More '<?$' => '<?php$'

[Trubanc.git] / INSTALL

This file contains instructions for installing a Trubanc server and client.

1) Get the contents of http://trubanc.com/trubanc.tar.gz into your web
   service directory. Or get it with git:

   git clone git://github.com/billstclair/trubanc.git trubanc

2) Copy settings.php.tmpl to settings.php, and edit it for your environment

3) To modify the home page, create a new home page HTML file (NOT
   index.html), and set the $index_file value in settings.php to
   its name. This file must be plain HTML. PHP will not be
   interpreted.

4) Copy client/settings.php.tmpl to client/settings.php, and edit it.

5) Aim your web browser at bankinit.php under your Trubanc URL to
   create client accounts for the bank and an administrator. For
   example, if your Trubanc server is at http://example.com/, aim your
   browser at:

   http://example.com/bankinit.php
   
   Follow the instructions there. Make sure to pick good passphrases,
   so that it's unlikely that anyone can break in.

6) To modify the appearance of the client web page, copy
   client/template.php into a new php file in the same directory,
   change it, preserving the functionality of the variables documented
   at the top of the file, and set $template_file in
   client/settings.php to its name.

Notes
=====

Step 5 above initializes the server and client databases, adds the
server to the client database, with a passphrase you select, and
creates an adminiatrator account with 10,000 usage tokens initially
spent from the bank.

I recommend that you use the bank's account only to spend usage tokens
to the administrator account. Use the administrator account to create
new user coupons and to conduct other bank business. Also use the
administrator account to issue any bank-owned assets.

$dbdir for both client and server must be writable by the web
server. The directories should not be directly servable by
Apache. Otherwise, people will be able to snoop on the "database", and
steal your bank's PGP private key, and information about customer
accounts. That would be bad.

If your installation doesn't allow you to have writable files anywhere
BUT the web server directory, you can create an .htaccess file in the
database directories, or a parent directory, containing the following,
to deny access to the database files from a web browser:

  RewriteEngine On
  RewriteRule .* - [F]

Some PHP SAFE_MODE installations will require you to set the
permission on the database directories to 2777, and enable
safe_mode_gid. If you see an error like the following when running
bankinit.php:

  Can't open for write: dbs/serverdb/pubkey/36a6db2903b42d35e753d44d95636490b0fb7b2c 

then you should remove the server database directory, recreate it, and
change its permissions to 2777.

You will probably want to use SSL (https, encrypted connection) for
your client, and, until I make Trubanc support client/server
encryption internally, your server. After you install your SSL
certificate, and assuming your server is in the "trubanc" directory,
you can create an .htaccess file at the top-level of your site,
containing the following, to enable HTTPS for only the client. Remove
"client/" to enable it for the client and server.

  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^trubanc/client/(.*) https://example.com/trubanc/client/$1 [R,L]

Or, if your server is at the top-level of your site:

  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^client/(.*) https://client/$1 [R,L]

If the RewriteRule doesn't work in your Apache installation, you can
set the $ssl_domain variable in settings.php for client and/or
server.

  $ssl_domain = "example.com";