Last week, PC World named Windows Vista as the Biggest Tech Disappointment of 2007. On Wednesday, December 19th, 2007, Joomla 1.5 RC4 which is supposed to be the latest RC before the first stable released was announced to public. These two events may not be related but I’d like to write some concern regarding how Joomla 1.5, just like Windows Vista, might become the anticlimax despite its nice features.
Joomla 1.0.12 was known to have security problem so that Joomla users were urged to upgrade their Joomla to Joomla 1.0.13. For some users, upgrading went smoothly. However, others reported that there was problem with Joomla administrator login. It forced them to logout immediately after entering Joomla admin panel. Message found was either “Invalid Login”, “Admin Session Expired”, or “You need to login”. Did you also experience this issue? This article may help you explaining why it occured and alternative solutions available.
Active Session Id Verification in Joomla 1.0.13
If you follow Joomla development and compare how Joomla admin authentication works, you will notice that Joomla 1.0.13 implements internal active session id verification for the administrator login. This change prevents session fixation attempt and add more security to joomla authentication by ensuring current session id used is still active and uses Joomla’s session namespace.
However, Joomla 1.0.13 was shipped with broken session handler for administrator authentication. A new session namespace and id were generated when somebody pressed buttons other than “save” and “task” even if the session was not expired yet. Consequently, user experienced forced logout.
Being away from the web development world for a while has given me some real life experiences which I’m afraid I couldn’t get only by sitting in from of my laptop tinkering with codes. And now, after quite some time, I feel recharged to do some work and continue the development of my abandoned app and projects.
Noticing that my modified version of CB advanced search gets attention even the modification is minor, I’d like to add more effort on it by providing simple bugtrack and wishlist. As simple is relative to someone’s point of view, I’ll clarify that the bugtrack and wishlist will be as simple as single wordpress’ entry, without messing up with 3rd party apps.
Bugs and wishlist will be compiled from comments in my blog. Please add your comment to this post if you have suggestion, bug report, or concern about this component. I’ll later manually put entry to this post consisting verified bugs to resolve and wishlist to work at.
As I posted in joomla forum about my plan to release my hack for community builder advanced search, here I will give some notes about how to enable and implement the hack. This hack is made for Community Builder Advanced Search 2.0.4 (which might be later adapted to work with the upcoming 2.0.5).
Before you proceed
Currently this component only works in Joomla 1.0.x. It’s not recommended to install this component on Joomla 1.5 unless you want to provide assistance in reporting bugs and compatibility of this component. Please read the full article here.
What’s this hack for?
This hack will enable search for members with certain age ranges, defined by user. This hack will also add extra filter to show only member with avatar / thumbnail photo.
Who will benefit from this hack?
Community based site’s owners and webmasters who use Community Builder to power their community-based service.
As a popular CMS, Joomla can be used to serve various purpose sites, from simple news management to sophisticated e-commerce with CRM functionalities. Now, consider yourself as a smart publisher who instead of burning your skin chasing for a hot article about kitten’s birth, decides to automate the process and let user submit their favorite news and article to your site.
You choose Joomla because it’s simple and easy to manage. Later you pick JA Submit, a content submission component available for free download at http://www.joomlart.com/downloads/ cat/free_joomla_extensions/ja_submit_2.1.html and after installing, configuring the component and put the link at your site, you’re done. Really?