Hey all,
I'm a fairly experienced PHP developer, but I have a project that I am designing that has some unique needs (don't they all!):
1) I need to create new copies of a CMS site and mysql database (using Mambo for now) upon the submission of a secure web-form. (I have this part completed)
2) I need to use one code-base for the CMS, with each new CMS site using this code-base to run. This is crucial since I want to make updates and changes to the code-base only once.
3) I need to allow each CMS site to have unique settings like template, plugins, etc.
ok, I have most of this coded and working, but I am using $_SESSION['configuration.php] to tell each CMS site where to locate the configuration.php file. This is what I would like feedback on, if possible.
Right now, the way the code works is that when a user goes to [url]http://www.example_stite/sites/cms1/[/url] they will start a session indicating that the CMS configuration file for 'sites/cms1' is the absolute path to 'sites/cms1/configuration.php'. The user is then routed to the main CMS code-base that has been edited slightly to use the configuration.php as $_SESSION['configuration.php', rather than the stock location.
Alternatively, if a user goes to [url]http://example_site/sites/cms2[/url] they will start a session indicating that the CMS configuration file for is the absolute path to 'sites/cms2/configuration.php'..... etc.
This actually functions well (in a development environment) so far. But, I wanted to ask other PHP users if using $_SESSION in this way poses any obvious weaknesses or security threats, etc.
Thanks in advance for your thoughts.
Luke
