Solution for the JFolder::create: Could not create directory error

If you are getting this with your Joomla 1.5.x, then you error is simple, you got to check the directory permissions for the module, templates and tmp folder.

Check as well the tmp folder location with your Hosting. If you point to the wrong location it will not be able to create a temporary directory and move files. Usually the /tmp used on the configuration file should do the deal (this was my issue, I was using an folder other the the tmp as temporary folder and it was failing).

Have fun.

Creating a template for Joomla 1.5

There is not too much secret to create a template for Joomla 1.5. The concept is the same as breaking a design for any site and you just need to know some content anchors and some “must have” files to make it work.

Let’s start with the “must have files”. No matter what kind of template you are building you will need the following:

• index.php
• templateDetails.xml
• template_thumbnail.png
• a css folder with template.css (or whatever name you want to use.css) inside
• a images folder with at least the logo.png file (must have this name)

If you have this, your template is half away to be complete.

The templateDetails.xml is tricky and it have changed from the 1.0.x version to the 1.5.x version. Anyway this file must have the following parameters:

• xml opening tag: <?xml version=”1.0″ encoding=”utf-8″?>
• install open with version and type described: <install version=”1.5″ type=”template”>
  • name: this will be the name displayed on joomla for your template, but it will be as well the directory of the template
  • creationDate
  • author
  • copyright
  • authorEmail
  • authorUrl
  • version: the version of the template
  • description: the description that will be shown for the administrator on joomla
  • and files: all the files that you use on your template
    • with filenames (off course has to contain  the “most have” files)

Now all you need to do is break the design and attach the content anchors on your file and this is how it works. When you go the module manager on Joomla you will see a bunch of module positioning availabe. Copy those names, you will need them. They are the current anchors that you have available to use on your template. You can definitly change what module is on which positioning on the module manager, and that can affect the use of your template.

Anyway, for any module positioning on your template, let’s say, left, you will use the following command:

<jdoc:include type=”modules” name=”modulename: left for example” />

You don’t need to write a html header, those Joomla will take care of, but you will need to tell Joomla to do that and for that you will need to use:

<jdoc:include type=”head” />

At the very first line of your index.php you will need to test if you can execute Joomla. It’s required for the template. Anyway, you still have to work out some other checks needed for Joomla to work, so this is how your header must be:

“<?php
defined( ‘_JEXEC’ ) or die( ‘Restricted access’ );
JPlugin::loadLanguage( ‘tpl_SG1′ );
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml” xml:lang=”<?php echo $this->language; ?>” lang=”<?php echo $this->language; ?>”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; <?php echo _ISO; ?>” />
<?php if ($my->id) { initEditor(); } ?>
<jdoc:include type=”head” />
<link rel=”stylesheet” href=”templates/system/css/system.css” type=”text/css” />
<link rel=”stylesheet” href=”templates/<?php echo $this->template ?>/css/template_css.css” type=”text/css” />
</head>

Now, construct your template how it should be. Add the anchors and for the content area, add the following anchor:

<jdoc:include type=”component” />

You are done. Keep these tips and tricks in mind and you will create a Joomla Template in no time.

Joomla 1.5.x Exploit – How to fix

Sites being hacked, friends calling me to ask to fix, and long explanations about why this is happening, just drove me a little bit stressed, so I have decided to write a small how to for fixing this issue.

There are 3 basic steps that you need to do to fix a hacked Joomla 1.5.x website. It’s very simple, but you will need access to a FTP of your website.

1st. Restore the index.php file that is currently on your website. There’s a good chance that it have been replaced to a hacked one. If you don’t have one backup of your website (big mistake) download a newer version from Joomla and copy the index.php to your website.

2nd. Fix or replace the /components/com_user/models/reset.php file. For fixing is simple:

After global $mainframe; on line 113 of reset.php, add:

if(strlen($token) != 32) {
	$this->setError(JText::_('INVALID_TOKEN'));
	return false;
}

I have made a fix on this file and if you want to download it, be my guest, just hit here.

3rd. Ask for another password for your administrator user. For that you just need to write the site url and add this: index.php?option=com_user&view=reset.

The url will be something like this: http://www.yourDomainName.com/index.php?option=com_user&view=reset

Note: before you do this, be sure that you have access as a super administrator of the site, otherwise you might have a bigger headache to take care of.

Joomla 1.5 password reset exploit

Today I had one of my clients hacked with a recent exloit of the Joomla 1.5.x family. The exploit allows you to easily reset the first user password which usually is the administrator user. After some digging I could find how to reproduce the exploit and guess what, even a 5 years old could perform that. It’s so simple that’s scary.

Anyway if you are currently using Joomla 1.5.x you should upgrade it to 1.5.6.

More info at: http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html