Elxis CMS Forum
Support => Elxis 4.x/5.x DEV => Topic started by: hakangur on October 16, 2012, 11:31:07
-
I have downloaded and installed Elxis 4.0 to test its features. Having tested dozens of CMSs previously, I should admit that Nautilus is highly promising. Yet, below is a list of features which I believe are lacking in this version (I went through posts in this forum to make sure that I would not be duplicating previously mentioned issues; yet, some of the posts are not in English and I may therefore have missed a few points).
- There is no password recovery link on the Admin login page.
- If I want to reinstall the script for any reason, this is a bit problematic. With many other scripts, it is sufficient to delete the configuration file. Here, I could not reinstall Nautilus although I had deleted the config.php file.
- There is no option in the Admin panel for automatic language installation. When I added a language directory manually, this did not work either.
- During installation, we are advised to rename the directory "estia" for security reasons. However, users should also be warned that as long as they keep the default "Administration" link on the menu on the main page, the new directory will be visible.
- The script will not install unless a password for the database is entered. This is good for security but not so practical for people who would like to install Nautilus on their local server. Widely used applications like XAMPP and Mowes - for Windows-users like me - do not have a default password for the database user.
- I cannot change the username for the Administrator after installation. This is not life-threatening, but somewhat annoying.
There are also various mistakes in English language files and I intend to list them separately. I will be pleased if someone can tell me where I should report these mistakes.
Best regards.
-
On point four, the link does not show the new directory, but still says estia. Leads to 404 page.
-
On point four, the link does not show the new directory, but still says estia. Leads to 404 page.
You should change the link address through the menu manager after you rename "estia". Otherwise, the default folder name (estia) will remain in the database and you will fail to log in as the admin.
-
- Password recovery in admin section? No, for security reasons. If you forget the admin password there is a way to reset it (how-to information not yet published).
- Re-install: No problem at all. Just delete configuration.php, renamed .htaccess back to htaccess.txt and the installer will run smoothly.
- Languages are installed VERY easily. Just upload the new language folder in the "languages" directory. Elxis will load it automatically. If Elxis does load your new language it is sure you have set an invalid name for your new language or the main language file has invalid syntax. Language names should follow Elxis language database names ( includes/libraries/elxis/language/langdb.php ) which usually follows the 2 letter iso code (eg. it for Italian, en for English, es for Spanish, de for German, ru for Russian, etc...)
- Renaming estia folder and repository is done manually. These actions are recommended, not required. If you rename the estia folder to something custom, in order only you to know it, why to leave visible the link to administration folder? It makes no sense... Everyone will know the new name of your administration folder. Actually you MUST DELETE the link to the admininistration folder! Think of it!
- Since Elxis 2006.0 all Elxis versions require a database password. It is not accepted and a very bad practice to work without a database password even localy.
- No, you can not change administrators usernames for security reasons.
So, I don't see a missing feature or problem. Elxis has some security restrictions, this is why it is so secure CMS.
The only features Elxis 4.0 misses in comparisson to 2009.x is the ability to submit content from frontend and to schedule content publish/unpublish status. Of course both can be easily implemented in a next release or can be done with third party extensions. The power of Elxis 4.x is its core, not the user interface. In my opinion it is much more well organized, solid, faster and smarter than other competitive CMSs. The features you see in Elxis 4.x you might see them in the next months to other CMSs. It will not be the first time they copy us...
-
To begin with,
1. I am not familiar with Elxis 2009. Therefore, anything that I come across on version 4.0 is new for me.
2. I am testing version 4.0 on two separate platforms over the web.
And now the issues I would like to share:
- When I want to add an image into an article by using the CKE Editor's default "Image" button (on the "Article's Body" page), I cannot upload PNG files. Yet, PNG files can be uploaded when I am on the "Details" page. I tried this over Firefox and Opera, but the result is the same.
- Again, when I use the CKE Editor to upload a JPG image, after I click "Browse" and choose the image, I click the "+" button so that the file can be uploaded. So far so good. However, when the "Transfering data" appears, a pop-up window asks me how I would like to open a file named "json" (which may stem from a bug in Java installed in my personal computer). In addition, "Tranfering data" never ends. Yet, when I visit the image folder, I see that the image file has been uploaded. Again, I tested this on Firefox and Opera.
- I have created a file and arranged the Access Level so that only the "2 - User" level can have an access to. I logged out, visited the page, and arrived at the 404 page. I was expecting to find a message like, "Sorry, only registered users can enter this page." Is this a bug or a default feature of the script?
-
The first 2 problems seems they have the same source.
When you are with Firefox see the error console for javascript errors (Tools -> Web developer -> Error console).
This way you can understand why the action fails. Copy-paste if you like the related error messages here.
Access does not work like that. You don't show the user things he is not allowed to see even with links. So the 404 (not found) message is absolutely correct as the item does not exist for the user. The same happens for unpublished items, and all items that are invisible to the user.
-
I cannot change the username for the Administrator after installation. This is not life-threatening, but somewhat annoying.
I've played with other CMS that doesn't allow this either.
But, I can always change username through phpmyadmin - manually. Especially when working locally. :D
Haha, I think someone is going to throw an angry bird in my face here for saying that. ;D
Elx team does not recommend ever manually altering the database, as it is dangerous. So, alter at own risk but it's possible. :-X
-
I've played with other CMS that doesn't allow this either.
But, I can always change username through phpmyadmin - manually. Especially when working locally. :D
Haha, I think someone is going to throw an angry bird in my face here for saying that. ;D
Elx team does not recommend ever manually altering the database, as it is dangerous. So, alter at own risk but it's possible. :-X
So have I. As a matter of fact, I find it hard to understand why changing the administrator's login name should a security issue. Admin's user name is visible in the members' list anyway and the only reason why I decided to change it was that I was not pleased with it. If the user name were invisible, then it would be safer to change it every now and then.
I agree that not everybody should be encouraged to "play" with the database. It is wiser to stick to the good old user name than risk destroying the database as a result of a slight mistake.
-
But, I can always change username through phpmyadmin - manually. Especially when working locally. :D
Haha, I think someone is going to throw an angry bird in my face here for saying that. ;D
Sssshhhhh... we don't say such things in public! ;D
BTW it will be fun to see someone trying to reset his password via phpmyadmin :P
@Hakan Gür: We encourage users to display a real name instead of their username. So in this case the username is only useful during login. Changing the username can create security and other issues on areas, even third party extensions, where the username has been stored in a separate table or in a flat file. That username will not be updated. Someone may say better store the user id instead. I agree, but what if the username is stored for some reason instead? Consider if a guest registers with the previous admin's username. He may get access or see things that were addressed for the administrator. Off course this is very rare and Elxis core has not such issues but theoretically can happen. So we prefer disallowing this feature to make sure no weird situations will happen.
Sample code that can create problems if the username can be changed
$elxis = eFactory::getElxis();
if ($elxis->user()->uname == 'admin') {
//do stuff
}
Note
In Elxis 4.x the username field has been changed to uname and the password to pword.
-
BTW it will be fun to see someone trying to reset his password via phpmyadmin :P
;D There is no way to do that via phpmyadmin. ;)
-
BTW it will be fun to see someone trying to reset his password via phpmyadmin :P
Hahaha, that will definitely be quite a challenge. 8)
-
Well! I want to ask how can I retrieve my password?
I know it's stupid, but I have locked myself out. I can explain if you're interested, but I need to know how to retrieve my administrator password.
Thanks!
-
If the security level is normal you can reset your password by using "Password recovery" (in module login and users central).