Archive for the ‘ Typo3 ’ Category

Convert UNIX time into other formats on the fly with MySQL

Typo3 and other CMSs often save dates in UNIX time, which is quite indecipherable by humans. Luckily MySQL has a built in function to convert that number into a human-readable format on the fly.

See the following SQL sample for extracting creation date and last login dates of Members’ Area accounts:

SELECT 
`uid`,
FROM_UNIXTIME(crdate,GET_FORMAT(DATE,'INTERNAL')) AS `DATE CREATED`,
FROM_UNIXTIME(lastlogin,GET_FORMAT(DATE,'INTERNAL')) AS `LAST LOGIN`,
`first_name` AS `FIRST NAME`,
`last_name` AS `LAST NAME`,
`username` AS `EMAIL`,
`company` AS `COMPANY`,
`disable` AS `DISABLED?`
FROM `fe_users`
ORDER BY `fe_users`.`crdate`  DESC
LIMIT 10000

More info:
http://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_from-unixtime

2015
08/03
CATEGORY
MySQL
Typo3
Write comment

Typo3-fail2ban

Taken from here: http://www.illutzminator.de/typo3-fail2ban.html?&L=1

You cannot have enough security for your own CMS. Typo3 security can be enhanced with fail2ban to reduce the risk of brute-forcing.

Here’s what to do:

Install fail2ban on your web-server as root administrator.

Add the following lines to your jail.conf

[apache-typo3]
 enabled = true
 port = http,https
 filter = apache-typo3
 logpath = /var/log/apache*/*access.log
 maxretry = 7
 findtime = 3600
 bantime = 7200

Create the filter apache-typo3

(that is a file named apache-typo3.conf in fail2bans subfolder filter.d)
The file has to have at least the following contents:

[Definition]
 failregex = ^<HOST> -.*GET.*/login-alert-error\.gif
 ^<HOST> -.*POST.*/typo3/index\.php
 ignoreregex =

To make it easy download a ready-to-go file here .

How does that work ?

Fail2ban checks the given file (here apaches access.log) for changes in short time cycles. When logging in the site /typo3/index.php is called and the account information is posted from there. If login fails, the image login-alert-error.gif is shown and on further attempts to login parameters are posted again from that site.

With the configuration above i decided that one of these events may apear 7 times (maxretry) within one hour (findtime 3600). If it happens one more time, the ip-address is banned for 2 hours (bantime 7200).

Parameters maxretry, findtime, bantime can be set like what ever you think to be useful, but:
Do not set maxretry < 4. The first failure will post the login parameters and get the image. So 2 events are gone. You need the third event for your next attempt.
So my tip: Set maxretry >= 5 !

Hint for multi-user

Even for a succesful login there is one attempt needed. So if you use Typo3 with severel users, set maxretry at least to the number of users adding a few tries for login failures.

My entries or links concerning brute force

2014
02/06
CATEGORY
CMS
Security
Typo3
Write comment

Allow larger file size uploads in the media module

  1. Edit the /typo3conf/localconf.php file
  2. Copy & paste this line into the localconf.php file (for a maximum file size of 80MB): 
    $TYPO3_CONF_VARS['BE']['maxFileSize'] = '85000';
2013
02/18
CATEGORY
CMS
Typo3
Write comment

Typo3 textarea

The latest version of Typo3 locks the frame of Quixplorer divs so you cannot resize the shape.

By editing this file:

/typo3/templates/template_page_backend.html

And adding:

###TITLE###
###META###
###CSS_INCLUDE###
###CSS_INLINE###
###JS_LIBS###
###JS_INCLUDE###
###JS_INLINE###
###HEADERDATA###
<!--###POSTJSMARKER###-->
<style type="text/css">
textarea {resize: auto;}
</style>
</head>
###BODY###
###JS_LIBS_FOOTER###
###JS_INCLUDE_FOOTER###
###JS_INLINE_FOOTER###
###FOOTERDATA###
</body>
</html>

I was able to unlock the resizing.

2012
11/06
CATEGORY
CSS
Typo3
Write comment

Restoring a single database from a complete MySQL database dump

Found here.

I had a collection of database dumps from a server that had been created using MySQL’s –all-databases option. This contained the databases for several Drupal websites, but I wanted to restore the Drupal database for just one of the sites. After a bit of Googling I came across two simple solutions:

The first option is to pass the whole SQL dump to MySQL command line, but restrict it’s operation using the “–one-database” option.

mysql -u root -p --one-database oneDB < fulldump.sql

In the above code substitute oneDB with the database name you want to restore, and fulldump.sql with the name of your full DB backup. If you would rather just extract the database dump of the single database from the –all-databases dump file, you can do this with sed using this command:

sed -n '/^-- Current Database: `oneDB`/,/^-- Current Database: `/p' fulldump.sql > oneDB.sql

Where dbname is replaced with the database name of the database to extract, and alldatabases.sql is the name of your dump file. The result will be saved into the file oneDB.sql.

2012
09/14
CATEGORY
MySQL
Typo3
Wordpress
Write comment

Jump to top of iframe

When you want to have the page jump to the top of an iframe upon clicking “Next” or “Submit”, etc, you can easily use this code:

<iframe width="620" scrolling="no" height="2500" frameborder="0" style="background-color: transparent; overflow: hidden;" allowtransparency="true" src="http://www.website.com" onload="window.parent.parent.scrollTo(0,0);"></iframe>

2011
07/18
CATEGORY
Coding
HTML
Javascript
Typo3
Wordpress
Write comment

Typo3 new user

Dear USER,

I have created an account for you on Typo3, our official content management system.

Please log into the WEBSITENAME website back-end from the following URL:

  • http://URL

Your username and password are as follows:

  • USERNAME
  • PASSWORD

The first thing I recommend you do is change your password to something more secure:

Enter your new password in the following screen:

For more information on Typo3, please visit http://www.typo3.org
For EWEA-specific help, please visit http://intranet/howto and look for items mentioning Typo3.

If you have any questions or concerns, please do not hesitate to ask me.

Kind regards,

Jason Bickley

EWEA Web Manager

2010
06/23
CATEGORY
Templates
Typo3
Write comment