Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Textpattern sites and channels
  3. » Textpattern's face to the public

Pages: 1 7 8 9

#97 2025-11-20 19:54:31

giz
Plugin Author
From: New Zealand
Registered: 2004-07-26
Posts: 405
Website GitHub Twitter

Re: Textpattern's face to the public

@Pete: no biggie, there wasn’t anything in your posts that rubbed me up the wrong way!

Bloke wrote #341275:

I’m not sure what exactly the stumbling block was. 3 years ago would have been Txp 4.8.8, which I believe already had the auto-create database option, so (presumably) relocating config.php was a step too far.

I’ve never had success with the auto-create database option on a new install (including 4.9dev). The server always bitches about a lack of permissions, so I do it manually each time. A year or two ago I had one or two successes using a Textpattern installer tied into cPanel (Softalicious I think).

Access to /public_html/ is no longer straight forward. The choices are to use FileManager in cPanel, or ftp. Not having installed any other cms, I don’t know if they go through the same rigmarole as well:

  1. a new client sends me the login details to their website control panel.
  2. I can’t login without 2FA, so I have to bug my client to set me up as a ‘Technical Admin’ first.
  3. cPanel (yay) and FileManager is now available at a push (!yay).
  4. Depending on the host, to get ftp access I need to either:
    1. Whitelist my IP against their firewall (every other day)
    2. Set up certificates (never easy for me ;-)
  5. Experiment with ftp types, ftp addresses, ports, username and passwords before I gain access to the file system
  6. The easy bit: install Textpattern

My point is installing (any?) software directly for anyone other than a developer is a high friction process. One needs to persevere; textpattern.com is the biggest carrot we have to convey why it’s worth the effort.

Anecdotal only, but I’ve had too many potential clients who were initially enthusiastic about taking on my services in early discussions, but bailed after I sent them a link to textpattern.com.

Sites like AlternativeTo are possibly the ‘easiest’ way to drive new users to Textpattern, but we should also cater for word-of mouth recommendations by non-tech businesses and organisations.

Offline

#98 2025-11-20 20:41:51

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 12,083
Website GitHub

Re: Textpattern's face to the public

giz wrote #341302:

Access to /public_html/ is no longer straight forward

Ain’t that the truth. I totally hear you about the ballache of file system access. In some ways it’s a good thing because it means rogue processes or untrusted users who stumble upon the /setup dir that the admin forgot to delete, can’t trash stuff.

I do keep flip-flopping between “it’s a bad idea” and “ease of use” and ultimately talking myself out of changing things.

That said, rather than automatically installing the file, could we offer:

  • The file contents for you to copy out (as now).
  • A ‘Download’ button for those that want a copy to upload it themselves (as now).
  • A ‘Try to install it’ button that has a go at creating config.php and populating it with the pre-prepared content.

With appropriate safeguards — e.g. making sure that the content that can be written to the file is only the stuff we want, and hasn’t been tampered with — then it should be safe enough to copy the content into the config.php file automatically.

Since clicking the button is still a manual action, and we will check it’s not been doctored before writing, and it can only be written if all checks pass and the connection is made, it’s probably safe enough.

There is a chance it will fail so we’ll need to trap that and warn people they’ll have to do it by hand. But it might be a step up in niceness.

Thoughts everyone?

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#99 2025-11-20 20:52:26

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 12,083
Website GitHub

Re: Textpattern's face to the public

giz wrote #341302:

I’ve never had success with the auto-create database option on a new install (including 4.9dev).

Hmm, that is annoying. Any particular setup or reason you can think of that might prevent it? It’s always created it for me, even when the database is on a different domain. If we can determine what the reason for failure is, we might be able to trap it or work around it.

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#100 2025-11-20 22:48:12

etc
Developer
Registered: 2010-11-11
Posts: 5,576
Website GitHub

Re: Textpattern's face to the public

Bloke wrote #341304:

With appropriate safeguards — e.g. making sure that the content that can be written to the file is only the stuff we want, and hasn’t been tampered with — then it should be safe enough to copy the content into the config.php file automatically.

Since clicking the button is still a manual action, and we will check it’s not been doctored before writing, and it can only be written if all checks pass and the connection is made, it’s probably safe enough.

I’m not so sure. Even if we limit config.php content to db credentials, anyone having a db account will be able to run your uploaded txp setup (while you sleep), gain access to txp, and thus to php. Small chance, of course.

bloatware

Offline

#101 2025-11-20 23:25:25

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 12,083
Website GitHub

Re: Textpattern's face to the public

etc wrote #341309:

Even if we limit config.php content to db credentials, anyone having a db account will be able to run your uploaded txp setup (while you sleep), gain access to txp, and thus to php. Small chance, of course.

A very small chance I would hope! If a person, as a responsible admin, runs /setup, chooses to autopopulate the config.php, and walks away at that moment without taking 30 seconds to finish the installation process and log in to the admin side (which attempts to delete the /setup for you), well, you’ve got bigger problems than a script kiddie following you 😀

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#102 Yesterday 14:44:33

etc
Developer
Registered: 2010-11-11
Posts: 5,576
Website GitHub

Re: Textpattern's face to the public

Dunno how well db accounts are compartmented by hosts, but, if a kiddie gets db credentials (not yours) that are usable by your php server, he can quickly run your setup before you once you have txp uploaded, use his db account to create tables etc. If he can also upload config.php (by clicking the button), he gets the access to txp admin. Am I wrong?

bloatware

Offline

#103 Yesterday 18:28:55

giz
Plugin Author
From: New Zealand
Registered: 2004-07-26
Posts: 405
Website GitHub Twitter

Re: Textpattern's face to the public

Bloke wrote #341305:

Hmm, that is annoying. Any particular setup or reason you can think of that might prevent it? It’s always created it for me, even when the database is on a different domain. If we can determine what the reason for failure is, we might be able to trap it or work around it.

It happened a few days ago, but I was distracted.

Trying again, using textpattern-4.9.0-beta.2:

I get: 

Checking database connection

Connected

Fatal error: Uncaught mysqli_sql_exception: Access denied for user 'username'@'localhost' to database 'dbname' in /…/test/textpattern/setup/setup_lib.php:382 
Stack trace: 
#0 /…/test/textpattern/setup/setup_lib.php(382): mysqli_query() 
#1 /…/test/textpattern/setup/index.php(406): setup_connect() 
#2 /…/test/textpattern/setup/index.php(151): step_printConfig() 
#3 {main} thrown in /…/test/textpattern/setup/setup_lib.php on line 382

The db username exists and works. My manual install in the parent directory supplies diagnostics for the environment:

Textpattern version: 4.9.0-beta.2 (f9944943f5f4a849db3c7f1b2fe70bb3)
Last update: 2025-11-17 20:32:37
Textpattern path: __TXP-ROOT/textpattern
Article URL pattern: messy
Production status: testing
Temporary directory path: __TXP-ROOT/textpattern/tmp
PHP version: 8.3.27
GD Graphics Library: 2.3.3; Supported formats: GIF, JPEG, PNG, WebP, AVIF.
Server time zone: UTC
Server local time: 2025-11-21 18:18:08
Daylight Saving Time enabled?: 0
Automatically adjust Daylight Saving Time setting?: 0
Time zone (GMT offset in seconds): UTC (+0)
MySQL: 10.6.23-MariaDB-cll-lve (MariaDB Server) 
Database server time: 2025-11-22 05:18:08
Database server time offset: 0 s
Database server time zone: SYSTEM
Database session time zone: SYSTEM
Locale: en_US.UTF-8
Site / Admin language: en / en
Web server: LiteSpeed
PHP server API: litespeed
PHP SSL version: OpenSSL 1.1.1w  11 Sep 2023
RFC 2616 headers: 
Server OS: Linux 4.18.0-513.18.1.lve.el8.x86_64
Admin-side theme: hive 4.9.0-beta.2

Offline

#104 Yesterday 19:55:50

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 12,083
Website GitHub

Re: Textpattern's face to the public

Have you tried using 127.0.0.1 instead of localhost for the server name? Sometimes that works for me.

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Pages: 1 7 8 9

  1. Index
  2. » Textpattern sites and channels
  3. » Textpattern's face to the public

Board footer

Powered by FluxBB