DaDaBIK logo

Manual

This documentation is about the 6.0 release, if you need the documentation for a previous release please read the documentation file included in each downloaded package; the features described in this file refers to DaDaBIK Enterprise Version, some of these features might be not available for DaDaBIK Basic and Pro versions. Check the features comparison for further details.

Table of contents

What is DaDaBIK?
Requirements
License
Video tutorials
Installation
Upgrade from previous versions
Upgrade from BASIC to PRO/ENTERPRISE or from PRO to ENTERPRISE
Configuration
Custom code
DaDaBIK Wordpress Integration
Authentication
LDAP Authentication
Wordpress Authentication
Permissions
Adding a new language translation and fix existing ones
Export to CSV, risks
Security
FAQs
Known bugs, limitations and unexpected behaviors

What is DaDaBIK?


DaDaBIK is a very popular and mature PHP application which allows you to easily create a highly customizable database front-end/application without coding. You can use it to create in a few minutes a very basic CRUD (Create, Read, Update, Delete) database front-end or to develop a more sophisticated database application.

With DaDaBIK (differently from many similar softwares) you don't produce a PHP script, which would become outdated when you modify the schema of your database, but instead you directly use its abstraction layer that can be easily updated every time you modify your database's schema.

DaDaBIK uses the PDO extension in order to support as many DBMSs as possible, at the moment it officially suports MySQL, PostgreSQL and SQLite.

The strength of DaDaBIK lies in its ability to be customized. For example for each table field you can choose:

  • if the field must be included or not in search/insert/update forms and data grids
  • its label
  • its content format (e.g. numeric, alphabetic, e-mail, url...)
  • the HTML input type (e.g. textbox, dropdown menu...)
  • the possible values, also driven from another table ("foreign key" support)
  • and much more...

Features include:

  • Forms generation/customization
  • Datagrid generation/customization
  • Datagrid HTML template customization
  • 12 field types
  • File uploading
  • Master/detail views
  • Duplication checking
  • Authentication
  • Granular permissions
  • Integration with external user/group/password lists
  • Record locking
  • Record ownership authorizations
  • CSV export
  • Email alerts
  • SQL logging
  • Pre-defined/custom formatting rules
  • Pre-defined/custom validation rules
  • Static pages
  • Front-end in 17 languages (Italian, English, Dutch, German, Spanish, French, Portuguese, Croatian, Polish, Catalan, Estonian, Rumanian, Hungarian, Swedish, Slovak, Russian and Finnish).

The graphic layout of DaDaBIK is customizable to allow the integration into an existing Web site/Web application.

DaDaBIK differs from PHPMyAdmin: it has not been created to offer the complete administration of a database, but rather to allow the creation of a customizable and user friendly database application. The target of a DaDaBIK application can be the final user instead of a DB administrator.

Since its first release in 2001 it has been downloaded more than 150.000 times and its users community has produced about 10.000 posts in the forums.

[back to top]

Requirements


  • PHP
    • version >= 5.1
      • with the mbstring extension enabled if you need to handle Multibyte character
      • with LDAP support enabled if you need LDAP authentication
  • MySQL
    • version >= 5.0 (PDO_MYSQL PHP driver required)
  • PostgreSQL
    • version >= 7.4 (PDO_PGSQL PHP driver required)
  • SQLite
    • version >= 3
  • A pre-existent database with AT LEAST ONE table, with DaDaBIK you create database applications, not the database itself. For MySQL, a great free tool to crate databases is MySQL workbench; the database default charset MUST BE UTF-8 if you need to handle UTF-8 content.
    For MySQL, all the database tables must be InnoDB if you want to correctly handle transactions; DaDaBIK can also work with MyISAM tables but it cannot guarantee that transactions are processed correctly.

Not sure if your system matches the requirements? Most probably it does, but if you want to be sure contact us and we will check it for you.

[back to top]

License


DaDaBIK is not free software, it is released under the DaDaBIK license (see License) and its use requires to purchase a regular license from the Website www.dadabik.org. It is, however, open source in the sense that, after buying a license, you get the full source code of the software.

[back to top]

Video tutorials


A beginner video tutorial is available here: http://www.youtube.com/watch?v=uPmXoep91Vk; while it is based on version 4.x, it can still be useful to understand the basics.

[back to top]

Installation


  1. Copy everything which is contained in the directory program_files in a directory under your Web server
  2. Open the file /include/config.php with a text editor and edit it (specify at least $dbms_type, $host, $db_name, $user, $pass, $site_url, $site_path, $timezone)
  3. Run the file http://your_host/your_dir/install.php to install DaDaBIK
  4. Open the file http://your_host/your_dir/index.php in your browser and have fun!! You can now start using DaDaBIK.

    You have created a basic database application based ont tables and views contained in the database $db_name. You can customize the application via http://your_host/your_dir/admin.php. Remember that you must set a primary key for each table managed with DaDaBIK if you want to delete and modify records; other DaDaBIK features (such as duplication checking and email alerts) also require a primary key.

[back to top]

Upgrade from previous versions


You can upgrade to version 6.0 without loosing your configuration if you are running at least version 5.0:

  • Replace all the old files with the new ones (keep your upload folder if you want to save the uploaded files )
  • Upgrade the Wordpress plugin in the Wordpress installations where you have used it
  • Update your /include/config.php file using your old configuration settings
  • Run the file http://your_host/your_dir/upgrade.php and follow the instructions to upgrade DaDaBIK

[back to top]

Upgrade from BASIC to PRO/ENTERPRISE or from PRO to ENTERPRISE


It is not possible to upgrade from DaDaBIK BASIC to PRO/ENTERPRISE keeping your application settings.
You can, instead, upgrade from PRO to ENTERPRISE; you have to:

  • Replace all the old files with the new ones (keep your upload folder if you want to save the uploaded files )
  • Update your /include/config.php file using your old configuration settings

[back to top]

Configuration



The configuration of DaDaBIK can be managed at two different levels.

Some general configuration parameters can be directly set from the file /include/config.php, just by opening it with a plain text editor and editing it. The file is self-explanatory. At that level you can, for example, set the database you want to manage with DaDaBIK or configure some DaDaBIK features (e.g. authentication, upload, email notices, language,...).

For a more analytic tuning you are supposed to use the admin area http://your_host/your_dir/admin.php. At this level you can:

  • Choose the database tables you want to include in your DaDaBIK application
  • Configure your datagrids, choosing between a classic tabular data grid view (default) or a custom results page completely customizable using HTML templates.
  • Configure your forms: this is the core of a DaDaBIK application configuration; here, for each field, you can set
    • if the field must be included or not in search/insert/update forms and data grids
    • its label
    • its content (e.g. numeric, alphabetic, e-mail, url...)
    • the HTML input type (e.g. textbox, dropdown menu...)
    • the possible values, also driven from another table ("foreign key" support)
    • how the fields are arranged in each form
    • custom formatting and validation functions
    • requiredness
    • search operators
    • and more...
  • Set the permissions (see the Permissions sections for more details)
  • Synchronize your applications if you change the database schema

The admin area is also self-explanatory, so you can read most of the instructions on how to configure DaDaBIK by clicking on the help tooltips available in the admin area itself. That's the reason why this manual is so short, you will find everything you need about configuration in the admin section.

Some graphic customization can be done by changing the files /include/header.php and /include/footer.php and by editing the CSS file /css/styles_screen.css. In addition, the data grid HTML templates feature allows you to deeply customize the appearance of your item results page.

Editing the files located in /include/languages you can customize all the sentences DaDaBIK uses.

[back to top]

Custom code


DaDaBIK 6.0 provides an experimental feature which allows to create in a DaDaBIK application custom pages running completely custom PHP code, with the only limitation of some variabile naming rules. The feature needs to be enabled from config.php, setting $enable_custom_php_pages = 1.

[back to top]

DaDaBIK Wordpress Integration


DaDaBIK is released together with a Wordpress plug-in which allows to integrate a DaDaBIK application into a Wordpress site's page.

Furthermore, users authenticated through Wordpress can also be (optionally) automatically authenticated into DaDaBIK too, without doing the log-in again. The Wordpress authentication feature requires that the DaDABIK application is installed in a subdirectory of the Wordpress site and that the same users (same username) is available both in Wordpress and DaDaBIK.

Follow the instruction included in the wordpress_plugin folder to install and configure the plugin.

[back to top]

Authentication


Authentication is enabled by default, which means that, in order to use an application created with DaDaBIK, you have to login. You can disable authentication by setting $enable_authentication = 0 in /include/config.php; while this is not recommended, it can be useful if you want to use DaDaBIK to create a public Web site.

DaDaBIK is released with the following default users:

  • username: root; password: letizia (this is a user belonging to the admin group)
  • username: alfonso; password: letizia (this is a user belonging to the normal group)

It is strongly recommended to change the default passwords for security reasons.

Admin users can not only use a DaDaBIK application but also configure it through the admin area; furthermore, they can add new users/groups and edit/delete existing ones.

[back to top]

LDAP Authentication


Optionally, you can authenticate your users against an LDAP server. DaDaBIK has been tested with both Open LDAP and Microsoft Active Directory.

From /include/config.php you have to enable $ldap_authentication and specify all the parameters required for the connection. Users who authenticate using LDAP are then copied into the DaDaBIK users table and get assigned to a default (configurable) group. The aim of the copy is to allow the permissions setting, LDAP users authentication is always performed through the LDAP server.

Mixed authentication (some users authenticate against DaDaBIK, others against an LDAP server) is also possible: during the log-in procedure, a user can check/uncheck the LDAP checkbox in order to specify if he is going to authenticate through LDAP or not.

[back to top]

Wordpress Authentication


If DaDaBIK is integrated into a Wordpress site, users authenticated through Wordpress can also be (optionally) automatically authenticated into DaDaBIK too, without doing the log-in again. See DaDaBIK Wordpress Integration for further details.

[back to top]

Permissions


Basic permissions

For each table (each form and field), through the permissions manager, you can set which operations (Read, Create, Edit, Delete and Details) are allowed.

If you disable the read permission for a table, the table will not be displayed in the change table menu of the application. Remember, however, that users can still read its records if the table is used as source of a select_single field or as items table in a master/details view.

Granular permissions:

If $enable_granular_permissions is set to 1 in /include/config.php you can set, through the permissions manager, which operations (Read, Create, Edit, Delete and Details) are allowed for each users group on each form and field.

For example you can configure your application to allow the group "Managers" to read and modify all the forms while the group "Employees" to read all the forms and modify just some of them, or just some fields of them.

If you disable the read permission for a table, the table will not be displayed in the change table menu of the application. Remember, however, that users can still read its records if the table is used as source of a select_single field or as items table in a master/details view.

Integration with existing user and group lists

DaDaBIK uses by default the table dadabik_users and dadabik_groups to store users information, but you can also use existing user and group tables. This help the integration of DaDaBIK with existing applications, for example with a CMS.

To set DaDaBIK to use your own users and groups table, you have to configure the parameters starting with $users_table_ and $groups_table_ in /include/config.php; the integration is also possible if your users table doesn't use the same password encryption which DaDaBIK uses, in this case you have to customize the hashing functions as explained in /include/config.php

Owner permissions:

An owner permissions model is also available, it allows to set-up the application in a way such as users can:

  • Delete only their own records
  • Modify only their own records
  • View only their own records
The owner of a record is the user who inserted it.

You can enable this feature from the permissions manager; to enable it, authentication must be enabled and each table you want to protect must have a field whose field type is set to ID_user.

[back to top]

Adding a new language translation and fix existing ones


Some of the language translations are incomplete. If you open your language file (e.g. include/languages/spanish.php ) you can find the sentences not translated looking at the // to change comments at the end of each file row. You can complete the translation if you want. You are more than welcome to contribute to the localization sending back to info at dadabik dot org your improved translation.

Adding a new language translation is pretty straightforward. For example, imagine you want to add Hindi: you just need to create a copy of the file /include/languages/english.php, rename it as hindi.php, and edit all the sentences of the file (for each row, the quoted part after the arrow). You can then use the language choosing hindi in /include/config.php as language.

[back to top]

Export to CSV, risks


If your DaDaBIK instance is public, please consider disabling this feature from /include/config.php because robots, accessing the CSV export link, could consume an inordinate amount of processor time.

[back to top]

Security


Here is some security-related information which you must know:

  • After the program is installed it is a good practice to remove the files install.php and upgrade.php, since they could be used by malicious users in order to change or even re-install your DaDaBIK installation.
  • The files admin.php, datagrid_configurator.php, db_synchro.php, internal_table_manager.php, permissions_manager.php and tables_inclusion.php can also be used to modify your installation. If authentication is enabled, the access to the files will be protected, otherwise you should remove those files. For additional security, you can however remove the files even if authentication is enabled.
  • The HTML content type and the rich_editor field type can lead to high security risks: DaDaBIK uses the popular htmLawed library to prevent displaying of dangerous HTML/Javascript code but, as the authors state, (http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.8), there are some minor cases in which htmLawed can fail. If a malicious user insert some arbitrary javascript code and the library fails in recognizing it, the code can be then executed by other users just by using the application. Among other problems, this can lead to XSS attack (http://en.wikipedia.org/wiki/Cross-site_scripting), which in turn can allow an unauthorized access to the application (http://en.wikipedia.org/wiki/Session_hijacking) and, if the Internet browser of the user contains security holes, even the execution of arbitrary code in the client machine. Use at your own risk.

Other security-related issues are described in the section Known bugs, limitations and unexpected behaviors

[back to top]

FAQs


Please read the FAQ document.

[back to top]

Known bugs, limitations and unexpected behaviors


  • UTF-8 related:
    • DaDaBIK supports UTF-8; however, malformed UTF-8 characters can lead to unexpected results such as content corruption. The use of the HTML content type or of the rich text editor, in combination with UTF-8 content, is another factor that could lead, theoretically, to unexpected results.
  • Security/data-integrity related:
    • Malicious users can exploit a field with content type set to HTML or field type set to rich_edit to insert arbitrary javascript code, this can lead to security risks if the htmLawed library doesn't filter this content properly (see above, security section, for all the details).
    • Searching values containing % or _ using the "contains", "starts with" or "ends with" conditions could lead to wrong search results.
  • Table and field names related:
    • Insert/search/update fail if one or more field names contain blank spaces or dots (e.g. "my field" or "my.field" are not allowed, use "my_field" instead).
    • Quote characters and characters which need to be esacped such as ' ` " \, can lead to problems if used in table and field names.
    • Using field names containing the value set for $alias_prefix, $null_checkbox_prefix, $select_type_select_suffix, $year_field_suffix, $month_field_suffix, $day_field_suffix, $hours_field_suffix, $minutes_field_suffix, $seconds_field_suffix could lead to unexpected results; you can change the value of the above variables editing /include/config.php
  • User interface related:
    • Some language translations are not completed. If you open your language file (e.g. include/languages/spanish.php ) you can find the sentences not translated looking at the // to change comments at the end of each file row. You can complete the translation if you want.
    • The rich editor interface (TinyMCE) is displayed in english only.
  • PosgreSQL related:
    • DaDaBIK needs table names in lower case to work on PostgreSQL.
    • The insert e-mail notice doesn't work on PostgreSQL.
    • Insert/update don't work correctly on PostgreSQL if the user choose "Other...." from a select_single field menu and the field has some linked fields.
  • Admin section related:
    • The field renaming feature of the administration page doesn't work as expected if the renamed field is used in one of the following properties: "Primary key field", "Linked fields", "Order by", "Where clause" in the forms configurator related to any of the tables. In particular, after the renaming, you will get "[08] Error: during query execution" messages from the DaDaBIK front end; you should edit the above properties by hand, renaming the field in the forms configurator.
    • The "refresh installation" admin operation doesn't work correctly and could lead to a forms configurator settings loss if the installation is the result of an upgrade from a DaDaBIK version < 4.1 rc2; the "refresh installation" bug is considered fixed only for tables installed (DaDaBIK installation from scratch or single table installation from the admin interface) using a DaDaBIK version >= 4.1 rc2.
  • Master/details related:
    • After having accessed (in edit or details mode) a record with master/details view, DaDaBIK will show only the records related to that master record if the details table is accessed in "show items" mode. A "remove search filter" is needed to remove the incorrect filter.
    • DaDaBIK does not work correctly if a master/details view is on three or more levels (e.g. table A (parent) -> table B (child of A) -> table C (child of B)).
  • Others:
    • The "previous" and "next" buttons don't work correctly after this sequence of operations: - perform a search based on a field A - change the value the field A for a record of the resultset
    • Primary keys composed by multiple columns are not handled.
    • Upload and deletion of files are not considered as atomic transactions together with insertion/deletion of records. E.g. if you insert a record and for some reason the upload process of the file you are uploading together with the record does not succeed, the record will be inserted anyway.
    • The "check for duplicated" feature doesn't work with file field types: DaDaBIK doesn't warn about similarity when two files have a similar name; furthermore, the "check for duplicated" feature causes uploads to fail during insert, in particular the files are not uploaded if some possible duplicated records are found and the user decides to insert it anyway. The "check for duplicated" feature also doesn't work with date, date_time, insert_date and update_date field typed and with all fields which are hidden in the insert form.
    • HTML content is not set correctly as "Default value" (form configurator).
    • When a new option of a select_single field with linked fields is inserted through the "other..." option, the current user is not inserted in the ID_user field of the linked table. This means that the new record in the linked table won't get an owner and the  owner permissions won't work as expected.
    • If, while editing a record, you change the value of the primary keye, DaDaBIK is not able to show you the updated record after saving.
    • Choosing a separator (~ by default) whose length is more than 1 can lead to unexpected behaviours
  • Unexpected behaviors (not really DaDaBIK bugs but behaviors which the average user doesn't expect)
    • DaDaBIK relies on the $timezone parameter for date functions (e.g. to produce the current date), which can be different from the client's (user) one.
    • The value actually inserted in the database during an insert/update, if the value typed in the form is not part of the domain specified during table creation (e.g. integer, varchar,...), depends on the DBMS settings and on the domain itself. For example if an integer field is left blank during insert/update (not NULL, blank), MySQL could insert 0 as value, because an empty string is not part of the integer domain and very often the default value for integers is set to 0.
    • Formatting tags automatically inserted in a field through the HTML editor are not filtered during search so if you search "hey good" and you have "<b>hey</b> good morning" in your field you won't find it.

[back to top]