PostNuke

Site search

Search results

Number of hits: 27

Recovery Console for PostNuke .8+ - Now Available   (News)

Onboard Tools

Configuration OverviewDisplays many site config settings including module, block and theme detection.
Database Access RecoveryRe-encodes database credentials for the config.php file.
Theme RecoveryResets default site theme and/or resets user-applied themes.
Disabled Site RecoveryYou wondered what turning your site off would do...now you know! This utility restores the site to the "on" state.
Modules Module RecoveryDeletes any Modules modules entries found in the database and freshly installs the Modules module to the System category.
Blocks RecoveryA chart displays important block data and allows for disabling and/or deleting any content blocks. Changing the state of multiple blocks at a time is supported.
PostNuke Site SearchA built-in search bar searches the PostNuke site for content by keywords. Searches for matches in the following modules at this time: pagesetter, users, downloads, weblinks, comments, ezcomments, all news stories/topics, and all forums.
PHP InformationPHP info is displayed by section via a tidy menu.
About The ApplicationA dedicated page that displays licensing, credit and other general information.

Additional Features

Cross-browser-compatible CSS layout.
Highly accessible onscreen display.
Visual, interactive, informative navigation.
Various (but few) core images used for aesthetic lists.
Succinct onscreen instructions for each utility.
All actions require confirmation and provide error/status messages.
All forms re-populate themselves upon error.
Applicable current settings are displayed on every page, before and after recovery.

Security

Utilities that are not needed intelligently disable themselves.
User input cleansing.
Filename can be changed without breaking the application.
Time-sensitive application lockdown.

Gracefully Degrades When

PostNuke version is less than .8x.
PostNuke initialization fails.
Application is under lockdown.
Application is uploaded to incorrect location.

Of Other Interest

Written as a PHP class.
Extremely commented code.
Output source is XHTML 1.0 Strict; tidy and skimmable.
Quietly runs with E_ALL enabled.

A big thanks to all who contributed to the original PSAK, which was the strongest inspiration behind this Recovery Console, and to those who contributed with ideas, feedback and testing of the PNRC, thanks for your time and effort!

Download the PostNuke Recovery Console now!

Generated on May 10, 2007.

PostNuke Recovery Console - Additional Feature Requests   (News)

file to your server. You can then perform any repair operations by visiting the file in your browser and following the onscreen instructions, same as the PSAK.

One major improvement over the PSAK is that the Recovery Console has a countdown timer built into it which will only allow the application to be used for xyz amount of time, after which the file automatically locks out further access to the code therein. A realtime graphical timer (Javascript-based) visually shows you how much time you have left to use the Recovery Console. (The Javascript is purely for display purposes, and not relied upon for security.) As the PostNuke system does not make any checks for this Recovery Console, it could easily be left on one's server accidentally and thus, misused. To this end, the lockdown feature might be of some comfort.

A few other items of interest about the Recovery Console:
Aesthetic, CSS-based layout. Nothing hacky, very straight-forward classes.
Consistent navigation.
Fixes that require database, when no database present, are visually disabled for clarity.
Each utility shows the current status of what it's about to fix, before it fixes it, and after.
Inline explanatory texts help you make the proper fixes.
Overview of recovery-related site settings.
Informational page about the application.
Status messages tell you exactly what's going on.
Large countdown timer lets you know how long you have left to use the application.
Self-contained.
Works with PostNuke .8+ (including MS2+)
Highly accessible.

Specific fixes onboard at this time mirror those of the PSAK:
Encode Database Credentials
Toggle Intranet/Internet Usage
Broken Theme Recovery
Permissions Recovery
Disabled Site Recovery / Turning Site Back On
Modules module Recovery

The code is written so that other fixes can easily be added and thus, if you have any suggestions for other utilities to incorporate into the PostNuke Recovery Console, please share them! I'm at a point where I am commenting the file now, and that will take me a least a week more to finalize I suspect, so please post any ideas for fixes you'd like to see and I'll try to get them in for the first release.

Note that this application can be downloaded from here at the NOC, but that it will take a week or 10 days for me to get the first release uploaded.

Cheers,

- Ala

Generated on April 20, 2007.

PostNuke .762 Released   (News)

Addition of SafeHTML Class
To better protect PostNuke websites against the risk of Cross Site Scripting (XSS) attacks, the SafeHTML class has been included in this version. This class offers greater protection against many forms of XSS, over and above that provided in previous versions.

Languages module
The Languages module is obsolete and has been removed from the distribution. The pndefinemachine module does the same work better.
Due to security problems you are also encouraged to remove this from the server after the update!
The options that have been provided by the Languages module are now part of the Settings module.

Downloads
As before, both a full and patch download are available. Download the full distribution if you are installing a new site or upgrading from .760 or earlier. Users currently running a .761 site can download the patch release which contains changed files between .761 and .762 only. Upgrading with the patch version is simple, just replace the files, users upgrading with the full distribution should follow the instructions in docs/manual.txt.
Download 0.762 Full Distribution (ZIP)
Download 0.762 Full Distribution (TAR.GZ)
Download 0.762 Patch (ZIP)
Download 0.762 Patch (TAR.GZ)
Support Forums
Security Mailing List

Hashes
MD5
PostNuke-0.762_patch.tar.gz - f4b36bc3ca9123464ec7bde05233dfe7
PostNuke-0.762_patch.zip - c6646f69f91841f0745064048922fde4
PostNuke-0.762.tar.gz - ea25bb933c4a99b30854815215dcdbb6
PostNuke-0.762.zip - 0e20db2ad3230c447747ec68540e8fb1
SHA-1
PostNuke-0.762_patch.tar.gz - 280b8cb4ff595fc556f137b5f7447f63c82b1b23
PostNuke-0.762_patch.zip - faa09a73e0f1dd82c73a9a53d5f69cef15d086fb
PostNuke-0.762.tar.gz - 59d3ba5ce3a91e67924ad6e3a8df643694849739
PostNuke-0.762.zip - 43f400b78adbad66cc0965b0322eeca9230d13bd

Bugs Fixed
#2227,
#2229,
#2233,
#2246,
#2255,
#2259,
#2270,
#2272,
#2321,
#2358,
#2384,
#2441,
#2471,
#2476,
#2503,
#2528,
#2542,
#2544,
#2545,
#2546,
#2547,
#2548,
#2589,
#2602,
#2604,
#2612.

Simon Birtwistle [HammerHead]
PostNuke CMS Development Team

Generated on February 17, 2006.

PostNuke 0.761 Released   (News)

included is a new quick upgrade script, simplifying the upgrade process. If you are still to upgrade to 0.76x, please read manual.txt
for updated instructions on using the new upgrade.php. It is vital that anyone upgrading a PostNuke install reads this manual, as this upgrade
is unusually complex.

Finally, pn_bbcode and pn_bbsmilie have been updated to include display hooks. To use this functionality, simply add the following to pnRender templates:


[code]

[/code]


or, depending on module used:


[code]


[/code]


Links
Both a changed files package between 0.760 and .761 and a full distribution is available. Should you have already upgraded to .760, use
the changed files package. Otherwise, download the full distribution.

Download 0.761 Full Distribution (ZIP)
Download 0.761 Full Distribution (TAR.GZ)
Download 0.761 Patch (ZIP)
Download 0.761 Patch (TAR.GZ)
Support Forums
Security Mailing List

Checksums
MD5
PostNuke-0.761.zip c4090097b26caa38115540e24378e9b4
PostNuke-0.761.tar.gz 4b76e09c507db0224d34fc448e7efb91
PostNuke-0.761_patch.zip fbdcc4c21813ee2ec04161b76c6a9b61
PostNuke-0.761_patch.tar.gz eeb77338a3b5698b38f23c1e11bebfa2

SHA-1
PostNuke-0.761_patch.tar.gz 8a5605399ccc9576abcbc44751312657fe40a22b
PostNuke-0.761_patch.zip 0553f6b80c638c5cef4306d886361dcb1773ab4a
PostNuke-0.761.tar.gz b69d9bfabb5c8641e4b5dd9e9ee6f5803d86c41d
PostNuke-0.761.zip 79869b9a7003ac9046788cebad23135f68eef648

Bug Fixes

#2176,
#2178,
#2182,
#2193,
#2206,
#2216,
#2219,
#2220.


Related Articles
PNSA2005-4
PNSA2005-5

Simon Birtwistle [hammerhead]
PostNuke Development Tea

Generated on September 28, 2005.

PostNuke 0.760 RC5 released   (News)

Maksymilian Arciemowicz of securityreason.com and Johann-Peter Hartmann of Mayflower for their cooperation regarding some security issues.

One of the few newly introduced features is the so called "Baseline Security Analyzer", which checks your site for some basic security settings and informs the Admin within the administration how to fix them.

Further updates include Smarty, ADODB, phpMailer also. To take a closer look at all the changes, check http://cvsnotices.postnuke.com. At pndevs.com some of the latest changes and ideas are commented by the developers.

If updating from .750 or earlier, please make sure to follow the instructions in the docs folder very carefully.

Download:
Postnuke 0.760 RC

Generated on August 8, 2005.

PostNuke Security Advisory PNSA 2005-1   (News)

VULNERABILTIES
- missing input validation within /modules/Modules/pnadmin.php
- missing input validation within /includes/blocks/past.php
- missing output validation within /modules/Downloads/admin.php
- missing input validation within /modules/Downloads/dl-util.php
- missing input validation within /modules/Downloads/dl-search.php
- possible path disclosure within /modules/News/index.php

SOLUTION
It is recommended that all admins do an immediate upgrade of their sites to v0.750 then apply the latest security fix package available from the locations listed below.
Please note the main package has been updated to include this advisory so there is no need to apply this patch if you have downloaded PostNuke after the date of this announcement.

UPDATED PACKAGES
1. PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-411.html
SIZE: 2410936 Bytes
MD5 checksum: dcb276fa0aae4e22764eb22fd66ccd09
SHA1 checksum: bc8c5ccde62312956f72a144e67efbf65bf82349

2. PostNuke 0.750 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-410.html
SIZE: 3408707 Bytes
MD5 checksum: f49e17d4040892634c53b9fb5afe650c
SHA1 checksum: 82590102de8b0171993eaf94cc73006ad84ae752

3. Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-457.html
SIZE: 26990 Bytes
MD5 checksum: 2e654367bda64f8e9944273991997068
SHA1 checksum: fde99e26357003a8fd36aa7fde0da2859dc2c0b5

4. Security Fix (changed files only) for PostNuke 0.750 (.zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-458.html
SIZE: 32088 Bytes
MD5 checksum: e8b118732f19aa55d80550f6fe4d0caa
SHA1 checksum: f018e4f1d5339dce4b6a8419ac98a555c89945a2

NEW RELEASES
1. PostNuke 0.760RC3 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-459.html
SIZE: 2936077 Bytes
MD5 checksum: FE0A655663073F9F68F878359CD459B3
SHA1 checksum: 7DCE900CE0B4A4940AB18143FE2B82FB526DBC89

2. PostNuke 0.760RC3 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-460.html
SIZE: 4265380 Bytes
MD5 checksum: c2cce796bbf803c7018fa2f4b2891c9f
SHA1 checksum: cb5dc8953a562bcf07bca392dcbe18009942e32c


ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke directory that replaces the current files because by doing this you are applying the security fix to the system fix and this is what is meant by "patching" your system.
If you would like to receive security updates in the future, please subscribe to the PostNuke security list.
SPECIAL NOTE FOR .760RC3
PostNuke .760RC3 is not recommended for production sites. If performing an upgrade to .760 please review manual.txt carefully. Many of the core system modules are upgraded in this release so the process needs to be followed exactly.


CREDITS
The exploits have been originally found by Maksymilian Arciemowicz from http://www.securityreason.com/ and were reported via security contact.


Andreas Krapohl , PostNuke Development Team
February 28th, 2005

Generated on February 28, 2005.

An Expert's Opinion: Furthering Our Understanding   (News)

Dear Vanessa and All Other Members of The Fabulous PostNuke Community:

I am an attorney-at-law, licensed by the State of Florida, and the United States District Court for the Southern District of Florida to engage in a multi-jurisdictional copyright and trademark practice. My practice focuses on cyberlaw (see http://cyberlaw.info). Nothing contained herein is legal advice, nor should it be relied upon without independent research and consultation with a licensed attorney. The following discussion is limited to the laws of the U.S.

I have been asked to comment upon the following hypothetical. If a person or entity (jointly and severally referred to hereafter as "Party A") creates a theme utilizing, or adds an original image or code to a GNU GPL program that was copyrighted subject to the GNU GPL ( see http://www.gnu.org/licenses/gpl.txt ), may another person or entity (Party "B") distribute Party A's distribution containing the new material without the permission of Party A because the entire work (including the new material added by Party A) has now become subject to the GNU GPL?

Also, you have asked me to assume the following notice appears on Party A's
work:

// ----------------------------------------------------------------------
// Copyright (c) 2002-2003 Party A
// http://partya.com
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU General Public License for more details.
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------

The pertinent portions of the GNU GPL are as follows:

"0. ... the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does."

"2. ... mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

Pertinent Sections of United States Copyright Law:

Copyright protection extends to an "original work of authorship fixed in any tangible medium of expression. 17 U.S.C. 102 (a) at ( http://www4.law.cornell.edu/uscode/17/102.html ).

Copyrights are divisible (i.e. you can retain certain exclusive rights, but transfer others). See Section 17 U.S.C. 106 ( http://www4.law.cornell.edu/uscode/17/106.html).

Discussion:

The above license purports to convey via the GNU GPL rights to the "program."

Since copyright is divisible, we must first determine the meaning of the word "computer program." A definition for the term "computer program" is actually a question of fact that would need to be determined by a Court or jury. Dictionary.com defines computer program as follows: "computer program n : (computer science) a sequence of instructions that a computer can interpret and execute; "the program required several hundred lines of code" [syn: program, programme, computer programme]".

It can be argued that an image (which has been stored on digital media) is not a "program." It is data which is called by a program. It would be an anomalous argument to propose that a copyrighted picture taken by the owner of the program and was included in his distribution of his GNU GPL program could be used unless the owner consented.

Similarly, it follows that a presentation, template or display, which is created utilizing copyrighted programs, may not in and of itself be a "program."

Very generally, there is no impediment to obtaining independent copyrights for original works of authorship created by utilizing programs. If there were, Microsoft would be able to prosecute every author who submitted an original manuscript to a publisher in Word format and digital artists would be unable to copyright their works because they used a paint program.

Similarly, if someone creates a theme or skin that artistically rises to the level of an original work of authorship utilizing a program, the resulting theme or skin should be copyrightable separately from the program that created it. It could be argued that the skin, theme, or result is a new, original work of authorship fixed in a tangible medium of expression, and not a derivative or compilation of the original program (i.e. Word, Paint Shop Pro, or, for that matter, Autotheme).

Turning to paragraph 0. of the GNU GPL, licensing a program or work under its terms does not make all files included with the distribution subject thereto See paragraph 0., supra. In our hypothetical, the notice only refers to the "program", and not any particular resulting theme or image therein.

Turning to paragraph 2. of the GNU GPL, "the mere aggregation" of an original work of authorship which is not a derivative or compilation of the program with the program (or with a work based on the Program) on a ... distribution medium "does not bring the other work under the scope of the License." In plain English, this means that just because a distribution contains some files which are subject to the GNU GPL, NOT ALL files contained in the distribution may be so subject. This argument should also apply to data entered into the program to make it display an original work of authorship.

With respect to the language contained in the notice contained in Party A's distribution, a reasonable interpretation of same should lead a Court and/or jury to determine that a program is not the resulting theme, skin, etc., but a set of instructions that the "artist" utilizes to create same. Just because core code is distributed with additional files, or data is entered into existing code to make, draw or display the new skin on screen, should not, in and of itself, make the new files or data subject to the license. See GNU GPL paragraphs 0 and 2 above.

Pursuant to 17 U.S.C. 106, copyrights are divisible (i.e. you can retain certain exclusive rights, but transfer others). Accordingly, it could be argued that Party A's copyright in and to the theme or skin or image remains the sole and exclusive property of Party A. If the argument succeeds, those who violated Party A's exclusive rights (17 U.S.C. 106) in the resulting theme, display, image, skin, etc., face exposure to federal suit for copyright infringement.

Notwithstanding, the program code and modifications made thereto which are considered to be derivatives or compilations ARE subject to GNU GPL, unless the additional code merely "plugs-in" to the preexisting code, is "not based on preexisiting code," and is capable of "standing alone." Note, early cases did not hold telephone manufacturers liable for patent/copyright infringement because their pin out to wall jacks was identical to that of the other's pin out, allowing access to the other's network.

It would logically follow that a third party can utilize GNU GPL code to create an original work of authorship (i.e. a new theme) and obtain a copyright in the new material. However, if the resulting theme, display, image, and or template is similar to that which the artist has not released under the GNU GPL, the third party could be prosecuted for copyright infringement if that third party did not get consent (provided other procedural requirements are fulfilled).

It is worth mentioning that the creator of a program who initially released it under certain conditions, may be able to revoke same at any time (but this would require further research and is a topic for another discussion).

Elliot Zimmerman, Esq.
The Law Offices of Elliot Zimmerman, P.A.
5353 North Federal Highway, PH 405
Fort Lauderdale, FL 33308
http://cyberlaw.info
legal@cyberlaw.info

Generated on April 30, 2004.

PostCalendar Security Advisory PCSA 2004-1   (News)

RELEVANT RELEASES
4.0.0

DESCRIPTION
PostCalendar is an online events calendar. Allowing for one time or recurring events and calendar sharing with multiple categories and PostNuke topics integration.
Vulnerable versions can be exploited through SQL injection within the search function.

SOLUTION
It is recommended that all admins upgrade their sites to v4.0.1 or apply the latest security fix package for v4.0.1 available right now from the locations listed below.

REFERENCES
No references are currently available on the net.

UPDATED PACKAGES
1. PostCalendar 4.0.1 Fullpackage (.zip format)
http://noc.postnuke.com/download.php/243/postcalendar-4.0.1.zip
MD5 checksum: 85f28144f36b1487366f654f4f800830
2. PostCalendar 4.0.1 fixed files only (.zip format)
http://noc.postnuke.com/download.php/244/postcalendar-4.0.1-fixpackage.zip
MD5 checksum: 4b5fd57053c8577eeefef50cd1d19279

ADDITIONAL INSTRUCTIONS
Just replace the files contained in this patch into your PostCalendar directory to have your PC patched. Remember that a backup/dump is always a good idea prior to any update.

CREDITS
This exploit has been originally found by Klavs Klavsen and the Security Forum Denmark (sikkerhedsforum.dk) and has been reported

Generated on January 6, 2004.

PostNuke Security Fix (SQL injection and directory traversal)   (News)

SOLUTION
It is recommended that all admins upgrade their sites to v7.2.3 and applythe latest security fix package available right now from the locations listed below.

As a general rule of thumb we also recommend to never use the 'root' user to connect to MySQL server be it the PostNuke installation or any other application running on the web.

UPDATED PACKAGES
1. PostNuke Phoenix 0.723 (tar.gz format) http://download.hostnuke.com/pafiledb.php?action=file&id=15
Size/MD5 checksum: 1844005 606a6f45dcd232c48e2bfb37004339a6

2. PostNuke Phoenix 0.723 (zip format)
http://download.hostnuke.com/pafiledb.php?action=file&id=16
Size/MD5 checksum: 2620869 0d54b12224746bacc5258b1b9562525a

3. Security Fix for PostNuke Phoenix 0.723 (zip format) http://download.hostnuke.com/pafiledb.php?action=file&id=17
Size/MD5 checksum: 14495 a6ea89e6669c35f80a7167ecf1aafa47

4. Security Fix for PostNuke Phoenix 0.723 (tar.gz format) http://download.hostnuke.com/pafiledb.php?action=file&id=18
Size/MD5 checksum: 11785 1e5c2a2c938aba4103af1e217a37d9c7

ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke directory that replaces the current files because by doing this you are applying the security fix to the system fix and this is what is meant by "patching" your system.


CREDITS
This exploit has been originally found by pokleyzz, pokleyzz@scan-associates.net from Scan Associates (http://scan-associates.net/)and has been reported on 2003-02-24.

Generated on March 7, 2003.

Successful PostNuke Phoenix Installation on Windows 2000 Server -- HOW TO   (News)

few hours trying to solve a problem that was just waiting for a reboot. Take my word for it, especially with the MySQL install.

The Config:
Hardware: PIII slot 1, 384 Megs RAM, 1 FAT32 drive(2 partitions), 1 NTFS drive (single partition)
Windows 2000 Server Sp3
IIS 5.0 included with windows 2000
PHP 4.2.3 (via installer)
MyODBC 2.50.39
mySQL 3.23.52

The Details
Windows Server
This is a multi role machine running DNS, Active Directory(AD) and other network services, and IIS. It's basically my intranet, Domain Controller(AD), File Server and development web server. It's locked down behind a router with its own security protocols, so if you hack the router, you still have to hack AD, which grants access through IP first, Domain second and user third. It's pretty tightly locked up, and its a good way to have a fairly secure development platform.

IIS
IIS is configured to run a default site, which is locked down using AD. If the machine dns name is theMachine, I can easily access the default web site using my browser and going to http://theMachine. The default site is basically a default installation with nothing on it and I use virtual directories to point to development file structures - this is documented in IIS documentation. Basically I took a default PostNuke installation file structure and copied it to a directory on one of my development partitions (I used a FAT32 partition -- no reason for it, just thought this may be a useful fact), and made that a virtual directory of the main site. If I name the virtual directory PNdev, I can now access that directory via http://theMachine/PNdev.

PHPDownload the installer version of PHP for Windows (link in heading title) stop the IIS serverexecute the php installer and follow the instructions (pay attention to the checkboxes for what kind of webserver you wish to install it on, there should be one for IIS 4.0 and up)reboot. After reboot run a search for php.ini(because I'm too lazy to look for it in the C:/Winnt folder), and change the register_globals to 'On'. NOTE: DOING THIS POSES A SECURITY ISSUE FOR THE WEBSERVER. Read about it in the PHP documentation. Now you're ready install mySQL.

MyODBC
I downloaded and installed this driver for MySQL because I'm developing some desktop packages that may be using MySQL in the future -- but it's part of the environment and thought I should mention it. Just do it if you're not sure.

mySQLdownload (link in title)and and unzip this file to it's own directory Go to IIS and stop the server!Install using the setup program and use all the default values,( if you install it other than to the default directories, don't come crying to me)reboot
After Rebooting, run a search for the my.ini file and delete it, if you don't find one - good - it means you need to create one.

Creating a my.ini file with winmysqladmin.exe
You will find a folder in c:\mysql\bin\ called winmysqladmin.exe, if you don't find it here, you screwed up somewhere or installed mysql in another directory - run a search to find it. Once you have located winmysqladmin.exe, I would advise putting a shortcut to it on your desktop.
Open winmysqladmin.exe, a window should pop up asking for a user name and password. Enter a username and password that you wish to use, this will be the MASTER USERNAME AND PASSWORD for your mysql installation. You will need this password very shortly, so write it down! Once you submit the info, look in the sys tray for an icon that looks like a trafficlight. If the 'light' is red, mySQL needs to be started. Do this by right clicking the icon, choose 'win NT' and then click 'start this service'. (If you wish to set more u/n & p/w for other users on their own dbs -read about in the mySQL documentation.)

Creating a Database with winmysqladmin.exe
If the traffic light icon is in the tray, open the gui by right clicking the icon, choose 'show me'. If not in the tray, open winmysqladmin.exe by opening from the shortcut you placed on your desktop earlier, or find it again and open it. When it opens, you will see the window appear and then disappear, look in the tray and you will see the traffic light. Right click the icon, choose 'show me'.
The GUI will appear, click on the 'Databases' Tab. Right click on the server name in the upper left frame and click 'create database'. Input a database name and click ok. This will create a new blank database. Now you are ready to install Postnuke.

PostNuke Install Notes
At this point, I am assuming that you have the files in place on the server and will refer to the directory that holds those files as 'POSTNUKEweb'. Some preliminary steps:make sure that config.php and config-old.php both are world-writable.Note that once the install/upgrade has been completed these files can be re-set to read-only.
your config file should be modified to reflect the username and password that you set up during the installation of mySQL. Remember? I told you to write them down!!! It should also reflect of the name of the database that you created with winmysqladmin.exe.
additionally your config.php file should be set to Windows. Do this by changing $pnconfig['system'] = '0'; to $pnconfig['system'] = '1'; on line 48.
KICK ITgo to your post nuke installation (i.e. http://POSTNUKEweb/install.php).
choose the language and click 'Set Language'. If this page just refreshes and you can't get beyond it, you need to change your php.ini file described above in the PHP heading.
when you get to the DB info page DO NOT check box for use with intranets, I check this on my first run through and could not log in after installation, by not checking it, I could log in fine. I have a feeling that its because of the server setup, but it works for me. You can play with this setting after install:make a backup copy of the pnSession.php file (located in the includes directory). Then, open the file in your favorite editor, and find the line (somewhere around line #88) that looks like this:

Code:
if (pnConfigGetVar('intranet') == false) {

You can toggle the intranet functionality by changing the boolean false to true and vice-versa on this line to see how you system/server/nuke responds.


By following these guidelines you can implement PostNuke pretty seemlessly on your Windows 2000 server. I haven't experimented with XP, win2k (non server), or 98, but I'll be sure to post my findings if I do.

Also, thanks to the entire dev team on PostNuke for creating a kickass solution platform --- you guys ROCK (and so does the community

Generated on October 8, 2002.

Page 1 / 3 (1 - 10 of 27 Total)