Please Log in or Create an account to join the conversation.
If he modified core files to do that simply install everything over the top of itself again. This includes Joomla and all your extensions. Do you have any proof this developer is even doing that though? Are you sure they're just not using a Joomla super user account to login?The reason behind my desire to move users from my current CB website to a new installation is that I think there is one of the extension developers which I trusted before had used the FTP credentials that I gave to him to do something wrong, and since that time I think that he injected some files or uploaded bad files to be able to create superusers whenever he wants to do.
That would just be a bandaid for a bigger issue. If you feel your site is compromised you should address that first instead of trying to launch and integrate a fresh site with a compromised site.Then I use a bridge to share users' data between the 2 installations and in the same time, I will feel more comfortable that the payment gateways API credentials that I will use for cbSubs will not get stolen because of the first website if the developer left any bad files to make a connection with the database without I know.. users' data safety is also the main concern.
I do not recommend doing this.I was thinking to make the 2 standalone websites on the same installation using the giving way here docs.joomla.org/Multiple_Domains_and_Web_Sites_in_a_single_Joomla!_installation
Then it will be better for me but I don't know how user registration will work well without users notice that the 2 websites are related to each other especially that each one of them is for a different purpose. I might use some modules for registration and login with different URL redirect when login and logout but the registration confirm email messages will use one website title and here is an issue for me.
If you feel the issue is compromised files and not say a login then just use your existing database. There would be no need to import/export at all.- I'm thinking to update to latest CB on both sites > then I remove all CB database tables from the new installation > and then I export CB tables from the first website's database > then I import them to the new website database using PHPMyAdmin > then I edit super user's id number in CB users table to match the superuser on the new installation to make sure that there is no confliction ... are these procedures correct?
Please Log in or Create an account to join the conversation.
Yes I did that and some problems have solved also, I found encrypted coin miners js codes in core files which was making the website take a lot of CPU and client-side recourses. installing everything over solved the issue. but even so, I don't think that he forgot to upload some shell files or any malicious files to a deep folder within any core system plugin folder.If he modified core files to do that simply install everything over the top of itself again. This includes Joomla and all your extensions.
Recently there is one developer was solving a conflict between the template and his component then he encrypted some codes in the template files without my permission and then I discussed to him and I reinstalled the template files again. it was very weird from him to solve some conflicts by encrypting the code he adds to the template overwrites which is not acceptable for me. you know right that encrypted codes are something can't be trusted.Do you have any proof this developer is even doing that though?
I'm sure it's not the Joomla superuser account. It's malicious files that give someone access to the database. I reinstalled everything and the website is working normally now, but I still think there are some malicious files somewhere, maybe in plugins folders .. If there is an easy way to clean these files it would be great.Are you sure they're just not using a Joomla superuser account to login?
That would just be a bandaid for a bigger issue. If you feel your site is compromised you should address that first instead of trying to launch and integrate a fresh site with a compromised site.
Are there any other recommendations if I want to connect 2 websites with one login and same users?I do not recommend doing this.
Yes, it seems the best option. Saving the database can be done through import/export feature as I know and since file structure is very important so I think to do the following:the database can be salvaged, but you would need to completely start over again file structure wise. Starting over while salvaging the database sounds like the best option
Please Log in or Create an account to join the conversation.
Yes, there's 3rd party extensions for multi-site Joomla but CB doesn't officially support any kind of multi-site usage so how well that will work is unknown. We can't really help you much in this regard.Are there any other recommendations if I want to connect 2 websites with one login and same users?
Yup, that'll work fine.Yes, it seems the best option. Saving the database can be done through import/export feature as I know and since file structure is very important so I think to do the following:
I don't have any experience with that extension or a multi-site setup so I can't really comment how well that'd work. CB isn't designed for multi-site. Personally seams odd to design 2 sites to compete with one another. Best I can suggest is just give that extension a try and see what happens, but recommend making your clear and secure site first before bothering with the second site.The multi-site extension that I talk about is here extensions.joomla.org/extension/multi-sites/ Honestly I never tried it before and I hope it will make it easy and user registration process will remain different and under each site domain without issues. Also, I wonder if it will help to separate "cbsubs" plans from the website to another since the main goal is to give more options to users and act as a competitor with different plans in each website.
Please Log in or Create an account to join the conversation.
The encrypted code that he has inserted into some parts of the template is a true story. He tried to convince me that this is his product policy which he never shares on the product page so it wasn't an acceptable policy for me (If there is such policy to insert encrypted codes in the open-source world lol!). but since I don't have direct proof of the relation between what happened to my website and his codes and the access to FTP in the time that other developers accessed also so I didn't share the name or his website, even I didn't go to JED to make a bad review.It doesn't really sound like a developer did this.
Of course, if they understand the meaning of building a reputable stable business.That'd be a huge risk to their reputation, which would end their financial stream for minimal gain.
Maybe, everything is possible.your site was compromised a long time ago
I do agree on asking for FTP being pretty strange, but if it's needed by a developer in the future I suggest creating a FTP user account that has very limited access. We most commonly ask for a temporary super user account during install reviews, but it has been years since we needed any sort of access beyond that to debug something.
Additionally since developers did have access to FTP it means they had raw access to configuration.php, which stores your database username and password. So I suggest you change both of those then update your configuration.php if you haven't already.
Yes, there's 3rd party extensions for multi-site Joomla but CB doesn't officially support any kind of multi-site usage so how well that will work is unknown. We can't really help you much in this regard.
Happy to hear that, I will proceed.Yup, that'll work fine.
If I coud share users profile only or even users login only then it's more than enough for my need, no desire to clone activity stream or groups or notifications.I don't have any experience with that extension or a multi-site setup so I can't really comment how well that'd work. CB isn't designed for multi-site.
Personally seams odd to design 2 sites to compete with one another.
Best I can suggest is just give that extension a try and see what happens,
but recommend making your clear and secure site first before bothering with the second site.
Please Log in or Create an account to join the conversation.
I've no experience with multi-site extensions or their developers.I will test and once I make sure it will work properly without issues then I can go ahead for production. I have seen that JMS Multi-sites extension is since 2008 and the latest update was in 2018. Regardless of the compatibility with CB, Are the developers there trusted? any idea?
You might be able to just push that information to your other site using CB Auto Actions if that's the case.If I coud share users profile only or even users login only then it's more than enough for my need, no desire to clone activity stream or groups or notifications.
Seams like it'd just be easier to put this under 1 roof and use Joomla template/module menu assignment in combination with 2 different Joomla menus to accomplish all this without double the work. You can have 2 totally different sites on a single Joomla install entirely with Joomla menu assignment behavior basically. Example as follows.I can't share the business model for the public but after I prepare the 2 websites I will then need to CB quickstart and CBsubs then you'll see it live. For now, I can give some explanation about how it works:
Please Log in or Create an account to join the conversation.