[Phpgroupware-users] FAQ? and admin authentication bugs

[Patrick Price]

Is there a phpGroupWare FAQ?

Some things I'd like to see or which would have helped during installation:

ICONS
Instructions to install alternate application icons.  The navbar is one 
style while the app icons look like they were designed for the web from 
10 years ago.  Is there a collection?

INSTALLATION
Integration of generating header.inc.php and the setup/config functions. 
They seem to be two different functions and having one login for each 
doesn't make sense from a user standpoint. They are both critical to 
getting the basic site working.  Why cannot header admin be called from 
one main config setup screen?  Failing this, a quick install quide to 
explain this clearly, however....

... there is a BIG problem how these two (Header manage and setup/config 
admin) authenticate.  

I can login to header admin, hit back button, then hit reload, and I get 
the setup/config screen!  No setup/config password required!

The reverse also works.  Login (after closing browser) to setup/config 
screen, then enter URL /phpgroupware/setup/manageheader.php.  No 
password required!  

The third problem with this is that once logged into setup/config admin, 
you cannot get the header admin login nor any links to header admin - 
you always get the setup/config admin if you go to /phpgroupware/setup 
until you close your browser and try again.

This is obviously broken.  This works the same way even if the two admin 
passwords are not the same.  Why two separate logins for two admin 
functions which are both critical and basically do the same things? 
Dependencies of setup admin on the header having been generated?  Bah.


DOCUMENTATION
Better documentation!  There's no information on security during 
install.  I'll contribute if someone tells me how.  If I can figure out 
how to make something work, I can document what I learn about it.

1: A quick TEXT install guide in the /phpgroupware root directory 
instead of having to dig around for /doc/en_US/html/admin/ to find the 
directions.  UNIX people always look for an INSTALL or README file and 
there's nothing of the sort.  I did find the /doc/README which contains:

PLEASE SEE THE index.html OR index.txt files.

which doesn't tell you where these files are.    


2: No mention of file ownership for other files, only the /files subdir. 
It is implied that the webserver only needs to write to the /files and 
/tmp directories but not sure if this is true.  Do I chown all 
/phpgroupware files to be owned by the webserver process?  The docs 
don't mention this.  Security...


I'm not carping on the project, but see instead a lot of Easily Solved 
things that will scare people away, and I want to find a good PHP 
groupware platform to work with.  

Patrick Price
West Virginia University