JomSocial Album Privacy Issues

Hi,

I was working with JomSocial and I found some interesting (read: ridiculous) things regarding JomSocial. Here hey are:

1. Even if you set a video view to 'Only me', anyone can view, rate, comment on it if they just know the URL, the URL could also have been indexed by search engine.
2. Same issue with Album
3. But here is what was most amazing, if you are viewing someone else's album if you have rights to view or even if you don't have rights and you have gone through URL, you can change their album covers and even DELETE PICTURES.. yes literally delete pictures.. go try it yourself.

I don't know how it didn't come into notice so far or if it is supposed to be a feature, which clearly it shouldn't be. Maybe they have fixed it in 2.6 otherwise lets hope they do so soon as I have checked in 2.2 and 2.4 and its in both.

Enable / Add ReCaptcha in Joomla 2.5 form

If you are looking for adding recaptcha to your registration or contact form in Joomla site to have less spam here is how to do it in Joomla 2.5

Login into admin

Go to Global Configuration

Under 'Site' look for option 'Default Captcha' and change it from 'none selected' to 'Captcha ReCaptcha'

Once done you will have captcha enabled but if you open a form in front end you will be having an error of
"

• ReCaptcha plugin needs a public key to be set in its parameters. Please contact a site administrator.

"

To solve this go to 'Extensions-> Plug-in Manager'
Look for a plug in named 'Captcha - ReCaptcha'

Once you open it you will see to text fields of public key and private key,

now login to 

https://www.google.com/recaptcha/admin/create 

give the URL of your website and it will give you both the keys. Enter them and save and now you will have recaptcha working on your site.

Extending Joomla Article Search

The following tutorial will let you know how to extend joomla's default search to add fields of content that are not searched by default, for example 'created_by_alias'. The files mentioned are from Joomla 2.5, previous versions will be quite same.

Following are the things you need to do:
File: plugins\search\content\content.php

You have to add the field in two places, the 'select', and 'where', to add to 'where' look for swtich option at line 73 having cases 'exact' and then below 'all'/'default', add a line for your field like:
$wheres2[] = 'a.created_by_alias LIKE '.$word;


Then moving to 'select' fields like in line 153 and 210:
$query->select('a.title AS title, a.metadesc, a.metakey, a.created AS created');


and add your field like
$query->select('a.title AS title, a.created_by_alias, a.metadesc, a.metakey, a.created AS created');

And finally you need to add your field in the function "searchHelper::checkNoHTML" at the end of the file:
searchHelper::checkNoHTML($article, $searchText, array('text', 'title','metadesc', 'metakey')
to
searchHelper::checkNoHTML($article, $searchText, array('text', 'title','created_by_alias', 'metadesc', 'metakey')

Sort Articles By Rating In Joomla 2.5

The following tutorial will tell you how to sort articles in Joomla by rating

I needed to sort articles in a list category layout and here are the few changes that I made. I am sure they will be applicable on previous Joomla versions as well, or at least you will get the idea:

Open file 'components\com_content\models\articles.php'

Look for the following line (221 for my Joomla 2.5 version)
$query->select('ROUND(v.rating_sum / v.rating_count,0) AS rating, v.rating_count as rating_count');

It is currently rounding the rating for some unknown reason i.e. if you have 4 ratings that combine to make it 4.25, it will show 4 (rounded) instead of 4.25 so first I fixed this by replacing it with the following line:

$query->select('FORMAT(v.rating_sum / v.rating_count,2) AS rating, v.rating_count as rating_count');

(You can even remove the 'FORMAT' if you are fine with going it up to 4-5 decimals)

Once you are done with this, then comes the sorting part, go to the end of this function and look for the following line (463 for me)

$query->order($this->getState('list.ordering', 'a.ordering').' '.$this->getState('list.direction', 'ASC'));

And replace it with

$query->order(' rating DESC ');

And you are good to go.


Note: You may also want to add a column in the front end to show the ratings. If you want and your are in list view of category you can go to the following file:
'components/com_content/views/category/tmpl/default_articles.php'
and look for a 'foreach' loop at approximately the mid of the file, add  your column of rating along with hits, author columns.

Removing Pharmacy Hack/Spam from Joomla/PHP website

Hi,

I recently got a chance to fix a site that was related to coffee stuff but was full with some pharmacy, anthrax and medicine links. They showed at the header, footer, completely on pages and made site totally spammy and destroyed its searching ranking. Here is how I removed it:

I would first go through key points how they target and then define in details where I found them:

Key points:
To start of let me tell you that it happens because they somehow get access to your site and change your files, now where to look for changes having so many files:
1. Main index files like /root/index.php, root/templates/my_template/index.php
2. Include files that called by index files or framework and almost always called, in Joomla you can look for /root/includes folder
3. Since generally you don't have changes in files other than components so always look for 'date modified' field of files, that can really help.. all the files will have same date on which you installed joomla, and some will have different, that can mean they are infected
4. Once you point or suspect a file to be infected look for the following things:
    i) files included e.g. include('includes/defaults.php');
       Make sure you compare your code with some other uninfected Joomla installation, preferably fresh before removing any such thing because it can be part of your code.
   ii) eval(gzinflate(base64_decode('9saf45vs64.....'));
       This string be very long and go beyond 100 char easily, it is put so you can't trace for words from source code like the spammy website links or url.


Now following are the issues I found, note you can have many different ones:

- First i see index.php on the root folder and see the following changes/additions:
include('includes/defaults.php');
define ( 'T_TEXT',getlinks());
eval(gzinflate(base64_decode('7VpZk9w4c.....OlzG+fa6++UVvPrt1db5V99eo/AA==')));
(not together)

Then I find a replacement, you have to look for such changes so that you don't mess up Joomla core code.
echo JResponse::toString($mainframe->getCfg('gzip'));
replaced with
echo str_replace('</body>',file_get_contents('includes/footer_t.php').'</body>',JResponse::toString($mainframe->getCfg('gzip')));

I removed the second line and replaced with first.

The first line above including defaults.php which was spam, I looked in first to it before removing it and found it linked to includes/js/extra folder which was full of .htm spammy links so i removed the whole folder.. or u can rename first to make sure it doesn't move something imp

Another found in includes by tracing the date change and then contents of the file it was a jquery.dist.js or something file and looking at the content it was again eval(gzinflate()) sort of content which was definitely not a jQuery file so removed that as well

Then again tracing the dates I find a 'models.php' file inside 'modules' folder, almost all modules do have model files but not on modules main so I looked inside it and found it to be spam as well.

And the last one I found was a defines.php file, also in includes folder which I removed and site was good as before.

Note:
1. This is Joomla specific but you can apply same knowledge on your any PHP website. Wordpress, Drupal etc.
2. Once you are done, make sure you open your infected pages, right click and go to 'view source' and check there is no hidden links inside your html as well.

Hope it helps :)

Disable article text/description in Joomla 2.5

In category blog layout you see articles with their text / description. If you want to disable articles text in category blog layout what you need to follow the following steps:

1. Go to 'Content'
2. Select 'Options'
3. Switch to tab 'Blog Featured/Layouts'
4. Set first 3 columns to 0 and forth (links) column to whatever value you want which will only show the links to the articles of the category.

PS: I have renamed 'Article' to 'Book' in my site so don't get confused with the image :)

Set Default Article Category Joomla 2.5

Are you wondering how to set default category joomla 2.5 for the article and can't find it in the article options? Well then you are looking at the wrong place. To set the default category for users who are adding articles from the front end, you can set the default category from the 'Menu Item'... Menu item is the options available for all the options/links added into 'Menu(s)' of Joomla.

When you add a new field in lets say main menu named 'Add Article', you will see that a Menu Item has also been created for it in the new tab called 'Menu Items', once you go into its options you can easily set a default category so users add all articles into the specified category. You can have different default categories for different menu options.

Youtube search / view history privacy

Are you like me who has really been bothered about the google's merging privacy and going public with everything? have you been going to private browsing so that youtube don't automatically get your id and stores everything you do? Well then this post will surely come in handy to you. I found a way to disable youtube's logging of your search as well as video view.. here is how you can set to hide your browsing and at the same time clear and erase your previous history:

1. Open youtube
2. Click on top right box where you will see your username
3. Click on 'Video Manager'
4. Click on 'History' coming onto the left menu
5. Click on 'Pause viewing history'
6* You may also select 'Clear all viewing history' to remove the previous data.

Repeat it for 'Search History' and you are good to go. :)

Who knows they are still saving and just not showing you ... *sigh*

Feedburner API returning 0

Ever used feedburner API to get the number of subscribers against a URL but keep getting 0 for all sites? I had this issue a while ago and didn't find a proper reasoning why was this happening or how to fix it but I found a crack to it.


If you have such an issue like getting 0 against a feedburner url with a link like this: https://feedburner.google.com/api/awareness/1.0/GetFeedData?uri=http://feeds.feedburner.com/disparatereflections
Trying adding yesterday's date to it and you will get the value  https://feedburner.google.com/api/awareness/1.0/GetFeedData?uri=http://feeds2.feedburner.com/disparatereflections&dates=2012-01-01,2012-03-02

Hope that helps

Javascript Validation

I have been a webdeveloper since a while now however recently I came across an issue with a client's website I was working on, the issue was that I was having invalid submissions that were not possible considering that I had validation over the form submission like authenticating the correctness of URL. The question I finally asked was that was javascript validation enough? And to my surprise disabling (and hence) by passing javascript is fairly simple, once the user disables javascript then he can submit anything and bypass all your javascript checks so make sure you always have validation both at client side as well as server end.

Happy coding.