PyroCMS Installation

PyroCMS Installation

README

In the version 2.1.4 of the installer of PyroCMS it will give us this welcome message followed by a button that will let us continue with the step #1 of the installation:

Thank you for choosing PyroCMS!

Installing PyroCMS is very easy, just follow the steps and messages on the screen. In case you have any problems installing the system don’t worry, the installer will explain what you need to do.

Pre-configure Web-package

Step 1 (Configure Database and Server)

As you can already know, PyroCMS like the others CMS Systems in the web need a database system like MongoDB, Cassandra, MySQL, Postgres, Sqlite or any other to store all of the contents and settings; the step one will provide us a form where we should set the database connection:

Adding user accounts to MySQL

  • Hostname: The database host or ip address (usually localhost);
  • Username: The username configured to interact with this database;
  • Password: The password of the username filled before;
  • Port: The port number where the database server run (usually 27017:MongoDB or 3306:MySQL);
  • HTTP Server: The server type where our webpages will be hosted, maybe Nginx, LightHTTPD, Cherokee, Apache or any other; we need to pay attention to the Apache server option, because PyroCMS could give us a very usefull feature if Apache has the Mod_Rewrite module enabled. This module can be used in many forms, but in this case PyroCMS will be configured to work with RewritRule(s) and we will have the facility to create URL like this (useful for SEO): http://www.example.com/module/action/parameters and not http://www.example.com/**index.php**/module/action/parameters.

Step 2 (Pre-requisites)

This step will check the PyroCMS work requirements, basic things like the Web-Server version, PHP version, MySQL version, and some recommendations to work properly like the modules ZLIB (zip library), GD (graphic library), CURL. Generally in a CPanel server these requirements will be meeted all, so that the PyroCMS installer will redirect us to the Step 3 automatically.

Step 3 (Set Permissions)

In this step, we need to set the folder/files permissions to let the server user owner (generally www-data or nobody) write in them (step required to create folders and save cache files):

$ chmod 777 system/cms/{cache,config}
$ chmod 777 {addons,uploads}
$ chmod 777 assets/cache
$ chmod 666 system/cms/config/config.php

Step 4 (Default user)

In this step the PyroCMS installer had checked the database connection with the values provied before, so that now we need to set the database name where our contents and settings will be stored. Don’t check the box Create Database because this option need a database user account with sufficient privileges to use the method CREATE DATABASE (or something similar depending of your database) and probably you won’t have an account like this.

GRANT user privileges in MySQL

After fill the Database name field, we should configure the settings for the first user account in the CMS, basic things like a Username, Email, Password, I think that you can do it easily without any help, but remember, this will be the Super-Admin account, so that you should worry about the security.

Security advise

In the current version of PyroCMS the library installer_lib.php caused an error creating the admin user account, because the developer team of PyroCMS wrote in the function Installer_lib::install() some lines of code to replace some pseudo-variables of an SQL file called “sql/default.sql”, the problem in the code is in the use of the PHP method mysql_real_escape_string() before a MySQL connection resource, then I moved the code after the str_replace() statements:

if( !$this->db = mysql_connect($server, $username, $password) ){ ... }

before the code:

$user_sql = file_get_contents('./sql/default.sql');

and that fixed the error, maybe you don’t have to pay attention to this.

Password advise

Additionally to the last issue in the original PyroCMS package, I found an error setting strong passwords; PyroCMS save the passwords in this way sha1( password_string + random_salt ) but unfortunately if we use an strong password like this X68T#WNwN+*o?&n in somewhere of the code (I don’t want to extend this post showing where is the issue) the password is converted to this X68T#WNwN+*o?&n; (with an extra character at the end of the string), obviously the function sha1() will return a different encrypted string that won’t be matched with the password submit, and the login will fai. There isn’t a solution by now, just use a simple password or remove the ampersand character from the string.

Final step

In the final step, the PyroCMS installer let us know that the installation process was successfully finished, now we should delete the installer directory from the PyroCMS package, because obviouly we don’t want to let a person (like a hacker) touch the system through this module: $ rm -rfv pyrocms_package/installer

Do you have a project idea? Let's make it together!