RuubikCMS v1.1.2 Beta:

download

RuubikCMS demo

Username: admin
Password: ruubik

Demo website

News

RuubikCMS 1.1.2 Beta released

09.10.2014

RuubikCMS 1.1.2 Beta is now available for download. Special characters in page names are working now...

Read more

RuubikCMS 1.1.1 released

16.02.2012

RuubikCMS 1.1.1 is now available for download. It has one small new feature and includes the manual security...

Read more

Local file inclusion vulnerability

18.10.2011

We were informed 2011-10-17 that RuubikCMS 1.1.0 has a local file inclusion vulnerability in file...

Read more

Bookmark and Share

Extranet documentation

Extranet in RuubikCMS 1.1.0 (Beta feature)

Extranet funtionality is currently experimental and you might found bugs! Please read notes carefully and remember that RuubikCMS is GPL v3 licensed and provided without any warranty.

File protection in Extranet

Extranet file downloads are uploaded in /extra/useruploads/files/.

The included .htaccess file should protect that these files can not be directly downloaded. First make sure that your extranet file uploads can not be downloaded (eg. http://www.yourdomain.dom/extra/useruploads/files/ruubikcms.pdf). You should receive a 403 Forbidden error (permission denied).

Files are protected by the "/extra/download.php" script which checks for a valid extranet user login. RuubikCMS automatically converts links to /extra/useruploads/files/ when saving the extranet web page content.

So the regular link to file:

/extra/useruploads/files/ruubikcms.pdf

becomes:

/extra/download.php?f=ruubikcms.pdf

and now downloading requires extranet login. Downloads are also logged and download counts are available in the RuubikCMS CMS Options.

Image protection in Extranet

Extranet images are uploaded in /extra/useruploads/images/.

The included .htaccess file should protect that the images can not be directly viewed. First make sure that your extranet images can not be viewed (eg. http://www.yourdomain.dom/extra/useruploads/images/newyork.jpg). You should receive a 403 Forbidden error and the access is denied.

Images are protected by the "/extra/image.php" script which checks for a valid extranet user login. RuubikCMS automatically converts references to /extra/useruploads/images/ when saving the extranet web page content.

So the regular image source:

/extra/useruploads/images/newyork.jpg

becomes:

/extra/image.php?f=newyork.jpg

and now viewing requires extranet login.

Important!

As stated above: /extra/userupload/files and /extra/userupload/images must be recursively (all content in these directories) protected by .htaccess for direct access.

Media content is not protected!

Media content in /extra/useruploads/media/ is not currently protected. Media files could be uploaded to /extra/useruploads/files/ and protected as regular file downloads.

Logging website (non-extranet) file downloads

Regular file downloads are uploaded in /useruploads/files/.

File downloads are logged by the "/ruubikcms/download.php" script. RuubikCMS automatically converts links to /useruploads/files/ when saving the web page content.

So the regular link to file:

/useruploads/files/ruubikcms.pdf

becomes:

/ruubikcms/download.php?f=ruubikcms.pdf

Download logs are available in the RuubikCMS CMS Options.

Importing extranet users from CSV

When there is a large number of extranet users, these can be imported from a .csv file (Extranet > Extranet users). Some things to remember:

  1. If username already exists, the data for the user is overwritten!
  2. Imported username can contain any characters (adding user by hand forces lowercase alfanumeric + "@" and "." only)

Sample .csv file (Excel) in the required format will be available soon!

RuubikCMS login logs into extranet too

  1. If logged in as RuubikCMS admin, you'll be automaticaly logged in to extranet with the CMS username
  2. If logged in as RuubikCMS admin, log out in the extranet will not log you out!

These are features, not bugs :) This is to allow protected images to be shown in the extranet HTML editor
If you do not like these "features", switch file /extra/login/session.php to /extra/login/session.noruubikadmin.

Extranet site template

Extranet site template is located in /extra/index.php and the images/css are in /extra/website/. It's possible to use site template echo codes in /extra/index.php. The only main diffrence is that extranet is initialized with code:

require('../ruubikcms/extrapage.php');