Features: A-Z Index

A

Administration Zone

Administration Zone

B

Banners

Banners

C

Calendar

Calendar

Catalogues

Catalogues

Chatrooms and IM

Chatrooms and IM

Community features

Community features

Content Sharing

Content Sharing

Conversr Forums

Conversr Forums

Conversr Topic Polls

Conversr Topic Polls

D

Design without barriers

Design without barriers

Downloads

Downloads

E

Ease of Use

Ease of Use

eCommerce and Subscriptions

eCommerce and Subscriptions

Extendable

Extendable

F

Featured Content

Featured Content

G

Galleries

Galleries

I

Installation

Installation

Integration

Integration

L

Localisation

Localisation

M

Membership

Membership

N

News and Blogs

News and Blogs

Newsletters

Newsletters

P

Parental Controls

Parental Controls

Performance

Performance

Points

Points

Privacy Tools

Privacy Tools

Q

Quizzes and Surveys

Quizzes and Surveys

R

Rich Media

Rich Media

S

Search Engine Optimisation

Search Engine Optimisation

Searching

Searching

Security

Security

Spam Protection

Spam Protection

Stay on Top

Stay on Top

Structure / Navigation

Structure / Navigation

Support Tickets

Support Tickets

T

Template Programming Language

Template Programming Language

Testing tools

Testing tools

Themeing tools

Themeing tools

Third party integration

Third party integration

W

Warnings / Moderation

Warnings / Moderation

Web Pages

Web Pages

Web standards

Web standards

Website Polls

Website Polls

White-labeling (Debranding)

White-labeling (Debranding)

Wiki+

Wiki+

Newest 10 Entries

Question How does Composr implement the Model-View-Controller (MVC) pattern?
Answer
  • Model/API: The sources directory primarily houses scripts forming the Model/API, handling data logic and business rules.
  • View: Templates in themes/default/templates represent the View, responsible for presenting data to the user. Comcode pages can also be considered part of the View.
  • Controller: Entry scripts like index.php and site/dload.php act as front controllers, directing requests. Modules and blocks, residing in */pages/modules and sources/[mini]blocks, respectively, serve as controllers, managing user interactions and determining which View to render.

View

Question Can I translate my content into multiple languages?
Answer Yes, Composr supports multi-language content. You can enable this feature by:
  • Installing multiple language packs: Make sure you have at least two language packs installed.
  • Enabling the Conversr multi-language option: Go to Admin Zone > Setup > Configuration > Site options > Internationalisation.
  • Running a Commandr command: Execute the necessary command to set up the database structure for multi-language content (unless you already enabled Support content translations when installing).
Once enabled, you can translate your content into different languages and allow visitors to choose their preferred language.

View

Question My language uses gendered descriptors. How can I handle this in Composr?
Answer Composr offers solutions for languages with gendered descriptors:
  • Template editing: You can modify templates to use different language strings based on user gender. This involves adding Tempcode logic to dynamically select the appropriate string.
  • Custom Profile Fields: Create a Custom Profile Field for "Gender" and use it to conditionally display gendered language strings in templates.
These methods allow for flexible handling of gendered language variations.

View

Question What are language strings, and how are they used?
Answer Language strings are phrases or pieces of text used throughout Composr. They're identified by unique codenames, like WELCOME_MESSAGE. These strings are stored in .ini language files and used to display text in the user interface.

By translating language strings, you change the text displayed on your website without modifying the underlying code.

View

Question How can I contribute to translating Composr?
Answer You can contribute to Composr's internationalization by:
  • Joining the translation team on Transifex: Translate language strings collaboratively with other volunteers.
  • Becoming a language maintainer: Take responsibility for the translation and support of Composr in your native language.
  • Reporting translation issues: If you encounter unclear, incorrect, or duplicated language strings, file bug reports.
  • Providing feedback and suggestions: Share your thoughts on improving the translation process through feature suggestions.
Your contributions are valuable and help make Composr accessible to a wider audience.

View

Question What is Transifex, and how does it help with translation?
Answer Transifex is a collaborative online platform used by the Composr community for translation. Its benefits include:
  • Centralized translation efforts: Multiple translators can work on the same project.
  • Improved translation quality: The platform facilitates consistency and accuracy.
  • Simplified language pack creation: You can generate downloadable language pack addons directly from Transifex.
We encourage using Transifex for translation to foster collaboration and maintain high-quality translations.

View

Question Can I translate images with text on them?
Answer Yes, you can translate images containing text. In the themes/default/images/ directory, you'll find an EN folder containing images with English text.
  • Copy the EN folder: Create a new folder with the ISO code of your target language (e.g., FR for French).
  • Replace the images: Replace the English images with translated versions.
  • Ensure correct image paths: Update any references to these images in your templates or content to point to the translated versions.

View

Question How do I translate the content on my Composr website?
Answer Once you've installed a new language pack, you can translate existing content by:
  • Editing the content directly: Go to the specific content item (page, news post, etc.) and edit it in the new language.
  • Using the language editor: Access the language editor from Admin Zone > Style > Translate/rephrase Composr to modify language strings used on specific pages.
Note that some elements like forum names are not designed to be translated directly. Instead, you should create separate forums for each language.

View

Question How do I change the language of my Composr website?
Answer Composr comes with English as the default language. To change to a different language:
  • Download the language pack: You can download language packs from the Composr website.
  • Install the language pack: Upload the downloaded language pack addon through Admin Zone > Structure > Addons > Import non-bundled addon(s).
  • Change the default language: Go to http://yourbaseurl/config_editor.php and set the desired language.
  • Update your profile: If you had a previous language set in your profile, update it to the new language.

You can test a language without changing settings by appending &keep_lang=XX to the URL, where XX is the language code (e.g., FR for French).

View

Question What should I do after successfully importing data into Composr?
Answer After importing, if all files like avatars, photos, and attachments have been copied to Composr's directories, you can remove the imported product's directory. However, it's advisable to keep the directory, database, and import session for a few weeks in case any data was not correctly imported and needs further attention. Importing is a complex process, so keeping backups and sources for a while is a good practice.

View

Top 10 Entries

Question What defines a staff member in Composr?
Answer There are two ways to define "staff" in Composr:
  • System-defined staff: This includes administrators and super moderators who have specific privileges within the forum/member system (Conversr).
  • Privilege-based staff: Anyone granted the necessary permissions for a particular situation is considered staff for that context.

Composr prioritizes flexibility by utilizing privileges over fixed roles, allowing for customized staff responsibilities. However, certain features like "staff reply" in tickets inherently rely on a pre-existing understanding of "staff."

View

Question What steps should I take if my website has been hacked?
Answer If you suspect a security breach, take immediate action:
  • Identify the Cause: Analyze access logs for suspicious activity and pinpoint the vulnerability.
  • Clean and Restore: Restore your website from a clean backup and thoroughly remove any malicious code.
  • Address Vulnerabilities: Patch security holes, update software, and strengthen security configurations.
  • Seek Expert Help: If needed, consult security professionals for assistance with cleanup and prevention.

View

Question What additional security measures can I implement for my Composr website?
Answer
  • SSL: Enable HTTPS for encrypted communication and improved user trust.
  • Secure Zones: Configure sensitive zones to require confirmed sessions.
  • Restrict Logins: Enforce IP address confirmation for enhanced account security.
  • Maintenance Scripts: Restrict access to maintenance scripts like upgrader.php via IP restrictions.
  • Server Hardening: Disable unnecessary services, change default ports, enable automatic updates, and more.
  • Robots.txt: Use the robots.txt file to prevent search engine indexing of sensitive areas.

View

Question How does Content Security Policy (CSP) contribute to Composr security?
Answer CSP adds a layer of protection by controlling the resources the browser is allowed to load. It helps prevent:
  • XSS Attacks: By restricting inline scripts and limiting script sources.
  • Data Injection Attacks: By controlling the allowed origins for data requests.
  • Clickjacking: By specifying allowed framing sources.

Composr's CSP implementation utilizes "Trusted partner sites" and nonces for fine-grained control.

View

Question What is the purpose of "confirmed" and "non-confirmed" sessions?
Answer Composr distinguishes between confirmed and non-confirmed sessions for added security:
  • Confirmed: When you actively log in with your credentials.
  • Non-confirmed: When you return to the site and are automatically logged in via cookies.

You can configure zones to require confirmed sessions, preventing access from cookie-based logins alone. The Admin Zone uses this by default.

View

Question How can I enhance the security of my Composr installation on shared hosting?
Answer Shared hosting environments can be inherently less secure. Here are some tips:
  • Choose a Secure Host: Opt for hosts that offer suEXEC and open_basedir for better account isolation.
  • Test Security: Verify the host's security measures with the provided filesystem_browser.php script.
  • Restrict _config.php: Remove world-writable permissions from _config.php after installation.

View

Question How does Composr protect against Cross-Site Scripting (XSS) attacks?
Answer Composr utilizes multiple layers of defense against XSS attacks:
  • HTML Filtering: Configurable levels of filtering prevent malicious script injection.
  • Content Security Policy (CSP): Restricts the sources from which scripts and other resources can be loaded.
  • Input Sanitization: Data is sanitized before being processed to prevent malicious code execution.
  • Output Encoding: Data displayed to users is properly encoded to prevent interpretation as active code.

View

Question What are the different types of security alerts in Composr?
Answer Composr has a variety of hack-attack codenames that trigger security alerts and logging. Some common examples include:
  • DODGY_GET_HACK: Suspicious URLs with potentially harmful characters.
  • EVIL_POSTED_FORM_HACK: Possible CSRF attempts via malicious form submissions.
  • SCRIPT_UPLOAD_HACK: Attempts to upload PHP scripts, potentially malicious.
  • DOWNLOAD_PRIVATE_URL_HACK/TRY_TO_DOWNLOAD_SCRIPT: Attempts to download sensitive files.
  • BRUTEFORCE_LOGIN_HACK: Repeated failed login attempts.
  • SQL_INJECTION_HACK: Attempts to exploit SQL queries for data extraction.

You can customize alert handling for each type in data_custom/xml_config/advanced_banning.xml (Admin Zone > Security > Configure advanced banning).

View

Question What are some tips for secure website maintenance?
Answer
  • Avoid FTP: Use secure alternatives like SFTP or SSH for file transfer.
  • Secure Email: Enable SSL for IMAP and POP3 email protocols.
  • Strong Passwords: Use unique and complex passwords for different services.
  • Secure Computers: Keep your own devices patched and secure.
  • Maintenance Password: Remove the maintenance password from _config.php when not in use.

View

Question What are the main security features of Composr?
Answer Composr has a robust set of security features to protect your website, including:

Passwords:
  • Visual representation of password quality and enforcement of complexity rules.
  • Password expiry and prevention of re-use.
  • Secure password hashing, even if the database is compromised.
  • Temporary passwords for staff setup.

Login Restrictions:
  • Two-factor authentication via IP address approval.
  • IP address banning, including wildcard banning.
  • Session locking to IP addresses.
  • Configurable session expiry times.
  • Ability to prevent privileged actions from auto-logged in sessions.
  • Optional member approval process.

Auditing Systems:
  • Comprehensive audit logging of administrative actions.
  • Logging of user actions and IP address history.
  • Tools to analyze audit logs.
  • Failed login logging.
  • Hack attack detection, logging, and banning.
  • Email notifications for changes to user credentials.

Framework Security:
  • Protection against CSRF attacks.
  • Click-jacking prevention via CSP implementation.
  • Secure coding standards and scanning techniques.
  • Configurable HTML filtering to prevent XSS attacks.
  • Secure code modularization standards.

Other features:
  • Granular privileges and access permissions.
  • Content submission validation process.
  • Rootkit detection system.
  • Spam prevention systems.
  • Web application firewall rules.
  • Moderation systems.

View