jphpx System Package

jphpx provides inclusion of custom codes in Joomla 4.x and Joomla 5.x. With jphpx, scripts in PHP, HTML and JavaScript can be integrated into module positions, articles, categories and user-defined modules from Joomla. Static HTML and Text pages can also be used. Full access to Joomla variables, functions and constants with PHP scripts is possible.

Code can be provided from the file system and the Joomla database. The supplied jphpx component enables the management and usage of code that is stored in the database repository. You may:

Load any text based code into the database system
Define or change access rights
Update code
Delete code
deploy applications using stored code

This significantly improves the capebilities of jphpx and the security of access to the code used.

If you are looking for very special components for your Joomla website and cannot find what you are looking for in ready-made solutions, you can create a wide variety of solutions yourself with jphpx . Regardless of whether you may add applications for automatic conversion of prices into other currencies, the dynamic display of database content or the use of larger web applications, individual components can be created without any problems. The operation of jphpx is very easy despite this variety of usage options. The extension is available free of charge and under a free software license (GNU GPLv2).

1. Installation of Package

You may install jphpx on your Joomla site using the 'Install from Web' method because jphpx is available in the Joomla extensions database. Alternatively carry out the following installation steps:

Download the jphpx installation file from my website
Log into your Joomla as an administrator
Select in the menu: Extensions -> Manage -> Install
Select the tab: Upload package file
Click the Choose File button
Select the package file that you downloaded earlier
The upload and the installation will start automatically

2. Use jphpx component

Since version 1.3.0 the jphpx system package also provides a component. You can use "Components" -> "jphpx applications" to define your php scripts in the admin backend and then use them.

3. Provision of the jphpx module

With version 1.3.3, the jphpx system package also provides a module. For example, you can use your own php applications or php code for a Joomla module without having to develop and create a Joomla module yourself.

4. Configuration of Plugin

After the installation of jphpx the system plugin is not yet configured. Therefore select the menu item "Extensions-> Plugins" in the administrator console and open the system plugin jphpx . Check / change the following:

Status - Check whether the status shows "Activated".
Optional path prefix - Optional path prefix to the code file. It is prepended to the file path name to be included. If it is left blank, it is the same as Joomla! Root directory.
Only DB access - If set to Yes, only the code stored in the database can be used.
Allow Edit Apps - If set to Yes, allow execution of plugins with editor applications
User Group - set the user's group to access jphpx code entries if their access is not "public"
Secure Ajax - with this you can secure Ajax variables that are delivered with "$ _GET", "$ _POST" or "$ _REQUEST" in order to exclude malicious or incorrect code.
Default type check specify which check should be carried out for the request parameters if no type check was requested via the request parameter "check_type".

You now have completed the installation steps.

jphpx is the ideal solution for the

easy and fast integration of intelligent Javascript, PHP and HTML scripts into your Joomla! Content.
fast development of not only small and simple adapted modules and plug-in solutions based on PHP, Javascript and HTML content, form integration and much more. But also for the use of more complex solutions including database applications, without having to develop your own Joomla component or module.

phpx can provide code from the file system but also from its database table. The jphpx component can be used to load and manage the respective code. You can see a screenshot of the user interface of the jphpx applications . The component enables the administration and use of code that is stored in the database repository. It enables:

load any code into the database system
Define or change access rights
update code
Delete code
Provide applications to use the defined code

Howto to use application

Via the menu item "Components" in the administrator backend you select the option "jphpx application" or "jphpx code entry". This calls up the component and you can now define a new jphpx application clicking the "New" button. With this, a title of the application, the source (the path and the filename), the access and the activation code must be entered. With the "Save" button, the new code entry becomes available after it has been stored successfully.
Then set up access to this application via "Menus". For "menu entry type", select the types jphpx Applications

jphpx component - Menu selection

and then select the desired jphpx application.
After saving, the application is then immediately available.

How to set up and use a jphpx application is shown here in detail.

you may embed PHP and any type of HTML, CSS, and JavaScript code right into your content. Not only in your articles, but also in categories, modules, components, the header of the HTML page and much more. Your custom code is simply inserted via the jphpx plugin tag. The only thing you have to do is to insert the jphpx plugin tag into the respective content. The syntax of the plugin tag is very simple: The plugin is recognized with a curly bracket and the name "jphpx" and terminated with a curly bracket:

{jphpx .... }

. The source of your code is then defined within square brackets:

 {jphpx [.. your code]}

Code can be loaded via the file system and from the jphpx database table. For loading from the file system, simply enter the path and file name (e.g.):

{jphpx [php-apps/games/sudoku.php]}

It becomes easier if the code is available in the jphpx database table. Here only the ID number of the code stored in the database table is given with a preceding asterisk.

{jphpx [*10]}

Note: When updating from version 1.3.2 to version 1.3.3 using the Joomla Updater, the jphpx module will not be installed. Therefore reinstall the complete jphpx package or download and install the jphpx module.

Howto to use a jphpx module

Via the menu item "Components" in the administrator backend you select the option "jphpx application" or "jphpx code entry". This calls up the component and you can now define a new jphpx application to be used for your module by clicking the "New" button. With this, a title of the application, the source (the path and the filename), the access and the activation code must be entered. With the "Save" button, the new code entry becomes available after it has been stored successfully..

Now create a module with this jphpx application (the jphpx code entry). Select "New" for a new Joomla module via the menu items "System"->"Site Module" in the administrator backend. Then select "jphpx module" from the list of available modules. In the display of the jphpx module

jphpx Module

, select the desired jphpx Code Entry and configure the other necessary options for using the module. After saving, the new module will then be displayed on your website.

Thousands of php applications, application examples or code snippets are available on the web, of which certainly some of them may cover desired functions. It is worth taking a closer look and testing the code under Joomla. There are a few things you should pay attention to or consider.

First of all, the most important thing: secure the code of your scripts against outside access . To do this, add the following php statement as the first line in your script:

 defined ('_JEXEC') or die ('Restricted access');

This prevents your php script from being called outside the Joomla environment.

With the use of the jphpx system plugin one uses the possibility to be able to execute php scripts under the roof of Joomla. This gives you full access to all Joomla variables and what is just as important to the application interfaces of the Joomla framework. For example, you may use the Joomla database interfaces, integrate scripts or access the various helpers. It should be noted that Joomla has been using the Joomla Namespaced API since version 3. You therefore have to define the namespaces used in the code with the correct "Use" starements, e.g. if you want to include a javscript library:

defined('_JEXEC') or die('Restricted access');
use Joomla\CMS\Factory;
use Joomla\CMS\Uri\Uri;
...

$document = Factory::getDocument ();
$document->addScript(Uri::root(true) . "/my_media/script.min.js");
...

Detailed information about the Joomla Application Interface (API) is e.g. available at Joomla Developer's Sites .

Ajax applications are able to send requests to a server where only that data is requested that is actually needed. This is done by calling up a web service (provided by a server program). This call takes place as asynchronous or synchronous communication, this means while the data is being loaded from the server, the user can continue to interact with the interface. Once the data has been loaded, a previously named JavaScript function is called, which can integrate the data into the website.

php scripts of such web applications run on the client side with the help of jphpx under the control and in the environment of Joomla - the server side, however, cannot be executed in the same way under the umbrella of Joomla.

Since version 1.3.0 of jphpx this restriction has been resolved, as the jphpx system plugin suports Ajax requests with the help of the Joomla Ajax interface to be run. The following measures are necessary for this implementation.

The client and server programs (the respective php scripts) must be defined as jphpx code entries
Ajax requests are based on request urls. These urls have to be changed for the Joomla Ajax interfaces:
```
index.php?option=com_ajax&plugin=jphpx&group=system&format=raw&id=nn
```
&id=nn is the id of the jphpx code entry of the server program.

The following example should illustrate this: If the original ajax url was:

 php-apps/server.php?request=1&data=new

then this will be the new ajax url (for a jphpx code entry id=10 of the server program)

index.php?option=com_ajax&plugin=jphpx&group=system&format=raw&id=10&request=1&data=new

The following should still be observed and checked for server scripts.

Includes (or requires) should be checked for correct results and the path and filename adjusted.
Access to external files should be checked for errors and the path and filename should be adjusted.
php globals are not supported
if there are errors caused by the server script, an "HTTP 500 Internal Server Error" is produced. Then check your server script and/or analyze the Apache logs.

Use Secure Ajax

You can use the plugin parameter "Secure Ajax" or the use of request parameter "&secure_parm=1" to improve the security of variables provided with "$ _GET", "$ _POST" or $_REQUEST".
In addition, you can use the plugin parameter "Default Type Check" to specify which check should be carried out for the request parameters if no type check was requested via the request parameter "check_type".
With the request parameter "check_type" you can check for valid input:

&check_type="STRING" - (default) Converts the input to a plain text string; strips all tags / attributes.
&check_type="INT", &check_type="INTEGER" - returns the first integer found in the parameter value
&check_type="UINT" - checks for an unsigned integer
&check_type="FLOAT", &check_type="DOUBLE" - returns the first float found
&check_type="BOOL", &check_type="BOOLEAN" - Expects values 0 ot 1 (note that "true"' or '"false" are Strings)
&check_type="WORD" - Only allow characters a-z, and underscore
&check_type="ALNUM" - only alphanumeric characters are allowed
&check_type="CMD" - Allow a-z, 0-9, underscore, dot, dash. Also remove leading dots from result.
&check_type="HTML" - converts the input to a string; strips all HTML tags and attributes.
&check_type=""PATH" - Converts the input into a string and validates it as a path
&check_type="RAW" - no check are done , be careful using this, to avoid injection attacks on your website!
&check_type="USERNAME" - strips all invalid username characters.

My php applications are examples of this implementation - they run on the client side as well as on the server side completely under the control and environment of Joomla.

It is not without reason that Joomla does not allow php code to be used in content. With this restriction Joomla protects itself against faulty or malicious programs. With the system plugin jphpx, however, this restriction is lifted. That is why it is very important to be in control is not lost via used php scripts or php applications. jphpx offers two options for controlling:

Code stored in filesytem
Code provided via jphpx Datenbase Table

Code stored in filesytem

With the plugin parameter "Path Prefix", the specified path is placed in front of the file path name to be included. For example, if the path prefix is set to "php-apps/", the php code can only be loaded from this directory or subdirectories. A jphpx plugin tag as specified:

 {jphpx [test/my-script.php]}

will use and load the file " php-apps/test/my_script.php ". Another directory outside "php-apps" (e.g. "modules /") cannot be used. So you can easily control that code cannot be used from the entire Joomla file system, but only from the directories over which you exercise control.

Code provided via jphpx Database Table

You have absolute control over the php scripts used if the code is allowed to be loaded only from jphpx's database tables. This option can be set via the plug-in parameter "DB access only". A user with administrator rights will then load, manage and provide content available in the database. The jphpx component enables php code (or other text-based content) to be loaded into the jphpx database table and managed.
Users who have access to the Joomla file system might then change code in the file system, but only have read access to the stored code from the database via the jphpx plugin tag. If a user requests code from the file system via the plugin tag of jphpx, the request is rejected an d will produce an error message.

Joomla Security

Joomla includes many features that help with the task of securing applications and extensions built on it. You should always use these features if at all possible as they have been tried and tested by the many eyes of the developer community and any updates that might conceivably be required in the future will be automatically available whenever a Joomla update is applied.

Getting data from the request

All input originating from a user must be considered potentially dangerous and must be cleaned before being used. You should always use the Joomla JInput class to retrieve data from the request, rather than the raw $_GET, $_POST or $_REQUEST variables as the JInput methods apply input filtering by default. JInput deals with all aspects of the user request in a way that is independent of the request method used. It can also be used to retrieve cookie data and even server and environment variables. However, it is important to use the correct JInput method to ensure maximum security. It is very easy to just use the JInput->get method with default parameters and ignore the fact that in many cases it is possible to apply a more stringent requirement on user input.

To get more information please read article abour Secure coding guidelines. with Joomla.

The motivation to develop the system plugin jphpx was, among other things, the problem that the Joomla extension "jumi" only had the 2011 software version available. The further development of Joomla Version 3 and Version 4 were not implemented into the product. After completing jphpx, I switched my php applications from the Jumi interface to the new options.

Migration jumi plugin

This move is the easiest. Here you swap the value "jumi" with the value "jphpx" in the Jumi plugin tag. Everything else stays the same.

Migration jumi module

The Jumi module can no longer be used. Instead, if using the latest version of jphpx you now may use the (new) jphpx module. With a second (previous) option you may use Joomla's option "custom module" Here you can use the jphpx system plugin to integrate your own PHP scripts. e.g. to create a slider module.

Migration of the jumi component

The Jumi component can be completely replaced with the jphpx component. The following steps may be used to accomplish this.

Define your application via "jphpx applications" (set up a new jphpx code entry).
Set up a link to this application via Admin backend option "Menus". For "menu entry type" select the types "jphpx applications->Application" from the offered types. Then select the required jphpx application.

After saving, the application is then immediately available. This is how I have migrated my applications (e.g. Sudoku Puzzle) within a few minutes.

Download jphpx System Package

jphpx is free software - however, you must observe the GPL license conditions in order to use this software. Detailed information about GPL and the use of free software can be found at GNU Org. To download jphpx please click download button:

jphpx Version 1.3.3

jphpx System Package for Joomla version 4 and version 5