Forum Post Assistant / FPA Discussion

This Forum board is about discussions about the FPA tool.

Moderator: General Support Moderators

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Thu Oct 03, 2013 10:21 am

GitHub is partially down and having issues at this time. None of the repositories on GitHub I tried are working at this time.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

ADvanceref
Joomla! Apprentice
Joomla! Apprentice
Posts: 47
Joined: Sat Jun 08, 2013 8:25 am

Re: Forum Post Assistant / FPA Discussion

Post by ADvanceref » Tue Feb 04, 2014 10:21 am

Hello,

It doesn't work on the last version. How can I update it please?
Toutes les informations sur le rachat de crédit, 1RachatCredit.fr : www.1RachatCredit.fr. Pour le referencement de votre site internet, faites appel à une agence web.

Protopia
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Dec 13, 2012 12:10 am

Minor buggette

Post by Protopia » Sun May 25, 2014 8:52 am

On the fpa page, the link for the zip file downloads the tarball and vice versa.

Nap
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 112
Joined: Wed Aug 02, 2006 4:53 am

Forum Post Assistant (Need to notify site owners)

Post by Nap » Tue Feb 10, 2015 8:14 am

Whilst trying to diagnose a problem I posted about in another thread here, I decided to use FPA on my server.

I have my configuration.php file permissions set to 640.
FPA: Config Mode, on my dev server (J3.3.6) shows 640(in green) but Read-Only(in red) under it. On my live server (J2.5), with the same permissions, I get 640 Writable in green. Naturally I was confused.

In order to understand what Config Mode actually meant, I decided to search using google for "forum post assistant config mode". I'm got lots of results, but after looking closely, I became alarmed at the number of results that point to FPA's that have been left on servers and are accessable by the general public. So I decided to open this thread.

I think it would be worth while notifing users of the FPA to delete the scripts. In particular, those who are showing up via search engine results. Something needs to help these people.

I also think there needs to be a fix to the FPA so the problem can't happen in the first place. For example, the After use, Click Here to delete this script. that shows on the initial page disappears once the script starts running, and there is no such link in the results display page. So it's effectively useless. It wouldn't hurt to have it in a VERY LARGE FONT, so people can't miss it.
There are also other ways of preventing this from happening, like making it require admin login....

Dangerous!

Cheers,
Nap
"Life is like arriving late to a movie"

User avatar
NathanHawks
Joomla! Ace
Joomla! Ace
Posts: 1900
Joined: Wed Oct 02, 2013 6:17 pm
Location: Washington state, U.S.
Contact:

Re: Forum Post Assistant (Need to notify site owners)

Post by NathanHawks » Thu Mar 19, 2015 4:48 am

If you look at the FPA you may notice it is soaked and oversaturated in text. Nobody will notice one more bit of text.

Meanwhile on the link where people download the FPA, in bold red text, is:
Please remove the FPA script from your website or otherwise change the name once the script has generated the Site Data and the message has been prepared and posted to the forum. This is so outsiders can't take a look at how your site is structured and possibly utilize any flaws that may be present.
People who ignore instructions, apparently cannot be reached by the addition of more instructions.
Save time - hire me for your Joomla to-do list! http://nathanhawks.us/joomla

Nap
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 112
Joined: Wed Aug 02, 2006 4:53 am

Re: Forum Post Assistant (Need to notify site owners)

Post by Nap » Thu Mar 19, 2015 7:18 am

I sent a courtesy email to all the site/domain owners I found on google (it took a bit of time to find all the email addresses I needed) to inform them of the problem. I received positive feedback from them, thanking me for pointing out the problem.

But a proactive approach to the problem is far superiour.

I agree that putting more warnings on the page is not the most effective approach. However, the After use, Click Here to delete this script warning is not shown on the results page, where it should be. This would make that mechanism more effective since the user will spend time reading the results.

There are other possibilities that could be explored:
  • the FPA could be a 'run-once' script where it deletes itself on completion.
  • Another option is to have Joomla detect its presense.
  • If the owner is using the FPA to validate their settings, then the FPA could be a module you install into Joomla.
The only difficult case I see is when the site is broken and you can't use Joomla to assist. But if the script enforces its default name, then, on the assumption the site is eventually fixed, Joomla could remind the owner of the issue.

The FPA is a great tool, and I think the security concerns are worth addressing.
"Life is like arriving late to a movie"

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14800
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Forum Post Assistant (Need to notify site owners)

Post by mandville » Thu Mar 19, 2015 11:27 am

{topic moved to FPA discussion as detailed in the docs}
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

sovainfo
Joomla! Exemplar
Joomla! Exemplar
Posts: 8808
Joined: Sat Oct 01, 2011 7:06 pm

Forum Post Assistant (FPA)

Post by sovainfo » Sun Mar 22, 2015 4:04 pm

Request for adding acronym to the url for easy reference. Hopefully translations won't translate an acronym.
Issue with migrating? Include logs/joomla_update.php in your report!
Blank screen? Verify pagesource for HTML code (javascript error)
Installation failing on populating database? Install with set_time_limit(0)
Document your customizations!

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14800
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Forum Post Assistant (FPA)

Post by mandville » Sun Mar 22, 2015 5:30 pm

can you be more specific please? and example?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

sovainfo
Joomla! Exemplar
Joomla! Exemplar
Posts: 8808
Joined: Sat Oct 01, 2011 7:06 pm

Re: Forum Post Assistant (FPA)

Post by sovainfo » Sun Mar 22, 2015 10:06 pm

The Forum Rules boxes only mention a link with label "Forum Post Assistant". Request that label to be "Forum Post Assistant (FPA)". Hopefully translators won't translate FPA, so when we refer to FPA we don't have to explain everytime that it means Forum Post Assistant and those viewing the site translated hopefully still see FPA.
Issue with migrating? Include logs/joomla_update.php in your report!
Blank screen? Verify pagesource for HTML code (javascript error)
Installation failing on populating database? Install with set_time_limit(0)
Document your customizations!

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14800
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Forum Post Assistant / FPA Discussion

Post by mandville » Mon Mar 23, 2015 9:13 am

like this
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

01systems
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Feb 24, 2016 12:15 pm
Contact:

FPA - While loop causing error on my server? GIGAs of error!

Post by 01systems » Fri Feb 26, 2016 6:38 pm

Hello all, dont know if you can help but...

I was just testing the FPA script on my server when I got the message, please wait whilst we make some tests, looking at server 100% CPU usage and a 7GB error log file filled with the following (at this point having to kill the processes)

Code: Select all

PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /fpa.php on line 1484
The referenced line

Code: Select all

			// loop through the directory
			while ( false !== ( $file = readdir( $dh ) ) ) {
This seems to describe the same problem:-
https://wordpress.org/support/topic/php ... e-resource

Is this fixable please, that would be useful for me :) fyi and thank you PhilD13 for FPA script!

Regards to all (^_^)

+1 Thank you for moving this, I was just about to do it myself after reading and noticing its own thread ;)

01systems
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Feb 24, 2016 12:15 pm
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by 01systems » Sat Feb 27, 2016 7:39 pm

Tried to take out the entire function, but that didnt work ;) long shot

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11216
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Forum Post Assistant / FPA Discussion

Post by toivo » Sun Feb 28, 2016 10:17 am

You could filter PHP warnings as a workaround. However. replacing the blank line 1482 with this line stops the function getDirectory() from generating those warnings:

Code: Select all

			if (!is_resource($dh)) return;
Toivo Talikka, Global Moderator

User avatar
Noob13
Joomla! Apprentice
Joomla! Apprentice
Posts: 46
Joined: Tue Jul 12, 2016 4:23 pm
Location: Toronto, Canada

Re: Forum Post Assistant / FPA Discussion

Post by Noob13 » Tue Jul 19, 2016 3:21 pm

On the main page for the FPA it says that it won't work when the configuration.php file is outside the root directory. Mine is currently in the /public directory. I have no idea what might happen to the website (or anything else) if I move that file back into the root directory.

Is it worth attempting that just so I can get the FPA to work?

Bear in mind that I might be brainy but I'm not only a novice to Joomla but a novice to HTML, CPP, PHP and everything else too...

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14800
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Forum Post Assistant / FPA Discussion

Post by mandville » Tue Jul 19, 2016 4:16 pm

the root directory is considered to be the directory where your configuration.php file is placed
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Noob13
Joomla! Apprentice
Joomla! Apprentice
Posts: 46
Joined: Tue Jul 12, 2016 4:23 pm
Location: Toronto, Canada

Re: Forum Post Assistant / FPA Discussion

Post by Noob13 » Tue Jul 19, 2016 5:02 pm

mandville wrote:the root directory is considered to be the directory where your configuration.php file is placed
OK, so as long as I upload fpa-en.php to the same directory as configuration.php, then the Forum Post Assistant should work?

User avatar
Noob13
Joomla! Apprentice
Joomla! Apprentice
Posts: 46
Joined: Tue Jul 12, 2016 4:23 pm
Location: Toronto, Canada

Re: Forum Post Assistant / FPA Discussion

Post by Noob13 » Tue Jul 19, 2016 8:05 pm

mandville wrote:the root directory is considered to be the directory where your configuration.php file is placed
OK, it worked. I can now see the FPA screen. Will return to the other FPA-related chat to figure out how to post with it without divulging the inner workings of our website...

Thanks for the help! :)

Tigers
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Sat Oct 04, 2014 12:28 pm

Re: Forum Post Assistant / FPA Discussion

Post by Tigers » Thu Oct 06, 2016 12:43 pm

When the instructions said install on your computer I presume you mean the host rather than my lap top?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14800
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Forum Post Assistant / FPA Discussion

Post by mandville » Thu Oct 06, 2016 1:13 pm

The fpa can be installed on any "server" capable of running joomla. That is remote server or localhost home hosting wamp lamp etx
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

Mony25
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Oct 11, 2016 10:59 am

Re: Forum Post Assistant / FPA Discussion

Post by Mony25 » Tue Oct 11, 2016 11:11 am

Hi,

I have a problem to access administration of our page so I want to use FPA and see if it helps somehow. I uploaded script to root folder and when I try to access it in browser I do not see any result only message which is on pic below.

Just to mention: on page are some problems because it is not showing up its content, we have error 500 - T3 plugin is not enabled, but without access to administration I am not able to check where can be problem, when trying to login to administration there are problems with loading authentication plugins. I tried to run the same script on test version of page and on this one it works fine.
Any idea where is the problem?

Image

johnvick902
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Mar 27, 2017 2:12 am

Re: Forum Post Assistant / FPA Discussion

Post by johnvick902 » Mon Mar 27, 2017 2:16 am

Ok, so how do I translate it? Do I copy the fpa-en.php to fpa-fi.php and translate the keys directly there or do I form some sort of ini-languagefile for it?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14800
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Forum Post Assistant / FPA Discussion

Post by mandville » Fri Jun 02, 2017 3:34 pm

Yes. You will need to copy as there is no separate language file for simplicity.
Thanks
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

mfino
Joomla! Apprentice
Joomla! Apprentice
Posts: 44
Joined: Fri Dec 09, 2016 5:26 pm

Re: Forum Post Assistant / FPA Discussion

Post by mfino » Fri Sep 15, 2017 2:23 am

Apparently I was suggested to use this tool. I have a few questions I hope someone can help me answer so i can get the help i need safely. I have a site that is currently up and running and there are a few issues obviously. It is a membership site. My questions are:

If I install this tool for people to help me troubleshoot, What are they capable of viewing? Obviously, I do not want them to be able to view any passwords or member / user information... Is it possible to keep all of that from being seen when using this tool? What exactly can this tool read and what will it display?

I am new to the Joomla world and volunteering myself to help on building my car club's website... Thank you for any help on this subject.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7734
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by sozzled » Fri Sep 15, 2017 3:33 am

mfino wrote:If I install this tool for people to help me troubleshoot, what are they capable of viewing?
Instead of giving you an explanation about what people are capable of viewing, why not see for yourself? Here is one example on the forum where the person has used the tool: viewtopic.php?f=708&t=953627&p=3487743#p3487642

We seem to receive more questions/debate about using the FPA report tool than people who actually use it. :pop
https://www.kuneze.com/blog
I need your help to help reduce spam at the Joomla forum. You can help with your ideas, questions and opinions at viewtopic.php?f=7&t=974006. Together we can make a difference :)

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by fcoulter » Fri Sep 15, 2017 11:11 am

To give the quick answer to your question mfino, since you post the information, the only things that people can view are what you choose to post. And no, the fpa does not collect any user information.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

mfino
Joomla! Apprentice
Joomla! Apprentice
Posts: 44
Joined: Fri Dec 09, 2016 5:26 pm

Re: Forum Post Assistant / FPA Discussion

Post by mfino » Fri Sep 15, 2017 2:28 pm

fcoulter wrote:To give the quick answer to your question mfino, since you post the information, the only things that people can view are what you choose to post. And no, the fpa does not collect any user information.

Thank you I appreciate that answer.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11216
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Forum Post Assistant / FPA Discussion

Post by toivo » Fri Oct 20, 2017 7:57 am

PHP Warning: filegroup() has been disabled for security reasons in /home3/goydair/public_html/fpa-en.php on line 1567
Is this warning causing any issues in the functionality of FPA? It was in the following FPA post: viewtopic.php?f=710&t=955976&p=3498653#p3498653
Toivo Talikka, Global Moderator

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by fcoulter » Fri Oct 20, 2017 9:37 am

It is just a warning, so should not normally cause the fpa to fail altogether, it seems to me that it should (probably) just cause the file group to have a null value. It looks like the script encountered a fatal error and stopped producing any output.

Sometimes hosts disable specific PHP functions, it looks like that is what is happening here. Though treating the filegroup() function as a security risk seems pretty ridiculous. In that case who knows what else they may have done? That is probably what the issue is, they did something else silly that is causing the script to fail.

I can draw Bernard Toplak's attention to this, in case he can offer any further advice, though he is quite busy just now.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11216
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Forum Post Assistant / FPA Discussion

Post by toivo » Fri Oct 20, 2017 11:47 am

Thanks for the clarification.
Toivo Talikka, Global Moderator


Post Reply

Return to “Forum Post Assistant (FPA)”