Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Installing phpESP for simple surveys

From time to time, your church or charity may need to run a survey (not a poll, but a survey). When that happens, do you have what it takes to run it online? Here’s my blow-by-blow account of how and why I installed phpESP on one of my systems last night.

Deep Kimchi *

So yesterday, I’m at a picnic put on by the good folks at the Korean Baptist church that leases space from Redland Baptist. Anyone who can BBQ chicken and ribs that good, can have my parking spot anytime!

As is often the course when the entire RBC body gets together, I get at least one or two individuals telling me tales of woe about their computer and how it really needs to get fixed. I got a really dirty look yesterday when I suggested to an individual (yet again) that they buy the Symantec Anti Virus software and run the repair on their infected machine.

Not long after that, the committee chair for the Christian Education committee asks me if I can put ‘the survey’ online. I mention to him that this is the first I heard of ‘the survey,’ but would be glad to see if there wasn’t some software I could install to forward answers to him and/or the church administration via email and/or a database friendly file. He was amazed that such a thing could be done … he was thinking a PDF file that people print and turn in …

… I was thinking phpESP. A nice, stable, medium weight survey application provided your survey doesn’t get fancy with dependencies or a five choices of checkboxes in which the last one is “other” allowing for open text.

A Nice Mid-Weight Survey App.

In other words, if your survey questions aren’t overly complex (note I said survey, not poll), then phpESP may be the application for you. Here are some of my notes on how I went about installing it via my trusty Putty terminal emulator:

  1. via my control panel (cPanel), I created a MySQL user and database
  2. wget http://aleron.dl.sourceforge.net/sourceforge/phpesp/phpESP-1.6.1.tar.gz
  3. cd $HOME/www
  4. tar -zxvf $HOME/phpESP-1.6.1.tar.gz
  5. mv phpESP-1.6.1 phpESP
  6. cd $HOME/www/phpESP/admin
  7. pico $HOME/my_phpESP.inc
    Enter the following lines of code to this NEW file:
    • <?
    • $ESPCONFIG['db_host'] = ‘localhost’;
    • $ESPCONFIG['db_user'] = ‘myusername’;
    • $ESPCONFIG['db_pass'] = ‘mydbpassword’;
    • $ESPCONFIG['db_name'] ‘mydatabasename’;
    • ?>
  8. pico $HOME/www/phpESP/admin/phpESP.ini.php
    replace the lines in phpESP.ini.php above (that now exist in $HOME/my_phpESP.inc) with:
    • include(“/home/myaccount/my_phpESP.inc”);
  9. cd $HOME/www/phpESP/scripts/db
  10. sed -e “s/(‘root’,/(‘myname’,/” mysql_populate.sql > my_mysql_populate.sql
  11. perl -pi -e “s/’esp’/'mypassword’/” my_mysql_populate.sql
  12. mysql -uSER -pASSWORD databasename < my_mysql_populate.sql
  13. rm my_mysql_populate.sql

At this point I’m ready to begin managing surveys by directing my browser to http://www.myhost.com/phpESP/admin/manage.php.

Security Hacks

One of the things I did outside of the phpESP documentation (lines #7 & 8) is create a new file in the root of my directory tree entitled $HOME/my_phpESP.inc. Then I moved the database connection information out of $HOME/www/phpESP/admin/phpESP.ini.php, replacing the latter with an include directive. This way, if anyone manages to get around the basic authentication protecting the phpESP/admin directory, they’re still going to have to work for the username and password.

I generally apply this security modification to all of my PHP applications.

Likewise, I use SED and PERL from the command line to modify the default username and password in the mysql script to populate the database. Yes, this can be changed within the software, but I prefer to do it here … so long as I don’t forget to delete the temporary/edited copy of the script. This insures the system isn’t running with the default username and password, compels a ‘seeker’ to guess both the password AND username … while leaving no traces for a would be nere-do-well.

Close, but no Cigar

As it turns out, our survey was indeed a bit too complex, which is too bad because I really like phpESP. None-the-less tomorrow night I’m going to experiment with some of the other fun survey tools listed at FreshMeat.net. Stay tuned to see what happens.

You may now wish me a Happy 45th!


  1. Happy Birthday, Dean!

    I recently did an even lower-tech survey, necessitated by our even lower-tech hosting provider – they don’t offer MySql in our package. Our Board of Childrens Ministries was applying for a grant and wanted to use survey data in the grant application. They survey was very simple – no conditional sections.

    I build an HTML form and connected the Submit button to cgiemail. cgiemail takes the post data, assembles it into an email using a template of your design, and sends it to the address of your choice. I used a template that put the data into a single CSV line (suitable for import into your favorite spreadsheet) and sent it to a survey email ID.

    After the form was online, we did an emailing to the survey target audience with the URL. We got about 50% participation and got the grant, too.

  2. Happy birthday, Dean…

  3. For PHP surveys, I recommend PHPSurveyor. It’s powerful (with support for conditionals and several questions types beyond the usual 5 check boxes), yet easy to learn and set up. Results can also be compiled as statistics and can be exported to CSV, Excel or Word.

    Plus it’s GPL, and constantly being updated at SourceForge. =)

  4. Hope you had a good birthday.

    I will look into all these. I think I could make use of them.