Building Websites with PHP-Nuke — Save 50%
A practical guide to creating and maintaining your own community website with PHP-Nuke
In the previous article of the article series by Douglas Paterson, author of Building Websites with PHP-Nuke, we looked at features provided by PHP-Nuke for its visitors, the functionalities to make site maintenance easier, and what exactly is PHP-Nuke.
In this article, which is the second article of the article series, you will learn how to install and configure PHP-Nuke, apply patches, and also create the database. At the end of this article you will have a fully operational PHP-Nuke site, ready to go!
The steps to install and configure PHP-Nuke are simple:
- Download and extract the PHP-Nuke files.
- Download and apply ChatServ's patches.
- Create the database for PHP-Nuke.
- Create a database user, and fill the database with data.
- Make some simple changes to the PHP-Nuke configuration file.
- Copy the PHP-Nuke files to the document root of the web server.
- Test it out!
Let's get started.
The latest version of PHP-Nuke can be downloaded at phpnuke.org downloads page:
You can also obtain older versions of PHP-Nuke, including version 1.0, from SourceForge:
SourceForge is the world's largest home of open-source projects. Many projects use SourceForge's facilities to host and maintain their projects. You can find almost anything you want on SourceForge—whether it is in a usable state or has been updated recently is another matter.
Once you have downloaded PHP-Nuke, you should extract the contents of the PHP-Nuke ZIP archive to the root of your c: drive. You will have to create a folder called PHP-Nuke-7.8 in the root of your c: drive. (If you extract the files elsewhere, create the folder PHP-Nuke-7.8 and copy the contents of the main unzipped folder to this new folder).
If you don't have a tool for extracting the files, you can download an evaluation edition (or buy a full edition) of WinZip from www.winzip.com.
There are also free, powerful, extracting tools such as ZipGenius (http://www.zipgenius.it/index_eng.htm) and 7-Zip (http://sourceforge.net/projects/sevenzip/) among others.
In the PHP-Nuke-7.8 folder, you will find three subfolders called html, sql, and upgrades. The upgrades folder contains scripts that handle upgrading the database between different versions, the sql folder contains the definition of the PHP-Nuke database that we will be working with, and the html folder contains the guts of your PHP-Nuke installation.
The html folder contains all the PHP scripts, HTML files, images, CSS stylesheets, and so on that drive PHP-Nuke. Within the html folder are further subfolders; some of these include:
- modules: Contains the modules that make up your PHP-Nuke site. Modules are the essence of PHP-Nuke's operation; we look at them from article Your First Page onwards.
- blocks: Contains PHP-Nuke's blocks. Blocks are 'mini-functionality' units and usually provide snippet views of modules. We will look at blocks in article Managing the Site.
- language: Contains PHP-Nuke language files. These allow the language of PHP-Nuke's interface to be changed.
- images: Contains images used in the display of the PHP-Nuke site.
- themes: Contains the themes for PHP-Nuke. The use of themes allows you to completely change the look of a PHP-Nuke site with a click of a button.
- includes, db: Contain code to support the running of PHP-Nuke. The db folder, for example, contains database access code.
- admin: Contains code to power the administration area of your site.
Downloading the Patches
No software is without its flaws, and PHP-Nuke is no exception. After a release, the large user community invariably finds problems and potential security holes. Furthermore, PHP-Nuke also contains features such as its forum, which is in fact the phpBB application specially modified to work with PHP-Nuke. phpBB itself is updated on a regular basis to correct critical security vulnerabilities or to fix other problems, and consequently the corresponding part of PHP-Nuke also needs to be updated. Rather than releasing a new version of PHP-Nuke for these situations, patches for its various parts are released.
ChatServ's patches from www.nukeresources.com are mostly concerned with variable validation, in other words, making sure that the variables used in the application are of the right type for storing in the database. This has been an area of weakness with many earlier versions of PHP-Nuke. The patches are often incorporated into subsequent versions of PHP-Nuke so that each new version becomes more robust.
Note that you don't have to apply the patches, and PHP-Nuke will still work without them. However, by applying them you will have taken a good step towards improving the security of your site.
If you navigate to http://www.nukeresources.com, there is a handy menu on the front page to access the patches:
To obtain the patch corresponding to your version, click the link and you will be taken to the relevant file (of course, www.nukeresources is a PHP-Nuke powered site!). Click on the Nuke 7.8 link to go to the Downloads page of www.nukeresources.com. On this page, clicking the Download this file Now! link will download the patches for PHP-Nuke 7.8. The name of this file will be of the form 78patched.tar.gz. This is a GZIP compressed file that contains all the patches that we are about to apply. The GZIP file can be extracted with WinZip, or any of the other utilities we discussed earlier.
The patches are simply modified versions of the original PHP-Nuke files. The original files have been modified to address various security issues that may have been identified since the initial release, or maybe since the last version of the patch.
Applying the Patches
To apply the patches, first we need to extract the 78patched.tar.gz file. We will extract the files into a folder called patches that we will create in the PHP-Nuke-7.8 folder.
After extracting the files, copy the contents of the patches folder to your html folder. Do not copy the patches folder, copy its contents. The patches folder contains files that replace the files in the default installation, and you get a Confirm File Replace window. Select Yes for all the files, and when the copying is complete, your installation is ready to go.
We have performed this patching immediately after installing PHP-Nuke, but we could have done this at any time. Doing it at this point is more sensible as it means that we are working on the most secure version of PHP-Nuke. Also, the patch process we have described here overwrites existing PHP-Nuke installation files. If you have modified these files, then the changes will be lost on applying the patch. Thus applying the patches later without disturbing any of your changes becomes more demanding.
There is one further thing to watch for after applying the patches. You may find that the patched files have had their permissions set to read-only, and that you are unable to modify the files. To modify the files (and we do have to modify at least the config.php file in this article) you will need to remove this setting. You can do this on Windows by right-clicking on the file, selecting Properties from the menu, unchecking the Read-only setting, and clicking the OK button:
We've done almost all the work with the files that we need to; now we turn our attention to creating and populating PHP-Nuke's database.
Preparing the PHP-Nuke Database
We'll be using the phpMyAdmin tool to do our database work. phpMyAdmin is part of the XAMPP installation (detailed in Appendix A), or can be downloaded from www.phpmyadmin.net, if you don't already have it. phpMyAdmin provides a powerful web interface for working with your MySQL databases.
First of all, open your browser and navigate to http://localhost/phpmyadmin/, or whatever the location of your phpMyAdmin installation is:
Creating the Database
We need to create an empty database for PHP-Nuke to hold all the data about our site. To do this, we simply enter a name for our database into the Create new database textbox:
We will call our database nuke. Enter this, and click the Create button. The name you give doesn't particularly matter, as long as it is not the name of some already existing database. If you try to use the same name as an already existing database, phpMyAdmin will inform you of this, and no action will be taken. The exact name isn't particularly important at this point because there is another configuration step coming up, which requires us to tell PHP-Nuke the name of the database we've created for it.
After clicking Create, the screen will reload and you will be notified of the successful creation of your database:
Creating a Database User
Before we start populating the database, we will create a database user that can access only the PHP-Nuke database. This user is not a human, but will be used by PHP-Nuke to connect to the database while it performs its data-handling activities. The advantage of creating a database user is that it adds an extra level of security to our installation. PHP-Nuke will be able to work with data only in this database of the MySQL server, and no other. Also, PHP-Nuke will be restricted in the operations it can perform on the tables in the database.
We will need to create a username for this boxed-in user to access the nuke database. Let's call our user nuker and go with the password nukepassword. However, in order to add an extra level of security we will introduce some digits into nukepassword, and some other slight twists, to strengthen it, and so use the word No0kPassv0rd as our database user password.
To create the database user, click the SQL tab, and enter the following into the Run SQL query/queries on database textbox:
GRANT ALL PRIVILEGES ON nuke.* TO nuker@localhost
IDENTIFIED BY 'No0kPassv0rd'
WITH GRANT OPTION
Your screen should look like this:
Click the Go button, and the database user will be created:
Populating the Database
Now we are ready to fill our database with data for PHP-Nuke. This doesn't mean we start typing the data in ourselves; the data comes with the PHP-Nuke installation. This data is found in a file called nuke.sql in the sql folder of the PHP-Nuke installation. This file contains a number of SQL statements that define the tables within the database and also fill them with 'raw' data for the site.
However, before we fill the database with the tables from this file, we need to make a modification to this file.
By default, the name of each database table in PHP-Nuke begins with nuke_. For example, there is a table with the name nuke_stories that holds information about stories, and a table called nuke_topics that holds information about story topics. These are just two of the tables; there are more than 90 in the standard installation. The word nuke_ is a 'table prefix', and is used to ensure that there are no clashes between the names of PHP-Nuke's tables and tables from another application in the same database, since the rest of the table name is descriptive of the data stored in the table, and other applications may have similarly named tables.
What this does mean is that unless this table prefix is changed, the table names in your PHP-Nuke database will be known to anyone attempting to hack your site. Many of the typical attacks used to damage PHP-Nuke are based around the fact that the names of the tables in the database powering a PHP-Nuke site are known. By changing the table prefix to something less obvious, you have taken another step to making your site more secure.
|A practical guide to creating and maintaining your own community website with PHP-Nuke|
eBook Price: €16.99
Book Price: €25.99
Before we fill our PHP-Nuke database, we will change the table prefix from nuke_ to dinop_ (for the Dinosaur Portal). This requires us to make a change to the nuke.sql file first, and then a configuration change later.
Open the nuke.sql file in a text editor (such as Wordpad), and use the find and replace feature (Edit | Replace in Wordpad) to replace all occurrences of nuke_ with our chosen prefix dinop_. Make sure that you include a space before nuke_, and for the replacement prefix, include a space before its name. The image below shows the Replace dialog in Wordpad for changing the prefix to dinop_:
Clicking the Replace All button will make all the changes within the file, and then we can save this new file as dinop.sql in the sql folder, and we will have a new set of tables with a different prefix.
Now the prefix has been changed, we can return to phpMyAdmin and continue with populating the database. To get the data into the database, click the SQL tab, as shown in the figure overleaf:
Click the Browse button, navigate to the sql subfolder in the PHP-Nuke-7.8 folder, and double-click on the dinop.sql file. Click the Go button, the screen will reload, and in the left-hand panel of the browser you will see the tables in your fully populated database:
Our database is now ready. There are still two more steps before we are ready to run PHP-Nuke.
We need to tell PHP-Nuke where to get its data from, and how to get that data. This requires us to provide the name of the database and the database user we just created. We add this information into the config.php file located in the html folder of your PHP-Nuke installation.
To do this, open the config.php file in your favorite text editor (Notepad or Wordpad will do fine).
Scroll down to find these five consecutive lines:
$dbuname = "root ";
$dbpass = "";
$dbname = "nuke";
$prefix = "nuke";
$user_prefix = "nuke";
These five lines are PHP variable definitions that determine the username and password of the database user account that will access the database, and the name of the database that we will be accessing, and the table name prefix. PHP-Nuke uses these to connect to its database, so they had better be correct.
The first thing we will do is change the database username and database password to those of the database user we created earlier. Edit the lines as follows:
$dbuname = "nuker";
$dbpass = "No0kPassv0rd";
Next, we should set the database name by changing the variable assigned to $dbname to the name of the database we just created. We have named our database the same as the one specified here, nuke. If we had chosen a different name for the database, we would have had to set the value of the $dbname variable to that name.
The $prefix variable holds the value of the table name prefix, which by default, is set to nuke. We discussed the table name prefix earlier, and how all the table names in the standard setup are prefixed with nuke_. (The _ character does not need to be included in the $prefix variable). Whenever there is any attempt to access a table from within the PHP-Nuke code, the $prefix variable is used. We set the value of the $prefix variable to our changed prefix, dinop:
$prefix = "dinop";
The fifth variable, $user_prefix, is also a table prefix. There is a pair of tables in the PHP-Nuke database, nuke_users and nuke_users_temp (with the default prefix) that hold information about each user and users waiting to be registered on the site respectively. Whenever these tables are queried in the code of PHP-Nuke, the $user_prefix variable is used to get their table prefix rather than the $prefix variable. This means that these tables could have a different table prefix from the rest of the tables in the PHP-Nuke database. A consequence of this is that you could have several PHP-Nuke sites stored in the same database, each with different table prefixes, but the user prefix could be the same. This would mean that a user could have a single user account valid across all these sites. This is a more advanced use of PHP-Nuke that we won't have the space to go into any greater detail.
For now, we set the $user_prefix variable to be the same as the $prefix variable:
$user_prefix = "dinop";
For completeness, we will make a change to another configuration variable, the site key. This is a long string used in the random generation of the graphical security code that prevents automated registration or login attempts to your site. The site key can just be a random string of text, provided you don't add any quotes. The default value is this:
$sitekey = "S·kQSd5%W@Y62-dm29-.-39.3a8sUf+W9";
Let's change its value with some random pressing of the keyboard to:
$sitekey = "78w f7sys f89s fsd sj hjsg sdfw3p;";
We've told PHP-Nuke the name of the database to use, the prefix of the name of the tables, and also the name and credentials of the database user to access the database with. Our configuration is done, so let's save the file config.php and we are ready to move on.
Putting PHP-Nuke Files into the Web Server Root
In this series, we are going to access the homepage of our local PHP-Nuke site with this URL:
In order to do this, we will create a folder called nuke in our web server root (xampphtdocs if you are using XAMPP), and copy the contents of the PHP-Nuke-7.8html folder into this folder. Do not copy the html folder itself, but the contents of the folder.
We will refer to the nuke folder in the web server root as the 'root of our PHP-Nuke installation'.
Testing the Installation
Finally, we are ready to go.
Open up your web browser and navigate to http://localhost/nuke/. You should see the following screen:
If this is what you see in your browser, then you are ready to go, and you can move on to the next article. If you see something different from this image in your browser, we may have to perform some troubleshooting. Here we'll look at some of the more common problems that users encounter with their PHP-Nuke installations.
Database Connection Problem
If you see this in your browser:
then there might be a problem with your database server or, more likely, your connection information. If the MySQL server is running (navigate to http://localhost/phpMyAdmin/ to see if phpMyAdmin is working), then it's likely that you specified the wrong database name, wrong username, or possibly the wrong password in the config.php file, so go back and check them.
No Data in the Database
You might get a blank screen or receive error messages like these in the browser window:
Warning: main(language/lang-.php): failed to open stream: No such
file or directory in xampphtdocsnukemainfile.php on
line 183 ...
Fatal error: Call to undefined function: themeheader() in
xampphtdocsnukeheader.php on line 47
This probably means that your database is actually empty. Ensure you have added the data as we did earlier. Another possibility is that you have incorrectly specified the table prefix in the file config.php file. That line should look like this:
$prefix = "nuke";
Still Having Problems?
If PHP-Nuke is still not working, and you have followed the steps in this article, then there is something wrong elsewhere, but it is likely that you will find the answer by scouring the forums at http://www.nukecops.com/forum2.html. This is the Installation for Newbies forum on nukecops. This contains many questions (and solutions) from new users attempting to get their site running.
In this article, we have walked through the typical steps to install PHP-Nuke on a local machine running an AMP environment.
After obtaining and installing the PHP-Nuke application from the PHP-Nuke main site, phpnuke.org, we also installed ChatServ's patches so as to minimize possible security issues.
The next thing we did was to create the database for PHP-Nuke and populate it using phpMyAdmin—a web-based tool for working with MySQL databases. As you will see in later articles, almost everything about your site is stored in this database.
Finally, we moved the folder containing PHP-Nuke's code into the document root of our web server. We also looked at some troubleshooting issues to check that everything is working OK. With everything working fine, we can start exploring PHP-Nuke!
If you have read this article you may be interested to view :
|A practical guide to creating and maintaining your own community website with PHP-Nuke|
eBook Price: €16.99
Book Price: €25.99
About the Author :
Douglas Paterson is a full-time acquisition editor and part-time author for Packt Publishing. He is a doctor of Mathematics and has over five years experience of working on programming books across a number of different subjects. He lives in Birmingham, England, with his wife, and his unusually hairy dog, Zak.