The first installation decision is whether Joomla will be installed locally or remotely. You may have a Web service provider such as GoDaddy.com or SiteGround.com that will be serving your Web site. In these cases, all of the primary server software, including PHP and MySQL, are already installed and available for use. Activating Joomla is simply a matter of uploading the Joomla installation image and completing the process. If you're installing locally, you have much more to do.

Following are some of the advantages of a local installation:

Following are some of the disadvantages of local installation:

If you would like to have a local installation but don't have a business-grade Internet connection, look into co-location options provided by your local Internet service providers (ISPs). Many ISPs have excellent pricing that allows you to locate your server on their premises and hook into their Internet backbone for a fee.

The choice of a platform can be a difficult one, and there are too many variables involved in the decision that will be particular to your situation to list here. It may boil down to your comfort level with a given operating system, or the consideration of licensing fees (Linux is free, while Windows and MacOS both require licensing fees). While the platform choice may affect performance, it shouldn't have a significant effect on the Joomla installation process. Most Joomla administration occurs through the Web interface, so the platform is immaterial to the interaction with the system.

Further, Joomla uses the PHP and MySQL technologies, which are very nearly identical on all of the platforms. Therefore, you are going to be interacting with the system in much the same manner regardless of the platform.

You can choose to individually install each piece of server software or use a combined installer such as XAMPP (pronounced as either "x-amp" or "zamp"). When describing an installation setup, administrators often use acronyms such as WAMP, LAMP, or MAMP. These acronyms indicate the target platform providing the first letter (W = Windows, L = Linux, and M = MacOS) of the operating systems, and the other three letters representing the servers to be installed (Apache, MySQL, and PHP). The most popular combined installer is called XAMPP, where the X represents a variable, since the installers are available for all three operating systems. The two "PPs" in "XAMPP" indicate PHP and Perl software, both of which are included with the installation. Although Joomla doesn't use Perl, it won't affect server performance.

XAMPP installers overcome one of the major obstacles to open source deployment: packaging. Open source developers are notorious for releasing software that, while stable when executing alone, breaks integration with existing versions of other necessary software. (For example, a new Apache version will no longer work with the stable version of PHP.) An XAMPP installer avoids these problems by shipping only fully compatible versions together. That means that you can download a single installer, execute it, and have an integrated server system up and running in very little time.

While the XAMPP installer provides easy and quick installation for staging or testing, it has some serious disadvantages. Central among those is the problem of security. The default installations of the servers in the XAMPP package leave all avenues of security penetration wide open. Further, there are many unneeded applications (such as Perl), extensions, and modules included in the install that can bog down your system. In fact, the amount of space used on your local drive will be more than three times greater than if you installed the servers needed for Joomla separately.

If you are a beginner, an XAMPP installer is fantastic to get you up and running in a short time. If you're slightly more advanced, even though you're sure to run into a problem or two, individual installations may be the way to go.

Keep in mind that the platform may also help determine how you want to perform the installation. For example, on the MacOS, Apache server is already natively installed—it needs only to be activated. Likewise, if you're going to use IIS as your Web server on the Windows platform, it is likely already installed. The servers included would create redundancy for the existing technology, and at worst they may conflict with servers already in place.

If you are running on the Windows platform, you have a choice to make for the Joomla Web server: You can run either Apache or Microsoft Internet Information Server (IIS). The choice is a difficult one for several reasons. The primary reason to use Apache on Windows is that compatibility between Joomla and Apache is well tested and understood. However, there are several reasons why you might want to choose IIS instead:

To install Joomla on the Windows platform, first ensure that IIS is running properly. You can test for IIS by going to the Control Panel

http://localhost

Before you can run Joomla, you must install PHP and MySQL so that the execution and database technology is available. You can obtain PHP from the following URL:

http://www.php.net

Follow the PHP installer as you normally would. At the Web Server page of the Installation Wizard, choose your version of IIS, as shown in Figure 2-2. The PHP installer will automatically configure IIS to work with PHP.

That's about it! Even though PHP doesn't notify you that a reboot is required, it is. You must reboot your machine for the Path variable to be set to address the new PHP directory. If you have any problem getting PHP working, check the Path variable by opening the Control Panel

If the PHP engine still isn't running properly (see the next section for a way to test it), try checking if there is a PHP.ini in your Windows directory. If so, ensure that it is configured to point to the proper directory. If not, try copying the PHP.ini there. You should stop and restart the server to make sure the PHP extension is reset after any change.

Figure 2-2. Choose your version of IIS for PHP configuration.

When optimizing Apache to run Joomla most effectively, you will have to check all the configuration directives that the Web server uses. The recommended settings are not one-size-fits-all. How you configure the Web server is governed largely by how you see your audience. Do you have thousands of users who will be visiting your Joomla site for a few minutes and leaving? Or, are you trying to make your site a portal where users will spend a majority of their Web time logged in to your site?

Setting the correct values for some parameters such as those relating to timeouts will take some experience, but you can adjust some settings immediately to make your life as a Joomla administrator easier. The most important directives for Joomla include DirectoryIndex, LogLevel, and ServerRoot.

# DirectoryIndex: sets the file that Apache will serve if a directory is requested
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

DirectoryIndex index.php index.html

[Sat Nov 18 08:16:04 2006] [error] [client 127.0.0.1] File does not exist:
C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/AVE, referer:
http://www.yahoo.com/

ErrorLog syslog:logwarehouse

http://en.wikipedia.org/wiki/Syslog

ServerRoot "/usr/local/apache"

ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"

The Apache log files can be your best friend when it comes to monitoring your Web server. Although there are some Joomla extensions that can record site statistics, their use is not recommended because of the decrease in server performance. Therefore, if you want to monitor your closely traffic, you must do it through the actual Web server log files. There are three primary types of log files: access, error, and install.

Monitoring these log files can help you do the following:

After you install Apache and run it for a short time, check out the /logs directory at the Apache directory root. You will see the three main log files here. Take a look at each file with a standard text editor so that you will be familiar with them. As you progress through this book, you will return to these logs to understand the adjustment and maintenance of your Joomla site.

The /modules and /extensions folders contain all of the Apache plug-ins that allow the Web server to interact with other software, including PHP. For a Joomla installation, you're unlikely to modify these folders. However, if you experience a problem or begin having some strange results, it is often a good idea to check the version numbers of the individual modules to determine if there is an upgraded version available.

On the Linux platform, you can generally find the version of a module or extension using the file command like this:

file mod_authn_dbm.so

On the Windows platform, you can check the version numbers of each extension or module simply enough by looking at the version tab on the properties of the file, as shown in Figure 2-8. You can do a search on the Web or the Apache Web site (www.apache.org) to see if other users are having difficulty with the version of plug-in installed on your system. If you post a question regarding your problem, be sure to include the version numbers of the plug-ins that you're using so that responders can accurately assess your situation.

Figure 2-8. If you have problems, check the versions of the files in the modules and ext folders.

Not all modules located in these folders are active. You can use directives in the httpd.conf file to individually activate or disable a plug-in. Note that additional modules not included with the core install are available for download here:

http://modules.apache.org/

By default, all of your Web content is stored in this directory. You have to be particularly careful on the security settings that you allow for the /htdocs folder. Since hhtdocs files have execution privileges for PHP code, if a hacker can find a way to place custom code or a virus into this directory, the potential for mischief is significant. Chapter 14 discusses the best methods of configuring this folder for security.

There are many PHP settings, but not all are directly relevant to a Joomla installation. Many settings you will never need, so this chapter only details the most important ones to a Joomla user. Of the directives listed that are critical to a Joomla user, the one that changes the error reporting display is the most important.

display_errors = On

log_errors = On

error_reporting = E_ALL|E_NOTICE

error_reporting = E_ALL & ~E_USER_NOTICE

Warning: session_start() [function.session-start]:
open(C:DOCUME~1dannyLOCALS~1Tempphpuploadsess_6lp0kg4fu0fho3lvagt3je8d74,
O_RDWR) failed: No such file or directory (2) in C:Program FilesApache Software
FoundationApache2.2htdocslibrariesjoomlaenvironmentsession.php on line 234

session.save_path="C:DOCUME~1dannyLOCALS~1Tempphpupload"

session.save_path="C:/Program Files/Apache Software
     Foundation/Apache2.2/htdocs/php_sessions"

session.save_path = /var/php_sessions

session.save_path = /billcat/ws/b1833/pow.dan/php_sessions

The setup of MySQL is at the same time the simplest and the most complicated of the servers used by Joomla. I have never had a MySQL installation fail on a fresh system, while I have had problems at one time or another with the stable release of all the others. That said, there can be problems getting MySQL to communicate effectively with the other servers—PHP most notoriously.

Activating the Path Parameter on Windows

On the Windows platform, if you execute Joomla and it shows that MySQL isn't active, be sure that you've rebooted your system since installing PHP. To correctly access PHP extensions, the Path variable must be set to make the PHP directory available. PHP automatically adds the path to the Path setting. However, the Path variable is only read and activated at boot time, so any changes to the variable are not active until the system has been rebooted after installation.

You can check to make sure that the Path variable is set properly by going to Control Panel

This Path string is generally fairly long, so when I need to examine or edit it, I select the variable, and click the Edit button, which will display the field in a text box. The entire path string will be selected, so use Ctrl+C to copy it to the Clipboard. Then paste the string into an editor like Notepad where you examine it and make changes more easily.

Verify that the path to your PHP directory is found in the string. If it is missing, you can change the Path string by simply adding a semicolon (;) after the last entry and then typing the PHP path. Reboot the machine and try again. That corrects the problem in a majority of cases.

SET PASSWORD FOR joomlaAdmin' = OLD_PASSWORD(password'),

Strict Mode and Data Insert Problems

With the database connectivity working, your MySQL problems may be over—or maybe not. In Joomla, when attempting to install the sample data, if you have display errors turned on or you check the Apache log file, you may see an error such as this:

SQL=BLOB/TEXT column 'comments' can't have a default value: ...

This type of error indicates that you are probably running MySQL in strict mode. That means that either STRICT_TRANS_TABLES or STRICT_ALL_TABLES is enabled. The strict options make it so that a single error writing a record will result in the entire operation being canceled.

From the MySQL Administrator application, you open the Startup Variables pane, select the Advanced tab, and check the SQL Mode option, as shown in Figure 2-10. If either of the strict modes is stored in the text box, you can simply clear the checkbox to deactivate the option and click the Apply Changes button at the bottom of the screen.

Since this is a startup option, it will not be activated until you either restart the MySQL services (under the Service Control pane), or reboot your machine.

Figure 2-10. Clear the SQL Mode checkbox to turn off the strict mode.

The MySQL setup is handled primarily by the Joomla system itself. However, to really understand how the system is working, you must examine the database objects that Joomla constructs. The best way to do that is to download the MySQL Administrator application. It isn't installed natively with the MySQL server. It is free, however, and you can download it as part of the MySQL GUI Tools from the Web site at http://dev.mysql.com.

When you execute the application, you'll be presented with a general status screen, as shown in Figure 2-11, which will display the general parameters of the current installation. Along the left side of the screen, you can see the various function icons such as Service Control (functions to start, stop, and restart the MySQL server), Startup Variables (configuration parameters for MySQL execution), and so on.

As an administrator, you will spend most of your time working in the Catalogs area available from the last button of the left selection pane. If you click on the Catalogs button, the pane below will fill with a listing of the schemata of the databases currently available on the MySQL setup. If you click on the Joomla database listed in the pane (in this case, joomla15), all of the tables of the database will be displayed in the pane to the right, as shown in Figure 2-12.

You've already seen two configuration switches in the Startup Variables that can eliminate problems when executing Joomla. However, by using the Joomla data in MySQL in the manner you would approach a database, there are more powerful possibilities.

Figure 2-11. The MySQL Administrator provides an easy GUI interface to MySQL management.

You may want the ability to query a Joomla table for any reporting data you might need. For example, there is no native way in Joomla to obtain a summary all of the content items in your Joomla database that don't have a meta-description and are, therefore, indexed poorly by search engines. To find these items, you only need to do a query of the metadesc field of the jos_content table and display all of the articles that have an empty field.

Select the Joomla database in the MySQL Administrator application, and right-click on the jos_content table. When the context menu is displayed, select the Edit Table Data option, as shown in Figure 2-13. A window will be displayed showing all of the data currently in the table.

Notice that the top of the window displays a query like this:

SELECT * FROM 'joomla'.'jos_content'

That general query displays all of the records in the jos_content table. You can use a simple SQL WHERE clause to filter the content to display only the records you want. Add a WHERE clause to return only records with a blank metadesc field like this:

SELECT * FROM 'joomla'.'jos_content' WHERE metadesc = ""

When you click on the Execute button to run the query, the window will display only those records that have no meta-description. Under the File menu, you can export the result set to a number of file formats (including XML, HTML, CSV, and Excel), so you can use the report as a checklist to add the necessary descriptions to the flagged items.

Figure 2-12. The database schema holds all of the tables of the Joomla system.

Figure 2-13. Select the Edit Table Data from the context menu

No user besides the administrator should ever have access to the user table. The user table holds the privileges and user data, so anyone who has access to this table essentially has control over the entire system. However, if you are the Joomla administrator and you installed MySQL long ago, you may not need to access it for quite some time. That may lead to the embarrassing situation of your forgetting the MySQL password.

If you have forgotten a password for a MySQL login, while there is no method for recovering the password, you can reset it. This technique will work even for the root or administrator password, so be careful to use it only on systems where you have permission. Create a text file, enter the following line, and save the file as resetpwd.txt at the root directory:

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('password'),

On the Linux platform, you can execute the file with a command like this:

mysql_safe -init-file = ~/resetpwd.txt &

On a Windows system, execute the following line at the command prompt:

C:mysqlinmysqld-nt — init-file=C:
esetpwd.txt

After the password reset, be sure to delete the resetpwd.txt file because you don't want something so potentially dangerous to remain on your local drive where some hacker might find a way to execute it.

Although the Joomla development team recommends that you make all administrative changes from within the Administrator interface, there are some times when direct modification is more advantageous. If you are administering multiple Joomla sites, it is possible to write a macro to make batch changes to the multiple configuration files that would be tedious to accomplish through the GUI interface.

The central configuration data for Joomla is contained in the configuration.php file. All of the Joomla settings are contained within a PHP class called JConfig. If you open the configuration settings file in your text editor, you'll see the file begins with the class definition like this:

class JConfig {

The file is then divided into various portions. Site Settings is the first section of parameter values. It will look something like this in your editor:

/* Site Settings */
     var $offline = 0';
     var $offline_message = This site is down for maintenance.<br /> Please check
back again soon.';
     var $sitename = 'Joomla!';               // Name of Joomla site
     var $editor = 'tinymce';
     var $list_limit = '20';
     var $legacy = '0';

Note that the configuration file included here is in a pre-install state. Your configuration file should match the parameters that you've already set.

The Database configuration section will look like this:

var $dbtype = 'mysql';
var $host = 'localhost';
var $user = '';                                   // MySQL username
var $password = '';
var $db = '';
var $dbprefix = 'jos_';

The Server Settings configuration section will look like this:

//Change this to something more secure
var $secret = 'FBVtigIl5lApEU4H';
var $gzip = '0';
var $lifetime = '900';          // Session timeout value
var $error_reporting = '−1';
var $helpurl = 'http://help.joomla.org';
var $xmlrpc_server = '0';
var $ftp_host = '';
var $ftp_port = '';

var $ftp_user = '';
var $ftp_pass = '';
var $ftp_root = '';
var $ftp_enable = '';
var $tmp_path = '/tmp';
var $log_path = '/var/logs';

The Locale Settings configuration section will look like this:

var $lang_site = 'en-GB';
var $lang_administrator = 'en-GB';
var $language = 'en-GB';
var $lang = 'english';
var $offset = '0';
var $offset_user = '0';

The Mail Settings configuration section will look like this:

var $mailer = 'mail';
var $mailfrom = '';
var $fromname = '';
var $sendmail = '/usr/sbin/sendmail';
var $smtpauth = '0';
var $smtpuser = '';
var $smtppass = '';
var $smtphost = 'localhost';

The Cache Settings configuration section will look like this:

var $caching = '0';
var $caching_tmpl = '0';
var $caching_page = '0';
var $cachetime = '900';

The Debug Settings configuration section will look like this:

var $debug      = '0';
var $debug_db      = '0';
var $debug_lang = '0';

The Meta Settings configuration for the site will look like this:

var $MetaDesc = 'Joomla! - the dynamic portal engine';
var $MetaKeys = 'joomla, Joomla';
var $MetaTitle = '1';
var $MetaAuthor = '1';

The Statistics Settings configuration section will look like this:

var $enable_stats = '0';
var $enable_log_items = '0';
var $enable_log_searches = '0';

The Search-Engine-Optimization (SEO) Settings configuration section will look like this:

var $sef = '0';

The Feed Settings configuration section will look like this:

var $feed_limit   = 10;
     var $feed_summary = 0;
}
?>

Be sure to make a backup of your settings file before making any changes. If a change of setting renders Joomla inoperative, you can restore the system by pulling the backup copy and putting it in place. Also ensure that you don't store the backup file in the directory path of your Web server. For example, if you name the backup of configuration.php as configuration.backup, if a hacker accesses the URL with that filename, it will not be recognized as a file type and the Web server will simply output it as plain text—exposing private information.

Joomla passwords are often forgotten by users, and the Joomla Administrator interface allows the system admin to reset a user password. However, if you have ever had occasion when you've forgotten an administrator password, you know the frustration of being locked out of your own system. While I was writing this book, I myself had a hard drive crash and had yet to change the Joomla-generated random password of numbers and letters. Needless to say, I couldn't remember the password that I had recorded in a file that was lost in the crash.

Each password in Joomla is stored as a MD5 hash value, so you won't be able to recover the lost password. However, you can reset the password by accessing the table that holds all of the user information.

To begin, you will need to execute the MySQL Administrator application. If you're using an online application such as php My Admin, you will be able to perform essentially the same steps.

Begin by loading the MySQL Administrator utility. You will need to select the jos_users table in the Joomla database. Note that if the Joomla database is properly secured, you will need administrator or root privileges to access the jos_users table. If you don't have these permissions, check with the system administrator to either reset the password for you or give you the necessary access.

If you right-click the mouse, the context menu will give you the option of Edit Table Data, as shown in Figure 2-14.

Figure 2-14. Select the Edit Table Data option on the jos_users table.

The table editor should open and display all of the current Joomla users. In my case, I needed to reset the admin password, so I went to the row for the admin user. Scroll to the right until you see the column labeled "password." That column will display the MD5 hash of the current password.

Select the field for editing. On the Windows platform, that means pressing the F2 key. You will now need to enter the MD5 hash of a known password. Enter this hash, which represents the actual word password:

5f4dcc3b5aa765d61d8327deb882cf99

When you've finished entering this long string, click on the Apply Changes tab at the bottom of the screen, as shown in Figure 2-15.

Now you can log into the account by typing the appropriate user name and the word password as the password. Be sure to go immediately to the User Manager and change the password to a new one that is more secure.

If you don't have easy access to MySQL Administrator, or if you would prefer to use the MySQL command line, the reset can be performed from there. To perform the password reset, enter the following command:

UPDATE jos_users SET password='5f4dcc3b5aa765d61d8327deb882cf99' WHERE
name='admin';

Be sure to substitute the user account you wish to use in place of the admin text in the presented code. This code will replace the current password value with the hash for the word "password."

Figure 2-15. Enter a known MD5 hash code and save the field change back to the table.

You should systematically check and change all of the default accounts and passwords on the system. When a hacker tries to breach a system, those accounts and passwords are known points of entry and as such, will often be the first place to try.

Default accounts and passwords include the following:

MySQL includes fairly robust security, but even the access path for MySQL access by Joomla is stored in plain-text files on the Joomla server. Therefore, you should change as many possible variables from the defaults to minimize the possibility of educated guesses that may lead to the penetration of your system.

Error messages can provide clues to the internal structure of your Web site, including folders, databases, tables, and so on. While messages are critical for debugging on a staging server, on a deployment server, they give a potential window into your system. Therefore, make certain that any display of errors is minimized for your final deployment installation.