FREESEAT

Quick Installation Hints

(From the README)

(Please submit a support request in case you need help in installing this application.)

Requirements

You need a reasonably recent PHP aware web server and mysql server. I have written it with mysql 4.0 and PHP 4.3 in mind.

For sending emails, the program uses PHPMailer. Copy the two files class.phpmailer.php and class.smtp.php at the same level as index.php, repr.php, etc.

If you do not want to install PHPMailer then update send.php to send using some other way, and provide your own send_message function.

To Start

First copy the entire archive in some webserver reachable area. THIS IS NOT ENOUGH. Read on for the rest of the installation. No, there is no automated install script.

Language

You can see available languages in the languages subdirectory, and pick the one you want in the config.php file. Additional translations are welcome. Do NOT use default.php. If you want English, use english.php.

Database

Modify the tables.sql file to suit your needs, and then run it through the mysql client (as a user that is permitted to create users, grant access rights, create databases and tables)

Note that if you do not want to permit the admin user to modify spectacles (add/change performances) then you should remove/comment the corresponding GRANT statements in tables.sql prior to running it, as well as the corresponding line in index.php. And remove the show_edit.php file too, if you want.

You should have three separate users with different passwords, as described in config-dist.php. If you absolutely can't do otherwise, you may have all three set to the same user. The reason for separating those are: 1. In case your config.php file is leaked, the dbpass and systempass passwords being different from adminpass, that file would be essentially useless to the attacker. 2. If there's an sql injection hole in FreeSeat, separating users will mitigate the damage an attacker could do. Don't say you haven't been warned.

Seat Configuration

You need to specify for each theatre in which you are going to sell tickets where are the seats. You can have a look at theatrevevey.sh or theatrefribourg.sh to get ideas about how to write a script that will fill the table for you.

The attributes of the seats table are as follows:

theatre

in which theatre that seat is

row

row number, seats in a row on the screen should usually have the same row number
The special row -1 is for so called "unnumbered seats" a.k.a. general seating. People don't select them individually but instead specify for each zone how many such seats they want to book.

col

seat number for that row

extra

some stuff to be added on the ticket for that seat

zone

you can split the theatre in zones that will be rendered independently, that usually have their own row numbering etc. The zone name will also be shown on the ticket for that seat.

class

A number saying how good the seat is. 1 is good, 4 is bad.

x

positive number giving the horizontal coordinate of that seat when rendering the zone of that seat

y

positive number giving the vertical coordinate of that seat when rendering the zone of that seat.

Configuration

Copy config-dist.php to config.php and change the variables to suit your needs.

This archive includes an example stylesheet, which is the one I use. Note that div.narrow refers to an image to be displayed on the left of most pages. You probably want to change it...

Credit Card Payment

This application contains bindings to Klik & Pay (tm), and to PayPal (tm). If you want to offer credit card payment through another provider you need to write the bindings to your credit card payment application in a file containing the same functions as klikandpay.php. If you call that file differently then make sure to update the bindings in klikconfirm.php and finish.php.

If you want to offer credit card payment, set the appropriate variables in config.php.

If, on the other hand, you don't want to offer credit card payment, on the other hand, the easiest way to do it is simply to open params.php in a browser and tick the 'deactivate' checkbox in the corresponding field.

Http Server Configuration

I recommend using something like SSL client certificate or some other form of identification on the web server level to only allow https access to the booking administrator.

The system will let people in administrator mode if they can

1. access the pages over SSL
2. provide the correct booking administrator password.

2 being checked after 1, you should not have to worry about people remotely brute-forcing the password.

Cron Job

A cron job should be ran nightly, executing the cron.php file and passing the bookingadmin password as parameter, in order to automatically send payment reminders and delete tickets for people who don't want to pay.

You can put something like this in your crontab -e or your daily.local (of course replacing bookingadminpassword by the actual password, and /path/to/your/freeseat/install/ by your freeseat install path)

sudo -u www /usr/local/bin/php /path/to/your/freeseat/install/cron.php bookingadminpassword