jCore 1.0 is almost here so we would like to give you the pre version of it to test it and report back with as many bugs as possible so we can make sure 1.0 will be as stable as possible.

The pre version contains changes like Real API, CSRF protection, Blowfish passwords, reCaptcha integration, HTML notification emails, Comments at Glance section, Code Profiling using xDebug, new integrated Jaris FLV Player and more.

New API

The biggest change in this release is the new API which will allow you to write modules/extensions a lot easier and also interact with the core without having to create local partial classes for your modifications.

We have put together a small documentation (including examples) so you can see how to use the API but please don't hesitate to ask on the forum if you have any thoughts.

http://jcore.net/help/api

Here is a quick example of creating a module/extension with the new api with just only a few lines of code. This example will print "Hello World!" on the bottom of every page:

<?php

/***************************************************************
*
*  Name: Hello World Extension
*  URI: http://jcore.net
*  Description: A simple module that can be used for extensions.
*  Author: Istvan Petres
*  Version: 1.0
*  Tags: extension, module, hello world, gpl
*
***************************************************************/

class helloWorld extends modules {
    static function display() {
        echo "Hello World!";
    }
}

modules::register(
    'HelloWorld',
    _('Hello World'),
    _('A simple extenision to jCore using the API'),
    'application-default-icon.png');

// This will print out "Hello World!"
// on the bottom of every page
api::addHook('pages::display', 'helloWorld::display');

?>

Save this file to helloworld.class.php in your lib/modules/ directory and go to Admin -> Module Manager to activate it and that's it.

The API works with hooks and there is a hook for almost every method you can find in the core files. The documentation is still under development but you should be able to find out the hook names by having a look on the *.class.php files in the lib/sources/ directory and just look for "callHooks" and you should see the method names that you can use.

Code Profiling using xDebug

In this release we also included a code profiling system using the well known/working PHP xDebug, the system is pretty easy, once you turn on debuging it will gather all information on all the functions run and show you an output with the time spend on these functions. It will also show you SQL queries that it thinks are using WHERE arguments but haven't find any key values within the explain so you can track down queries that could be speeden up by adding indexes to your sql table fields.

To turn on debugging just add the following line to your config.inc.php or jcore.inc.php

define('DEBUG', 1);

You will find further instructions on how to turn on xDebug at the bottom of your website where the debug output will be displayed and once you follow those steps you will see the full parsed xDebug output there.

Comments at Glance

There is a new section called "Comments at Glance" in the admin which will allow you to manage all your comments in one place without having to separately open up each posts comments and so on. This area won't only show you the posts comments but will also recognize modules that implement their own comments and show them here to so no more haunting down spam comments one by one, you can now do that from one place in bach mode too.

New FLV Player

In this release we have a new FLV player called Jaris FLV Player, this player adds a lot more features to the playback, it supports streaming (even pseudo streaming) and with the new skins it looks just great not to mention the GPL compatibility which is great for us. I worked close with Jaris on this port and would like to thank him again officially too, he is a great guy and all credits go to him! The new player is very good and we are now falling back to HTML5 only if flash isn't available cos the new player is stable as hell :)

Security

On the security side we have also done a lot, the Hacking Contest was a great success (at least from this point of view) no real hacks have been found that could have given you direct access to the admin ro somebody's account but we have learned with the contest and made jCore even safer.

The new changes include CSRF Protection, also we now are encrypting passwords with Blowfish but with fallback to the old encrytpion if it's not supported so this should give you even more protection against brute force attacks on stolen databases. Also all small bugs found on the contest have been fixed so this should be not just a stable but a secure release too!

Download

You can get this pre release at:
http://jcore.net/downloads

Quick list of all changes

  • Added CSRF Protection
  • Added Blowfish crypt with fallback to MD5 crypt and then fallback to the old sh1 for passwors
  • Fixed deactivating template if deleting an other template in the template manager
  • Added reCaptcha option for forms with theme and language support
  • Renamed Keywords to Tags on the frontend
  • Changed paginating to show "Page X of X" instead of just "Pages"
  • Added paginating option to comments (see Global Settings).
  • Added code profiling using xDebug
  • Added real API with hooks
  • Added option to link menus to multiple blocks
  • Added priorities to user groups and if user given access to other users one will only have access to his own group and the other groups that are below his group
  • Added possibility to define file storage directory for uploads in the dynamic forms and also possibility to protect directory from public access
  • Added icon parameter to modules::register so you can create even smaller modules without having to write your own css to customize the modules icon. Also this allows modules to be used as extensions now with the new API.
  • Added HTML Emails to the Global Email settings which will turn on the system wide email system to HTML emails so you can customize the emails even further.
  • Updated integrated flash player to Jaris FLV Player
  • Added new Comments at Glance section to easily manage/moderate all your comments from one place
  • Updated all jQuery plugins
  • Updated ckEditor to 3.6.2 (revision 7275)

Todo

There is even more in the todo list before we finish the 1.0 but those will only include small code changes in the background so nothing on the front end and it shouldn't affect the API calls so it should be safe to test out this release and start creating your own modules/extensions as they will work just fine with the final release.

Important Note

It is important to note that this is a preview release meaning you won't be able to update to this release from the Update Manager in your current websites, nor will you be able to update this release automatically once the 1.0 final is out. So please download this release and install it on your development system and once we have the 1.0 final you will simply overwrite this version with it and you should be fine.