Need help on creating my own config


#1

Hi i need help on making a config.php and security stuff iv’e tried as best i can to do it myself but dont know alot about php. If anyone can give me some info on how to start and what to put.


#2

Your question is too broad to give you an answer. What have you tried? What is the expected result? What result did you get?


#3

I have tried to copy most of the config from the pdo_bumpstart that you gave me so that i can use it on my main index.php but i keep getting stuck as i dont know very much php and dont really know what im looking at.

The expected result would be the same as what i get from the pdo_bumpstart i guess but i dont want the display_pages.php but when i was trying not to use that on the pdo it would give me errors that it was needed.

I just want to have some security for my pages as i don’t have aything.

This is my main index.php and iv’e copied some of the code from the pdo

[php]<?php
session_start();
//Allow direct accsess to this page

define (‘securepage’, true);

require_once (’./myconfig.php’);
?>[/php]

This is my config (myconfig.php) which i have used most of it from the pdo
[php]<?php
$path = realpath(dirname(FILE)) . DIRECTORY_SEPARATOR;

require_once($path . ‘myconfig/databasecon.php’);
require_once($path . ‘config/functions.php’);

//SECURITY STUFF

// Block site from third party frames
//header(‘X-Frame-Options: SAMEORIGIN’);

// HttpOnly is an additional flag included in a Set-Cookie HTTP response header.
// Using the HttpOnly flag when generating a cookie helps mitigate the risk of a
// client side script accessing the protected cookie (if the browser supports it).
//ini_set(‘session.cookie_httponly’, 1);

//----------------------------------------------------------------------------
// Set Error Reporting
//----------------------------------------------------------------------------

error_reporting(E_ALL|E_STRICT);
ini_set(‘display_errors’, ‘1’);

//----------------------------------------------------------------------------
// Set Admin Email
//----------------------------------------------------------------------------

$email_admin = ‘comicsmanager@hotmail.com’;
$email_from = ‘admin@myapp.com’;

//----------------------------------------------------------------------------
// Dates
//----------------------------------------------------------------------------

// Set Timezone
date_default_timezone_set(‘America/Los_Angeles’);

// MySQL. Format: 2010-07-15 16:33:56
$mysql_datetime = date(“Y-m-d H:i:s”);

//----------------------------------------------------------------------------
// Options
//----------------------------------------------------------------------------

$tableprefix=’’;

$url_website = ‘thiswebsite.com’;

define(“DEBUG”, 1); // Display errors, Sql & Sql Parameters. - 0=Off, 1=On

//----------------------------------------------------------------------------
// Error Handling
//----------------------------------------------------------------------------

define(“EMAIL_ERROR”, 0); // Email errors to $email_admin. - 0=Off, 1=On
define(“LOG_ERROR”, 0); // Log error to file - 0=Off, 1=On

// Error log filename - Use uncommon name for security
$error_log_filename = ‘error.log’;

// Server path to this directory used for error log. Recommend setting error log outside web root dir for security. Default realpath(’.’)
$realpath = realpath(’.’);

$log_directory=“logs”;
$errorlog_path = “$realpath”.DIRECTORY_SEPARATOR."$log_directory".DIRECTORY_SEPARATOR."$error_log_filename"; # Path To Error Log & log filename

//----------------------------------------------------------------------------
// Check Error Log
//----------------------------------------------------------------------------

define(“CHECK_ERROR_LOG”,0); // Makes sure error log is writeable. Set to 1 to check

//----------------------------------------------------------------------------
// Run Function Check Error Log - DO NOT EDIT!
//----------------------------------------------------------------------------

if (CHECK_ERROR_LOG == 1)
{
check_error_log();
}
?>
?>
[/php]