This release contains changes like PHP 7 compatibility, Real API, extendibility for jCore jQuery plugin, CSRF protection, Blowfish passwords, reCaptcha integration, HTML notification emails, Comments at Glance section, Code Profiling using xDebug, new integrated Jaris FLV Player and more.


The biggest change in this release is the new API which will allow you to write modules/extensions a lot easier and also interact with the core without having to create local partial classes for your modifications.

We have put together a small documentation (including examples) so you can see how to use the API but please don't hesitate to ask on the forum if you have any thoughts.

Here is a quick example of creating a module/extension with the new api with just only a few lines of code. This example will print "Hello World!" on the bottom of every page:


*  Name: Hello World Extension
*  URI:
*  Description: A simple module that can be used for extensions.
*  Author: Istvan Petres
*  Version: 1.0
*  Tags: extension, module, hello world, gpl

class helloWorld extends modules {
    static function display() {
        echo "Hello World!";

    _('Hello World'),
    _('A simple extenision to jCore using the API'),

// This will print out "Hello World!"
// on the bottom of every page
api::addHook('pages::display', 'helloWorld::display');


Save this file to helloworld.class.php in your lib/modules/ directory and go to Admin -> Module Manager to activate it and that's it.

The API works with hooks and there is a hook for almost every method you can find in the core files. The documentation is still under development but you should be able to find out the hook names by having a look on the *.class.php files in the lib/sources/ directory and just look for "callHooks" and you should see the method names that you can use.

Extend jCore jQuery plugin

Added possibility to extend the jCore jQuery plugin so you don't have to parse each ajax content manually, just add your own js code to the jCore plugin and it will do it automatically.

$.jCore.extend(function() { //yourcode here });
$.jCore.extend('.color-input', function() { //your code here });
$.jCore.extend('.color-input', 'ColorPicker');

Code Profiling using xDebug

In this release we also included a code profiling system using the well known/working PHP xDebug, the system is pretty easy, once you turn on debuging it will gather all information on all the functions run and show you an output with the time spend on these functions. It will also show you SQL queries that it thinks are using WHERE arguments but haven't find any key values within the explain so you can track down queries that could be speeden up by adding indexes to your sql table fields.

To turn on debugging just add the following line to your or

define('DEBUG', 1);

You will find further instructions on how to turn on xDebug at the bottom of your website where the debug output will be displayed and once you follow those steps you will see the full parsed xDebug output there.

Comments at Glance

There is a new section called "Comments at Glance" in the admin which will allow you to manage all your comments in one place without having to separately open up each posts comments and so on. This area won't only show you the posts comments but will also recognize modules that implement their own comments and show them here to so no more haunting down spam comments one by one, you can now do that from one place in bach mode too.

New FLV Player

In this release we have a new FLV player called Jaris FLV Player, this player adds a lot more features to the playback, it supports streaming (even pseudo streaming) and with the new skins it looks just great not to mention the GPL compatibility which is great for us. I worked close with Jaris on this port and would like to thank him again officially too, he is a great guy and all credits go to him! The new player is very good and we are now falling back to HTML5 only if flash isn't available cos the new player is stable as hell :)


On the security side we have also done a lot, the Hacking Contest was a great success (at least from this point of view) no real hacks have been found that could have given you direct access to the admin ro somebody's account but we have learned with the contest and made jCore even safer.

The new changes include CSRF Protection, also we now are encrypting passwords with Blowfish but with fallback to the old encrytpion if it's not supported so this should give you even more protection against brute force attacks on stolen databases. Also all small bugs found on the contest have been fixed so this should be not just a stable but a secure release too!


You can get this release at:

Quick list of all changes

  • Added PHP 7 compatibility
  • Added CSRF Protection
  • Added Blowfish crypt with fallback to MD5 crypt and then fallback to the old sh1 for passwors
  • Fixed deactivating template if deleting an other template in the template manager
  • Added reCaptcha option for forms with theme and language support
  • Renamed Keywords to Tags on the frontend
  • Changed paginating to show "Page X of X" instead of just "Pages"
  • Added paginating option to comments (see Global Settings).
  • Added code profiling using xDebug
  • Added real API with hooks
  • Added option to link menus to multiple blocks
  • Added priorities to user groups and if user given access to other users one will only have access to his own group and the other groups that are below his group
  • Added possibility to define file storage directory for uploads in the dynamic forms and also possibility to protect directory from public access
  • Added icon parameter to modules::register so you can create even smaller modules without having to write your own css to customize the modules icon. Also this allows modules to be used as extensions now with the new API.
  • Added HTML Emails to the Global Email settings which will turn on the system wide email system to HTML emails so you can customize the emails even further.
  • Updated integrated flash player to Jaris FLV Player
  • Added new Comments at Glance section to easily manage/moderate all your comments from one place
  • Updated all jQuery plugins
  • Updated ckEditor to 3.6.2 (revision 7275)
  • Fixed LC_MESSAGES undefined bug
  • Fixed fatal error on activating/deactivating users
  • Fixed fatal error on creating order in admin
  • Fixed ajax form to show content in the right target-ed area (for e.g. when selecting owner)
  • Fixed ccBill responseDiggest calculation (for verifying a ccBill order)
  • Fixed ajax script parser to work with multiline script tags too
  • Made jCore to work on strict MySQL setup too
  • Security fixes
  • Fixed pasword crypting to fall back to other crypters if generation failed
  • Fixed disabling css/js compression if zlib compression enabled by default for php
  • Fixed sitemap even if seo friendly links deactivated
  • Added possibility to importe videos too
  • Fixed importing Vimeo videos
  • Optimized jCore jQuery plugin
  • Added possibility to recognize ajax requests without having to add ajax=1 to the urls
  • Fixed CSRF token to not expire randomly but at the defined time
  • Replaced ajax content links to use data-target attributes instead of target as this way it is possible to have links working without js
  • Fixed editing comment without js
  • Fixed cancelling editing comment
  • Add .first and .last to url::displayPath()
  • Fixed editing comments to work right after deleting a comment
  • Added option to define current date/time to TimeStamp fields in dynamic forms (use %NOW% and/or %NOW_DATE% and/or %NOW_TIME%)