|
Installing Lasto |
|
The install steps are as follows:
Here is a quick overview of the install process. First, generate a key. Next, put that key into web.config and setup your other web.config values. Then upload your files, run the various database scripts, and you are done. |
|
Generating a Key |
| The very first thing you will need is to
generate a new encryption key for protecting user's cookies against
password snooping. Lasto uses TripleDES to do its encryption, which
requires a 24-byte (192-bit) key and an 8-byte Initialization Vector.
However, to avoid having to try and type unprintable characters into the
config file (which wouldn't work very well), the key and IV are base-64
encoded. This means the key in the config file is exactly 32 base-64
characters long and the IV is 12 base-64 characters long (including
trailing equals sign.)
There are several ways to generate a new key and plenty of base-64 encoders out there, so if you feel comfortable doing that feel free to come up with your own. For those that are not so inclined or wish to take the easy way, a new key generator has been provided in the file key.aspx; This file is stand-alone in that it does not require a database connection or access to the config file. My suggestion is to simply run key.aspx on your local install of IIS, or upload key.aspx (and the BIN folder) to your web space and run it from there. This file will generate a new key for you to place into web.config. Please note that for security reasons it does not place the new key into the configuration for you - that must be done manually. Another option is to simply proceed with the rest of the install and run key.aspx later before you go "live". You can just update web.config with your new key, then re-upload it to make the changes effective. (Any time you change the key all existing login cookies are invalidated, therefore users must log in again next time they visit the site.) |
| For information on configuring your web.config file, click here. |
|
Uploading Files |
| Lasto may run as a separate
application or under the default application along with the rest of your
site. In either case, create a folder under your web root to place the
files in. For example: c:\inetpub\wwwroot\forums\. Once this folder is
created, also create a subfolder called BIN, one called Themes, and
one called DBScripts.
Now upload the ASPX files into your forums\ folder, and upload Lasto.Dll into BIN. Next upload your theme folders into Themes. Lastly, upload the .SQL scripts into DBScripts. Please note that you should remove this folder after you have Lasto up and running for maximum security! If your host allows you to connect with Enterprise manager, you don't even need to upload these scripts - just connect EM and run them from the local drive. It is highly recommended that you get Lasto fully functional using the default themes before attempting to create your own. It is also highly recommended that if you want to modify one of the included themes you copy it to a new folder and make a new entry in web.config for it so that if you upload an update to Lasto in the future you do not overwrite your changes. To isolate Lasto and run it under its own application, go into the IIS snapin and right-click Lasto's folder, then hit the "Create Application" button. For more information about these options, consult the documentation. |
|
Creating the Database |
| Edit fulltextindexing.sql
and change LASTOFTC to be your own custom catalog name or the catalog name
assigned to you by your administrator. First,
run the tables_indexes_trigger.sql file. If you had to upload the dbscripts folder instead of running the scripts from your local machine, I highly suggest that you remove that folder after you have the database up and running. Keep a copy of the scripts backed up locally instead. If you cannot use full text indexing, then you will not be able to fully use the Search function, but the rest of Lasto will still work just fine without it. Last but not least, either your or your service provider should enable "Change Tracking" and "Update Index in Background" to keep your full text index up to date. (Or your service provider may have elected to schedule updates to happen at night, in which case searches may be behind by one day.) |
|
Creating Administrators |
| Be sure to edit the
MAKE_ADMIN.SQL script and put in your username, password, and email
address where it says 'admin', 'password', 'me@nowhere.com'. Then run this
script to create your first administrator. Given the configurability of the security system in Lasto, it is highly unlikely that you will need more than one or two real "administrator" accounts. You should have one very secure account you use for making security changes with a long complicated password, and then create a new lesser account that you use to post in day-to-day operation. You can give this lesser account the ability to move threads, lock threads, and so on. When you need to create or delete forums, edit group security, and so on you can simply log in as your secure administrator account and make the changes. Note: Administrators do not show up in User manager and cannot be edited via the web interface. |
|
Finishing Up |
| At this point, you should be
able to navigate to lasto's folder on your webserver (such as
http://mysite.com/forums/). You will be presented with a message that
there are no forums and you should login. Go ahead and do so using the
admin account you created.
Now you will be taken back to the same page where you can click on Forum Manager. Do so and then click on Add New in forum manager. Enter a title and tagline as appropriate. Now enter 0 for level to view, level to post, and index order. Set edit time to 30 minutes. Now click Create Forum. (you can modify these values later.) Now go back to the index. You should see the forum you created (as well as the admin tools at the bottom of the screen.) Click on the forum you created and you should see a message saying there are no messages. Click the link provided to post the first message. Congrats, you are now up and running! If you have problems: You may need to set customErrors="Off" in your web.config file in order to see the full ASP.Net error message. Once you have your site up and running, it is recommended that you set this to RemoteOnly or On to prevent sensitive information in error messages from being displayed to clients.
|