Posts From October, 2010

mojoPortal 2.6

mojoPortal 2.6

Today, we're pleased to announce the release of mojoPortal 2.6. We had planned on releasing this version much sooner but we kept adding features! In the future, we're planning on releasing about once per month. Larger features will take more time but our community shouldn't wait for smaller enhancements.

With this release, we're introducing SuperFlexi and the Blog Post List modules. We also have a lot of enhancements and new features for existing modules. Finally, we've made some improvements to Framework and we're releasing a new free skin called "Scout", which can be downloaded from the mojoSkins project.

Where to Get It?

Head over to our GitHub Releases Page.


The SuperFlexi module is intended to serve as an easy templating system that works as a go-between for front-end developers and users. Developers can easily create "Solutions" that determine, to a large extent, the module's uses; controlling both what kind of input users can store in the database and what markup is created on the page. Users can then simply select a "Solution" in the module settings, and create their content with straightforward easily-understood forms, which will then be rendered as determined by the developers defined markup.

SuperFlexi aims to give end users much easier control over their content, even when that content might normally be quite complicated (as in the case of sliders, tables, structured or gridded HTML, and many other things). Possible uses for SuperFlexi are virtually limitless and we're really excited to be adding it as a core module in mojoPortal 2.6.

With mojoPortal 2.6, we're including 8 solutions; Accordion, Banner Slider, Icon Blocks, Image Blocks, Personnel List, Quick Links, Social Media Links, and Tabs. Each of these is demonstrated on the mojoPortal Demo Site. Please note, SuperFlexi does not currently support SQLite and PGSQL. We should have support for those database platforms in a couple of weeks.

To learn more about SuperFlexi, check out the documentation. We've also created a new Forum, just for SuperFlexi.

Blog Post List Module

So, for a very long time, the official guidance for showing a list of blog posts on pages other than the page your blog is on was to use the Feed Manager to consume your blog's RSS Feed. This meant that the Feed Manager had to make an http(s) connection back to your site, consume the feed, cache the feed contents in the database, and then query the database for the cached contents. Granted, the connection and subsequent caching only happened on a set interval but it was very unnecessary. We decided to cut out the middle-man (Feed Manager) and create a module which connects directly to a chosen Blog module and displays the posts. We went a step further by creating a Razor View Engine for this new module. Yes, you read that right, Razor. You can create Razor views to control the display of this new module.

To learn more about the Blog Post List module, head over to the documentation.

Blog Updates

We spent some time on the Blog and besides the wonderful new Razor-enabled Blog Post List, we have added Post Featured Image, Blog Featured Post, and automatic Meta Content creation for Facebook, Twitter, and

Post Featured Image

You can now easily add a featured image to each of your blog posts. This image will be used in the meta elements added to the page for Facebook, Twitter, and other social media outlets. The image is also treated a bit special by the Blog in that it is shown at the top of posts. More on the Post Featured Image.

Featured Post

This feature allows you to set a single post in your blog as "Featured". That post will always be at the top of the post list, even when using the Blog Post List module. More on the Blog Featured Post.

Automatic Meta Content Creation

Sharing posts on social media is a lot easier now because the special meta content markup that is necessary for sites like Twitter and Facebook to show correct titles and post images is now automatically added when you create a post. You can even edit the meta content that is created by editing the post and clicking the "Page Meta Data" tab (we're gonna change that to "Post Meta Data" in the next release).

Other Blog Updates

  • Added Display Settings for the Blog module to allow for easier skinning via CSS classes
  • Updated to actually move the blog navigation in markup instead of changing places with CSS * floats for easier styling
  • Cleaned up a lot of the default markup
  • Panels with no child elements will no longer be rendered
  • Added option to include comment body in comment notifications
  • Added SkinID="Blog" to CommentsWidget
  • Removed "Feed Links". These were links to old MSN, Yahoo and other defunct feed managers.
  • Added option to allow Post Title to be used as Page Heading when the PageHeading (or PageTitle) control is used in the layout.master for the skin

ASP.NET 4.6.2

mojoPortal now requires ASP.NET 4.6.2, which was released in August of 2016. Most hosting providers already support 4.6.2 so you should be fine upgrading your site. If your host doesn't support it and you purchase a hosting plan with i7MEDIA, we'll move your site for free.

TLS 1.2

mojoPortal will now enforce using TLS 1.2 for outgoing connections. This is important for connections to payment processors like Authorize.Net, WorldPay and PayPal.

Site Settings

The Site Settings page has a lot of options for configuring your site. We're actually working on moving more stuff from the web.config to the UI so it'll be easier to configure your site. Knowing that we are going to be adding even more to Site Settings, we implemented a few changes and reorganized some things to make using the Site Settings page easier. In the future, we plan on breaking this single page up into several smaller and more task oriented pages. In this release, you'll notice the following:

  • "Site Title" field moved to the General tab
  • "New Site" link removed (to add another site, go to Administration > Site List)
  • Skin options grouped on the General tab
  • Content Editor options grouped on the General tab
  • Registration options grouped on the Security > Main tab
  • User Account options grouped on the Security > Main tab
  • "Avatar System" option moved to User Account group under Security > Main tab
  • Password options grouped on the Security > Main tab
  • Security > OpenID tab renamed to "3rd Party Auth"
  • OpenID options grouped on the 3rd Party Auth tab
  • Windows Live options grouped on the 3rd Party Auth tab
  • "Host Name Mapping" and "Folder Name Mapping" moved to a single tab called "Site Mappings".
  • "SMTP Settings" tab renamed to "Mail Settings"
  • "Mail Settings" tab is always visible with information on how to enable the fields there. New sites will, by default, use this area for SMTP settings. You can enable this on your site by following the instructions here.
  • "Default Email From Address" and "Default Email From Alias" moved to "Mail Settings" tab
  • Reordered Recaptcha Site/Secret keys to match order on Recaptcha site
  • Added several contextual notes throughout the Site Settings page

Change Log

This change log isn't exhaustive because a lot of changes are already listed above. If we didn't list it above, it should be listed below.


  • Updated mojoPortal to ASP.NET 4.6.2 and C# 7
  • Updated mojoPortal source code to use latest NuGet package management
  • Added RazorBridge method to allow use of MVC Razor Templating in Web Forms controls
  • Added MVC HTML Helper for internal Avatar and Gravatar use in Razor templates
  • Added Link control for inside/outside markup of the link
  • Added AutoEscapeStringForCsv method for exporting data in CSV format
  • Updated Gravatar in Forums to link to mojo user profile by default
  • Fixed File Manager/Page Picker for folder sites and sites running in a virtual directory
  • Moved First Name and Last Name fields to the General tab in the User Profile.
  • Added option to include comment body in notifications
  • Added ExportDynamicListToCSV method to ExportHelper
  • Added ImportHelper with GetDynamicListFromCSV method
  • Removed calls to jQueryFileTree and removed from ClientScripts
  • Removed calls to jQueryLayout
  • Removed call to greybox from Contact Form
  • Fixed possible XSS bug in help dialog, reported by Jarrod Farncomb of TSS (CVE-2017-1000457).
  • Removed WebStore from core (will be available as a separate download from the AddOn store)
  • Cleaned up user.config.sample file
  • Standardized on "Login" instead of "Sign In" (both were used before now)
  • Added Security Protocol information to "Security Advisor" (Administration > Security Advisor)
  • Added CombinePath method to DiskFileSystem file system provider.
  • Added FolderVirtualPath property to WebFile
  • Added NameProperty and ContentProperty to ContentMeta. This allows for creation of meta elements with custom names <meta property="foo" value="bar" /> instead of only allowing for <meta name="foo" content="bar" />


  • Added FormGroupPanel control for settingrows to control their classes
  • Updated Site Settings page to use new FormGroupPanel control
  • Updated the Layout.Master.cs to expose SiteSettings (siteSettings), PageSettings (currentPage), isCmsPage and isMobileDevice to the Layout.Master for richer skinning functionality (Check out the layout.master in the Nature theme)
  • Updated CSSHander to allow for "https://" and non-http-specified ("//") url calls
  • Updated Avatar.cs with new ExtraCssClass property
  • Cleaned up markup of CommentsWidget
  • Added themeable properties to CommentsWidget to help with skinning
  • Added themeable display settings for Contact Form
  • Cleaned up markup of the RelatedNewsletterSetting control
  • Cleaned up markup of HTMLCompare feature (used by version history)
  • Fixed Inline Editing in HTML Module for selecting files/images
  • Fixed CSSHandler for HTTPS URL calls
  • Fixed missing CKEditor Image2 Alignment Classes
  • Added InsideTopMarkup to replace LiteralExtraTopContent in BasePanel
  • Added InsideBottomMarkup to replace LiteralExtraBottomContent in BasePanel
  • Removed the .LESS CSS Utility from the Administration area. We recommend using a tool like Prepros for LESS management.

mojoPortal Released

I'm happy to announce the release of mojoPortal, available now on our download page.

A few weeks ago I was on the verge of releasing my new add on product In Site Analytics Pro, but when I tested the package I discovered that the graphs did not work in Medium Trust hosting. It turned out to be a problem with ZedGraph that was easily fixed by re-compiling it with the AllowPartialyTrustedCallers attribute set to true. However, since both mojoPortal and In Site Analytics use ZedGraph, they really need to both be compile against the same version of ZedGraph. There are ways around such issues with configuration to map assembly versions, but to keep things simple I decided to wait and release a new version of mojoPortal with the new version of ZedGraph before releasing In Site Analytics Pro. So I went through our list of to do items and things that have been requested by the community to find a few low hanging fruit items that could be finished quickly to make the mojoPortal upgrade more appealing. I will follow up in the next few days and make the first release In Site Analytics Pro, but it will require mojoPortal or newer.

What's New?

In recent versions, we added a Facebook like button and a Tweet This button in the blog, in this release we made it also possible to have the Facebook like button and/or the Tweet This button in the RSS feed so that users who subscribe to the feed using Google Reader or other Feed Readers can also Like or Tweet your posts. We also added logic so that if a blog post is saved with a blank url, the url is generated by server side code.

Thanks to a good suggestion from Tim Cadenbach, we added some nice ajaxy transitions for the jQuery UI tabs and Accordion used in administrative features and elsewhere.

Added a setting in Site Settings to require a Captcha on the Registration page.

Added a setting in Site Settings to require users to type their email address twice on the registration page (to avoid typos during registration).

Added a setting in Site Settings to show a Password Strength Meter on the registration page to encourage strong passwords.

Added a setting in Site Settings to require a Captcha on the login page, not something I generally recommend doing but if your security requirements call for this it is now possible.

Added support for a new token in newsletters for #viewaswebpage# which is replaced with a link to the web page version of the newsletter.

There was a usability issue previously with the forum notification emails where an opt out link was shown for both the forum as a whole and for just the thread regardless of whether the user was really subscribed to both the forum and the thread. Now we have different notification templates for each scenario so that only opt out links are shown for notifications the user is actually subscribed to.

Added an automatic machine key generator to the Security Advisor page to make it easier to create a custom machine key.

screen shot of machine key generator

Bug Fixes

  • Fixed issue where ZedGraph was not working in Medium Trust
  • Fixed issue where multi file selection for bulk upload did not work in IE after a recent Flash update
  • Fixed Member list paging bug in pgsql data layer

Don't forget that we are moving this site to a new server this evening so there may be some down time during the move.

If you haven't already, please vote for mojoPortal in the 2010 Open Source CMS Awards


Vote For mojoPortal in the 2010 CMS Awards


Follow us on twitter or become a fan on Facebook

follow us on twitter become a fan on facebook

Gravatar Joe Audette is the founder of the mojoPortal project and was the primary developer until February 2017.

In Site Analytics is Now on

Hello mojoPortal friends,

I've been working hard for the last few months to complete a new add on product for mojoPortal named In Site Analytics Pro. It is basically feature complete for what I envisioned for the first release and you can check it out on our demo site where you can login with the credentials and the password is admin

I'm still doing a little work on the data management page, but that is a page I would lock down so you can't see it on the demo site anyway for security reasons. Once I complete that I still have to produce documentation for installation, configuration and use before I put it on sale in the mojoPortal store. For now I invite you to check it out on our demo site and let me know any feedback positive or negative.

The primary features are the ability to have traffic reports and charts from Google Analytics in your site and the ability to capture the data from Google Analytics into the database for long term storage. Google only promises keep the data for 2 years, in practice it seems they keep it about 3.5 years, so harvesting the data allows you to keep historic data that would otherwise be lost over time. 

The charts and reports can work directly from the Google Analytics Data API or from the database. Only MS SQL and MySql will be supported for data capture, but installations of mojoPortal using other database platforms can still use the charts and reports directly from the API. It is also possible and preferable to use a separate database for the analytics data instead of keeping it in the same db as the site. It can be a large amount of data over time, much larger than the actual site data. You could also use any db platform for the site but still use MS SQL or MySql for In Site Analytics, I will be producing documentation about how to do that.

The main charts and reporting plugs into the Administration menu and is protected by roles, but there are also 2 features that plug into the content system to allow you to publish a traffic chart and visitor map on public pages of your site as I have done on our Community page.

Below are some screen shots to give you an idea of the features, but it is best to check it out on our demo site.

screen shot of insite analytics dashboard

screen shot of insite analytics visitor map

note that the map can be re-sized by dragging the bottom right corner

screen shot of todays traffic report

Thanks in advance for any feedback!

Vote For mojoPortal in the 2010 CMS Awards


Follow us on twitter or become a fan on Facebook

follow us on twitter become a fan on facebook

Gravatar Joe Audette is the founder of the mojoPortal project and was the primary developer until February 2017.

mojoPortal Released

mojoPortal is now available on our download page.

This is a compatibility update for the changes in ASP.NET that resulted from the security patch recently released by Microsoft and now available from Windows Update. I blogged about this issue previously and provided a workaround for the compatibility issue, this new release eliminates the need for the workaround.

Before the security update, there was a possibility for a System.Security.Cryptography.CryptographicException when decrypting the role cookie if the machine key had changed and the user was already authenticated. We already had error handling for this error, but after the security update the behavior changed and it would throw a more generic HttpException there which we were not handling, and this would cause users who were previously authenticated to experience an error until they cleared the cookie. Even without a machine key change, the same error could happen if a user was authenticated before the windows update was applied, the error could happen for that user after the update was applied (because there were also changes to how cookies are encrypted in the security update) In this release we have added handling for the new more generic exception so the cookie will be reset if this error occurs and the user will not experience an error on your site.

We've also removed the previous workaround for the ASP.NET security issue since it is not needed after the update is applied.

Other Changes

Thanks to Steve Railsback of Colorado State University we have some new CSS that can be used to add images to the Administration menu. It uses some Crystal Icons which are licensed under LGPL. I've updated many of the included skins that ship with mojoPortal to use the new icons, you can easily add them to your skin by adding this to your style.config file:

<file cssvpath="/Data/style/adminmenu/style.css" imagebasevpath="/Data/style/adminmenu/">none</file>

It will transform the admin menu from a plain looking vertical list to a list of images with hover effects like this:

screen shot of admin icons

This release also has:

  • upgrade to CKeditor 3.4.1
  • upgrade to TinyMCE
  • updated Italian resource files thanks to Diego Mora
  • fixed a bug where menu items that were configured as unclickable were still clickable in the breadcrumbs

I'd also like to point out a new article in the skinning documentation written by Steve Land, Using Wireframe Skins. Steve has shared a skin he designed to solve the problem of how to keep your discussions with clients focused on functionality when you need to. It is a very common issue that the customer can easily get side tracked onto colors and other visual aspects which is fine if you are trying to discuss the design but distracting if you are trying to focus the discussion on functionality or other non-design aspects of the site. The wireframe skin can help with this because it is designed to not be distracting and to clearly represent that the design is not what is being shown. Please let Steve know if you find his wireframe skin useful if there is interest he might make more variations.

Follow us on twitter or become a fan on Facebook

follow us on twitter become a fan on facebook

Gravatar Joe Audette is the founder of the mojoPortal project and was the primary developer until February 2017.

The fix for the ASP.NET Security Bug is now available on Windows Update

The fix for the ASP.NET  security bug is now available in windows update. However, the change has a negative side effect for the current release of mojoPortal which may cause authenticated users to experience an error on your site. The error occurs when trying to decrypt the role cookie which was encrypted before the update was applied. Previously, if there was an error decrypting a role cookie, it was throwing a System.Security.Cryptography.CrypotgraphicException (which we were handling so the user would not experience any error). After the windows update it now throws a more generic HttpException which the current release does not handle so the user will see the error page, and the only way to solve it is to clear the cookie. I have added handling for the changed error for the next release of mojoPortal, but you may begin seeing this error after you or your host applies the security fix.

There is one workaround you can do right away to solve this problem, you can add code to the ErrorPage.aspx in the root to clear the role cookie so that at least the user will only see the error page one time. To do this, edit the ErrorPage.aspx file with a text editor. At the top add this:

<%@ Import Namespace="mojoPortal.Business" %>
<%@ Import Namespace="mojoPortal.Business.WebHelpers" %>
<%@ Import Namespace="mojoPortal.Web" %>

then add this code to the bottom of the Page_Load event:

after this existing line of code:

if (disposable != null) { disposable.Dispose(); }

add this:

            SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
            if (siteSettings != null)
                string roleCookieName = SiteUtils.GetRoleCookieName(siteSettings);
                HttpCookie roleCookie = new HttpCookie(roleCookieName, string.Empty);
                roleCookie.HttpOnly = true;
                roleCookie.Path = "/";

Gravatar Joe Audette is the founder of the mojoPortal project and was the primary developer until February 2017.