From: paulr <me@pjr.cc>
Date: Wed, 2 Nov 2011 16:31:40 +0000 (+1100)
Subject: implemented authentication levels of anon,user,admin and setup the
X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=commitdiff_plain;h=3dd9dc99f86e65eaf029f37329614dd2d06cea26

implemented authentication levels of anon,user,admin and setup the
user admin page to support them as well as the menu items components.
Also made the menu bar a different colour - an ugly colour - need to
implement css properly really.
---

diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php
index 73107e5..09be32d 100644
--- a/gwvplib/gwvpauth.php
+++ b/gwvplib/gwvpauth.php
@@ -1,21 +1,63 @@
 <?php
 
+// we call it 00aaa so it gets called first
 $CALL_ME_FUNCTIONS["00aaa"] = "gwvp_AuthCallMe";
 
 function gwvp_AuthCallMe()
 {
+	global $LOGIN_TYPE;
 	session_start();
-	
+
 	if(isset($_REQUEST["q"])) {
 		$query = $_REQUEST["q"];
 		if($query == "login") return "gwvp_AuthHandleLogin";
+		if($query == "logout") return "gwvp_AuthHandleLogout";
 		if($query == "register") return "gwvp_RegistrationCall";
-		else return false;
+	}
+	$login = gwvp_isLoggedIn();
+	
+	error_log("authcallme as $login");
+	if($login!== false) {
+		if(gwvp_IsUserAdmin(null, $login)) {
+			$LOGIN_TYPE = "admin";
+		} else {
+			$LOGIN_TYPE = "user";
+		}
+	} else {
+		$LOGIN_TYPE = "anon";
 	}
 	
 	return false;
 }
 
+// $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc.
+function gwvp_CheckAuthLevel($levels)
+{
+	global $LOGIN_TYPE;
+	
+	$spl = explode(",", $levels);
+	foreach($spl as $levs) {
+		if($LOGIN_TYPE == $levs) {
+			return true;
+		}
+	}
+	
+	return false;
+}
+
+function gwvp_AuthHandleLogout()
+{
+	global $BASE_URL;
+	
+	unset($_SESSION["isloggedin"]);
+	unset($_SESSION["username"]);
+	unset($_SESSION["fullname"]);
+	unset($_SESSION["usertype"]);
+	
+	gwvp_SendMessage("info", "Logged out");
+	header("Location: $BASE_URL");
+}
+
 function gwvp_RegistrationCall()
 {
 	if(gwvp_IsRegistrationEnabled()) {
@@ -28,33 +70,64 @@ function gwvp_RegistrationCall()
 function gwvp_AuthHandleLogin()
 {
 	global $BASE_URL;
+
 	$user = "";
 	$pass = "";
 	if(isset($_REQUEST["username"])) $user = $_REQUEST["username"];
 	if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"];
-	
-	// auth the user
-	if($user == "user" && $pass == "pass") {
-		$_SESSION["isloggedin"] = true;
-		$_SESSION["username"] = "user";
-	} else {
+
+	$details = gwvp_getUser($user);
+	if($details == false) {
 		gwvp_SendMessage("error", "Login Failed");
+		header("Location: $BASE_URL");
+		return false;
 	}
-	
-	header("Location: $BASE_URL");
+
+	if(sha1($pass)!=$details["password"]) {
+		gwvp_SendMessage("error", "Login Failed");
+		header("Location: $BASE_URL");
+		return false;
+	} else {
+		$_SESSION["isloggedin"] = true;
+		$_SESSION["username"] = "$user";
+		$_SESSION["fullname"] = $details["fullname"];
+		if(gwvp_IsUserAdmin($details["email"])) {
+			$_SESSION["usertype"] = "admin";
+		} else {
+			$_SESSION["usertype"] = "user";
+		}
+		gwvp_SendMessage("info", "Welcome, ".$details["fullname"]." you are logged in");
+		header("Location: $BASE_URL");
+		return true;
+	}
+
 }
 
 function gwvp_RegistrationPageBody()
 {
 	?>
-	<form method="post">
+<form method="post">
 	<table>
-	<tr><td>Name</td><td><input name="name" type="text"></td><td>Your Full Name</td></tr>
-	<tr><td>Email</td><td><input name="email" type="text"></td><td>Your Email Address</td></tr>
-	<tr><td>User Name</td><td><input name="username" type="text"></td><td>The Name Used to Refer to you on the site</td></tr>
-	<tr><td><input type="submit" name="register" value="Register"></td></tr>
+		<tr>
+			<td>Name</td>
+			<td><input name="name" type="text"></td>
+			<td>Your Full Name</td>
+		</tr>
+		<tr>
+			<td>Email</td>
+			<td><input name="email" type="text"></td>
+			<td>Your Email Address</td>
+		</tr>
+		<tr>
+			<td>User Name</td>
+			<td><input name="username" type="text"></td>
+			<td>The Name Used to Refer to you on the site</td>
+		</tr>
+		<tr>
+			<td><input type="submit" name="register" value="Register"></td>
+		</tr>
 	</table>
-	</form>
+</form>
 	<?php
 }
 
@@ -70,7 +143,7 @@ function gwvp_IsLoggedIn()
 function gwvp_SingleLineLoginForm()
 {
 	global $BASE_URL;
-	
+
 	echo "<form method=\"post\" action=\"$BASE_URL/login\">Username <input type=\"text\" name=\"username\" class=\"login\">";
 	echo " Passowrd <input type=\"text\" name=\"password\" class=\"login\"><input type=\"submit\" name=\"login\" value=\"Login\" class=\"loginbutton\">";
 	if(gwvp_IsRegistrationEnabled()) echo "<a href=\"$BASE_URL/register\">Register</a></form>";
diff --git a/gwvplib/gwvpconfig.php b/gwvplib/gwvpconfig.php
index 2c04eab..4ebfb42 100644
--- a/gwvplib/gwvpconfig.php
+++ b/gwvplib/gwvpconfig.php
@@ -1,10 +1,14 @@
 <?php
 
 // setup the call me function for useradmin - matches on url of admin/users
-$CALL_ME_FUNCTIONS["config"] = "gwvp_ConfigCallMe";
 
-$MENU_ITEMS["40config"]["text"] = "Configuration";
-$MENU_ITEMS["40config"]["link"] = "$BASE_URL/admin/config";
+// crap, this wont work
+//if(isset($_SESSION["usertype"])) if($_SESSION["usertype"] == "admin") {
+	$CALL_ME_FUNCTIONS["config"] = "gwvp_ConfigCallMe";
+	$MENU_ITEMS["40config"]["text"] = "Configuration";
+	$MENU_ITEMS["40config"]["link"] = "$BASE_URL/admin/config";
+	$MENU_ITEMS["40config"]["userlevel"] = "admin";
+//}
 
 
 function gwvp_ConfigCallMe()
@@ -31,6 +35,7 @@ function gwvp_ConfigPageBody()
 <form method="post">
 <table>
 <tr><td>Allow User Registration</td><td><input type="checkbox" name="allowreg"></td></tr>
+<tr><td>Allow User Created Groups</td><td><input type="checkbox" name="allowusercreatedgroup"></td></tr>
 
 </table>
 </form>
diff --git a/gwvplib/gwvpdatabase.php b/gwvplib/gwvpdatabase.php
index 267a6e0..56b5247 100644
--- a/gwvplib/gwvpdatabase.php
+++ b/gwvplib/gwvpdatabase.php
@@ -126,6 +126,33 @@ function gwvp_createUser($email, $fullname, $password, $username, $desc, $status
 	 */
 }
 
+function gwvp_getUser($username=null, $email=null, $id=null)
+{
+	$conn = gwvp_ConnectDB();
+	
+	if($username != null) {
+		$res = $conn->query("select * from users where user_username='$username'");
+	} else if($email != null) {
+		$res = $conn->query("select * from users where user_email='$email'");
+	} else if($id != null) {
+		$res = $conn->query("select * from users where users_id='$id'");
+	} else return false;
+
+	$returns = false;
+	foreach($res as $u_res) {
+		$returns["id"] = $u_res["users_id"];
+		$returns["fullname"] = $u_res["user_full_name"];
+		$returns["password"] = $u_res["user_password"];
+		$returns["username"] = $u_res["user_username"];
+		$returns["email"] = $u_res["user_email"];
+		$returns["desc"] = $u_res["user_desc"];
+		$returns["status"] = $u_res["user_status"];
+	}
+	
+	return $returns;
+	
+}
+
 function gwvp_getUsers()
 {
 	$conn = gwvp_ConnectDB();
@@ -311,11 +338,15 @@ function gwvp_getGroupId($groupname)
 	return $return;
 }
 
-function gwvp_getUserId($useremail)
+function gwvp_getUserId($useremail=null, $username = null)
 {
 	$conn = gwvp_ConnectDB();
 	
-	$sql = "select users_id from users where user_email='$useremail'";
+	if($useremail != null) {
+		$sql = "select users_id from users where user_email='$useremail'";
+	} else if($username != null) {
+		$sql = "select users_id from users where user_username='$username'";
+	} else return false;
 	
 	$res = $conn->query($sql);
 	$return = false;
@@ -388,12 +419,19 @@ function gwvp_IsGroupMember($email, $groupname)
 	if($result == 1) return true;
 }
 
-function gwvp_IsUserAdmin($email)
+function gwvp_IsUserAdmin($email=null, $username = null)
 {
 	$conn = gwvp_ConnectDB();
 	
-	$id = gwvp_getUserId($email);
-	$sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'";
+	
+	// TODO: clean this up, this should be a single query - idiot
+	if($email != null) {
+		$id = gwvp_getUserId($email);
+		$sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'";
+	} else if($username != null) {
+		$id = gwvp_getUserId(null, $username);
+		$sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'";
+	} else return false;
 	
 	$res = $conn->query($sql);
 	$rn = 0;
diff --git a/gwvplib/gwvpdebug.php b/gwvplib/gwvpdebug.php
index 47e630f..3793e31 100644
--- a/gwvplib/gwvpdebug.php
+++ b/gwvplib/gwvpdebug.php
@@ -6,9 +6,10 @@ $MENU_ITEMS["999debug"]["link"] = "$BASE_URL/debug";
 
 function gwvp_DebugEnabled()
 {
-	global $BASE_URL;
+	global $BASE_URL, $LOGIN_TYPE;
 	
 	echo "<pre>";
+	echo "USERTYPE: $LOGIN_TYPE\n";
 	echo "BASEURL: $BASE_URL\n";
 	echo "CUSTOM\n";
 	echo "\n\nserver\n";
@@ -86,6 +87,15 @@ function gwvp_DebugCall()
 					global $db_name;
 					unlink("$db_name");
 					gwvp_dbCreateSQLiteStructure("$db_name");
+					//gwvp_createGroup($group_name, $is_admin, $owner_id)
+					//gwvp_createUser($email, $fullname, $password, $username, $desc, $status)
+					//gwvp_addGroupMember($email, $groupname)
+					gwvp_createUser("admin@localhost", "adminer", "password", "admin", "initial admin user", 0);
+					gwvp_createGroup("admingroup", 1, gwvp_getUserId("admin@localhost"));
+					gwvp_addGroupMember("admin@localhost", "admingroup");
+					gwvp_createUser("user@localhost", "userer", "password", "user", "initial pleb user", 0);
+					gwvp_createGroup("usergroup", 0, gwvp_getUserId("user@localhost"));
+					gwvp_addGroupMember("user@localhost", "usergroup");
 					gwvp_SendMessage("info", "blank db re-created");
 					header("Location: $BASE_URL/debug");
 					break;
diff --git a/gwvplib/gwvpuseradmin.php b/gwvplib/gwvpuseradmin.php
index e282fd0..5fe0442 100644
--- a/gwvplib/gwvpuseradmin.php
+++ b/gwvplib/gwvpuseradmin.php
@@ -26,74 +26,105 @@ function gwvp_UserAdminPage()
 
 function gwvp_UserAdminPageBody()
 {
+	global $LOGIN_TYPE;
+	
 	$groups = gwvp_getGroups();
 	$users = gwvp_getUsers();
 	
-	echo "<h2>User/Group Administration</h2>";
+	echo "<h2>Users and Groups</h2>";
 	echo "On this page you can manage users, groups, group membership and update your profile<br>";
 	echo "<table>";
 	
-	// Header part of table
-	echo "<tr><td valign=\"top\"><h3>My Profile</h3></td><td><h3>My Groups</h3></td></tr>";
-	
-	echo "<tr>";
-	// user profile bit
-	echo "<td valign=\"top\">";
-	echo "User profile bits go here";
-	echo "</td>";
-	
-	// now the group bit for the user
-	echo "<td valign=\"top\">";
-	echo "User owned groups, and groups their a member of go here";
-	echo "</td>";
-	echo "</tr>";
+	echo "<tr><td colspan=\"2\"><hr></td></tr>";
 	
 	
-	echo "<tr><td valign=\"top\"><h3>Users</h3></td><td><h3>Groups</h3></td></tr>";
-	
-	// create user bit
-	echo "<tr><td valign=\"top\">";
-	
-	echo "Create User<br>";
-	echo "<form method=\"post\">";
-	echo "<table>";
-	echo "<tr><td>EMail</td><td><input type=\"text\" name=\"email\"></td>";
-	echo "<td>Full Name</td><td><input type=\"text\" name=\"fullname\"></td></tr>";
-	echo "<tr><td>Password</td><td><input type=\"text\" name=\"pass1\"></td>";
-	echo "<td>Password Confirm</td><td><input type=\"text\" name=\"pass2\"></td></tr>";
-	echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td>";
-	echo "<td>Description</td><td><input type=\"text\" name=\"desc\"></td></tr>";
-	echo "<tr><td><input type=\"submit\" name=\"Create\" value=\"Create\" class=\"buttons\"></td></tr>";
-	echo "</table>";
-	echo "</form>";
-	
-	echo "</td><td valign=\"top\">";
+	// Header part of table
+	// user self-management bit
+	if($LOGIN_TYPE != "anon") {
+		echo "<tr><td valign=\"top\"><h3>My Profile</h3></td><td><h3>My Groups</h3></td></tr>";
+		
+		echo "<tr>";
+		// user profile bit
+		echo "<td valign=\"top\">";
+		echo "User profile bits go here";
+		echo "</td>";
+		
+		// now the group bit for the user
+		echo "<td valign=\"top\">";
+		echo "User owned groups, and groups their a member of go here";
+		echo "</td>";
+		echo "</tr>";
+		
+		echo "<tr><td colspan=\"2\"><hr></td></tr>";
+	}
 	
-	// Create group
-	echo "<form method=\"post\">";
-	echo "<table>";
-	echo "<tr><td>Group Name</td><td><input type=\"text\" name=\"groupname\"><td></tr>";
-	echo "<tr><td>Admin Group?</td><td><input type=\"checkbox\" name=\"admingroup\" class=\"mycheckbox\"></td></tr>";
-	echo "<tr><td>Owner</td><td><div><select class=\"myselect\" name=\"groupowner\">";
-	foreach($users as $u_users) {
-		$uid = $u_users["id"];
-		$email = $u_users["email"];
-		$username = $u_users["username"];
-		$fullname = $u_users["fullname"];
-		echo "<option value=\"$uid\">$username, $fullname ($email)</option>";
+	// admin only bit
+	if($LOGIN_TYPE == "admin") {
+		echo "<tr><td valign=\"top\"><h3>Create User</h3></td><td><h3>Create Group</h3></td></tr>";
+		
+		// create user bit
+		echo "<tr><td valign=\"top\">";
+		
+		echo "<form method=\"post\">";
+		echo "<table>";
+		echo "<tr><td>EMail</td><td><input type=\"text\" name=\"email\"></td>";
+		echo "<td>Full Name</td><td><input type=\"text\" name=\"fullname\"></td></tr>";
+		echo "<tr><td>Password</td><td><input type=\"text\" name=\"pass1\"></td>";
+		echo "<td>Password Confirm</td><td><input type=\"text\" name=\"pass2\"></td></tr>";
+		echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td>";
+		echo "<td>Description</td><td><input type=\"text\" name=\"desc\"></td></tr>";
+		echo "<tr><td><input type=\"submit\" name=\"Create\" value=\"Create\" class=\"buttons\"></td></tr>";
+		echo "</table>";
+		echo "</form>";
+		
+		echo "</td><td valign=\"top\">";
+		
+		// Create group
+		echo "<form method=\"post\">";
+		echo "<table>";
+		echo "<tr><td>Group Name</td><td><input type=\"text\" name=\"groupname\"><td></tr>";
+		echo "<tr><td>Admin Group?</td><td><input type=\"checkbox\" name=\"admingroup\" class=\"mycheckbox\"></td></tr>";
+		echo "<tr><td>Owner</td><td><div><select class=\"myselect\" name=\"groupowner\">";
+		foreach($users as $u_users) {
+			$uid = $u_users["id"];
+			$email = $u_users["email"];
+			$username = $u_users["username"];
+			$fullname = $u_users["fullname"];
+			echo "<option value=\"$uid\">$username, $fullname ($email)</option>";
+		}
+		echo "</select></div></td></tr>";
+		
+		
+		
+		echo "<tr><td><input type=\"submit\" name=\"Create\" value=\"Create\" class=\"buttons\"></td></tr>";
+		echo "</table>";
+		echo "</form>";
+		
+		
+		echo "</td></tr>";
+		echo "<tr><td colspan=\"2\"><hr></td></tr>";
 	}
-	echo "</select></div></td></tr>";
-	echo "<tr><td><input type=\"submit\" name=\"Create\" value=\"Create\" class=\"buttons\"></td></tr>";
-	echo "</table>";
-	echo "</form>";
 	
 	
-	echo "</td></tr>";
 	
+	// TODO: whats seen here will depend GREATLY on setting in config - need to fix this later
 	// user list
+	echo "<tr><td valign=\"top\"><h3>Users</h3></td><td><h3>Groups</h3></td></tr>";
+	
 	echo "<tr><td>";
 	echo "<table border=\"1\">";
-	echo "<tr><th>EMail</th><th>Username</th><th>Full Name</th><th>In Groups</th><th>Owns Groups</th><th>Description</th><th>Admin?</th><th>Status</th></tr>";
+	switch($LOGIN_TYPE) {
+		case "anon":
+			echo "<tr><th>Username</th><th>Groups</th><th>Description</th></tr>";
+			break;
+		case "admin":
+			echo "<tr><th>EMail</th><th>Username</th><th>Full Name</th><th>Groups</th><th>Description</th><th>Admin?</th><th>Status</th><th>Modify</th></tr>";
+			break;
+		case "user":
+			echo "<tr><th>Username</th><th>Groups</th><th>Description</th></tr>";
+			break;
+	}
+		
 	/*
 	 * 		$returns[$rn]["id"] = $u_res["users_id"];
 		$returns[$rn]["fullname"] = $u_res["user_full_name"];
@@ -116,23 +147,43 @@ function gwvp_UserAdminPageBody()
 			$globaladmin = "No";
 		}
 		
+		
+		// TODO: sort out group prints here
 		$ingroups = gwvp_getGroupsForUser($email);
-		$ugroups = "";
-		foreach($ingroups as $grname) {
-			$ugroups .= "$grname<br>";
-		}
-		trim($ugroups);
 		
 		$ownedgroups = gwvp_getGroupsOwnedByUser($email);
-		$ogroups = "";
+		$ugroups = "";
 		if($ownedgroups == false) $ogroups = "-";
 		else {
 			foreach($ownedgroups as $gr_u) {
-				$ogroups .= "$gr_u ";
+				$ugroups .= "<font color=\"#3333ff\">$gr_u</font><br>";
+			}
+		}
+		trim($ugroups);
+		
+		
+		foreach($ingroups as $grname) {
+			$isownedgroup = false;
+			foreach($ownedgroups as $gr_u) {
+				if($grname == $gr_u) $isownedgroup = true;
 			}
+			if(!$isownedgroup) $ugroups .= "$grname<br>";
 		}
+		trim($ugroups);
+		
+		switch($LOGIN_TYPE) {
+			case "anon":
+				echo "<tr><td>$username</td><td>$ugroups</td><td>$desc</td></tr>";
+				break;
+			case "admin":
+				echo "<tr><td>$email</td><td>$username</td><td>$fullname</td><td>$ugroups</td><td>$desc</td><td>$globaladmin</td><td>$status</td></tr>";
+				break;
+			case "user":
+				echo "<tr><td>$username</td><td>$ugroups</td><td>$desc</td></tr>";
+				break;
+		}
+		
 		
-		echo "<tr><td>$email</td><td>$username</td><td>$fullname</td><td>$ugroups</td><td>$ogroups</td><td>$desc</td><td>$globaladmin</td><td>$status</td></tr>";
 	}
 	echo "</table>";
 	
@@ -141,7 +192,19 @@ function gwvp_UserAdminPageBody()
 	// group part of table
 	
 	echo "<table border=\"1\">";
-	echo "<tr><th>Group Name</th><th>Owner</th><th>Global Admin Group?</th></tr>";
+	
+	switch($LOGIN_TYPE) {
+		case "anon":
+			echo "<tr><th>Group Name</th><th>Owner</th></tr>";
+			break;
+		case "admin":
+			echo "<tr><th>Group Name</th><th>Owner</th><th>Admin Group?</th></tr>";
+			break;
+		case "user":
+			echo "<tr><th>Group Name</th><th>Owner</th><th>Admin Group?</th></tr>";
+			break;
+	}
+	
 	foreach($groups as $u_groups) {
 		/*
 		 * 		$returns[$rn]["id"] = $u_res["groups_id"];
@@ -156,7 +219,20 @@ function gwvp_UserAdminPageBody()
 		$owner = gwvp_getUserEmail($u_groups["ownerid"]);
 		if($u_groups["admin"]) $gadmin = "Yes";
 		else $gadmin  = "No";
-		echo "<tr><td>$gname</td><td>$owner</td><td>$gadmin</td></tr>";
+
+		switch($LOGIN_TYPE) {
+			case "anon":
+				echo "<tr><td>$gname</td><td>$owner</td></tr>";
+				break;
+			case "admin":
+				echo "<tr><td>$gname</td><td>$owner</td><td>$gadmin</td></tr>";
+				break;
+			case "user":
+				echo "<tr><td>$gname</td><td>$owner</td><td>$gadmin</td></tr>";
+				break;
+		}
+		
+		
 	}
 	echo "</table>";
 	echo "</td></tr></table>";
diff --git a/gwvplib/gwvpweb.php b/gwvplib/gwvpweb.php
index 01215ab..8607e07 100644
--- a/gwvplib/gwvpweb.php
+++ b/gwvplib/gwvpweb.php
@@ -94,7 +94,7 @@ function gwvp_goMainPage($bodyFunction = null)
 		echo "</td></tr>";
 	}
 	
-	echo "<tr width=\"100%\"><td>";
+	echo "<tr width=\"100%\" bgcolor=\"#fff0f0\"><td>";
 	gwvp_MenuBuilder();
 	echo "</td><td align=\"right\">";
 	gwvp_LoginBuilder();
@@ -151,11 +151,18 @@ function gwvp_MenuBuilder()
 	
 	ksort($MENU_ITEMS);
 	
-	echo "<table border=\"1\"><tr><td>Menu</td>";
+	echo "<table border=\"1\"><tr><td><b><i>Menu</i></b></td>";
 	foreach($MENU_ITEMS as $key => $val) {
 		$link = $val["link"];
 		$text = $val["text"];
-		echo "<td><a href=\"$link\">$text</a></td>";
+		if(isset($val["userlevel"])) {
+			if(gwvp_CheckAuthLevel($val["userlevel"])) {
+				echo "<td><a href=\"$link\">$text</a></td>";
+			}
+			
+		} else {
+			echo "<td><a href=\"$link\">$text</a></td>";
+		}
 	}
 	echo "</tr></table>";
 	
@@ -169,7 +176,7 @@ function gwvp_LoginBuilder()
 	if($login === false) {
 		gwvp_SingleLineLoginForm();
 	} else {
-		echo "Hello, ".gwvp_GetFullName($login);
+		echo "Hello, ".gwvp_GetFullName($login)." <a href=\"$BASE_URL/logout\">logout</a>";
 	}
 }
 
diff --git a/www/config-dist.php b/www/config-dist.php
index 51b9ddc..7a57d2a 100644
--- a/www/config-dist.php
+++ b/www/config-dist.php
@@ -1,11 +1,12 @@
 <?php
 
 // the config file, this is as exciting as it gets really
-$repo_base = "/tmp/gwvp-repos/";
-$lib_base = "../gwvplib/";
-$data_directory = "../data";
+$repo_base = "/some/path/to/a/location/where/repos/are/stored";
+$lib_base = "../gwvplib/"; // generally this will be correct
+$data_directory = "/some/path/to/a/location/where/the/data/the/website/uses/can/be/stored";
 $db_type = "sqlite"; // could be mysql or pgsql - but not yet
 $db_name = "$data_directory/gwvp.db"; // just a file for sqlite, for anything else is a pdo url without driver, i.e. host=localhost;dbname=whatever;user=asdf;password=asdf
+$db_host = "";
 $db_username = "";
 $db_password = "";