Preparing the PHP-Nuke Database_Building Websites with PHP/Nuke-QQ阅读男生历史网

上QQ阅读APP看书，第一时间看更新

Preparing the PHP-Nuke Database

We'll be using the phpMyAdmin tool to do our database work. phpMyAdmin is part of the XAMPP installation (detailed in Appendix A), or can be downloaded from www.phpmyadmin.net, if you don't already have it. phpMyAdmin provides a powerful web interface for working with your MySQL databases.

First of all, open your browser and navigate to http://localhost/phpmyadmin/, or whatever the location of your phpMyAdmin installation is:

Creating the Database

We need to create an empty database for PHP-Nuke to hold all the data about our site. To do this, we simply enter a name for our database into the Create new database textbox:

We will call our database nuke. Enter this, and click the Create button. The name you give doesn't particularly matter, as long as it is not the name of some already existing database. If you try to use the same name as an already existing database, phpMyAdmin will inform you of this, and no action will be taken. The exact name isn't particularly important at this point because there is another configuration step coming up, which requires us to tell PHP-Nuke the name of the database we've created for it.

After clicking Create, the screen will reload and you will be notified of the successful creation of your database:

Creating a Database User

Before we start populating the database, we will create a database user that can access only the PHP-Nuke database. This user is not a human, but will be used by PHP-Nuke to connect to the database while it performs its data-handling activities. The advantage of creating a database user is that it adds an extra level of security to our installation. PHP-Nuke will be able to work with data only in this database of the MySQL server, and no other. Also, PHP-Nuke will be restricted in the operations it can perform on the tables in the database.

We will need to create a username for this boxed-in user to access the nuke database. Let's call our user nuker and go with the password nukepassword. However, in order to add an extra level of security we will introduce some digits into nukepassword, and some other slight twists, to strengthen it, and so use the word No0kPassv0rd as our database user password.

To create the database user, click the SQL tab, and enter the following into the Run SQL query/queries on database textbox:

GRANT ALL PRIVILEGES ON nuke.* TO nuker@localhost
IDENTIFIED BY 'No0kPassv0rd'
WITH GRANT OPTION

Your screen should look like this:

Click the Go button, and the database user will be created:

Populating the Database

Now we are ready to fill our database with data for PHP-Nuke. This doesn't mean we start typing the data in ourselves; the data comes with the PHP-Nuke installation. This data is found in a file called nuke.sql in the sql folder of the PHP-Nuke installation. This file contains a number of SQL statements that define the tables within the database and also fill them with 'raw' data for the site.

However, before we fill the database with the tables from this file, we need to make a modification to this file.

By default, the name of each database table in PHP-Nuke begins with nuke_. For example, there is a table with the name nuke_stories that holds information about stories, and a table called nuke_topics that holds information about story topics. These are just two of the tables; there are more than 90 in the standard installation. The word nuke_ is a 'table prefix', and is used to ensure that there are no clashes between the names of PHP-Nuke's tables and tables from another application in the same database, since the rest of the table name is descriptive of the data stored in the table, and other applications may have similarly named tables.

What this does mean is that unless this table prefix is changed, the table names in your PHP-Nuke database will be known to anyone attempting to hack your site. Many of the typical attacks used to damage PHP-Nuke are based around the fact that the names of the tables in the database powering a PHP-Nuke site are known. By changing the table prefix to something less obvious, you have taken another step to making your site more secure.

Before we fill our PHP-Nuke database, we will change the table prefix from nuke_ to dinop_ (for the Dinosaur Portal). This requires us to make a change to the nuke.sql file first, and then a configuration change later.

Open the nuke.sql file in a text editor (such as Wordpad), and use the find and replace feature (Edit | Replace in Wordpad) to replace all occurrences of nuke_ with our chosen prefix dinop_. Make sure that you include a space before nuke_, and for the replacement prefix, include a space before its name. The image below shows the Replace dialog in Wordpad for changing the prefix to dinop_:

Clicking the Replace All button will make all the changes within the file, and then we can save this new file as dinop.sql in the sql folder, and we will have a new set of tables with a different prefix.

Now the prefix has been changed, we can return to phpMyAdmin and continue with populating the database. To get the data into the database, click the SQL tab, as shown in the figure overleaf:

Click the Browse button, navigate to the sql subfolder in the PHP-Nuke-7.8 folder, and double‑click on the dinop.sql file. Click the Go button, the screen will reload, and in the left‑hand panel of the browser you will see the tables in your fully populated database:

Our database is now ready. There are still two more steps before we are ready to run PHP-Nuke.