The German Joomla community is organising a Pizza, Bugs and Fun (PBF) event on the 14th of March 2015. Yves and I, we've been participating in online PBF events in the past and it has always been a great experience. Now, I'm sure that meeting in person with other Joomla fans would be even better. To find out if your local German Joomla user group is taking part in the event check this page: http://www.joomla.de/news/81-joomla-besser-machen-ein-mitmach-tag. As far the Joomla! Rhein Neckar User Group (in which we take part) is concerned we will be meeting in Walldorf, in the Altrottstraße 34a in the Deutschsprachigen SAP-Anwendergruppe e.V. building.

Do you need to be a developer to participate?- No! You don't even have to have experience with Joomla. We'll start by seting up everything necessary (xampp, joomla, git) and after that all you need to do is test bug fixes.

I planned to write this post for quite some time now, but never actually came to writing it. I've got a lot of questions in the past related to our demo site and the menu structure. After I had a look at a customer's website over the weekend only to find around 30 menus with each 1-2 entries in them I decided that it's time to share what I know. And believe me the information that you are going to find is not a secret, but I find an astonishing number of people that don't know about this "trick".

So, If you look at our demo site you'll notice that on the top we have our main navigation and then on the right we have a menu that is related to current page/extension. Here is a screenshot.

Since the first version of Hotspots one of the most requested features has always been - nested categories! Literally most requested - I get a mail about it nearly every other week :) .

After deleting few thousand lines of code and making changes to most of Hotspots files I'm happy to announce that nested categories are now part of Hotspots.

As a small business owner my dream is to concentrate only on our products. Code, code, code! Forget about everything else there is to running a business. Unfortunately the biggest burden as usual are taxes. Just when you think that you finally have gotten the hang on it, things change :)

Last year the European Union had made some changes to the VAT laws which had to be implemented by the first of January 2015. As you can imagine I found out about this a week before January 2015... So I panicked. The rules concerned individuals from the EU. If you reside in the EU we now have to charge you the VAT of your own country. WTF? That are 28 different VAT rules! Fortunately I tried to listen to my own words: "Don't panic! Don't panic!" - something I say pretty often to you, when you have an urgent support request :)

Few days ago the Joomla! project released Joomla! 2.5.28 which is effectively going to be the latest 2.5.x release until the declared End of Life (EOL) for Joomla! 2.5 on the 31 December 2014.

What does this mean for your Joomla! 2.5 website?

A bit earlier then planned Matukio 5 is now available for download! Bringing tons of changes and new features to our Joomla events extension. If you are in a hurry and just want to take a look at the new responsive bootstrap 3 frontend visit our demo page!

New responsive frontend 

Matukio 5 brings a completely rewritten and improved frontend based on the bootstrap 3 framework. The new design is 100 % responsive and looks great on every device, from smartphones, over tables to large desktops. The frontend is now also completely jQuery based and does no longer need Mootools. And we did not only rewrite the public views, but also the frontend organizer area, so you have a continuous look & feel throughout the whole extension. But it is not only a design update, there are also a lot of new features in the different views!

Few days ago I decided to look into an issue that was reported on our forum. Basically the form validation in CMC was not working on Safari. The whole thing was very strange because we are using the Joomla! js classes to validate the form before submitting, so there was no reason why all this would not work. As I looked into the code I discovered things that I never knew & thought that it is a good idea to share them with other developers.

Since the Joomla! 1.5 days developers were able to use JHtml::_('behavior.formvalidation'); if they want to validate their forms with javascript before submitting. On Joomla 3.3 the formvalidation function looks like this.

After a lot of months of work, Hotspots 4 has been finally released. I have blogged in the past about the changes that are comming with this release (if you want to understand the reasoning behind the new frontend UI, make sure to read that post)  and since I don't like to repeat myself, this time we'll do something different! We are going to make an image heavy post :)

What's new in hotspots? Here are few of the most important changes.

Recently I was doing some research on sites offering our paid Joomla Pro extensions for "free" download. I took the first result of a simple Google search (Extension name + Download) and came to a huge Joomla and wordpress focused extension warez site (There were hundreds of paid Joomla extensions and templates for "free" download). The website did not look like the typical warez site, it looked pretty reliable, did not have dubious advertisements and they also provided a short description, extension voting and a direct link to the file (which downloaded without any pay-gates or any other typical warez troubles). There was also a virus total scan link which reportedly belonged to the downloadable file too.After downloading the first thing I noticed was that the filename was different to our normal naming scheme. So the next step was checking the md5 / sha sum of the file, you can do this on Linux / Unix directly with the terminal - on windows there are a lot of (GUI) programs for that too. These hash sums make files clearly recognizable, protecting you from man in the middle attacks or manipulated download packages. That's the reason we show them for every file on our download pages - you should always check if the sum matches the package ones.

The result was that the hash sums did not match - So somebody definitely changed something in the package. Funny fact is that the hash sum also didn't match to the provided virus total scan - so the scan was also a fake. So I run another virus total scan in expectation to get a very different result (e.g. trojans in it), but the result was none (!) of the 54 antivirus programs detected anything.So I unpacked the package and started with searching for changed files - I knew the packaging date of the original files was almost 350 days ago, so I looked for changed files since then. You can't completly rely on the modified date, because it is easy to manipulate it, but in this case they seemed to be too lazy for changing it back. So the result was that 4 files had been changed and 2 new were added, on February, 20th 2014 - almost 6 month after the release.In the list of the changed files was the main entry script for the extension installation, the script.php file and the hotspots.php in the administrator backend. The new added files were allegedly harmless images, both called social.png in two different folders. But let's take a look at the changes in the script.php first - they just added a single line at the end of the file:<?php include('images/social.png');?>There it is, a PHP include for the new "image" file. Funny fact is that they also closed the normal PHP tag before, so they don't seem to have much experience with PHP, but that does not make it less dangerous. The administrator hotspots.php file had just the same include at the end - let's take a look at this mysterious file (I formated it a bit).So if you installed that package - gratulations your website has been hacked and is probably now serving as a spam / malware host! The fake image file is a pretty large (52 KB!) obfuscated webshell PHP script. Funny fact is that it does not only support Joomla! installations but also wordpress based websites. What does the script do? Because the script is pretty large and it would require a lot of work to decode it complelty I just walk you through some obvious noticable things. First thing the script does is registering a new (plugin) handler to onAfterRender to your Joomla! system, which creates a new table called options (Yes the script also provides an easy settings storage for the owner of the script!) and installs itself into the system. Next it seems to collect some informations about your website and your host and sends that (via email) to an encoded address, with the subject "Phone Home".The script owner can now upload and change files, update / create database entries and do almost everything with your installation. The script even encrypts the communication with the control server with a nice openssl connection (They use the PHP function openssl_seal with a included ssh public key for that).

Since the release of Matukio 4.2 we had many minor releases and three major ones, which brought some nice new advanced features and some cool additions. In this blog post we are going to give you an overview about the changes.

Let's start with the biggest addition Matukio now has three new cronjobs for recurring automatic tasks (cli/matukio.php):