Joomla Support and Services Blog

How many times have you gone to a website, then during registration you decide not to join due to the massive amount of questions they ask you during registration? Is this causing your customers not to subscribe to your website?

Surfers on the internet are impatient these days. That is probably an under statement. There are just too many sites out there that make the registration and subscription process to time consuming.

When you are offering content that a person has to pay for, why not make the registration and subscription process simple, get the user subscribed, then collect any addition information you may need.  If your potential customers are asked to register, do you really need to ask them more than the essentials before allowing them to subscribe. 

With the new version 1.2 of Account Expiration Control (AEC), you can now handle the registration process on the confirmation screen. Implementing this feature can cut down the registration process, even if you are just using Joomla standard registration fields (Name, User Name, Email, Password).  The new Custom User Details micro integration in AEC will collect this information on the confirmation screen now. 

Even if you are using a community based software such as Jomsocial, this process can be used to collect the essential information, have the member pay for the subscription, then supply additional information after they log in the first time.

For more information This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Monday, 11 February 2013 00:33

Responsive Web Design

What is "responsive web design"?

Well according to Wikipedia:

Responsive web design (often abbreviated to RWD) is a web design approach aimed at crafting sites to provide an optimal viewing experience—easy reading and navigation with a minimum of resizing, panning, and scrolling—across a wide range of devices (from desktop computer monitors to mobile phones).

Why is it important?

Well according to Pew Internet:

Nearly nine in ten smartphone owners (87%) use their phones to access the internet or email, with 78% of these users saying that they go online using their phone on a typical day.4 Put differently, that means that on a typical day 68% of all smartphone owners go online using their phone. Although smartphone ownership varies significantly based on demographic factors, within the smartphone owner population there is relatively little variation when it comes to using one’s phone to go online. Age is the primary differentiator—fully 94% of smartphone owners ages 18-29 use their phones to go online, with eight in ten (81%) doing so on a typical day.

Now add the number of users who are using a tablet to surf the internet and the number increases. So if your website is not responsive, then you are loosing out.

This is the reason that the new design of this site is totally responsive, and dynamically changes based upon the viewing area of the device you are using.  Try it yourself.  Just adjust your browser size slowly and you will see the design change from a desktop view, to a tablet, then to a mobile device.  How did we accomplish this? Well, it took a bit of time but:

  • Get a responsive template.  I just love Yootheme and their warp framework for this. But there is more to do than that.
  • You need to assign an auto size css class to our images so they will adjust in size to the device.
  • You need to assign css to modules that you want seen on just the desktop, just a tablet, or just a mobile phone.
  • If you have videos then you need to do some css work also so they adjust in size also.

It was a fun and great experience redoing our Joomla! site to be a responsive web site.  How long did it take?  Well the css for out video delivery from youtube took around 4 hours to work out all the kinks.  Then customizing the other css took another couple of hours. As for assigning the auto resize css class tot eh images, that took a few minutes using SQL on the database itself.

 So if you delay in converting your template on your Joomla! site to be responsive, then plan on your competition crushing you!

Saturday, 10 November 2012 18:57

JCE Editor for Joomla Causes Security Risk

 

Today I spent over 3 hours cleaning up the 15th Joomla! site that has come to me with "My site has been hacked!" or " Google says my site has been compromised".  Although the JCE Editor has great reviews on JED (Joomla Extension Directory) is it really needed?  My personal opinion is NO!.  I am an avid user of TinyMCE editor, which comes with Joomla!. All I ever do is to turn it on to extended mode via the plugin to get all of the "bells and whistles".

But then after I build a site for a client, they are told by someone else, get the great nifty editor called JCE. I myself have never installed it by default for any client, and when they ask, I usually try to persuade them to use TinyMCE instead.  For those that did install JCE, well at least 15 of them have contacted me to fix their site.

If you have run into this situation where all of the sudden Google states you are selling Viagra!  You can google and find such links as Google shows viagra, cialis, spam, oh my! Google Conditional Hack, and how fix or The Joomla Pharma Hack.  Each one tells you in general what to do, but be prepared to spend most of your day cleaning it up. It took me 3 hours today of actual work (not to mention the 10 hours spent searching each file via FTP).

And it seems to all be related to the JCE editor.  How so, I could see in the image directories the files that were the culprit and they were most likely due to the "the image upload functionality within JCE".  Loading the site via my browser was fine, but when I tried to crawl the site as if I was a google bot, it showed the tags on "Buy Cheap Viagra!" So here is what I had to do.

 

(1) I downloaded an extension called Version Verification Tool. I love this extension. It will tell you which core Joomla files have been modified if any. This time the hackers are a little smarter, they did not hack up the easy to find files:

Filename Action
includes/def.php Delete this file!
includes/defines.php Delete first line (starts with “() …” but keep the rest of the file.
components/com_wrapper/views/wrapper/.wrap.php Delete this file!
libraries/tcpdf/config/lang/.default.php Delete this file!

 
So I moved onto the next step.

(2) I took a look at the main template's index.php file.  And that was changed.  It was trying to load additional files, like a main.css file and had some strange includes. I corrected that.

(3) Usually with my FTP client I do a content search for "(base64_decode("  in order to include all the variations of possibilities such as:

  • "eval(gzuncompress(base64_decode("
  • “eval(gzinflate(base64_decode(”
  • “eval(base64_decode(”

Then I actually look at each file to see if I see any of the long string of gibberish, like “'7b17VxtH8gD6N3tOvkMzq81IsRCSs.....". 

(4) When I find those files, I back them up locally, just in case, and then replace them with the original extension file, if any, or delete them all together.  I deleted the files in guess what, the image directory and any css files that had the bad code.

(5) Then I tightened up the security on all of the template’s index.php files.

(6) Then I did an security audit on all of the extensions installed, and upgraded those affected including JCE.

Hopefully this never happens to you, but if it does, remember we are here to help.

Sunday, 29 January 2012 13:32

Migrating or Upgrading to Joomla 1.7/2.5

It is that time again.  It seems that versions of Joomla are coming out sooner that you can upgrade to the next version. Not really, but sometime it sure feels that way.  Joomla just released this month (January 2012) version 2.5 of Joomla. You may be thinking, what a leap from 1.7 to 2.5, why such a drastic version number changing.  Like the previous version 1.5, the ".5" in the version number represents a LTR (Long Term Release).  You can read about Joomla 2.5 here.

"Along with new features such as advanced search and automatic notification of Joomla core and extension updates, the Joomla CMS for the first time includes multi-database support with the addition of Microsoft SQL Server. Previous versions of Joomla were compatible exclusively with MySQL databases."  There were also some changes to the Joomla core, so just because your extension runs under Joomla 1.6/1.7 does not mean it will run under Joomla 2.5.

With the new released, should you upgrade and/or migrate? That really depends on your current version of Joomla and also the other extensions you have installed and are running on your Joomla site. Lets take a look at the possibilities with the current version you are running. If you do not feel comfortable doing this yourself, we are available to help.  We can do the research on your extensions for you and then advise you to either have us proceed with the upgrade or hold off.  You can purchase some support time for your account here to get started.  If you want to "do-it-yourself", you can also learn how from attending one of our online webinars held weekly, more information is here.

If your site is currently Joomla 1.6/1.7.

This would be considered an upgrade. You need to consider the following:

  • Is the current template you are running compatible with Joomla 2.5?  You can usually find out by going to the template creator and asking if the current version is compatible, or if a new version is available for 2.5. If so then you can proceed to the next question, if not you need to decide either to wait or to switch templates.  If you do decide to switch templates and not wait, proceed to the next question.
  • Are the current extensions you are running compatible with Joomla 2.5? You need to check the 3rd party extensions you are running, are the components, modules, and plugins are compatible with 2.5.  This can be done by either going to JED (Joomla Extensions Directory) and checking there, or check directly with the developer's website to find an answer.  There were a few changes in some of the core code of Joomla 2.5, so you really need to check this out first before upgrading. If all of the extensions are Joomla 2.5 compatible, then you are safe to upgrade, if not you need to decide either to wait for the extension to be 2.5 compatible, change extensions, or just stop using that extension.

When you are ready to proceed with the upgrade, then you can do it via the Joomla back end-->Extensions Manager-->Upgrade. Remember to backup your site and database first, just as a precaution.

If your site is currently Joomla 1.5

This would be considered a migration. You need to consider the following:

  • You need to decide either to migrate to Joomla 1.7 or 2.5.
  • Is the current template you are running compatible with Joomla 1.7 or 2.5?  You can usually find out by going to the template creator and asking if the current version is compatible, or if a new version is available for 1.7 or 2.5. If so then you can proceed to the next question, if not you need to decide on another template. Let's face it, if it not available for at least 1.7 as of yet, it probably will never be.
  • Are the current extensions you are running compatible with Joomla 1.7 and/or2.5? You need to check the 3rd party extensions you are running, are the components, modules, and plugins are compatible with 1.7 and/or 2.5.  This can be done by either going to JED (Joomla Extensions Directory) and checking there, or check directly with the developer's website to find an answer.  If the extensions is still not available for at least 1.7, then it probably will never be, so you need to drop that extension or replace it with another one.

Depending on the information gathered above you need to decide on the following:

  • Migrate directly from Joomla 1.5 to 2.5, or
  • Migrate from 1.5 to 1.7, then later update to Joomla 2.5
Saturday, 28 January 2012 18:06

Multiple Joomla Site Access Control

We have recently developed a way to control access to other sites from one site running AEC (Account Expiration Control) and the sub-sites using vHTaccess plug-ins.  Now the logic flow here is fairly straight forward but there are a few things you need to know about the major components of such an integration:

  • There will be one Joomla site which will sell the subscriptions and access to the other sites.
    • This is where AEC is installed
  • The other Joomla sites that you are selling  access to can be separate URLs or even sub-domains.
    • These are the sites that will be using the vHTAccess plug-ins

The logic flow here is as follows:


The Main Site


AEC is installed and used to collect all the pertinent Membership information such as user name, password, and email address.

AEC uses its Micro Integrator htaccess, to create the htaccess and htpassword files needed for vHTAccess to authenticate against.

The Server must have curl installed.

You can sell memberships to another sites,  more than one site, or even multiple sites.

Community Builder or Jomsocial can be installed on this site..

The Other Sites


Can be on the same server or a different server.

Server must have curl installed.

vHTaccess is used as the authentication method and user creation method

Only the Username and Password is passed to the site, all other registration information is not recorded, but is available through the main subscription site.

All links to registration, user name or password reset are redirected tot he Main Subscription site.

Jomsocial can not be installed on these sites

The access level is simple and a must: They are either registered and have access to the membership content or they are not and do not have access.

1 access level only (Registered)

For more information  Contact Us

Page 1 of 2