+------------------+ | LCC installation | +------------------+ This file contains instructions on how to get the Lightweight Club Calendar to its work. It only covers the standard-stand alone installation which means, that the user, group, and event management are done alone by LCC. If you need or want to use a already existing user-/group-/event[database|store|whatever] you need to deal with LCC-drivers. More information about this topic is found in the LCC-Documentation. (You should read all the manuals anyway, if you want to be familiar with LCC, what you should if you mind security. Don't fear the drivers, they are quite simple ;)) Unlike other "full-of-stuff-php-projects" LCC is meant to only provide a small but felxible architecture and let "plug-ins" extend the core, so nearly everything is possible only by extending the core. Index: I. Prerequisites II. Composing the setup a) Stand alone installation b) Stand alone with database (or other storage place) c) Integrated with other simple application (username provided in a variable) d) Integrated with other complex application (like a discussion forum etc) e) ACL - Access Control III. Security I. Prerequisites ---------------- Before we can beginn, we need the following: * a working Webserver with PHP (4.3 or better) support. * PEAR::Calendar installed (preferably in the shared php directory, usually found at /usr/share/php) * SMARTY template engine installed Ok, if you got that, we need to think a little. Ask yourself the following questions: - Do i want to store all the event data in a database or are plain files enough? - Do i want to store all the notes for my events in a database or are plain files enough? - What kind of external application sould LCC connect to? - What are users allowed to do in my calendar? - Did i read all the other manuals so i understand how LCC is working and how i can adjust stuff to my needs? If you answered one or more of the questions with "i dont know" or "i dont mind", please go directly to capter I. (not over go, no 200$!) II. Composing the setup ----------------------- We have answered the questions above, so we are able to decide what drivers we want to use. Here, we will only discuss some few examples. a) Stand alone installation LCC, in its out-of-the-box configuration is in "stand alone" mode. It stores the event information in flat files, so you do not need a MySQL database running. However, the performance of this kind of installation is not the best and for bigger installations you should consider using a database. If you dare, you also can put the directory where the data will be stored to a tmpfs (if you are on a linux box). Starting LCC is at least a three line job: The first line is to include the LCC_Core class. After that you may need to change some of the core configuration items. Finally you make a new instance of LCC_Core providing the core configuration, if modified. Then driver loading starts. The line actually printing something is "$lcc_core->startApplication()"; this method handles all of LCCs activitys. The only drivers that are loaded automatically by LCC are the file based event- and notedriver. Before you can start using LCC you must at least load a UserDriver. A good start for getting your LCC to run is to copy the standalone example from the examples folder found in LCCs documentation. Please refer to the comments in this file to tune your installation. There you will find additional information on how exactly you must configure LCC to suit your needs. For a standalone installation you certainly need a custom "login.php" that set up the simple user driver accordingly. LCC can't (and shouldn't) handle authentication itself. b) Stand alone with database (or other storage place) If you decided that you want to use a database (or some other place) to store your event and note data, then you can build upon the stand alone installation. All you have to do is just to explicitely load another driver for events and/or notes. Prior loading the driver you usually have to configure the driver to be loaded so he knows how to access its data. Refer to the drivers documentation for this. "howto_write_a_driver.txt" explains how LCC loads drivers, so it is worth a look even if you don't want to write custom drivers. c) Integrated with other simple application (username provided in a variable) Before proceed reading this paragraph, have a look to the "drivers/user" directory to check if LCC provides a driver for your application. If so, proceed reading d). This is a "real world example" of the comments in "lcc_standalone.php" example. There is said, that you should include your login.php; this is what we do now. So write your login.php. It should perform the following tasks: - Print login form - Process login data from the form - Stop script execution or setup simple user driver with data Ok, this was everything. Using the simple user driver you are theoretically able to connect every application or datasource whose data you can access. To make this process easier, there will be specific drivers for applications/datasources so this task will be even easier in the future. Like you have seen before, integration without a special driver is quite simple. You just need to provide the neccessary data to the simple user driver. If there is no suitable driver, feel free to contribute a driver! d) Integrated with other complex application (like a discussion forum etc) If you have a complex application for wich LCC provides a driver (like PHPBB2 or WBB2), you may use this driver to connect LCC to the application. Often this is easier as using the simple userdriver, because you don't have to bother with logins etc. However, you must take special care to correctly configure the user driver so it will work properly. You definitely should have a look to the drivers documentation which you can find at the beginning of the driver file itself. There you will find detailed descriptions on configuring the specific driver and some installation tasks since most external application need some configuration to be able to interact with LCC. e) ACL - Access Control Not every user should be allowed to perform every action. LCC provides a method to limit what users may do in your calendar. LCC features a relatively open default ACL described in "configuring_lcc.txt", so you only need to change those items that you want to limit. Again, lcc_standalone features a example on how to change the ACL. III. Security ------------- After you configured and installed LCC, you should take some security measures. - Ensure that the data/ directory and its subdirectorys aren't accessible throught web If an attacker is able to exploit LCC to save custom data (e.g. pics or so) into the data/ directory, you may end up with an public free of charge porn hosting service ;) Therefore you should protect this paths in your web server configuration. Currently a .htaccess file is introduced in data/ but it may be disabled on some webservers, so please at least check that access is disallowed. A additional and even securer approach is to give LCC a different data location outside the DocumentRoot of the webserver. You can achieve this by changing the 'data_dir' configuration variable when configuring LCC. Make sure the configuration of LCC could not be compromised. Consider harden your php installation by using open_basedir restrictions and proper file access rights on your system. - Protect the LCC source files from beeing overwritten A common attack method is to overwrite existing php files with modified ones. It is a good idea to make the php files of LCC read only so data could only be written to placec where it is intendet to be, and this is only the data/ directory. - Remove documentation and example files It is a good idea to remove the "documentation" subfolder so no attacker is able to execute example files.