Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

An IT professional with a wide experience of IT systems, specialising in Database Management and Security.

IP Mapping and Google Maps

We have recently been notified of a problem where the Maps generated by our IP Mapping using the Google Maps API were never completing.

Viewing the Java console log we could see that there were reported problems as follows:

Blocked loading mixed active content "http://maps.googleapis.com/maps/api/js?v=3&key=xxxxxxxxxxxxxxxxxxx"[Learn More] https://www.zzzzzzzz.com/ip-maps-and-visitors">ip-maps-and-visitors
JQMIGRATE: Migrate is installed, version 1.4.1 https://d2sznybf8qa7e0.cloudfront.net/media/jui/js/jquery-migrate.min.js:2:542">jquery-migrate.min.js:2:542
Blocked loading mixed active content "http://maps.googleapis.com/maps/api/js?v=3&key=xxxxxxxxxxxxx"[Learn More] https://www.zzzzzzzz/ip-maps-and-visitors">ip-maps-and-visitors
Loading failed for the <script> with source “http://maps.googleapis.com/maps/api/js?v=3&key=xxxxxxxxxxxxx”. https://www.zzzzzzzz.com/ip-maps-and-visitors:61:1">ip-maps-and-visitors:61:1
 ReferenceError: google is not defined[Learn More] https://www.zzzzzzzz.com/ip-maps-and-visitors:94:11">ip-maps-and-visitors:94:11
 
Where xxxxxxxx is the specified API key, and zzzzzzzz is the web site which reported the problem, which we have masked for security problems.
 
This seemed to be a situation of a site using https yet the code still using http for the internal addresses, and further investigation revealed that this was indeed the case.

However in looking further we discovered a few further interesting aspects of the use of the Maps API which are worthy of mentioning.

The first is that in line with many cloud computing providers, the Google Maps API moved to a pay-as-you-go pricing structure on 11th June 2018.

The newly-named Google Maps Platform was brought under the Google Cloud umbrella and consists of three core products: Maps (for delivering customised dynamic maps, Street Views and 360° views), Routes (directions and traffic) and Places (location names, addresses, reviews etc). Each has its own pricing structure.

More importantly the new pricing strategy employed by Google for their Maps Platform is a freemium one – all users get to make $200-worth of API calls for free each month.  Thjs means that one has to use an API Key and register a billing account, even if you never are going to pay.  Even if your usage falls well within the free $200 credit, you still have to create an account and provide Google with billing details to keep using the APIs.  It should be possible to set up a usage cap, but we have been unable to do this yet, until the 'free' time expires.

It is also important to add some restriction on the API key to secure it. We found this web page How to Fix “This page didn’t load Google Maps correctly” Error.

This proved very useful in setting up an API Key, although we did encounter some problems setting up the HTTP referrers, in getting them to 'take'.

The fix involved us modifying the code in two php files located in the Jooma/modules/mod_ipmapping_mapper directory. These files named 'mod_ipmapping_mapper.php' and 'minify_js.php', were modified to change the internal http prefix to https and this resolved the coding problem.   The latter file is probably the more important to change. The official fix will be included in the next schedued release.

Joomla 3.9 released

 

 Joomla 3.9, The Privacy Tool Suite

The Joomla! Project is proud to announce the release of Joomla! 3.9, the latest in the ‘Joomla! 3’ series.

This new release packs in more than 250 improvements for the Joomla CMS – central to which is a full privacy tool suite, which will make site compliance faster and simpler (not to mention the lives of developers a whole lot easier)!

What’s new in Joomla 3.9?

Here are just some of the new features …

The Privacy Tool Suite by Joomla

  • User Consents - Make light work of data privacy requirements
    Need users to consent to your privacy policy and/or terms and conditions? With Joomla 3.9, it’s all handled automatically. Simply and easily set up your core forms to request consent before collecting any personal data.
    You can also set up a time-based privacy consent expiration. The system will let you know if and when you need to contact your users to renew consent.
    Track user consents, manage site policy changes and much more besides, all with a glance at your dashboard.

  • User information requests? Easy-peasy
    Track and manage information access or removal requests from your users, seamlessly. Once a request is made, just log in, export their data and/or remove them.
    User data removal requests are all handled automatically, with all personal data anonymized without you needing to lift a finger.
    Never forget a request again. Just set Joomla 3.9 to remind you.

  • Extension Capabilities - Put your users in the picture when it comes to privacy...
    Extension developer – give your potential users a helping hand, by making it clear what data your extension collects. When you want to report functionality in your extensions that may need privacy consideration, simply use the new Plugin Event (onPrivacyCollectAdminCapabilities).
    With this simple action, your users gain a clear understanding of your extension, and whether they’ll need to amend their own documentation, such as their privacy policy or terms of service.

  • User Actions Log - Know who’s done what, and when
    Want to know what administrative actions have been performed on your site? Thanks to Joomla 3.9, Super Users can easily see which user did what, and when. And it also works with supported extensions! Review the action log, export it and purge the entries. You’ll never miss a trick, thanks to the latest actions module that can be added to your control panel.
    Need more? Then enable the new log rotation plugin – this will allow you to rotate and remove your log files.

Joomla 3.9 is about more than Privacy

  • Content management made fast and easy – little features, that make a big difference
    • Add notes to your articles in the backend, and filter them #19134
    • A new search feature in the backend: search for a specific article content #20083
    • Load a module by ID into your article #19362
  • More flexibility for custom fields with two new options
    • A repeatable custom field is now available #20243
    • Create alternative layouts to fit your needs #18571
  • Most recent frontend changes
    • Display the intro or full image in your newsflash module #20169
    • Show only the articles from a specific author in your latest articles module (#20687), and more options!
  • New features for multilingual sites
    • A new toolbar button to edit associations #21022
    • Propagate existing associations #21321
    • Display your tags per language #19509
  • Use Google Invisible reCAPTCHA on your websites #18146
  • Argon2id Password is now supported #20855

Visit the Joomla 3.9 site to learn more about this release and browse the Joomla! 3.9 documentation to discover how to use the new features.

This new release features over 300 improvements, with two primary major features aimed at developers: the new routing system and the beginning of a forward compatibility layer with Joomla! 4.0. Additionally, two security issues have been resolved.

 

Tags:

Joomla 3.8 released

 

 Joomla 3.8.0

The Joomla! Project is proud to announce the release of Joomla! 3.8, the latest in the ‘Joomla! 3’ series. This new release features over 300 improvements, with two primary major features aimed at developers: the new routing system and the beginning of a forward compatibility layer with Joomla! 4.0. Additionally, two security issues have been resolved.

And now, the big question is, what is new in Joomla! 3.8?

Here are some of the new features …

  • New Routing System - The new routing system gives users more control over their URL structure, including the often requested ability to remove IDs from URLs
  • Joomla! 4 Compatibility Layer - The development of Joomla! 4 has made some changes in how the core code is structured by migrating classes to use PHP namespaces. Joomla! 3.8 includes a mapping layer to allow developers to use the older class names while being able to take advantage of the new class name structure.
  • Improved Sample Data Installation - It is now possible to install sample data within your site backend after finishing the installation process, allows users to create their own generic data sets or extension developers to provide easy-to-install sample data for their extensions
  • Sodium Encryption Support - PHP 7.2 introduces the new sodium extension for processing encrypted data, through a polyfill of this library Joomla! 3.8 makes this new API available for all of our users even before they upgrade to PHP 7.2
  • Visit the Joomla! 3.8 site to learn more about this release.

 

Tags:

Joomla 3.7 released

 

 Joomla 37

The Joomla! Project is proud to announce the release of Joomla! 3.7, the latest in the ‘Joomla! 3’ series. This new release features over 700 improvements to the popular CMS, including many features which make administration of Joomla! Web sites easier and more feature-rich, as well as several security updates.

Here are some of the highlighted features:

  • Custom Fields - use extra fields, including text fields, selects and 13 other field types, in your articles, users and contacts
  • Multilingual Associations Component - translate your content easily from a single, unified interface
  • Improved Workflow - create a category, article, and menu item all in one step from within the menu manager
  • Backend Menu Manager - manage the administrator menu just like the frontend, create a different configuration for each of your backend user groups
  • Do more with TinyMCE - including new buttons to easily add menu links and contacts and many other improvements
  • Easier Extension Maintenance - prevent administrators from accidentally uninstalling needed extension package elements
  • User Experience - the little changes that make all the difference: your User Experience is improved thanks to the display of your global settings, a flatter backend template, the possibility to share sessions between apps...

There are many features to explore and we will be revisiting our components to ensure that they continue to work fine with this new Joomla release!

The future of Joomla 3 and Joomla 4

The current plan is that the next release, Joomla 3.8, will be the last in the Joomla 3 series. According to feedback from the Joomla developers, we could expect Joomla 4.0 to arrive around six months after Joomla 3.8.  We do note however that there are still regerences to Joomla 3.9 upon the Joomla web site.

Tags:

Broadband Connections

We have recently relocated and this in itself whilst being ‘fun’ has in particular provided a number of ‘opportunities’ as regards our broadband access mechanism.

Having been a BT customer for  many years our first thought was to continue using them as a broadband provider. Alas this was not possible since our ‘landlord’ didn’t want lines ‘over the property.   OK you might say, but just cancelling BT broadband was itself ‘interesting’ in that they see this as an opportunity to make money.  Not only is there a disconnection fee, but also since we paid in advance for line rental for a year they deem that any of the rental paid for the remaining part of the year is also lost. This latter cost can in itself amount to over £100 pounds.  So make a note to never pay in advance for BT services since if there is ever a need to cancel them then it is going to cost you more than you expect.

The intent was to instead make use of a cable connection.  Cable was laid to the property and all that was required was for the cable providers to come an make a connection. Sounds simple, but no, even here the cable providers fail to turn up and carry out the work, due to ‘a driver being ill’.   Strange that they only have one driver you might think, and you would not be alone. Here we are several weeks later and we are still waiting.

So we have ben forced to look at other alternatives. Many years ago we made use of a ‘wireless mobile broadband’ connection from BT.  This is effectively a dial up connection using a mobile instead of a modem.  It worked quite well but was very slow.  Dusting off the device and trying it didn’t work, mainly we suspect because if one does use a ‘mobile’ number in a period of time, often about six months the mobile number is effectively dead.   Not too surprised at this but it got us thinking and sure enough things have moved on.  Seems the current solution is ‘wireless hub’ which is a small device about a few inches square, into which one insets a mobile SIM card and once connected provides internet facilities for up to 10 devices.  These seem to be provided by most if not all of the mobile providers, and one contracts for a ‘data’ only SIM device.

There are a few things to consider.  First what is the likely usage of the data, and in particular how much data are you likely to use each month.  Often one is totally unsure of how much data would be viewed in a month, but one has to have a rough estimate, since if one exceeds the ‘monthly’ contracted usage, the use is either a) cut off for the rest of the month, or b) subject to an increased cost for the data used after the limit is exceeded.  Neither of which is a good outcome.

One contracts for a certain amount of data usage each month, and different providers have different set levels, such as 500Mb, 1Gb, 2Gb, 4Gb, 8Gb etc.   The cost is also somewhat variable between different providers.  An additional consideration is how satisfied the customers of each mobile provide are, and this alone is sufficient to eliminate a few of the possible suppliers.

Remembering our previous performance observation we were really only interested in using a 4G network. Those of you still using a portable phone on a 3G network will be aware of how slow surfing the web can be.  We selected a 30 day contract with EE for a 4G mobile SIM and so far we have been very happy with the result.  Performance wise it is faster then the fixed line speed we were used to seeing using our ‘old’ BT connection.  Cost wise, it is a little early to say, but since we are not paying for a ‘broadband connection on a fixed line’ this tends to offset tie cost a little, hence we are not really seeing a real difference per month.

Whether this is a solution for the long term, remains to be seen, but as a short term solution is is working well and should not be discounted if one ever sees oneself in a similar situation in the future. 

Joomla 3.6 released

 joomla 3 6 stable release

The Joomla project has released its version 3.6 stable package.

This new Joomla release has lots of bug fixes and over 400 improvements to make everyone's day to day Joomla usage easier.

One thing we did like was that the Joomla team has also created a made a great Joomla 3.6 microsite highlighting all the main features. Even more items can be seen in the Joomla 3 FAQ as well as a more technical list on the project's GitHub repository.

Here are some of the highlighted features:

  • Joomla update can now perform a reinstall reverting back to default code.
  • Usability improvements that help find things easier and get things done quicker with dropdown task execution.
  • New Sub form field function for developers to take advantage of.  Developers should read this as nested forms and enhanced repeatable fields.
  • On the fly category creation will make content editors happy as they can create a new item and a new category in the same process.
  • Menu type ACL gives even more control to fine-tune permissions on backend menus.
  • New option to show all items from all menus gives a quick overview of what is displayed where on the website. It makes it easier to spot duplicated links, missing menu items or just obtain an overview of every menu on your site.

There are many features to explore and remember that our components work fine with this new Joomla release!

Tags:

Rialto v1.2.2 released

rialtoWe are pleased to announce release 1.2.2 of the Classified Ads component for Joomla named Rialto.

This component runs on Joomla 3.5.1 (and above). 

This release corrects a few problems found with the earlier 1.2.1 release. It also changes the front end user profile edit to use JForms.

See the change log and documentation for more details.

The release is available in the download area.

The use of specific Component User Tables

During our development of our Time sheet component we looked very closely at the use of specific component user tables. These are tables that are specific to a component, which are/can be very useful when there is a requirement to associate some specific criteria to one or more users. i.e We might wish to enable email sending only to specific users.  This could be achieved with the use of Joomla ACL controls but often this can be a little bit overkill especially when there are a number of different combinations involved. In these situations the number of ACL groups required could/would quickly get out of hand and require a lot more overhead in determining the result if user actions in the component. Such user tables are often automatically populated by a system plugin that would automatically add any newly registered Joomla users to the component user table and also maintain any changes that the user might make to their profile such as username or email address between the Joomla user table and the component user table.

One other use for a specific component user table would be where there is a requirement for specific ‘unregistered’ users. An example might be where the component was collecting details of users who requested information upon a specific topic by filling in a form upon the site front end, and at some later stage an administrator might process such requests from the details recorded in the component user table.

Generally component user tables work well in practice but there is one large downside, which is that there is (in all of the uses we have seen),  an explicit assumption that all Joomla users will or are required to make use of the Joomla component, which is not necessarily true.  A Joomla web site will probably have a number (often in the hundreds if not thousands) of users and if the site has a specific component installed that is used for example, by internal staff only, there is no need to have additional entries in the component users table for the non-staff members. In the case of our Timesheet component only certain of the site users would make use of the component so there is no need to have an entry in the component user table for every single one of the Joomla users.

This has resulted in our implementing a change to how Joomla users are integrated into the component user table. The former mechanism of having automatic user table update by the use of the system plugin was obviously not desirable,however we did want to synchronise any updates (and deletions).  Thus we have a need to introduce an optional parameter to the system plugin which will control whether new Joomla users are automatically added to the component user table.

With this in mind we have modified a few of our components, and are in the process of modifying a few others, so that the automatic addition of Joomla users to the component users table is a system plugin option. This change is relatively trivial, but there is an additional change required, which is to provide a mechanism so that users can manually added to the component users table by a site administrator when required, such as when new staff join the company..

The first component to use these mechanisms was our Timesheet component and we have now also added our Rialto (Classified Ads) component,  Obviously in the first of these we are only interested in providing the ability to create timesheets to our internal staff.  In the later component we may only have a select sub group of users who we may want to be able to create/manage their classified advertisements. We will also add that, yes we do also include the ability in the components to use Joomla ACL rules but this alone would not address the number of entries in the component users table and could well make the administration of ACL groups a lot more complex as mentioned earlier.

There is some additional code required but the benefits include a smaller component users table, with much clearer administrative visibility and control over who is using the specific  component.  It also provides the ability to have a simple test upon whether the register user in the front end has an entry in our component user table to control what specific front end views they may be presented with.

Rialto v1.2.1 released

rialtoWe are pleased to announce release 1.2.1 of the Classified Ads component for Joomla named Rialto.

This component runs on Joomla 3.5.1 (and above). 

This release adds adds a number of fixes and general improvements. There are no new features in this release.

See the change log and documentation for more details.

The release is available in the download area.

CDN hosted sites, Tor browser and Captcha

We were recently making a modification to our IP Mapping component to support CDN sites such as Cloudflare as a result of a recent forum post, and we discovered the answer to a observation that we had seen a few times that we thought worth sharing.

We occasionally use the Tor browser to access web sites, usually to give us a random set of IP addresses that we can test upon a site, when using IP Mapping.  It is a very convenient way in which one can test access to a site, and appear to be coming from somewhere else in the world. We had observed that occasionally we were presented with a captcha page on some sites as shown below:

 20160502093024 Cap1 2

In the example shown we are accessing the Cloudflare site itself.

We hadn't worked out why this was occurring but now believe that it is something that sites hosted by Cloudflare sometimes display.  We think this is Cloudflare itself that is intercepting the IP address that the Tor browser is using, i.e. the specific Onion exit IP point, and that Cloudflare is then deciding to display the captcha.  If is probably not that difficult to do, and only requires a mechanism to keep track of all the possible Tor access points, and if the browser is coming from one of these IP locations present the captcha challenge.

Of course this makes some sense since Cloudflare is presumably protecting the sites it is hosting, but to a visitor (using the Tor browser) it is not evident or always known that Cloudflare is hosting the site, so it may come as somewhat of a surprise.

Of course other CDN sites may also be using such a mechanism as well so if you see such a captcha mechanism in place it may not be the site you are accessing that is the source of the captcha but the CDN site itself.

We have only observed this behaviour when using the Tor browser, and note that Cloudflare has a mechanism to let the hosted site decide what action to take when the Tor browser is used.  Other CDN based sites and other browsers may exhibit similar ‘opportunities’ but of these we are not (yet) aware.

Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries