This blog has moved

This blog is now located at http://pubforgepmm.blogspot.com/.
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to
http://pubforgepmm.blogspot.com/feeds/posts/default.

Potential security hole in Public Media Manager

It came to our attention today that there is a potential security hole in Public Media Manager that can allow malicious access to your web server if the PHP configuration is set with the register_globals directive turned to "on." This directive can be turned on in a few different ways, but the most common are either in the php.ini settings or in a .htaccess file. If you are using PMM to manage your content, please check with your web server administrator and make sure that the register_globals directive is set to "off."

When we have had a chance to investigate more fully, a patch will be made available here at PubForge, and an update made to the software package at SourceForge. In the meantime, we do not recommend that people download and install the current package PMM-CMS v 1.3. My apologies for any inconvenience this has caused. Please contact me directly for more information:
Dale Hobson, dale@ncpr.org, 315-229-5336.

Help! I've installed and I can't log in!

Recently, a few folks have had trouble logging into PMM's NewsCMS after installation. The symptoms appear to be that one enters the correct credentials for authentication but no matter what you do it never works.

The problem seems to be caused (in most cases) by a difference in MySQL versions. This shouldn't be a problem, but it requires a quick fix. Later versions of PMM will have an installer feature that fixes this issue.

The issue is caused by the system having been written under MySQL 3. MySQL 4 handles PASSWORD() encrypted values differently than version 3 did. MySQL 4+ uses more characters for encrypted passwords than previous versions, so it can cause the `password` field to be too short, rendering the data in that field completely useless, and causing the login to fail even if you've entered the proper credentials.

So the trick is to update the password. There are two ways of going about this:

1. Using a MySQL manager such as phpMyAdmin, edit the `password` field in the `newsusers` table. Enter a new password for the row containing the user name "admin", making sure to select "PASSWORD" as the function to apply to the new data in the `password` field. Save the record and try again.

2. Using the MySQL command line interface, update the password with an SQL statement as follows: "UPDATE newsusers SET password = PASSWORD( 'your_password_here' ) WHERE user = 'admin'". Then try logging in again.

Updating the MySQL PASSWORD function should bring it up to speed with whatever version you're using.

Good luck, and don't let the piano lid fall on your digits.

Using the PMM Installer Script

At the sourceforge project site we have added an Ioncube install script for PMM: http://prdownloads.sourceforge.net/pmm-cms/pmm_installer_1.3.zip?download

This is the easiest way to install PMM on your site. There is one feature in the installer that might cause the upload to fail. The default setting for file uploading tries to open 5 ftp connections to your site. Many hosts limit ftp connections to 2. Use the advanced button on the remote server information page of the installer to change this setting from 5 to 2.

Missing Items in PMM Download

If you downloaded the PMM source code archive (pmm-cms_1.3.tar.gz) two empty but necessary folders are missing from the bundle. They are present in the zip archive of the download--(pmm-cms_1.3.zip). The missing folders are:

/pmm-cms/NewsCMS/news/audio
/pmm-cms/NewsCMS/news/images

If you have already installed the version that is missing these directories, you can correct the problem by creating empty folders with the names "audio" and "images" and uploading them into the /pmm-cms/NewsCMS/news/ directory. After the folders are uploaded, you will need to set their permissions(chmod) to 0777 (R/W/X for Owner/Group/Others). This is an important step--if these directories are not writable by the web server and by PHP, it will be impossible to upload audio and image files.

Sorry for the problem and thanks to Brian Shiratsuki for bringing it to our attention.

PMM 1.3 Release at SourceForge

The open source audio news content management system Public Media Manager 1.3 is now available for download at the SourceForge project site. The download contains a copy of the user manual and installation guidelines in the /pmm-cms/NewsCMS/doc/ folder. If you have questions, problems or comments, add your remarks to this post, or email Dale Hobson.

Where's the Code? and other FAQs

Code for the version of Public Media Manager that is on demo here in the PubForge Playpen will be posted for download at PubForge and at the project site pmm-cms.sourceforge.net on Friday, March 3. We are working out some issues and inconsistencies related to new features. In the meantime, anyone who has requested login credentials (request login credentials) can test drive the features in the Playpen.

MP3 and/or Real Audio files up to 10 mb in size can be uploaded with stories. Photos attached to stories should be small (200px in width at most), so as not to present page display problems. Since Public Media Manager is designed primarily for use by a single organization, the version in the Playpen allows any user to edit another's stories. We ask that you refrain from editing stories you did not post, unless they were posted by another user from your own organization.

A bulletin board for discussion of PubForge projects and demos will be in place within a few days. If you need specific information about Public Media Manager in the meantime, you can use the open comments feature of this blog. I will review the blog frequently and reply to comments in future postings. If you prefer your requests and comments to be private, email dale@ncpr.org.