info.inc</tt> file is you are |
111 |
|
using <a href="#path_realm">script path</a> as realm identifier. |
112 |
|
|
113 |
|
<a name="security"> |
114 |
|
<h2>Overview of security fetures</h2> |
115 |
|
|
116 |
|
<ul> |
117 |
|
<li>authorisation using login and password |
118 |
|
<li>works without <A href="#register_globals">register_globals</a> in PHP. |
119 |
|
<li>all directory names taken from URL will be checked for parent directory |
120 |
|
strings (<tt>..</tt>) |
121 |
|
<li>all upload filenames are check for directory specification (if they |
122 |
|
contain slash (<tt>/</tt>) upload will be aborted) |
123 |
|
<li>all filenames taken from URL will be checked for parent directory (<tt>..</tt>) or slashes (<tt>/</tt>) |
124 |
|
<li>all files are serverd from repository directory (which is not visible by web server) by <tt>docman.php</tt> script which enforces permission checking |
125 |
|
</ul> |