PHP

  • As I write this, both Joomla 1.5 and 2.5 have reached their EOL (End Of Life) for long time, and are not developed or supported anymore. This is a huge security risk, so the best advice here is to upgrade your Joomla site to the latest version. But what if you don't have the time/funds to do it right now?

  • The Joomla ItemID-related management of modules is a powerful tool, but sometimes you need to show/hide parts of your site on two special cases not covered by this tool: when you need to show/hide things regardless of the active ItemID - for example on all detail listings page of a given component, or when you need to deal with a component which have poor support of ItemIDs - as VirtueMart, which is notoriously misbehaving in this regard.

  • With recent upgrade of a great number of servers to PHP 5.3.8 may clients reported that their site began to show error messages like

    Warning: strtotime() [function.strtotime]: It is not safe to rely on the system's timezone settings

    or

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings
  • Many of you probably had seen already the red warning in Joomla's admin interface, that you need to have the Register Globals set to "on", otherwise your site is exposed to security treats.

    And also many of you haven't a clue how to do it...

    So, let's see what an average webmaster can do about this problem.

  • Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. His pair, Local File Inclusion or LFI is basically the same technique, used on sites which have been successfully penetrated, and the hacker "planted" his files already on the server.

  • Yeah, you may say that nothing coming out from that Redmond-based factory does not qualify as LAMP environment, and Joomla is built yo be used on LAMP servers, am I right? Yes... and no. Why not let them to play with the best CMS around Yell.

    So, what a Windows aficionado should know if wants to run Joomla on his favorite server?

  • Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as always, there may be cases, when the above statement is wrong. For specific need he simplest approach may be to use for specific purposes a standalone script. You can solve the problem - apparently - by using Joomla's wrapper feature, and use your scripts as they where part of your Joomla site. Almost perfect solution you may think... but your scripts are directly accessible by their physical URL, not only through the Joomla interface. What you can do about?

    A lot. And surprisingly easily.

  • Joomla specifies certain settings that are recommended for proper functioning of the system. A list of the recommended and actual settings is displayed when you install Joomla. One of the recommended settings is to have 'Display Errors' switched on. This is very useful when developing and debugging a site, but there is a security vulnerability in PHP (not Joomla, but the language in which Joomla was written) which may allow cross-site-scripting attacks when the display errors option is enabled, if you have a script which produces an error.

  • How to build a smart Contact Us module?

    Smart in what way, you can ask... Simple: to let you know, in which page of the site the user filled it and send it to you! Why? you never get a criptyc message from your clients you wasn't able to find out what they are referring to?

  • One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary functions using a special language known as 'Structured Query Language', or SQL. Joomla, by the way, uses an open source implementation of this language, MySQL.

  • Just upgraded from a static site to Joomla? Or just reorganised your content? And, of course, you don't want to loose your existing Google PageRank and your external links...

    What you can do?

    301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. It's not that hard to implement and it should preserve your search engine rankings for that particular page. If you have to change file names or move pages around, it's the safest option. The code "301" is interpreted as "moved permanently". This is the solution Google recommends for webmasters to keep their ratings.

  • Did you already seen that since the advent of Joomla 1.6 the blog view has been changed? Let me refresh your memory! In Joomla 1.0 and 1.5 the Leading Articles - the articles on the top of Blog view - where shown on full by default, and for the rest of articles only the Article Intro part was shown. With Joomla 1.6 this has been changed, for all articles in a Blog view is shown only the introtext. You didn't even noticed that, right? Me either, until one of my clients has specifically requested the feature.

  • Over the years spent in web page building and maintaining (since 1995, when published my very first webpage on a self-hosted SCO Linux box) a lot of information has been collected, settled down and at the end the best and most important tricks helping to make a website became fast and stable in the same time where surfaced. Despite the fact, that I wrote about this subject several times, it's a subject wich never looses his actuality.

  • There are endless possibilities to made tricks with your template using a little bit of PHP code. Let me show you another one!

  • The Page Class Suffix is a parameter in Joomla! content Menu Items. It is set in the Menu Item: [Edit] screen under the "Parameters (Advanced)" section. This will cause Joomla! to either add a new CSS class or modify the existing CSS class for elements in this specific Menu Item layout.

  • I am angry on Easter bunny. Really... He delivered to me a nasty surprise: lots of my customers complained during/after Easter weekend, that their shops, sometimes the Easter's week began to malfunction: the users using PayPal as payment gateway aren't charged correctly. After studying the problem, I found, that is happening on shops running versions of VirtueMart 1.1.3 to 1.1.9, charging shipping to customers and using the old PayPal API to communicate with the gateway. More precisely, the sipping net amount was not transferred, the shipping tax was sent correctly.

    Then, by searching for "virtuemart shipping not transferred to paypal" I discovered, that I am not alone: there where some 54k+ search results returned!

  • The VirtueMart forums are full of complaints like:

    When a shopper from my wholesale group (50% off) opens the product page it shows the parent products discounted price as the price of each child. Any help would be appreciated.

    So, here's the much awaited fix!

  • More and more users are switching to Google Mail, Hotmail and other free mail services these days. It's a great move... unless you have VirtueMart and your Joomla is set to send your mails through SMTP. You may easily end seeing something like:

    Warning: fsockopen() [function.fsockopen]: unable to connect to smtp.gmail.com:25

    The mails from other Joomla apps are sent, just the VirtueMart is behaving badly. Weird thing is, that you can see in the main Joomla config the mailer set up properly, and the port to be used is 465, as required for Google Mail, but as you can see the error message indicates that VirtueMart tries to use port 25! The problem is that VirtueMart has a code flaw, when sending mails through SMTP the port 25 is hardcoded, and isn't inherited from main Joomla configuration file.

    The fix is relatively easy, but you must get your hands dirty with some PHP code.

  • After moving a site to a new server I found this error in the backend - at least one error per page, but casually even more.

    XML Parsing Error at. Error

    No error number, no line number... What a heck!