Prevent leaking password by committing config.php

[hholzgra]

As config.php is tracked by git it is easy to accidentially commit a version of the file that has actual login credentials in it.

This is typically prevented by:

• having a config.php.dist file in the repository that provides a template
• preventing upload of actual config.php by adding it to .gitignore
• instructing users to copy config.php.dist to config.php, then add private information in there