? ? ? Success

User tests: Successful: Unsuccessful:

avatar Hackwar
Hackwar
30 Sep 2014

I'm giving support in the joomla IRC channel on Freenode and at least on 5 occasions in the last few weeks, someone had the issue that his site was broken due to some update issue or some random file not being written. To fix this, I wrote this PR.

This PR first of all unifies the database and warnings view of com_installer into one view. We have too many views in the installer as is and if it were up to me, I would merge the discover view and the update view into the manage view, too. Anyway, this merges these two views into the new service view. I'm doing this because it would be absolute overkill to introduce a new view simply for the filechecker.

This PR also introduces a file-checker feature, where it reads a file with and then checks if the file exists and if the MD5 hash of that file is identical to the hash in the .md5 file. It does not check for additional files that might be in the system, but it will give you a hint about core-hacks, etc.

This PR is not done yet. There are a few language strings that still need to be touched up and there is no real tool to create the MD5 file for us on the server side yet. I included /cli/createfilechecker.php to simply create such an MD5 file for the current installation, but it still needs to exclude some things, like the core templates, the .htaccess, robots.txt, etc. and it still needs to add a comment with the version that this .md5 is for at the top. Oh, comments are lines that start with a hash (#) and empty lines are ignored.

Please help in making this production ready. I'm open for suggestions.

Votes

# of Users Experiencing Issue
0/2
Average Importance Score
1.00

avatar Hackwar Hackwar - open - 30 Sep 2014
avatar jissues-bot jissues-bot - change - 30 Sep 2014
Labels Added: ?
avatar brianteeman
brianteeman - comment - 30 Sep 2014

@test corefile checker - it works but needs to have some sort of progress bar when checking files so that you now something is happening

Is this really a core function??

For someone who is always talking about small is best I think this is a perfect example of an extension that can be installed and not something that goes in the core. Having said that - core file checkers already exist



This comment was created with the J!Tracker Application at http://issues.joomla.org/.

avatar Hackwar
Hackwar - comment - 30 Sep 2014

@brianteeman Thank you for testing. Yes, there are core file checkers available and I normally vote for less-is-more, but that is why I merged the 2 views into one. That way at least some stuff is made smaller. :wink:

I think we need to adopt a different mode of operation in Joomla. We don't need to provide all features out of the box, but we need to provide those features that are either used VERY commonly or those that are used in times of crisis in a user-friendly manner. What I mean with that: When I want a multi-lingual website, I should be able to start a wizard that automatically enables the language plugin, downloads all requested languages, creates content languages and all necessary menu items automatically for me, without me having to do all those steps manually.

Another example is the time of crisis. As I said, I frequently get people that say "I've been hacked" or "I get a WSOD" or lately "I don't have any labels in my forms anymore" and the only thing that I was able to tell them so far was "Take a clean Joomla and copy it over your installation. Oh yes, and remember to remove the installation folder before copying it over." That process is extremely time intensive, not always possible because of core hacks and people, especially inexperienced ones, fear that they will break their site for good by doing that. With such a feature on board, I can simply say "Click that button in the backend and see the result. Those are the files that are broken."
That makes 20 seconds compared to 2 hours...

Long story short: Yes, I think this is a feature that should be core and it would be a great help for supporters and users everywhere.

I would not introduce a progress bar, since that would complicate this feature manifold and rather make that process take more time than less. I expect this to return in 10 seconds on most hosts and that seems to me as to be a resonable amount of time. That said, we should take a look at improving the service view to respond faster overall. Regardless of the filechecker, it feels a bit sluggish to me.

avatar brianteeman
brianteeman - comment - 1 Oct 2014

Progress Bar

In the real world a user will not wait 10 seconds for a page to do something after clicking a button. They will keep clicking until something happens.

False reports

If this tool by default only reports on changes to core files then a report that everything is good is useless. As the majority of hacks take place in non core files and folders - this is based on years of real world experience

Re-inventing the wheel

Seriously Hannes you are reinventing the wheel here and making it square. There are infinitely better tools already available.

I won't be testing this any further

This comment was created with the J!Tracker Application at http://issues.joomla.org/.

avatar brianteeman brianteeman - change - 1 Oct 2014
Labels Added: ?
avatar rdeutz
rdeutz - comment - 1 Oct 2014

I agree with Brian in general, adding that it gives people a false feeling of being secure.

This comment was created with the J!Tracker Application at http://issues.joomla.org/.

avatar Hackwar
Hackwar - comment - 1 Oct 2014

As I said above, this is not meant as a tool to fix hacks. If you know what you are doing, you can use it that way, but otherwise it is not. This is meant to help all those users that have somehow deleted parts of their Joomla or where an update failed or where they want to make an update, but don't know which files they modified before. Yes, this is not a feature to end all unwanted modifications and revert all hacks out there. And there are indeed better tools for this, like the file-checker by @kubik-rubik or several others. But that also is not the scope of this feature. The scope is to make life for several supporters in our community easier. As I said, up till now I had to tell a user to upload a fresh Joomla over his installation to try to fix his problem. Now I can tell him to click that button in the backend and in worst case I can even give him the direct URL to that feature.

It is also kept intentionally simple, so that as little as possible can interfer or break here. I could check for all files present in our webroot and report on existing and non-existing files and modified ones and maybe also cover the DB content, but that means a lot longer runtime, more memory and again more that can go wrong.

That is also why there is no progress bar. A progress bar would mean that I have to split the checking process into several steps, reporting back to Joomla after each one, storing my progress somehow and starting from that position again. I also need lots of Javascript on the browser side.

If you all feel that this would be such a bad idea to implement visibly for our users, then maybe we can have this at least as a hidden feature without the button in the backend. Then at least I can send users to /administrator/index.php?option=com_installer&task=service.checkFiles and thus can still help them easier than first explaining them which file checker to download, install, somehow get a clean checksum file, etc.

avatar brianteeman
brianteeman - comment - 1 Oct 2014

If it is a hidden feature it might as well be an installable extension.

On 1 October 2014 10:25, Hannes Papenberg notifications@github.com wrote:

As I said above, this is not meant as a tool to fix hacks. If you know
what you are doing, you can use it that way, but otherwise it is not. This
is meant to help all those users that have somehow deleted parts of their
Joomla or where an update failed or where they want to make an update, but
don't know which files they modified before. Yes, this is not a feature to
end all unwanted modifications and revert all hacks out there. And there
are indeed better tools for this, like the file-checker by @kubik-rubik
https://github.com/kubik-rubik or several others. But that also is not
the scope of this feature. The scope is to make life for several supporters
in our community easier. As I said, up till now I had to tell a user to
upload a fresh Joomla over his installation to try to fix his problem. Now
I can tell him to click that button in the backend and in worst case I can
even give him the direct URL to that feature.

It is also kept intentionally simple, so that as little as possible can
interfer or break here. I could check for all files present in our webroot
and report on existing and non-existing files and modified ones and maybe
also cover the DB content, but that means a lot longer runtime, more memory
and again more that can go wrong.

That is also why there is no progress bar. A progress bar would mean that
I have to split the checking process into several steps, reporting back to
Joomla after each one, storing my progress somehow and starting from that
position again. I also need lots of Javascript on the browser side.

If you all feel that this would be such a bad idea to implement visibly
for our users, then maybe we can have this at least as a hidden feature
without the button in the backend. Then at least I can send users to
/administrator/index.php?option=com_installer&task=service.checkFiles and
thus can still help them easier than first explaining them which file
checker to download, install, somehow get a clean checksum file, etc.


Reply to this email directly or view it on GitHub
#4400 (comment).

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

avatar brianteeman brianteeman - change - 17 Oct 2014
Status Pending Needs Review
avatar brianteeman
brianteeman - comment - 17 Oct 2014

Setting to Needs Review so the maintainers can make a decision on this

avatar roland-d
roland-d - comment - 14 Sep 2015

@Hackwar Thank you for your contribution but the PLT has decided not to include this into the core and is more suitable as an extension. Closing the issue as such.

avatar roland-d roland-d - change - 14 Sep 2015
Status Needs Review Closed
Closed_Date 0000-00-00 00:00:00 2015-09-14 20:35:11
Closed_By roland-d
avatar roland-d roland-d - close - 14 Sep 2015
avatar joomla-cms-bot joomla-cms-bot - change - 14 Sep 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment