Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

Hints and Tips on Joomla and its usage.

Web Site Security

b2ap3 icon joomlaJust read a short article in the December issue of the Joomla Community Magazine titled ‘Ten Arguments That Threaten the Security of Your Website’ that is well worth reading.  It applies equally well to any web site but obviously the emphasis is upon Joomla.

The point about always keeping your website up to date with the latest patches in particular is one that I usually have to use every week, when looking at reported problems our component users are experiencing.   Usually the Joomla version is several if not many versions behind current.  Perhaps one might miss or not have time to always be upon the latest release but there is really no valid reason for being, in some cases over a year behind.  It is just asking for trouble.

I recommend it for a worth while read, it is reasonably short, but quite concise, and unfortunately so true in many respects.

Problems with ReCaptcha display

ReCaptchaWe have been seeing a strange problem on our site where the ‘ReCaptcha’ challenge was not always being displayed when it should have been. Most notably this is/was seen on the site registration page, but was not just restricted to that page. A complete page refresh often resolves the problem and shows the Captcha block.

We today saw that a change is proposed for the next Joomla update. It is mentioned in this post from OSTraining, which in turn refers to the fix itself which is extracted from this joomla.org doc.

The basic problem seems to be that Google changed the URL’s of the Recaptcha API location, which doesn’t completely explain what we are/were seeing, but implementing the fix cannot do any harm and may even resolve the problem.

We will watch it for a while and see whether it completely solves the problem, but recommend it is implemented on your sites if you are experiencing ReCaptcha problems.  It does require FTP or SSH/Telnet access to change the plugin code.

Update 29/11/2013: Doesn't solve the display problem, so still investigating.

Implementing Online Storage - DropBox

b2ap3 icon dropboxWe have been investigating the use of ‘Cloud services’ in particular for backup and synchronising devices and discovered just how easy it was to use.   One attraction is that there is a ‘free’ no cost option, and there appears to be a wide variety of providers.  We have used Amazon Cloud Drive, Google Drive and also Microsoft’s SkyDrive but they didn’t easily integrate into all of our environments and we wanted to automate the use of the service.

Before we jump straight in, one often asked question is what is online storage?  The answer is of course, that online storage, or "cloud" services as they're also known, it that it is ‘storage space’ help somewhere in the ‘internet cloud’ that appears (often) as a virtual hard drive that's shown on your desktop and linked directly via the internet to the suppliers online space.  Exactly where it is stored is not really important, just that it is accessible.

They are easy to use, as one just opens the folder on the desktop and copies or pastes a file (or files) whether they be documents, music files, photos etc., and the files get synchronised across to the ‘online’ space.  If one has multiple devices (or machines) then each device, with the ‘providers’ software installed can see and access to files.

It is also possible to ‘share’ the files with other users as well,  once they've installed the same service.

Security

Data security is the number one concern since one is relying on the service to keep your files and documents secure.  If your account is hacked, your files are immediately available. However, there are several things you can do to prevent this:

  • Frequently change your passwords and don't use the same passwords as your email accounts. As a lot of these services require you to use your email address as your ID, it makes it easier for the bad guys to crack your password.
  • Use some encryption upon the files which is encoded with a password for sensitive files stored on the ‘online service.

And of course the ‘old’ standards still apply:

  • Install (free?) antivirus software and malware software, and keep it up-to-date.
  • Avoid opening any links or attachments that could be potential security risks.
  • Beware of phishing emails and any messages from unknown senders that request your bank details.

Note: Other ‘online storage’ users usually can't see your private files unless one deliberately invites them or places the files in the "public" (or shared) folder.  As expected everything in your public folder is, by definition, accessible to anyone.

As we said at the beginning we wanted to specifically concentrate on the ‘offsite’ storing of ‘backups’, in particular our web server.  Fortunately we make use of Akeeba Backup Pro, which allows easy integration into a number of providers.  We chose to look specifically at DropBox which since its launch in 2008 has become well know with techies, and has become one of the biggest names in online storage. It is also available upon a number of devices and has a simple, user-friendly interface. It can be downloaded on to PCs, Macs, iPads, iPhones, BlackBerrys and Android devices.  It also has an online version of the service, which you can use on any PC where Dropbox is not installed - just log in online.  IT is this flexibility that particularly appeals.

It initially comes with 2GB of space, but this can be boosted by introducing ‘new’ friends to Dropbox.  With every new referral, you'll both gain an extra 500MB, up to a maximum of 18GB. If more is still required a monthly subscription can be added to the account.  This was more than suitable for our requirements so we read the documentation on the Akeeba site and proceeded to set up Akeeba Backup to create a backup and ran a test.  It worked perfectly, so much so that we thought we had made a mistake, but the site backup was in the Dropbox account. The automation was then set up using a cron ‘daemon’ on our web site and left to see how it performed overnight.  Checking the following day showed the backups were working well.

Next we looked at the synchronisation process between devices.  The only snag we found was that some of our devices were a ‘little long in the tooth’ and the Dropbox software required ‘up to date’ operating system versions, which were of course not available for  some of the hardware.  Apart from that the processes work well, with only the expected delays caused by the network performance.

The next thing we looked at was synchronising with our NAS, (again another device, albeit one with certain characteristics). Again installing the software package upon the NAS went smoothly just as explained in the NAS documentation., and it then automatically created a folder on the NAS and saved all the files onto the NAS from Dropbox.

So we achieved what we set out to do.  Automatically created a web site backup (via cron), and transferred it to the ‘cloud Dropbox service’. Then on our NAS box it automatically synchronised the Dropbox backup files to out local NAS storage. Job done.

All in all it was as ‘easy as pie’ and we recommend it.  In fact we wonder why we didn’t do it before, it just ‘worked’!

It is easy to see how beneficial this service could be to someone at or going to University who wanted to preserve their work in the unlikely event  of an accident or possible theft of their personal computer.

Download it now: Dropbox

Problems getting a front end wget/curl cron working.

joomlaIn completing the testing of our ‘cron’ addition to a Joomla component we experienced a small problem, which is worthy of noting especially as we have not seen any mention of the problem anywhere else on the web.

The problem manifested itself as the apparent ‘inactivity’ when a front end web page was accessed via wget, curl or lynx.  This was very puzzling since accessing via the usual web browser appeared to be working.  After much testing we discovered that wget, curl etc. were indeed accessing the page but the underlying actions that the page was intended to run were not occurring.

To cut a long story short, we discovered that the pages were being served up by the ‘page cache’.  In the normal course of events this is what one wants to occur, however with a ‘cron’ page we want the underlying actions to occur.  It was necessary to disable the caching of the specific accessed page and this completely resolved the problem.

What was interesting was that this specific problem was not mentioned on any sites on the web, despite extensive searches. Either everyone else is aware of the problem, possible but unlikely, or equally unlikely no-one else uses page caching.

As part of our investigations we also tried out a well known ‘free cron’ service.  This didn’t help us resolve our problem, but did make us aware of possible ‘redirections’ that may be caused by the use of ‘SEF’ components on a web site. It was necessary to specify the ‘redirection URL’ rather than the ‘original URL’ to the service. Not a specific problem but one of those things to be aware of. 

Problems installing a Joomla component

joomlaWe met a very strange problem when we had to re-install a third party Joomla component.  We will not go into the details of why we had to do a fresh re-install, sufficient to say it was to try and fix an ‘opportunity for improvement’.  We couldn’t uninstall using the standard Joomla mechanism because we wanted to retain all the underlying database tables used by the component so did a manual uninstall instead.

The component was quite large but we extracted all the files and placed them in the tmp directory, so it was easy to reinstall until we determined the cause of the problem.  [We encountered a few MySQL Error 2006 – DB Server has gone away’ messages, but apart from being annoying were not really causing a problem.]

The component ‘spun’ its icon and then presented us with the following messages:

"Component Install: DB function reports no errors"
"Error installing component"

In addition an entry was make in the #__extensions table but no files are ever installed.  It is impossible to remove it via the Joomla ‘Manage’ feature and all one can do is remove the entries from the table via phpadmin (or similar).

Attempts to re-install again, are repeatable and every time a new entry was inserted into #__extensions.  If one tried several times, several rows were created.

Then we found this problem report, which had all the symptoms we were seeing.  It was raised against Joomla 1.6 but was still very useful. The clue was the mention of the #__assets table and sure enough we found a single line entry in the #__assets table which we could then remove and the next attempt to reinstall worked perfectly.

Running scheduled (cron) tasks with Joomla

joomlaWe have recently developed a feature with one of our components to make use of a scheduled task to perform a repetitive action, which avoids the need for us to enter the site and manually click upon various icon(s) which in turn cause the required action(s) to occur. Such a requirement is reasonably common and includes things such as sending scheduled emails etc. We were expecting it to be difficult to implement but as it turned out was pleasantly easy to achieve.

Upon UNIX based systems ‘Cron’ is a daemon that provides a time-based job scheduler that runs in the  background on UNIX systems that executes commands at specified intervals. These commands are called "cron jobs."  Windows servers use a Scheduled Task to  execute commands. Typically a task requiring repetitive actions  to be carried out on a regular (pre-determined) basis would be ideal candidates for using ‘cron’.

There are basically a few methods that can be used to provide a  scheduled task within Joomla. The preferred method will depend upon the specific web hosting supplier and the facilities they supply. [For our implementation it was necessary to supply both mechanisms, since some of our users’ systems may not have one or the other.]

Continue reading

Using an IDE for Joomla development

phpstormWe have never really taken to using an Integrated Development Environment tool (IDE) for product development.  This is nothing against IDE’s per se, just that over the years we have used a lot of tools, some good, some bad, and have found that just when one starts getting productive with them, they suddenly stop being supported.  We could name (but won’t) numerous tools that fall into that category.  A lot end up being taken over by a certain well known ‘computer software vendor’ who then milks them for the support fees, but never develops them, before finally dropping them. This then leave one ‘high and dry’ and forced to change to another tools.

Continue reading

Changing Joomla MySQL database connection details

mysqlWe recently had cause to have to modify the connection details that a Test Joomla setup was using to connect to the underlying database.  The reason was that we wanted to test out a component installation where some specific database privileges had not been granted.

In out case we were interested in the database privileges ‘CREATE VIEW’, ‘CREATE ROUTINE’ and ‘TRIGGER’. Since our component would make use of database triggers, procedures and views we needed to test out an installation on a system where such grants were not present.

Our systems had the required privileges granted and we knew that editing the ‘configuration.php’ file in the existing Joomla installation should enable us to achieve this easily, but despite our attempts this wouldn’t work and instead gave us an error: ‘Database connection error (3): Could not connect to database ‘.

We played with the username and password settings in the ‘configuration.php’ file without any success it just wouldn’t connect and we knew that we had another database set up with the same username and password.

Then we remembered that we had only granted permissions for this ‘restricted’ database account to a specific database.  All we had to do was ensure that the correct grants were made for our 'second database’.

   1:  CREATE USER 'test'@'localhost' IDENTIFIED BY 'password';           -- Not required if the user already exists.
   2:  GRANT SELECT, INSERT, UPDATE, DELETE ON DBX.* TO 'test'@'localhost';
   3:  CREATE USER 'test'@'%' IDENTIFIED BY 'password';                    -- Not required if the user already exists.
   4:  GRANT SELECT, INSERT, UPDATE, DELETE ON DBX.* TO 'test'@'%';
   5:   
   6:  GRANT LOCK TABLES, CREATE TEMPORARY TABLES, CREATE, DROP, INDEX, ALTER ON DBX.* TO 'test'@'localhost';
   7:  GRANT LOCK TABLES, CREATE TEMPORARY TABLES, CREATE, DROP, INDEX, ALTER ON DBX.* TO 'test'@'%';

 

Where test is the name of your connection user, password is whatever your desired password is, and DBX is the name of your MySQL database.  Obviously if your database is not on your localhost you need to modify it for the appropriate host name or IP address, which ever is most apt.

Once we had done this it all worked perfectly and our testing could commence.

Debugging PHP with Java console.

b2ap3 thumbnail joomlaIt may seem a strange title for a blog, but we have been looking at a small ‘opportunity’ in converting one of our components to Joomla 3.x.

First a brief explanation is required. The module in question is a PHP module which calls some Javascript code which in turn then calls a separate PHP routine.  The error we were trying to resolve involved this ‘second’ PHP routine.  The module was designed to display a Google map and the first PHP module sets up the display, the Javascript code builds up the required map and it is in turn, populated with data obtained from the database and formatted by the second PHP routine.

This ‘inner’ PHP routine was working perfectly on Joomla 2.5 but on Joomla 3.1 only the map itself was displayed, not the 'map points’.  It was apparent therefore that there must be ‘code’ that was not Joomla 3.x compatible but how to find it.  Code inspection did not reveal any apparent cause. The changes to remove JRequest and replace it with JInput were working fine, and attempts to use print, dump, enqueueMessage, etc. statements were accepted but would never display any information which one could see.  [This might possibly be due to our trying to display text ‘after’ the ‘error point’, but am not totally convinced yet.] Inspection of error logs also were not informative, mainly it is suspected due to the Javascript ignoring the errors and proceeding to execute even after receiving a error from the PHP routine.

Continue reading

Emailing €˜items€™ with relative image URLs from Joomla.

issues-48We have been looking at a small ‘opportunity’ which we discovered when we were emailing material such as an ‘article’ or Issue Tracker ‘issue’ from our Joomla system.

The problem is quite simple to explain since it can be caused by the content editor that is forced to use relative URLs.

This can be resolved by creating a new profile in the editor (such as JCE) which is configured to use absolute urls and then assign the profile to the particular component where absolute URLs are needed.

There is a small note on it for JCE which explains how to do this in more detail.

Continue reading
Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries