Making a Joomla Demo Secure

airbag · **Posted:** Fri Jun 09, 2006 9:20 am

Hello, we are offering a service website for Joomla soon, and will provide a demo of Joomla on our servers.

Does anyone have some thoughts on what to remove and secure for a demo open to the public, eg - server info from the system menu.

Any ideas, and where to look to secure such things would be appreciated thanks,
Look forward to your thoughts.

stingrey · **Posted:** Fri Jun 09, 2006 3:46 pm

In /includes/version.php look for:

Quote:

/** @var string Whether site is a production = 1 or demo site = 0 */
var $SITE = 1;
/** @var string Whether site has restricted functionality mostly used for demo sites: 0 is default */
var $RESTRICT = 0;

For a demo site it is advised to following:

Quote:

/** @var string Whether site is a production = 1 or demo site = 0 */
var $SITE = 0;
/** @var string Whether site has restricted functionality mostly used for demo sites: 0 is default */
var $RESTRICT = 1;

$SITE = 0
Allows multiple user logins with only one account. By default Joomla! allows only one active session per account as a security feature.

$RESTRICT = 1
Disables those logging in, both frontend and backend from changing user details - like password and username

These were added as we needed them to aid the management of the official demo site http://demo.joomla.org

You should also make all files and folders nonwriteable - especially the configuration.php file.
Also recommend you setup an automatic cron job that refreshes the database at a set interval (in our case 60mins) from a db script.

These are what we do for our official demo site

Atomm · **Posted:** Sat Jun 10, 2006 2:22 am

Thanks Stingrey!

Haribo85 · **Posted:** Mon Jun 12, 2006 11:21 am

Stingrey,

This post is very is very interesting.
I am currently in the process of making a site, where many people may be using the same user name, so sometimes some of them may want to login at the same time.

From looking at this topic, it looks like i should set my site to a demo site to make sure the users can do this.

Can you offer any more advice on this topic please?

Thanks

rgoetz · **Joined:** Tue Mar 07, 2006 5:19 pm **Posts:** 7

Can you provide the script for the cron job?
Thanks, Rhonda

airbag · **Posted:** Tue Jun 13, 2006 2:20 pm

stingrey, many thanks for your reply to my question.

I also would be interested in an auto cron script on the database if any code happy joomlers out there know of one.

Thanks again,
Al

ben · **Joined:** Wed Aug 17, 2005 10:09 pm **Posts:** 80

Haribo85 wrote:

Stingrey,

This post is very is very interesting.
I am currently in the process of making a site, where many people may be using the same user name, so sometimes some of them may want to login at the same time.

From looking at this topic, it looks like i should set my site to a demo site to make sure the users can do this.

Can you offer any more advice on this topic please?

Thanks

Has anybody got an answer to this?

I am extremely interested in this too!

ben · **Joined:** Wed Aug 17, 2005 10:09 pm **Posts:** 80

I just gave the "var $SITE = 0;" a try and it appears to allow multiple simultaneous logins for those interested in other applications of this feature (like password protecting areas with just one username and password). It appears to let you get around the 1 session at a time issue.

If others could please test this out too and let us know if it works it would be greatly appreciated!

stingrey · **Posted:** Fri Jun 16, 2006 8:24 am

ben wrote:

I just gave the "var $SITE = 0;" a try and it appears to allow multiple simultaneous logins for those interested in other applications of this feature (like password protecting areas with just one username and password). It appears to let you get around the 1 session at a time issue.

Yes this is correct.

This is all that setting this variable will do to the system comapred to the 'normal' manner of operation.

lasdesign · **Joined:** Wed Sep 28, 2005 11:23 am **Posts:** 88

Yes i too am interested in seeing this cron job code or an explaination of how to do this, so that i can run my site as a demo joomla site.
thanks...

ben · **Joined:** Wed Aug 17, 2005 10:09 pm **Posts:** 80

Stingrey - thanks for the reply.

Haribo85 · **Posted:** Mon Jun 19, 2006 9:07 am

Thanks for your repspone Rey,

Can you just explain something. It seems I can log in on multiple machines at the moment without changing the var $SITE = 0.

Is this different to the frontend/backend or is it the same?

stingrey · **Posted:** Mon Jun 19, 2006 2:52 pm

Haribo85 wrote:

Can you just explain something. It seems I can log in on multiple machines at the moment without changing the var $SITE = 0.

Is this different to the frontend/backend or is it the same?

For both frontend and backend in Joomla! 1.0.9 the system should only allow one active user session at any one time.

Are you sure that all accesses are actually active at the same time?

r0tt3n · **Posted:** Tue Sep 26, 2006 5:39 am

For the benefit of the users on here, I thought I would ask again about the Cron Job functionality that Stingrey mentioned. Assuming one has SSH access to a LAMP (GNU-Linux/Apache/MySQL/PHP) web server, what is the easiest way to set up a cron job to auto-refresh the db at a set interval?

srini28 · **Joined:** Sun Jan 21, 2007 11:57 pm **Posts:** 33

I just tried the $Site=0 on my site but it does not seem to work on IE. On the backend, it shows that the same generic user logged in several times (as many times as I attempt), but on the front end it shows them the message "You are not authorized to view this Resource. Please log in". This happens only on IE. On firefox, I am able to log in multiple times from different browser sessions and it works just fine.

Any help to resolve this is greatly appreciated. This is on a production site and I already released the site without knowing that multiple users using the same login account could mean trouble (my bad!)

Thanks!
Srini

sre · **Joined:** Fri Mar 10, 2006 4:13 am **Posts:** 7

srini28 wrote:

I just tried the $Site=0 on my site but it does not seem to work on IE. On the backend, it shows that the same generic user logged in several times (as many times as I attempt), but on the front end it shows them the message "You are not authorized to view this Resource. Please log in". This happens only on IE. On firefox, I am able to log in multiple times from different browser sessions and it works just fine.

Any help to resolve this is greatly appreciated. This is on a production site and I already released the site without knowing that multiple users using the same login account could mean trouble (my bad!)

Thanks!
Srini

Any headway on this question? How about Joomla 1.5, same issue for users logging in with same user?password?

EDIT: Sorry . . . . didn't search enough before posting . . . found more info.

artcoder · **Joined:** Sun Jan 28, 2007 9:11 pm **Posts:** 104

I'm on Joomla 1.5 and I need many people to be able to use the same username and password to login. But the feature of changing $SITE to 0 was mentioned in this link as no longer available in 1.5.

How can I get multiple people to login at the same time with one username and password in 1.5?

Joomla! Discussion Forums

Forum rules

Making a Joomla Demo Secure

Quick reply

Who is online