SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

CLI - Reminder

Overview

CLI - Reminder allows an administrator to specify user note categories as reminder triggers. Multiple configurations can be active on a single note category.

Installation

  1. Download CLI - Reminder from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "CLI - Reminder".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "CLI - Reminder".

Configuration

CRON Job

The first configuration to concern yourself with is the CRON job. In Linux, this is known as CRON, in Windows environments - these are known as "Scheduled Commands". I'll leave it to you to learn how to execute CRON/Scheduled Tasks in your environment. The important part of this configuration is the command itself. There are 2 parts:

  1. Location of the PHP binary/executable.
  2. Location of the "cli" directory in your Joomla installation.

If the PHP executable in your environment is "/usr/bin/php" and the location of the "cli" directory in your Joomla installation is "/home/website/public_html/cli", then the command to execute is:

/usr/bin/php /home/website/public_html/cli/reminder.php

The only configuration to your CRON job that is mandatory is that it repeat every night at midnight (or early in the morning). This configuration ensures that the reminders are sent as early as possible on the date they're designated to be delivered. You may wish to make additional configurations to capture the output of the reminder script into a log file, and again - I'll leave it to you to learn how to do that in your environment.

Owner Reminder Category

Any category you choose will cause the owner of the note (the user account for the note) to be a recipient of the reminder on the "Review Date". This field can remain empty. It is not required that you select anything for this field.

Self Reminder Category

Any category you choose will cause the creator of the note to be a recipient of the reminder on the "Review Date". This field can remain empty. It is not required that you select anything for this field.

Assignments

Select a note category and a user to receive reminders for that category. You may create multiple recipient entries for a single category.

Subject Template

The outgoing reminder email subject can be customized using any of the replacement tags listed below. The default for this field is %subject% - which is a replacement tag for the note subject text.

Body Template

The outgoing reminder email body can be customized using any of the replacement tags listed below. The default for this field is %body% - which is a replacement tag for the note body text. This field accepts HTML, however, you should pay close attention to any images or other media you use in this HTML. Joomla inserts images using a relative path and omits the domain name. Be sure your media has a complete URL.

Recipient Tags

The following items may be inserted into the note body text to send email to additional recipients. While you may use as many of these tags as you wish, it is possible to trip spam filters by adding too many addresses. This is not a newsletter. use common sense.

  • {to:This email address is being protected from spambots. You need JavaScript enabled to view it.}
  • {cc:This email address is being protected from spambots. You need JavaScript enabled to view it.}
  • {bcc:This email address is being protected from spambots. You need JavaScript enabled to view it.}

Replacement Tags

%id%
Numeric ID of this note, useful to search notes using the searchstring: id:1
%user_id%
Numeric ID of the user who this note references.
%name%
Name of the user who this note references.
%username%
Username of the user who this note references.
%category%
Category of this note.
%subject%
Subject of this note.
%body%
Body text of this note.
%created_user_id%
Numeric ID of the user who created this note.
%created_user_name%
Name of the user who created this note.
%created_time%
Date this note was created
%review_time%
Review date for this note (the date this reminder is sent)

HELP

If your messages are not being sent, try executing your CRON command manually (type it into a console) and see if there are any error messages. If you find some - please submit a trouble ticket or post to the forum.

CleanFeed 1.0

Overview

Strip Joomla content plugin {tags} from your RSS and ATOM feeds.

Installation

  1. Download CleanFeed from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "CleanFeed".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "CleanFeed".

Configuration

Enable with defaults to remove all tags (recommended). It is also possible to enter the tag name(s) into the "Plugin Tags" configuration field (one per line) and the plugin will find and remove any tag that matches these patterns:

  • {tagname}content{/tagname}
  • {tagname setting=1}

HELP

No help has ever been requested for this plugin. Please report any bugs you find!

MooAccordion 1.9

Overview

Easily implement accordion content within your articles, category descriptions or HTML modules.

Installation

  1. Download MooAccordion from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "MooAccordion".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "MooAccordion".

Configuration

The only available configuration within the plugin is CSS to be applied when the accordion is used. This is entirely optional as the plugin does not require it.

Usage

This plugin searches for the existence of the 'mooaccordion' class and renders clickable headings for collapsable accordion content.

Each item found with the mooaccordion class is paired with the tag immediately following it.

Simple Usage:

<strong class="mooaccordion">Accordion Label 1</strong>
<p>Accordion Content 1 ...</p>
<strong class="mooaccordion">Accordion Label 2</strong>
<p>Accordion Content 2 ...</p>
<strong class="mooaccordion">Accordion Label 3</strong>
<div>
  <p>Accordion Content 3 paragraph 1 ...</p>
  <p>Accordion Content 3 paragraph 2 ...</p>
</div>

MooAccordion locates all items with the mooaccordion class and puts them into a common container with each label containing the click activation for the accordion effect.

The label and content tags are not important. Note content 3 contains 2 paragraphs. In order to associate both paragraphs with the accordion label, they are both contained within a div tag. This is done because the plugin identifies the 1st tag following the accordion label as the accordion content.

Advanced Usage:

<div>
  <h2>Accordion Group 1</h2>
  <strong class="mooaccordion">Accordion Label 1</strong>
  <p>Accordion Content 1 ...</p>
  <strong class="mooaccordion">Accordion Label 2</strong>
  <p>Accordion Content 2 ...</p>
  <strong class="mooaccordion">Accordion Label 3</strong>
  <div>
    <p>Accordion Content 3 paragraph 1 ...</p>
    <p>Accordion Content 3 paragraph 2 ...</p>
  </div>
</div>
<div>
  <h2>Accordion Group 2</h2>
  <strong class="mooaccordion">Accordion Label 1</strong>
  <p>Accordion Content 1 ...</p>
  <strong class="mooaccordion">Accordion Label 2</strong>
  <p>Accordion Content 2 ...</p>
  <strong class="mooaccordion">Accordion Label 3</strong>
  <div>
    <p>Accordion Content 3 paragraph 1 ...</p>
    <p>Accordion Content 3 paragraph 2 ...</p>
  </div>
</div>

MooAccordion is capable of implementing multiple accordion groups. Groups are created based on their parent element. All elements with the mooaccordion class are associated with their parent item. Each parent is then processed with a unique accordion group.

In order to implement multiple groups, the grouped items must be contained within different parent elements. The example above will create 2 independent groups of accordion items. In this case, 2 items can be open simultaneously (1 from each group).

Nested Usage:

<div>
  <strong class="mooaccordion">Accordion Level 0.1</strong>
  <div>
    <strong class="mooaccordion">Accordion Level 1.0.1</strong>
    <div>
      <strong class="mooaccordion">Accordion Level 3.1.1</strong>
      <div>Level 3 - item 1</div>
    </div>
    <strong class="mooaccordion">Accordion Level 1.0.2</strong>
    <div>Level 2 - item 2</div>
    <strong class="mooaccordion">Accordion Level 1.0.3</strong>
    <div>Level 2 - item 3</div>
  </div>
  <strong class="mooaccordion">Accordion Level 0.2</strong>
  <div>Level 1 - item 2</div>
  <strong class="mooaccordion">Accordion Level 0.3</strong>
  <div>
    <p>Level 1 - item 3 - paragraph 1<p>
    <p>Level 1 - item 3 - paragraph 2<p>
  </div>
</div>

Using the plugin tag

One plugin tag within the content per accordion group to be modified. Groups with no modifications will be displayed with defaults. It is not necessary to include plugin options for every accordion group that you intend to be displayed with defaults.

  • id='cssid': HTML ID of the parent item which these settings will apply.
  • allowallclosed: Flags the accordion group to allow all items to be closed
  • display='number': Logical number of the item to be open by default. Note, the first item in an accordion list is 0.
  • openedclass='[classnames]': CSS classes applied to open accordion items.
  • closedclass='[classnames]': CSS classes applied to closed accordion items.
  • template='number': Pre-defined CSS template to be used on this accordion group. Using this feature overrides the openedclass and closedclass options. Three pre-defined templates are included with this plugin and are numbered 1, 2 and 3.

Examples

<div id="myaccordionid">
  <strong class="mooaccordion">Accordion Label 1</strong>
  <div>Accordion Content 1 ...</div>
  <strong class="mooaccordion">Accordion Label 2</strong>
  <div>Accordion Content 2 ...</div>
  <strong class="mooaccordion">Accordion Label 3</strong>
  <div>
    <p>Accordion Content 3 paragraph 1 ...</p>
    <p>Accordion Content 3 paragraph 2 ...</p>
  </div>
</div>
  • {content-mooaccordion id='myaccordionid' allowallclosed}
    • This accordion will be displayed with defaults and all items will be hidden.
  • {content-mooaccordion id='myaccordionid' default='2'}
    • The third item will be opened on page load.
  • {content-mooaccordion id='myaccordionid' template='2'}
    • The 2nd template will be used
  • {content-mooaccordion id='myaccordionid' openedclass='mymooopenclass'}
    • 'mymooopenclass' will be added to the toggler class list when an item is opened. When the item is closed, the class will be removed.
  • {content-mooaccordion id='myaccordionid' closedclass='mymoocloseclass'}
    • 'mymoocloseclass' will be added to the toggler class list when an item is closed. When the item is opened, the class will be removed.
  • {content-mooaccordion id='myaccordionid' closedclass='mymoocloseclass' id='myaccordionid2' template='2'}
    • Customizing 2 accordions.

Important Notes

  1. Accordion labels will contain the mooaccordion class and will also contain mooaccordionN (where N is the number of the accordion group)
  2. Toggler icons will always have a class 'mooaccordionicon' and be found as the first child of the outermost tag of the toggler element.
  3. Accordion groups not customized will receive a 'mooaccordiondefaulttoggle' class.
  4. Accordion content may appear strange if content or toggler items are different types. For example, the first content is a p and the second is a div - the first may not fully collapse due to p margins where the div has none. The solution is to wrap all content in a common tag (div is recommended). Both examples above illustrate this behavior if your template has assigned a margin to the p tag.

HELP

EU e-Privacy Directive 3.10.13

Overview

The EU passed the EU e-Privacy Directive in 2002 and made many webmasters very nervous. Modern web applications rely on cookies for a number of reasons. Joomla itself sets a session cookie immediately upon the first visit to a site. There is no facility within Joomla to suppress cookies, so the EU e-Privacy Directive extension was created to fill this need.

There are quite a few Joomla extensions created to deal with the requirement - however, very few of them actually block the cookies prohibited by this law. The law itself is ambiguous about "strictly necessary" cookies without detailing what is "strictly necessary." Rather than fall victim to an interpretation, this extension takes a hard line and blocks ALL cookies.

Read more about the EU e-Privacy Directive here: https://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications and https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:NOT

Read more about the General Data Protection Regulation (GDPR) here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679

Installation

  1. Download EU e-Privacy Directive from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "EU e-Privacy Directive".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the extension by going to the Extensions menu and selecting "Plugins" or "Modules". When in the plugin/module manager, search for "directive".

This extension consists of 2 plugins and 1 module. All 3 are REQUIRED for proper operation. Be sure to enable the "AJAX - EU e-Privacy Directive" and "System - EU e-Privacy Directive" plugins, as well as selecting a module position for and enabling 'mod_eprivacy'.

Configuration

Joomla Global Configuration

Some hosts don't like to allow cookies to be removed, so a configuration change in Joomla Global Configuration is necessary. If you already set the Cookie Domain (on the Site tab), then there is no need to change anything. If your Cookie Domain is blank, you will need to make set this value to ensure cookies can be removed when users choose to remove them.

The setting is very simple, and you have several options. We will assume that your domain is example.com and that your website is on www.example.com

  1. The Joomla default value for cookie domain is the site domain (www.example.com) preceded by a "." - so it would look like: .www.example.com
  2. If you plan on sharing cookies between sites in your domain: .example.com

Note, these are preceded by a "." (period).

Module Configuration

The module needs to be placed in a prominent position within the page. This module provides output for each of the different display types (except the cookie blocker, which doesn't require the module at all).

In the Beez5 template, it works well to put it into position-12 - which is just above the system message area. So, put it somewhere near the top, somewhere it can be easily seen. Additionally, the Menu Assignment for the module should be set to "On All Pages", otherwise the cookie acceptance options might not be available on some pages.

Because some template positions do not display module titles, the only option within module configuration is an option to display the title within (above) the cookie message. This setting is only applicable to the "Joomla Module" display option selected within the plugin configuration.

Additional module configurations can be found within the plugin configuration.

Plugin Configuration

Your plugin will present 5 options to display the cookie acceptance message - as well as a 6th option which displays no message, but blocks all cookies.

A quick note about the "System Message" option. Many reports were made regarding the messages not being displayed in some templates. Almost all (if not all) of the template frameworks pull shenanigans with the system messages - and as a result, they don't always display. This includes templates by Artisteer, those using the T3 and the Gantry frameworks, and possibly others. The "System Message" option is only provided here for those who had success with it. All others, I would suggest using the "Joomla Module" option to get the same type of output.

It is recommended that administrators test each of the output types to determine what will work best for their site. As you select each display option, you'll notice that the configuration options change. Only configuration options applicable to the display option are displayed.

3rd Party Cookies

Third party cookies are difficult to deal with, because of the way Joomla operates.

If your server runs PHP 5.3 or greater and PHP Reflection is included with your PHP installation, then you have some options for preventing 3rd party cookies. Those on GoDaddy Shared Hosting - add "AddHandler x-httpd-php5-3 .php" to your .htaccess file and you'll be switched to PHP 5.3 with the proper Reflection classes.

The plugin configuration will inform you if your server is not capable of handling this configuration. Within the "Advanced Options" slider, look for this message "Your system lacks the PHP Reflection classes; as a result, this feature is not available on your server."

If you don't see that message, then you'll be presented with an option to select a "View Level". Stop here, you have some configuration to do within the "User Manager".

For 3rd party cookie blocking, this plugin dynamically assigns an access level to the user session when they accept cookies. Plugins and Modules assigned to that access level are then displayed to the user. So, in order to make this configuration, you'll need to have a special access level.

  1. Go to the User Manager.
  2. Enter the "User Groups" from the pill menu.
  3. Create a new User Group - call it whatever you like - perhaps something descriptive like "Accepted Cookies"
    1. Leave the group parent "Public"
    2. Save and Close.
  4. Enter "Viewing Access Levels" from the pill menu.
  5. Create a new Access Level - call it whatever you like - perhaps something descriptive like "Accepted Cookies".
    1. Check the box for the "Accepted Cookies" group.
    2. Save and Close.

Now, go into the EU e-Privacy Directive plugin configuration, and within the "Advanced Options", choose the new access level you just created in the "Accepted Cookies Access Level" setting.

Finally, edit the configuration for each of your modules and plugins that set cookies - and set their access level to the new level you created. You may even consider setting your login module to the new access level - because users will be unable to log in until they've accepted cookies.

You may optionally configure a "Declined Cookies" access level using the same method as the "Accepted Cookies" above. Modules and plugins assigned to this access level will appear for users who have not accepted, or declined cookies. This is useful to fill dead space where cookie modules will reside.

An alternative use of the "Declined Cookies" access level setting is to allow the mod_eprivacy module to move depending on cookie consent. If 2 mod_eprivacy modules exist (1 in the Accepted Cookies access level and 1 in the Declined Cookies access level), it is possible to have the module assigned to 2 different positions. Using this configuration, when a user has not accepted cookies it resides in one module position, and when they have accepted cookies, it moves to another module position. It's important to note that if you use this feature to hide the module after users have accepted cookies, you will be in violation of GDPR Article 7.3, which requires you to provide a method for users to revoke consent.

GeoPlugin

Using GeoPlugin, it's possible to only display the cookie option to uses who are located in EU countries. With the options turned off - the acceptance message is displayed to all visitors.

Before enabling this option - you should sign-up for a free account with http://www.GeoPlugin.com. Once you've registered your domain, turn the "Use GeoPlugin" option to Yes.

For those concerned that their 3rd party configurations will be lost for users not in the EU, when the GeoPlugin is enabled - if a user is determined to be outside of the EU - they are automatically given the cookie access level.

Acceptance Logging

Some EU states require that when a user accepts cookies - the site operator log that decision.

In "Advanced Options" set "Log Acceptance" to Yes and any acceptance will be logged. The table contains fields id, ip, country, accepted. The ID is a unique id - it doesn't really mean anything. IP is the IP address of the user accepting. If GeoPlugin is enabled - the country field is populated with the data retrieved from the GeoPlugin API. Accepted is the date/time when the user accepted.

If you are ever required to prove that a user accepted, this record should suffice.

Translation

This extension was written with the intention of making translation as easy as possible. Although this is 2 plugins and a module, all of the user-visible text was placed into the system plugin language file so that translation would happen in one place.

  1. Copy the language file in /administrator/language/en-GB/en-GB.plg_system_eprivacy.ini
    • This is your language template, but it needs to be renamed to match your lauguage code - en-GB must be replaced with the correct language code for the target language.
  2. The language files hold a language constant and a language value, usually one one line each. The language constant is usually all upper case, while the value is always in "quotes". Translate the portion within "quotes" to your target language.
  3. Copy your new translation into the language folder that matches the language code of your new file. For example, if you translated to Spanish, the new filename would be es-ES.plg_system_eprivacy.ini. That file would be placed in /administrator/language/es-ES/es-ES.plg_system_eprivacy.ini

If you would like to contribute to, or browse contributed translation files, translation files are found here in the forum.

HELP

  • I can't click the "Accept" or "Deny" buttons!

100% of the time, this is caused by a z-index value in the template. Some portion of the template is z-indexed above the buttons preventing them from being pressed. Try switching to another display method (such as the Modal), or contact your template developer.

  • I keep getting logged out of /administrator!

The plugin removes all cookies it finds while you're browsing the frontend of your website. This includes the /administrator cookie if you're logged into /administrator. The solution is to use a 2nd browser while browsing the site and /administrator at the same time. Chrome has the "Incognito" window, which can be used to maintain the necessary separation while using this plugin.

Authentication - Email 2.4.2

Overview

A package of 2 plugins (1 system, 1 authentication) which provide Joomla the ability to accept email addresses instead of (or in addition to) usernames in the login form (authentication plugin) and the reset password form (system plugin).

Installation

  1. Download Authentication - Email from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Authentication - Email".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Authentication - Email".

Configuration

The only configuration to be done is to enable/disable plugins.

Enable the "Authentication - Email" authentication plugin to allow email addresses in the login form.

Enable the "Authentication - Email" system plugin to allow email addresses in the reset password form.

Disable the "Authentication - Joomla" authentication plugin to disable usernames in the login form.

Overriding Language Strings

Overriding the following language strings will allow you to replace "Username" with "Email Address" in login and password reset forms.

  • COM_USERS_FIELD_RESET_CONFIRM_USERNAME_DESC="Enter your username."
  • COM_USERS_FIELD_RESET_CONFIRM_USERNAME_LABEL="Username"
  • COM_USERS_LOGIN_REMIND="Forgot your username?"
  • COM_USERS_LOGIN_USERNAME_LABEL="Username"
  • MOD_LOGIN_VALUE_USERNAME="Username"

HELP

  • No help has ever been requested