Help! I am locked out of my Joomla article!

It’s happened to many of us – we want to edit an article on our Joomla site, but it has a little lock on it. This blog post explains what happened and how can you solve it.

If a article is locked, first be sure nobody else is logged in and working on it. Nothing is more annoying then writing a bunch of changes and pressing save and realizing you have been booted out.
So, if nobody else is working on it you can unlock an article by going into your backend and going to:
Joomla 1.6 and higher = Site->Maintenance->Global Check-in
Joomla 1.5 = Tools->Global check in.
Joomla 1.0.xx = System->Global check in.
This will check in all the locked items. Using the library analogy this means all the articles will go back on the shelves.
You can read more in the Joomla Documentation article “What do the locks mean and how do you get rid of them?”
If you’re using the Cache Cleaner extension from No!Number, you’ll be happy to know that Global Check-In was just added. (If you’re not using this extension, you should really download and install it! Read more about the free Cache Cleaner extension)
Hope all of the above helps you.

Read More

Jomsocial special, only until Friday 3rd of June

JomSocial, one of the best…maybe THE best community extension for Joomla, is developed by the good folks at Azrul. If you hurry, you can get in on the deal they’re running until Friday 3rd of June.

15 months for the price of 12!

You get an extra 3 months subscription when you purchase JomSocial Standard (US$99) or Pro Edition (US$149). Only valid until Friday (June 3).
For pricing and comparisons, see the JomSocial pricing page.

Not sure if JomSocial is the Joomla community component you need?

Lets make it easy: Are you looking to build an online community? Then you should definitely take JomSocial for a test drive! …and you know what? The JomSocial team offer a US$ 1 trial version – read all about it on the JomSocial pricing page.

Go get social!

Read More

SEO extension for Joomla: 2 new versions of iJoomla SEO released

The iJoomla team just released 2 new versions of their popular SEO extension for Joomla 1.6, version 2.0.4 and 2.0.5.

Features include:

• manage meta tags
• monitor keywords
• optimize pages
• create automatic links
• create redirects
• and much more… For full list of features, go to the iJoomla SEO extension features page.

iJoomla SEO change log (Joomla 1.6)

Version 2.0.5

• Made some changes regarding correct keywords ranking
• Solved some bugs on internal-links on back-end and front-end

Version 2.0.4

• Fixed: When an article was edited, meta titles were getting deleted

Read more about the iJoomla SEO extension (and how to get your hands on it)!

Read More

7 tips to optimize Joomla! security

Last April Fools I made a joke that my website was hacked and turned upside down. When your website is really hacked, there's nothing funny about it.
Joomla! is a great CMS that is used worldwide. For this reason, hackers often try to find a way to hack a Joomla! website. Here are 7 tips to optimize your Joomla! security, preventing your Joomla! website getting hacked.

Always remember to make a regular backup of your website and database. If you still get hacked, you can always get back to an older version of your website. Make sure you find out which extension caused the vulnerability and un-install it.

Change the default database prefix (jos_)

Most SQL injections that are written to hack a Joomla! website, try to retrieve data from the jos_users table. This way, they can retrieve the username and password from the super administrator of the website. Changing the default prefix into something random, will prevent (most / all) SQL injections.
You can set the database prefix when installing your Joomla! website. If you've already installed Joomla! and want to change your prefix, do the following:

1. Log on to your Joomla! back-end.
2. Go to your global configuration and search for the database
3. Change your database prefix (Example: fdasqw_) and press Save.
4. Go to phpMyAdmin to access your database.
5. Go to export, leave all default values and press Start. Exporting the database can take a while.
6. When done, select all code and copy it to notepad (or any other text editor)
7. In phpMyAdmin, select all tables and delete them
8. In notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press "Replace all".
9. Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.

Remove version number / name of extensions

Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. You can modify this message to only the name of the extension by doing the following:

1. Retrieve all files of the extension from your server.
2. Open up Dreamweaver.
3. Load any file from the extension that you just downloaded to your local machine.
4. Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to.
5. Set the search term to "MyExtension version 2.14" and press OK.
6. When found the correct file, remove the version number.
7. Upload the changed file to your server and check if the changes are made.

Use a SEF component

Most hackers use the Google inurl: command to search for a vulnerable exploit. Use Artio, SH404SEF or another SEF component to re-write your URL's and prevent hackers from finding the exploits.
Additionally, you'll get a higher rank in Google when using search engine friendly URL's.

Keep Joomla! and extensions up to date

This one is pretty obvious. Always check for the latest versions of Joomla! and the extensions you're using. Many vulnerabilities are resolved most of the times in later versions.

Use the correct CHMOD for each folder and file

Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:

• PHP files: 644
• Config files: 666
• Other folders: 755

Delete leftover files

When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension.

Change your .htaccess file

########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a < script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

Read More

Enable Akismet support in !JoomlaComment

!JoomlaComment is one of the leading free commenting components for Joomla!. I've been using the component since the beginning of my website.
As I said before, !JoomlaComment isn't perfect (yet). It's still missing some features that make others (Like JomComment) more attractive, like the support for trackback. On the other hand, !JoomlaComment does allow threaded / nested comments which is a big positive point.

Another downside of the component is the lack of using the Akismet service. Akismet (which is often used together with WordPress) is a service that helps you preventing others of placing automated spam messages in your comments. !JoomlaComments current solution for preventing spam messages was by enabling CAPTCHA: A technique not many users like.

We're now going to disable the CAPTCHA and enable Akismet support in !JoomlaComment. How? By "hacking" in the !JoomlaComment core.
So let's edit the PHP code from !JoomlaComment and add Akismet support! This tutorial is written for the latest release of !JoomlaComment at this moment: 3.26.
Before you start, I strongly suggest that you backup your files before changing. In case something goes wrong, you can just put everything back as it should be.

Resources

First things first, you'll need to have the following before we can start:

• PHP5 class for Akismet by Aching Brain. There also is a PHP4 class, but this tutorial is written for PHP5.
• A WordPress API Key needed to get Akismet working.
• A PHP editor (Notepad++, Dreamweaver, Eclipse etc.)
• Good pair of brains.

The setup

UnZIP the archive that contains the PHP5 class for Akismet that you downloaded in the previous step. Grab the class file (Akismet.class.php) and upload it to the following folder on your FTP:
/components/com_comment/joscomment/
While you're still there, grab the class file from !JoomlaComment to change (comment.class.php). Open that file with your PHP editor.

Dig in te code

First, we'll need to make a reference to the Akismet class. From line 25 till 28, you'll see a couple of PHP includes. Add another one on line 29:

 
require_once($mosConfig_absolute_path.'/components/
                   com_comment/joscomment/Akismet.class.php');

Now search for the function that inserts new comments to the database (function insertNewPost around line 995). Inside that function, there is will be a query prepared to write to the database ($database->SetQuery arund line 1022). Now add the following code before that query.

 
// START Marcofolio.net Akismet
$WordPressAPIKey = 'XXXXXX'; // Insert WordPress API Key
$MyBlogURL = 'http://www.XXX.com'; // Insert your own blog URL (Don't end with '/')
$akismet = new Akismet($MyBlogURL ,$WordPressAPIKey);
$akismet->setCommentAuthor($this->_tname);
$akismet->setCommentAuthorEmail($this->_temail);
$akismet->setCommentAuthorURL($this->_twebsite);
$akismet->setCommentContent($this->_tcomment);
 
// For Joomla! 1.0.x
$akismet->setPermalink($MyBlogURL.'/index.php?option=com_content&
                                    task=view&id='.$this->_content_id);
 
// For Joomla! 1.5.x
$akismet->setPermalink($MyBlogURL.'/index.php?option=com_content&
                                    view=article&id='.$this->_content_id);
 
if($akismet->isCommentSpam())
{
  // store the comment but mark it as spam (in case of a mis-diagnosis)
  $published = 0;
}
// END Marcofolio.net Akismet

Make sure you change the $WordPressAPIKey into the API Key that you found in your WordPress registration mail. Also, change the $MyBlogURL value to the place where you have your blog. Don't end with a slash ("www.marcofolio.net" is a good value, "www.marcofolio.net/" is not).
Akismet needs the permalink where the comment has been submitted. In Joomla!, the way of viewing articles is different from Joomla! 1.0.x and 1.5.x . Check which version of Joomla! you're running and remove that line that doesn't belong to your version. Also, make sure that the variable is on one line (had to do it on multiple lines here because of fitting on the page).
That's it! Save the file and upload it back to the server.

Testing

Everything should be working fine now. First, disable CAPTCHA from the component settings in the admin panel. Now go to your blog and try to make a comment like you would normally do. Everything should be working fine now.
To test if it actually worked, use the following username: viagra-test-123. When now trying to submit, the comment will be caught as spam by Akismet and will not be directly published. The comment will be stored in the database in case of mis-diagnosis. You can still view and approve comments from the admin panel.

Conclusion and Download

Although also Akismet isn't perfect (it doesn't catch all spam, especially when humans enter a spammy comment instead of an automated script), this is a better solution than CAPTCHA. Also, you'll need to check yourself every time of a comment is caught as spam, but isn't.
Another thing is that Akismet would normally learn from spam comments. The Akismet class does provide the functionality to help the system by telling which comments where spam and which were ham, but that would require changing the admin panel. Feel free to do so if you want!

Hope this helped and maybe it gets included in one of the next released of !JoomlaComment.

Read More

Adding a New Module Position in Joomla!

First to see the available module position on your template, use the url: http://www.yoursite.com/index.php?tp=1.

Read More

How to Create Articles (posts) in Joomla Blog

Having discussed how to create sections and categories on the blog joomla, joomla tutorial this time we will discuss how to make the article. How to create articles in joomla blog is very easy seh. Simply not have strings attached anymore. Here's how to create tables of joomla blog article at:

1. Log into your joomla blog administrator space, by typing "a domain / administrator" in your browser's address bar, then enter your username and password
2. Later came the administrator area like this:
   

Read More