Guide to Configuring Uploads with Rilke CMS

Configuring Uploads in Rilke CMS
________________________________

Rilke CMS uses a file in the adminpear directory called upload.pcgi to handle file uploads.
Rilke CMS was developed and tested on Dreamhost's shared server [http://www.dreamhost.com]. Because normal .php files are run as Apache's process and group, it would not make sense, security wise to allow file uploads through them.

As an alternative, Dreamhost supports php-cgi files, which end in .pcgi instead of .php. They are run as the user's process and group, and so only allow uploads to the user's directories. This is a more secure solution for a shared server.

If you use a Windows machine, have access to your own Linux server, or use a shared Linux server with a different security configuration, you can still configure Rilke CMS to work correctly with uploads.

***** Solution (1) *****
If your .php files *are* allowed to accept uploads, simply choose "uploads.php" as the option in the (last) section of prefs.php, entitled "Upload File's Name". Please Note: if you have already created a prefs.php file (or are upgrading from Rilke CMS 0.8), simply add this entry to the end of your prefs.php file:

$uploadfilename = "upload.php";//for more info, see upload.txt

(This will then activate upload.php in the adminpear directory, which simply includes the upload.pcgi file).

Security Note: If your server is not configured to display .pcgi files as php files, then anyone who guesses the name upload.pcgi would be able to see its source code. It would be more secure to delete the existing uploads.php file in the adminpear directory, and rename upload.pcgi to upload.php, if you are going this route!

Windows Note: If you are using your own Windows XP machine to try out Rilke CMS, this solution should work well, since the usual Linux security mechanisms won't apply.

***** Solution (2) *****

If your server is set up similarly to Dreamhost's but uses a different extension to signify php-cgi files, you can add an .htaccess file so that .pcgi files are accepted as php-cgi files. Add the following to an .htaccess file, and place it in your adminpear directory:

AddType php-cgi .pcgi