Welcome

BoltWire is a content management system developed by Dan Vis.

Welcome Tour
Documentation
Mailing List



Popular Posts

Version 5.11 Released
May 26, 2016

Big Changes Coming Soon...
April 28, 2016

Catching Up
April 6, 2016



Other Sites

Here's some other sites by Dan Vis:

Alexa Echoes
Join my adventures developing for Amazons exciting new voice platform.

Firefly Spot
Personal rambling about new gadgets, technology news, and space travel.

FAST Missions
My ministry hub, with news and updates about our online school.

You can follow him at www.danvis.info.

Site Creator

Documentation > Concepts > Site Creator

BoltWire comes with a small standalone script in the boltwire folder called start.php. You can use this script to create new sites very easily. To use it go to your browser and simply call localhost/boltwire/start.php or www.domain.com/boltwire/start.php.

It adds some nice wow & pizzazz to BoltWire, but you should understand a bit about how it works.

How to Use

The first time you use the script it will prompt you for a system wide security password. You will need to enter this password each time you create a new website. Set your password to false and you will disable the site creator.

Once the password is saved, you will be prompted to create a new site. It will ask you for a site name, the id of your site superadmin, whether or not you want to encrypt member passwords, whether you want a .htaccess file installed for cleanurls, and if you want a root forwarder. Select the options you want, and click "Create Site". The start.php script sets up everything for you automatically. For more information about these options, see this tutorial.

Security Issues

This script opens up several security issues you should be aware of.

First, if your installation password is compromised somehow, others could setup a new site of their own on your server, and would have full admin control of the site. This could also happen if the .htcodes file is deleted from your BoltWire directory. This file is created when you set your system password.

Second, on unix servers, the index files this script produces will likely be owned by the web user. I've been told this could mean there is an increased possibility the file could be hacked. If you are on a windows server, or your server is running suexec.php (like many shared hosters) this security issue will not be an issue.

Modifying or deleting the start.php script is not the recommended way to disable this functionality. Why? Every time you upgrade your version of BoltWire the start.php script will be overwritten and revert. You will then have to remember to redo your changes each time, or risk leaving your site wide open. Setting the password to false will keep the script disabled through upgrades.

Another option is to move your BoltWire code out of web writable space, so the start.php script cannot be called in a web browser. See the Farms & Fields tutorial for more information about this high security approach.

Offline Usage

If you are doing your web development on a local computer, set the password to false on your server, and then something you can remember on your home computer. Use it anytime you want to develop a new site, then upload the new site once it is ready via ftp.

Non-Standard Installations

If you have a nonstandard installation, you can modify this script to work as you want. Simply open it up, edit the $boltwire, $field, and $root variables to the paths you want, then save the script under a new name. Do not simply modify start.php, or your changes will be overwritten with each version upgrade. Change the $htcodes variable, and you will be able to set the start.php password to false and keep your customized script active.

Reenabling the Site Creator

If you want to reenable the Site Creator, or reset the password, simply delete the .htcodes file in the BoltWire directory. Then rerun start.php and you will be prompted to reset it. Do not leave your site open by deleting the password and not resetting it.

TAGS:
To leave a comment, please login using your Facebook account: