jphpx provides inclusion of custom codes in Joomla 4.x and Joomla 5.x. With jphpx, scripts in PHP, HTML and JavaScript can be integrated into module positions, articles, categories and user-defined modules from Joomla. Static HTML and Text pages can also be used. Full access to Joomla variables, functions and constants with PHP scripts is possible.
Code can be provided from the file system and the Joomla database. The supplied jphpx component enables the management and usage of code that is stored in the database repository. You may:
- Load any text based code into the database system
- Define or change access rights
- Update code
- Delete code
- deploy applications using stored code
This significantly improves the capebilities of jphpx and the security of access to the code used.
If you are looking for very special components for your Joomla website and cannot find what you are looking for in ready-made solutions, you can create a wide variety of solutions yourself with jphpx . Regardless of whether you may add applications for automatic conversion of prices into other currencies, the dynamic display of database content or the use of larger web applications, individual components can be created without any problems. The operation of jphpx is very easy despite this variety of usage options. The extension is available free of charge and under a free software license (GNU GPLv2).
1. Installation of Package
You may install jphpx on your Joomla site using the 'Install from Web' method because jphpx is available in the Joomla extensions database. Alternatively carry out the following installation steps:- Download the jphpx installation file from my website
- Log into your Joomla as an administrator
- Select in the menu: Extensions -> Manage -> Install
- Select the tab: Upload package file
- Click the Choose File button
- Select the package file that you downloaded earlier
- The upload and the installation will start automatically
2. Use jphpx component
Since version 1.3.0 the jphpx system package also provides a component. You can use "Components" -> "jphpx applications" to define your php scripts in the admin backend and then use them.3. Provision of the jphpx module
With version 1.3.3, the jphpx system package also provides a module. For example, you can use your own php applications or php code for a Joomla module without having to develop and create a Joomla module yourself.4. Configuration of Plugin
After the installation of jphpx the system plugin is not yet configured. Therefore select the menu item "Extensions-> Plugins" in the administrator console and open the system plugin jphpx . Check / change the following:- Status - Check whether the status shows "Activated".
- Optional path prefix - Optional path prefix to the code file. It is prepended to the file path name to be included. If it is left blank, it is the same as Joomla! Root directory.
- Only DB access - If set to Yes, only the code stored in the database can be used.
- Allow Edit Apps - If set to Yes, allow execution of plugins with editor applications
- Secure Ajax - with this you can secure Ajax variables that are delivered with "$ _GET", "$ _POST" or "$ _REQUEST" in order to exclude malicious or incorrect code.
- Default type check specify which check should be carried out for the request parameters if no type check was requested via the request parameter "check_type".
You now have completed the installation steps.
- easy and fast integration of intelligent Javascript, PHP and HTML scripts into your Joomla! Content.
- fast development of not only small and simple adapted modules and plug-in solutions based on PHP, Javascript and HTML content, form integration and much more. But also for the use of more complex solutions including database applications, without having to develop your own Joomla component or module.
- load any code into the database system
- Define or change access rights
- update code
- Delete code
- Provide applications to use the defined code
Howto to use application
- Via the menu item "Components" in the administrator backend you select the option "jphpx application" or "jphpx code entry". This calls up the component and you can now define a new jphpx application clicking the "New" button. With this, a title of the application, the source (the path and the filename), the access and the activation code must be entered. With the "Save" button, the new code entry becomes available after it has been stored successfully.
- Then set up access to this application via "Menus". For "menu entry type", select the types
jphpx Applications
- After saving, the application is then immediately available.
{jphpx .... }. The source of your code is then defined within square brackets:
{jphpx [.. your code]}Code can be loaded via the file system and from the jphpx database table. For loading from the file system, simply enter the path and file name (e.g.):
{jphpx [php-apps/games/sudoku.php]}It becomes easier if the code is available in the jphpx database table. Here only the ID number of the code stored in the database table is given with a preceding asterisk.
{jphpx [*10]}
With version 1.3.3, the jphpx system package also provides a module. For example, you can use your own php applications or php code for a Joomla module without having to develop and create a Joomla module yourself.
Note: When updating from version 1.3.2 to version 1.3.3 using the Joomla Updater, the jphpx module will not be installed. Therefore reinstall the complete jphpx package or download and install the jphpx module.
Howto to use a jphpx module
- Via the menu item "Components" in the administrator backend you select the option "jphpx application" or "jphpx code entry". This calls up the component and you can now define a new jphpx application to be used for your module by clicking the "New" button. With this, a title of the application, the source (the path and the filename), the access and the activation code must be entered. With the "Save" button, the new code entry becomes available after it has been stored successfully..
-
Now create a module with this jphpx application (the jphpx code entry). Select "New" for a new Joomla module via the menu items "System"->"Site Module" in the administrator backend. Then select "jphpx module" from the list of available modules. In the display of the
jphpx module
Thousands of php applications, application examples or code snippets are available on the web, of which certainly some of them may cover desired functions. It is worth taking a closer look and testing the code under Joomla. There are a few things you should pay attention to or consider.
First of all, the most important thing: secure the code of your scripts against outside access . To do this, add the following php statement as the first line in your script:
defined ('_JEXEC') or die ('Restricted access');This prevents your php script from being called outside the Joomla environment.
defined('_JEXEC') or die('Restricted access'); use Joomla\CMS\Factory; use Joomla\CMS\Uri\Uri; ...Detailed information about the Joomla Application Interface (API) is e.g. available at Joomla Developer's Sites .
$document = Factory::getDocument (); $document->addScript(Uri::root(true) . "/my_media/script.min.js"); ...
php scripts of such web applications run on the client side with the help of jphpx under the control and in the environment of Joomla - the server side, however, cannot be executed in the same way under the umbrella of Joomla.
Since version 1.3.0 of jphpx this restriction has been resolved, as the jphpx system plugin suports Ajax requests with the help of the Joomla Ajax interface to be run. The following measures are necessary for this implementation.
- The client and server programs (the respective php scripts) must be defined as jphpx code entries
- Ajax requests are based on request urls. These urls have to be changed for the Joomla Ajax interfaces:
index.php?option=com_ajax&plugin=jphpx&group=system&format=raw&id=nn
&id=nn is the id of the jphpx code entry of the server program.
php-apps/server.php?request=1&data=new
then this will be the new ajax url (for a jphpx code entry id=10 of the server program)
index.php?option=com_ajax&plugin=jphpx&group=system&format=raw&id=10&request=1&data=new
The following should still be observed and checked for server scripts.
- Includes (or requires) should be checked for correct results and the path and filename adjusted.
- Access to external files should be checked for errors and the path and filename should be adjusted.
- php globals are not supported
- if there are errors caused by the server script, an "HTTP 500 Internal Server Error" is produced. Then check your server script and/or analyze the Apache logs.
Use Secure Ajax
You can use the plugin parameter "Secure Ajax" or the use of request parameter "&secure_parm=1" to improve the security of variables provided with "$ _GET", "$ _POST" or $_REQUEST".In addition, you can use the plugin parameter "Default Type Check" to specify which check should be carried out for the request parameters if no type check was requested via the request parameter "check_type".
With the request parameter "check_type" you can check for valid input:
- &check_type="STRING" - (default) Converts the input to a plain text string; strips all tags / attributes.
- &check_type="INT", &check_type="INTEGER" - returns the first integer found in the parameter value
- &check_type="UINT" - checks for an unsigned integer
- &check_type="FLOAT", &check_type="DOUBLE" - returns the first float found
- &check_type="BOOL", &check_type="BOOLEAN" - Expects values 0 ot 1 (note that "true"' or '"false" are Strings)
- &check_type="WORD" - Only allow characters a-z, and underscore
- &check_type="ALNUM" - only alphanumeric characters are allowed
- &check_type="CMD" - Allow a-z, 0-9, underscore, dot, dash. Also remove leading dots from result.
- &check_type="HTML" - converts the input to a string; strips all HTML tags and attributes.
- &check_type=""PATH" - Converts the input into a string and validates it as a path
- &check_type="RAW" - no check are done , be careful using this, to avoid injection attacks on your website!
- &check_type="USERNAME" - strips all invalid username characters.
My php applications are examples of this implementation - they run on the client side as well as on the server side completely under the control and environment of Joomla.
- Code stored in filesytem
- Code provided via jphpx Datenbase Table
Code stored in filesytem
With the plugin parameter "Path Prefix", the specified path is placed in front of the file path name to be included. For example, if the path prefix is set to "php-apps/", the php code can only be loaded from this directory or subdirectories. A jphpx plugin tag as specified:{jphpx [test/my-script.php]}will use and load the file " php-apps/test/my_script.php ". Another directory outside "php-apps" (e.g. "modules /") cannot be used. So you can easily control that code cannot be used from the entire Joomla file system, but only from the directories over which you exercise control.
Code provided via jphpx Database Table
You have absolute control over the php scripts used if the code is allowed to be loaded only from jphpx's database tables. This option can be set via the plug-in parameter "DB access only". A user with administrator rights will then load, manage and provide content available in the database. The jphpx component enables php code (or other text-based content) to be loaded into the jphpx database table and managed.
Users who have access to the Joomla file system might then change code in the file system, but only have read access to the stored code from the database via the jphpx plugin tag. If a user requests code from the file system via the plugin tag of jphpx, the request is rejected an d will produce an error message.
Joomla Security
Joomla includes many features that help with the task of securing applications and extensions built on it. You should always use these features if at all possible as they have been tried and tested by the many eyes of the developer community and any updates that might conceivably be required in the future will be automatically available whenever a Joomla update is applied.Getting data from the request
All input originating from a user must be considered potentially dangerous and must be cleaned before being used. You should always use the Joomla JInput class to retrieve data from the request, rather than the raw $_GET, $_POST or $_REQUEST variables as the JInput methods apply input filtering by default. JInput deals with all aspects of the user request in a way that is independent of the request method used. It can also be used to retrieve cookie data and even server and environment variables. However, it is important to use the correct JInput method to ensure maximum security. It is very easy to just use the JInput->get method with default parameters and ignore the fact that in many cases it is possible to apply a more stringent requirement on user input.
To get more information please read article abour Secure coding guidelines. with Joomla.
Migration jumi plugin
This move is the easiest. Here you swap the value "jumi" with the value "jphpx" in the Jumi plugin tag. Everything else stays the same.Migration jumi module
The Jumi module can no longer be used. Instead, if using the latest version of jphpx you now may use the (new) jphpx module. With a second (previous) option you may use Joomla's option "custom module" Here you can use the jphpx system plugin to integrate your own PHP scripts. e.g. to create a slider module.Migration of the jumi component
The Jumi component can be completely replaced with the jphpx component. The following steps may be used to accomplish this.- Define your application via "jphpx applications" (set up a new jphpx code entry).
- Set up a link to this application via Admin backend option "Menus". For "menu entry type" select the types "jphpx applications->Application" from the offered types. Then select the required jphpx application.
Download jphpx System Package
jphpx is free software - however, you must observe the GPL license conditions in order to use this software. Detailed information about GPL and the use of free software can be found at GNU Org. To download jphpx please click download button:
jphpx Version 1.3.3
jphpx System Package for Joomla version 4 and version 5