View Single Post
Old 4th February 2006, 22:40
danf.1979 danf.1979 is offline
Senior Member
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979

Uhm ok thanks. The solution is not simple because doing what you say would imply that every cms would create new folders with the right owner but the user would be unable to upload files to it because folders dont get created world writeable by the cms. Maybe a cron job would do the trick, but I'm not solving this problem right now.

I wanted to aske you something Till (or someone who knows, falko for ex). I got this code:
		$get_all_db = $go_api->db->queryAllRecords("SELECT * FROM isp_isp_datenbank where doctype_id = 1029 and web_id = $web_id");

		foreach($get_all_db as $db) {

					$dbs .= '
					<tr style="background-color: #666666;"> 
					<td colspan="2"><span style="font-weight: bold; color: white; font-size: 13px;">
					<div style="margin-left: 40px;"><input name="db_database" type="radio" value='.$db["datenbankname"].'>&nbsp;&nbsp;'.$db["datenbankname"].'</div></span> </td>

It generates radio buttons for the database for a given web_id. I'm not quite sure I understand the doc_id right now, I'm really being fixing and optimizing the installer code. I implemented a class for the cms_installer.php file (my own writeconf.php) but I use global statements on the methods of the class. I dont know if that would be the "correct" thing to do, but they manage to get the cms installed and that class serves to install like 10 cms rght now. Maybe you could comment on this?
Ok, back to the code. I dont really know if always a database gets installed with a 1029 doctype_id and I think that that would be the only possible failure of the mysql query right now.
I have done a very nice template for the cms installer (i think its pretty), but I know that there are other people who can do much better templates than me with css for example. Maybe some volunter to get css on this? anyone?
Ok thanks.
Oh, another question. Do i have to code some stuff to prevent sql injection in the various forms I use? I have never done this so thats why I ask. I dont know if is enough with the *general* security platform that ispconfig provides to my script.
Reply With Quote