From dcee763368a1e3f380d07320a5254d91a09304e6 Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Mon, 18 Oct 2010 23:41:19 +0200
Subject: [PATCH] Documentation fixup

---
 doc/README | 36 ++++++++++++++++++++++++++++++++++++
 doc/TODO   | 20 ++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 doc/README
 create mode 100644 doc/TODO

diff --git a/doc/README b/doc/README
new file mode 100644
index 0000000..1a22688
--- /dev/null
+++ b/doc/README
@@ -0,0 +1,36 @@
+#Kyberia README
+
+##Kyberia
+  * This repository contains sources of Kyberia.sk website.
+  * See http://kyberia.sk/ and http://kyberia.cz/ for more.
+
+##COPYING
+  * everything in this repository
+    * is protected by copyright of it's respective author(s)
+    * is licensed as specified in COPYING file in root of this repository
+    * can be licensed somehow else if other licence was specified by author
+
+## How to make your kyberia run.
+
+1.  Install: apache2 (+php support), mysql
+2.  Create mysql account ( create user kyberia identified by "pass")
+3.  Create database kyberia2 (as user kyberia)
+4.  Import data (mysql -u kyberia -p kyberia2 < kyberia_2.3_...sql )
+5.  Copy http dir from svn into your www-root (for example cp kyberia/trunk /var/www/ )
+6.  Copy kyberia-data dir into same directory.
+7.  Copy 003-kyberia.conf (apache2 conf. file) into /etc/apache2/sites-enabled. Edit if needed.
+8.  Maybe you will need something apache configuration tweaks (like a2enmod rewrite).
+9.  Start apache and mysql (something like /etc/init.d/apache2 start, ...)
+10. Set DB login data in inc/db.inc
+11. Depends on your DNS, maybe add alias www.localhost to /etc/hosts file.
+12. Try it (open browser and go to your system_url address. "localhost" by default.)
+13. Find out why it is still not working. (check permisions, symlinks, directory names...)
+14. If you want full functionality, add following lines to your www users crontab
+
+   */2 * * * * /path-to-kyberia-wwwroot/cron/logoutidle.php
+   0 0 * * * /path-to-kyberia-wwwroot/cron/k.php
+   */3 * * * * /path-to-kyberia-wwwroot/cron/process-img.sh
+
+   Warning, this effectively bypass www chroot.
+15. Enjoy;)
+
diff --git a/doc/TODO b/doc/TODO
new file mode 100644
index 0000000..135cc79
--- /dev/null
+++ b/doc/TODO
@@ -0,0 +1,20 @@
+- fix uploading of files
+- fix ALL sql injections
+- keep fixing XSS
+- documentantion/instalation guide (see README)
+- remove absolute paths from all source files (!) (over 50)
+- remove hard-coded kyberia.sk from:
+  ( ./inc/eventz/configure_email.inc )
+  ( ./inc/eventz/delete.inc )
+  ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
+  ( ./inc/replaceLocalURLs.inc )
+  ( ./nodes.php )
+  ( ./cron/rssparse.php )
+  ( ./scripts/contentregexp.php ) (obsolete?)
+
+- Suspected security holes:
+  ( cron/process-img.sh )
+  ( sms_payment.php  => yes, sqli but is it really used? )
+  ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling,
+    "strange" filenames like .htacess (to allow listing of folder)
+
-- 
2.30.2