Structure: Composr's forums follow a hierarchical structure. You can create forum groupings, forums, and sub-forums (and sub-sub-forums etc) in that order of hierarchy.
Strategies: Avoid creating too many forums, which can dilute activity. Start with a few well-defined forums and expand as needed.
Permissions: Use Composr's permission system to control access to forums and features. For example, you can create private staff forums.
Composr provides several tools to help you stay up-to-date with forum activity:
Virtual Forums: Special forums like "Posts since last visit" and "Topics with unread posts" provide filtered views of recent activity.
Read Status: Topics with unread posts are displayed in bold with a jump-to-first-unread link. You can manually mark topics or entire forums as read or unread.
Notifications: You can enable email notifications for specific topics or forums, either manually or automatically based on your activity.
What security measures should I consider for local payments?
Answer
While Composr supports local payments (Authorize.Net), it requires high PCI compliance. Ensure you adhere to the PCI Data Security Standard (PCI DSS) guidelines, including secure coding practices, firewalls, intrusion detection systems, regular security audits, and staff screening.
Composr provides tools for monitoring your eCommerce activities:
Sales list management: Cancel purchases, view sales history, and manage refunds (Admin Zone > Audit > eCommerce > Sales list management).
Charts: Generate profit/loss accounts and cash flow diagrams for specific periods (Admin Zone > Audit > eCommerce, and Admin Zone > Audit > Site statistics).
Manual transactions: Record transactions outside of Composr for accurate accounting (Admin Zone > Audit > eCommerce > Manual transaction).
Monetary payments: Issue refunds through your payment gateway.
Point payments: Manually refund points through the points system.
Cancellations: Cancel purchases in the Admin Zone to allow repurchasing. Remember to manually undo any associated actions (e.g., removing name highlighting).
Composr supports PayPal, CCBill, and Authorize.Net for processing payments. While Composr could be extended to support other gateways, doing so may require professional development and customization.
How do I open or close my Composr website to the public?
Answer
By default, your Composr site is closed after installation. To open it to the public (or to close an opened site), go to Admin Zone > Setup > Configuration > Site options > Closed site and adjust the setting accordingly. You can also configure a closed site message.
While a closed site prevents public access, it's worth noting that users can still join a closed Conversr-powered site if they have access to the join module URL. However, they won't be able to log in unless they're assigned to a usergroup with "Access closed site" permissions. You can modify the join module's permissions to restrict access further.
What is the .htaccess file and how does it relate to Composr?
Answer
The .htaccess file is a configuration file for the Apache web server. It allows you to define settings that apply to the directory where it's located and its subdirectories.
Composr can leverage .htaccess to enhance security and enable features like "URL Schemes." You can try renaming the provided recommended.htaccess file to .htaccess. This file includes recommended options that tighten security and ensure Composr has necessary PHP and Apache features activated.
Note that some web hosts might restrict the use of .htaccess files.
You should regularly review recommended.htaccess for changes between Composr updates.
Composr employs a multi-layered permission system with two main types: privileges and access permissions. The system grants users the best possible access based on the combination of their usergroups.
Privileges define broad permissions, such as accessing a closed site or content manipulation abilities based on impact level (low, medium, high). You can set privileges for usergroups via checkboxes, with the option to override them for specific pages or categories. Go to Admin Zone > Security > Global privileges.
Access permissions control what content users can view. These permissions are layered:
Zone access permissions
Page (or content entry) access permissions
Catalogue access permissions
Category access permissions
To configure access permissions, you can edit the specific resource or utilize the Permissions Tree Editor under Admin Zone > Security > Permissions Tree Editor.
The system scheduler is crucial for scheduled tasks like sending notifications, running backups, and processing reports. To set it up, you need to schedule a system-level task to run the data/cron_bridge.php file at least every 10 minutes. This links Composr's scheduler with your server's scheduler (like Cron on Linux).
Composr can often detect the correct command to use for your setup. You can check by visiting http://yourbaseurl/data/cron_bridge.php?query_mode=1, which should display the suggested Cron command. Note that you may need to replace the php command with the absolute path to PHP if you cannot use the php command directly.
If your hosting doesn't support Cron or scheduled tasks, you can enable scheduled tasks to run when visitors access your site. Navigate to Admin Zone > Setup > Configuration > Performance options and check "Web requests run scheduled tasks". Keep in mind that this method relies on visitor traffic and isn't as reliable as a dedicated scheduler.
Alternatively, consider using external services like EasyCron, setcronjob.com, or onlinecronjobs.com. These services allow you to schedule calls to the data/cron_bridge.php script by URL at specified intervals.
What are the different security levels in Composr's Setup Wizard and what do they affect?
Answer
Composr offers five security levels in the Setup Wizard: Minimum, Low, Medium, High, and Ultra High. Each level sets various security configurations that you can later customize under Admin Zone > Setup > Configuration.
The security levels influence settings such as:
Content Security Policy
Session expiry time
Password reset process
Password expiry days
Minimum password length and strength
Login error secrecy
IP strictness for sessions
Cryptographic ratchet
CAPTCHA usage
Brute force threshold
Audio CAPTCHA
URL Monikers
.htaccess restrictions on maintenance scripts
Enquiry on new IP addresses
The higher the security level, the more stringent the security measures, with Ultra High offering the most robust protection but the most potential inconvenience to users.
Generally, you should use these settings depending on your site:
Minimum: Very bare-bones informational-only sites
Low: Sites which do not allow public registrations and do not use eCommerce but have content managed by different staff, and are not concerned with privacy or data
Medium: Sites with social features / public accounts but do not use eCommerce.
High: Sites which use eCommerce.
Ultra High: Sites containing very sensitive data, such as but not limited to cybersecurity sites, government departments, banks, healthcare, etc.
You can change your site's logo manually or by using the Logo Wizard. To change it manually, go to Admin Zone > Style > Themes. Choose "logo/-logo" from the dropdown list, which represents the logo for the Welcome Zone and any zone without a specific logo. Replace the current image by uploading a new .jpeg, .gif, or .png file. Ensure that the 'Name' field remains unchanged.
Composr is built using a series of addons that provide different functionalities. All "bundled" addons are installed by default. Once you are familiar with Composr, it's recommended to remove any bundled addons you don't need to simplify your site and prevent accidental exposure of unconfigured features to visitors (the Setup Wizard can also uninstall these addons based on your preferences). You can manage addons by navigating to Admin Zone > Structure > Addons. Uninstalled addons are archived and can be restored later, but any associated data will be permanently lost.
Composr also offers non-bundled addons. These addons are not bundled because they are not considered mainstream, rely on third-party services, haven't been vetted to Composr standards, or don't fully conform to those standards.
You can install non-bundled addons by going to Admin Zone > Structure > Addons, scrolling to the bottom and clicking "Import non-bundled addon(s)". You will need to browse to the addon file and click the import button. Once imported, review the warnings and proceed to install the addon.
You can also download and import addons from this website under the Downloads section.
What are some of the default Comcode pages in Composr?
Answer
Composr includes several default Comcode pages, each serving a specific purpose:
home (Welcome and Site zones): The default front pages for the respective zones.
sitemap (Welcome zone): Displays the sitemap, typically generated automatically.
_rules (Welcome zone): Outlines the site rules, also displayed during registration. The "rules" page (no underscore) is a wrapper for this page.
privacy (Welcome zone): Provides privacy policy information. By default, this is generated automatically with Composr's privacy policy generator block.
404 (Welcome zone): The page shown for 404 errors (page not found) and includes a sitemap.
help (Site zone): Contains general help information.
userguide_comcode (Site zone): A basic guide to Comcode for users.
Remember that you can edit these default pages or create entirely new ones to tailor your site's content to your specific needs.
If you want to prevent a Comcode page from appearing in your sitemap, you can simply prefix its name with an underscore (_). For example, pages named "_test" or "_example" would be excluded from the sitemap. Note that this generally does not hide the page from your site itself (to do that, use the validation addon to turn validated to "OFF" for the pages); it only hides them from the sitemap / search engines.
