hi,
I took the code from the zp-config.php file and pasted it into a php file called zp-config-root.php. I placed this file in the root directory so it wasnt accessible from the web.
I then changed the code in the zp-config.php file to be just an include tag pointing to the zp-config-root.php file.
it works fine on the zenphoto index page, however as soon as I click onto an album i get an error saying that the path is invalid, failed to open stream.
I know you can do this easily with Worpress by simply dumping the wp-config.php file anywhere and the system scans for the location of this file, no need for redirects or includes.
Any advice?
Moving it will not make it safer. Only proper security measures such as only allowing owner access to the zp-core folder will do that.
Anyway, if you are refering to the threads on this forum about that file being compromised, that was most likely caused by the site administrators not removing the setup files, not by someone actually accessing your server and the folder directly. (Unless, of course, you have no folder security. In which case it does not matter where you move it, it will still be vulnerable.)
Old post I know but I've been having problems with the config file getting corrupted as well. Quite often in fact.
Luckily, I simply replace the file with a known good one and all is well - but it's annoying because my clients hate seeing the error. I have to constantly monitor my sites which is time consuming.
What should the permissions be for zp-data folder?? Also what other steps can be taken so this stops happening?
Thanks,
Mike
I am sorry for these issues. I fear I cannot really help as I have never encountered this on several sites with several (shared) hosts. Normally the file is not even touched unless you change things.
As Setup suggests the files in zp-data should be 600. The folder itself may be 755. It depends on the server how strict you can set things. All servers I know break things if you set to the strictest. Setup tries to set permissions but sometimes that conflicts with the server so you have to adjust manually.
Guys this keeps happening to multiple sites (all same host). Sometimes I get the red bar that says corrupt config file - other times I get the zenphoto installation/upgrade page.
If I simply replace the config file and reload the root page it's fine.
I'd ask if you could please help me resolve this issue. I'll do whatever I can to make it happen.
Please let me know what steps to take to get you the info you need to help diagnose and fix this issue.
As mentioned permissions are as above, and install folder is protected.
Please email me directly if you want.
Much appreciated,
Mike
I primarily use Zenphoto on various standard shared hosts and never encountered this. That doesn't mean you don't have any problem but I sadly really have no idea where to look for what if there are no errors in the server logs.
Try to lower permissions on the folder and files. If that doesn't work, maybe contact your host in case of a server config issue somehow.
That's a message from the security logger plugin (note: ZP logs != server logs) about a faild cookie check, e.g. if someone tries to access without being logged in. But it does not really explain why the config file might get corrupt as it normally is just read. It could very well be hack attacks.
In any case I would contact your host about this. They should have more insight into what might be going on.