This chapter is from the book
This chapter is from the book
This chapter is from the book
Site Settings
The Settings module allows you to administer all general website configuration options in PostNuke. In the way that a given module might allow you to configure a particular site feature included with the module, the Settings module configures global variables for PostNuke itself. There are currently six main parts to the one long form:
General Site Info
Footer Messages
Backend Configuration
Security Options
Run on Intranet
HTML Options
When you submit your changes, anything altered in any of the six parts is submitted together.
General Site Info
The Site Name field allows you to place the name of your site into the PostNuke database, as shown in Figure 3.2. This is a very important field. Many themes, including the default ones included with PostNuke, use the Site Name field as a variable to dynamically display the name of your site in the page header. Your site's name also displays in the browser's title bar, and it is used to name the bookmarks visitors make to your site. Even if you decide later to use a graphic for your title, you should always have this field populated.
The Site Logo field names a file that should be a small version of your logo (no larger than 300px wide and 80px tall). The graphic must be placed in the main PostNuke images directory. You can find the default logo.gif file there as an example. The format of this graphic should be GIF, JPG, or PNG, just like any web image.
){kind=small}
Figure 3.2 Describing your site.
This logo filename can also be referenced in a theme, just as the site name mentioned previously, and some of the default themes previously used the file in the site header. In the current PostNuke release, the Site Logo field has two functions. When a user views content in the Printer Friendly Page format, all normal images and theme structure are removed from the page. The resulting content only includes the Site Logo file above the text. Second, when a website gets a Really Simple Syndication (RSS) news feed from a PostNuke site, the Site Logo image can optionally display with the news to identify where it comes from. It's recommended that you keep this image as small as possible to make a minimal impact on printing and news feed usage. For additional information on the later feature, see the "Backend Configuration" section later in this chapter.
The Site Slogan field is used to describe your site further. It appears in all the default themes, usually after or under the site name. You can code this variable out of your theme, but it's a good idea to leave it in the browser's title bar. PostNuke 0.750 does not provide a field for creating and editing your site's meta description tag. You can hack PostNuke to include additional meta tags (see Chapter 21, "General PostNuke Hacks"), but if you leave the page header information as the default, your site's title becomes very important for search engine indexing.
The Meta Keywords field, shown in Figure 3.3, allows you to populate the standard keyword tag used to describe your site to a search engine. The words and phrases should be separated by commas. Search engines usually give priority to the earlier words over the latter, so place your main words first. In addition, it is best to avoid word repetition, as many engines penalize you with a reduced ranking if they believe you are trying to abuse the keyword system.
You also have the option to turn on PostNuke's Dynamic Meta Keywords. With this feature enabled, the Meta Keywords for a given page are determined by the content displayed on the page. For example, if you are viewing a news article, the article's content is parsed by PostNuke, and the most commonly used words are applied to the page's keywords.
){kind=small}
Figure 3.3 Managing Meta Keywords.
TIP
The use of the Dynamic Meta Keywords feature can result in reduced performance for your site. If you are using this setting and find your site is running slow, try turning it off and test for speed improvement. See Appendix A, "Speed Up PostNuke," for more performance tips.
PostNuke's Site Start Date field describes the date your PostNuke site itself goes live. Even if your website existed before you installed and began using PostNuke, this date should reflect when PostNuke itself became active. It is displayed on the built-in statistics module, and that information only relates to PostNuke itself no matter how long your site existed previously. The date is actually a regular text field, so you can write the date in whichever manner you prefer, such as any of the following examples:
July 15, 2010
July 2010
2010-07-15
15/07/2010
07.2010
Thursday, July 15th 2010, 10:30am
The Administrator Email field is used with any correspondence you initiate using the PostNuke mailing features. The contents of this field appear as the "From" address in the sent email. You might want to set up a special email address for administrative PostNuke messages to help protect your personal address from unwanted posts, such as spam solicitations or virus mailers.
NOTE
PostNuke cannot send email if you have not configured one of the transport options in the Mailer module. Simple Mail Transfer Protocol (SMTP) services defined in your php.ini file are used by default. If you do not plan to have a mail server set up for your PostNuke site, you can leave the Administrator Email field blank.
Your site's global theme is chosen using the Default Theme For Your Site drop-down list box. The theme you choose here is the first thing all users see when they visit your website. PostNuke includes one basic theme, ExtraLite, enabled by default, and six different Xanthia themes. You can test each of the themes by simply selecting them and saving your changes in this form.
TIP
Click the Inactive Xanthia Themes Are Not Included in This List link by the Default Theme list box to jump to the Xanthia module administration page where you can easily add the other default themes.
The default themes are all similar, and you should have no trouble getting back to the settings form after testing. The theme shown in this book's figures is called simply "PostNuke" (see Figure 3.4).
Site users can be allowed to customize their own site interface by selecting a different theme in their personal account preferences. If you prefer to restrict the site to only your main theme, you can select "No" for the Allow Users to Override Theme option. The theme list is dynamically generated using the theme directories found in the /themes/ directory in your PostNuke site; if you remove a theme from that directory, it is also removed from the list box for both users and your website settings form. Users without an account or those who are not currently logged on will always see the default theme.
)
Figure 3.4 Choosing your site's theme using the drop-down list box.
NOTE
If you initially allow users to select personal themes, but later turn off this option, all users automatically see the site's default theme. If you rename or remove a theme previously chosen by a user, the user also automatically sees the default site theme until their chosen theme is replaced or renamed.
The Local Time Format field determines how date and time references are displayed throughout your site. It is mainly tied to the language setting. It's recommended that you leave this setting at your installed default, such as en_US. To alter the way dates appear on pages, go to your language directory and edit the configuration files manually. For example, with a site using English, edit /language/eng/global.php. The code you need to look for is as follows:
define('_DATEBRIEF','%b %d, %Y');
define('_DATELONG','%A, %B %d, %Y');
define('_DATESTRING','%A, %B %d @ %H:%M:%S');
define('_DATETIMEBRIEF','%b %d, %Y - %I:%M %p');
define('_DATETIMELONG','%A, %B %d, %Y - %I:%M %p');
The dates are defined using standard PHP time/date character variables. A complete listing of what characters are possible, what each means, and how to use them is available online in the official PHP documentation at http://www.php.net/manual/en/function.date.php.
The Time Zone Offset field should be set to the server's local time zone. The positive/negative hour offset is based on Greenwich mean time (GMT), which is the default setting. Every time PostNuke displays date or time information, it is in reference to this setting. Individual users with accounts can select their respective local time zone in their personal preferences. A user's local time is then computed using the server's Time Zone Offset and hardware time setting as a basis.
Your site's Start Page is determined by the next selection box. By default, all PostNuke sites use the News module as a home page. The drop-down list box provides a list of other modules you can use instead. News is still available to site visitors through the news link, just as other sections are always available from the Main Menu.
As mentioned previously, when you browse to the main site Administration Menu page, additional information areas are below the icons. One of those sections lists recent articles posted to your site. By default, only 20 articles are shown, but you can change that amount from 10 to 50 using the Number of Articles in Administration Menu field.
Similar to the Number of Articles in Administration Menu option, you can also set the number of posts visible on the main news page using the Number of Stories on Homepage list box. The default is 10 news articles, but you can increase it up to 30 by using this form.
TIP
A large number of news articles displayed at once can result in slower page display. If you are using News as your site's home page, it's better to keep the article number low so your site's most-visited page remains fast for your visitors.
The Order of Stories on Homepage option selects the criteria PostNuke uses to determine the age and importance of articles for display. By default, this field is set to News Date/Time. Each article has a time of creation associated with it, and normally the default setting is what you want to use. Alternatively, you can select the News ID to determine display order. Most PostNuke content is given a unique ID number as the content is created. The numbers are incremental and respective to the section where the content belongs. If you feel you cannot trust the time stamps placed on your articles, for example if your server's time setting has changed, using the ID number displays the articles in their creation order.
The Display Right Blocks in Articles option relates only to how a story article is displayed when read fully. For example, if you click on the name of a news posting, you are sent to a page containing just the one article. PostNuke articles have extra "right blocks" that can be displayed for extra information, such as to show other articles related to the one being viewed. If you turn this setting off, articles are automatically displayed in the full width available.
NOTE
Do not confuse the Right Blocks in Articles option with the overall positioning of blocks in a theme. PostNuke themes have content locations with names such as "left," "right," and "center," and those positions are used to describe module blocks. But the name similarity with right-side article blocks is not meant to relate them.
You can make lengthy News articles easier to read using the Display Pager in News Articles option. Toggling the radio buttons to "Yes" breaks up lengthy articles into multiple pages with a dynamic numbered navigation bar.
PostNuke also allows you to turn off all those icons on the main Administration Menu page. Select "No" for the Graphics in Administration Menu option, and you receive a text-only page, as shown in Figure 3.5. The display is dynamic, and the icons return just as easily. This feature is only visible to those with access to the Administration Menu.
TIP
You can also change the administration icons to use other graphics. The icon for a given module is kept in the images directory of the module and is always called admin.gif.
The Send Error Reports by Email feature relates to users' attempted browsing to pages that do not exist. When a site visitor browses to an invalid uniform resource locator (URL), an email can be generated and mailed to the site administration address. Three different configurations for this feature are as follows:
){kind=small}
Figure 3.5 The Administration Menu without graphics.
Don't Send Error Reports—Selecting this option disables error reporting for your site.
For Referrers from This Domain Only—This option generates an email when a visitor clicks an invalid link within your site. The broken links reside on your site itself, and this report shows you what needs to be fixed.
For All Referrers—All referrers report all failed page-viewing attempts from any source. This option is useful if other sites often link deeply into your site; their links might become invalid as you make changes. The report shows what old moved or deleted pages you might need to replace with a redirect.
All web servers allow you to create customized error pages for your site. The PostNuke developers have created a humorous variation of the standard 404 Page Not Found message, and you can turn on this feature using the Enable Funny Error Message in error.php option. This feature is more humorous than useful and consists of a series of JavaScript-generated messages meant to be from the server that explains how sad and depressed the server is that it has failed to find your requested page. If your PostNuke site is of a commercial or professional focus, you should leave this feature turned off. An example of the message can be seen at http://www.postnuke.com/error.php?error=404.
Your website will be more secure if you leave the Enable pnAntiCracker feature on as the default. This PostNuke security module runs invisibly as part of the site subsystem and constantly watches for potential break-in or hack attempts on your PostNuke website via the use of GET, POST, and Cookie (GPC) variables. If an attack on your site triggers pnAntiCracker, the site administrator's email you configured previously is sent a message containing the ENV variables, such as IP address, browser, operating system, and so on, of the suspected assailant. The message also includes the module and script information relating to the attack. PostNuke 0.8 will include additional custom configuration options for pnAntiCraker.
Enable Support for Legacy Modules is a very important setting for your site. When set to "yes," it allows modules that are not fully pnAPI compliant to function with PostNuke. As PostNuke .750 is a release designed to transition users to version 0.8, many current modules for PostNuke are not yet compliant, including some core modules. Unless you are certain all of the modules are pnAPI compliant, keep this option set to "yes."
The Initial Group for Users field allows you to change the group setting for newly created accounts. When a new user account is created, whatever you have typed into that field is the group name given to the new account. Site permissions and user management are covered in Chapter 9, "Users and Permissions," but it's important to note that you must be careful when setting this field. It is a test field and does not provide a drop-down list of group names. If you mistype a group name, so that new users are assigned to a group that does not exist, those new users are locked out of your site. All modules and blocks outside of the most basic HTML in your theme are not displayed, and a locked-out user might not even be able to log back out of your site.
The Choose the Language to use for Your Website field determines the default language setting for all pages. Users with PostNuke accounts can select their personal language preference. This setting does not mean your pages are automatically translated into a newly chosen language. Each piece of content you create is associated with a given language (or with all languages), and the setting determines which content is displayed based upon the contents' association. You need to install additional language packs to have translations of PostNuke itself. Language options are covered in Chapter 4, "Modules and Blocks."
If you Activate Compression for your PostNuke website, you enable the GZIP compression option of PHP. Basically, a given page is compressed at the server before it is sent to a visitor's browser. The change offers a relatively small speed improvement for pages with many images, but it is noticeable on text-laden sites. This feature also only works with browsers that support GZIP-compressed pages; older browsers that cannot handle the compression receive pages normally.
Footer Messages
This section of the Site Settings has only one large text area field titled Footer Line. Here, you should enter any information you want to appear on the bottom of all pages on your site. Suggestions include copyright and legal notices, disclaimer information, contact links, and perhaps a miniature navigation bar for access to major areas of your site. You can include HTML in this footer field; the default footer is formatted with HTML and provides copyright and licensing information, as well as links to technologies used to create PostNuke (see Figure 3.6).
){kind=small}
Figure 3.6 Default PostNuke footer.
Backend Configuration
PostNuke includes support for RSS news feeds. RSS is a universal and popular Extensible Markup Language (XML) format used to share news headlines and similar timely content between websites. You can include other sites' content on your website, and other sites can list "what's new" from your PostNuke site. The Backend options here allow you to define the content you send.
The Backend Title field should be populated with a short description of your site or the type of news you provide. Your site name is automatically sent with a feed, and this is the title of the news being sent.
The Backend Language field identifies your content using the RSS listing. The language most commonly used in your news should be set here.
TIP
Your site provides RSS feeds automatically by default. If you want to turn off this feature, you need to rename or delete the backend.php file found in your PostNuke directory root. You can also edit this file manually for more advanced configuration options.
You can add news from another site by installing an RSS block. More information on RSS can be found at the following links:
Security Options
This section determines how user accounts interact with PostNuke. When a user logs in to his account, he has the option to be "remembered." Checking that box in the form places a cookie on the user's machine to authenticate him automatically when he returns to the website. This can be a security risk in shared computer environments in which a different user visiting the same PostNuke site might have access to areas where they would normally not be allowed.
Three basic Security Level options are available to you:
High—Users must log in each time they return to the site.
Medium—Users stay logged in for a set number of days.
Low—Users stay logged in forever.
Medium security is selected by default, and you can set the specific number of days before a user is required to log in again using the text field beneath the list box.
Users are also tracked by session, so that as users travel throughout your site, they are known by the site and automatically have access to available areas. If a user goes idle too long, the user's session can be ended, and this way PostNuke auto-logs out a given account. This setting is dependent on the security level, in that a low Security Level might still allow access through a new login.
The Check Referer on Printer Friendly Page option logs the source of traffic going to your site's print-ready pages. This setting is off by default, and unless you have security worries, it is best left that way. Under normal circumstances, all traffic to a printer page comes from links on your site.
Run on Intranet
This single radio button selection determines whether PostNuke is running in Intranet Mode. When turned on, the Intranet option reduces the amount of security PostNuke uses by default.
This option usually comes up in reference to the use of fully qualified domain names (FQDNs) with sites. For example, your full domain might be http://www.mypostnukesite.com/, but if you use http://mypostnukesite.com/, the URL is not fully qualified. The complete name helps ensure a site is identified correctly. Users on an intranet might simply use http://intranet/ to get to the site. Internally, behind a secure firewall, having an unqualified domain is fine. If your site is available to the general public, it is strongly recommended you leave this setting turned off.
HTML Options
PostNuke is a form-driven application, but when a user submits content that contains HTML, a bad choice of tags, by accident or intent, can break the overall site shell when the content is later rendered. Because of this common problem, PostNuke has implemented a detailed set of HTML tag controls you can customize through the Site Settings page (see Figure 3.7).
)
Figure 3.7 Global HTML tag settings.
For a given tag, you have three options:
Not Allowed
Allowed
Allowed with Parameters
Not Allowed means the tag typed into a form with regular content is visible when the content is read. Allowed tags are rendered, but only the tag itself is parsed. Allowed with Parameters enables tags to be used normally and completely with all attributes.
You can see in Figure 3.8 that the article has two tags in it, a comment and a hyperlink. The comment is restricted by default, so it and the text inside it both appear. The hyperlink anchor, on the other hand, is allowed with full parameters, so the tag can be typed and the HREF attribute in the anchor is rendered making the link active.
NOTE
Tag settings are globally applied to the site and are in effect for all user accounts regardless of group or permission settings. Even the Admin account must follow these HTML rules.
){kind=small}
Figure 3.8 Tag settings article example.
If you trust your site users to not damage the operation of PostNuke with bad tag usage, you can relax the HTML restrictions. Many of the tags can add a lot of functionality to a PostNuke site. It mainly depends on what abilities you grant your users. If, for example, you restrict posting to only a special power users group, this smaller approved group might be fine with all HTML open to use. An intranet environment is also a good example of an environment with a known user group.
Also as stated in the warning on the page, the <img>, <span>, <marquee>, <script>, <embed>, <object>, and <iframe> tags all pose a potential security hazard. Those tags can be used in inappropriate ways to gain access to user information or outright break your site. Do not allow potentially dangerous tags unless your site is otherwise secure through other settings or a known user base.
The final option, Translate Embedded HTML Entities into Real Characters, converts and displays standard foreign language characters from the &#xxx; entities to real characters. This option is only important if your site uses a foreign language and you're having problems getting the special characters of the language to display on your PostNuke site.
When you have completed your changes to the Website Configuration screen, simply click the Save Changes button at the bottom of the page to apply the settings.