Support

Akeeba Backup for Joomla!

#38507 Crucial JConig variables missing after ANGIE restoration

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.2.7
PHP version
8.0.27
Akeeba Backup version
9.5.0

Latest post by nicholas on Friday, 10 February 2023 09:15 CST

Thursday, 09 February 2023 10:18 CST

maggus86

Hi Nicholas,

there seems to be a problem with the ANGIE restoration script for Joomla! 4. When excluding `configuration.php` from backup a completely new `configuration.php` file is generated on restoration process. However, there are missing some crucial variables (i.e. $debug, $error_reporting, probably some sessions vars, too) that prevent Joomla! from working as expected after restoration.

This problem only appears when no `configuration.php` file was backed up. When overwriting an existing `configuration.php` file by ANGIE, everything works fine.

I really want to exclude the `configuration.php` from backup as I don't want my customers to see already used database passwords.

Do you have an idea what's going wrong?

Thank you!

Thursday, 09 February 2023 10:51 CST

nicholas

ANGIE reads the configuration variables from configuration.php and changes a select few which need to be changed upon restoration. Without a configuration.php file it does not know which variables are present in your Joomla version.

Do not exclude configuration.php. Instead, select your backup profile, go to its Configuration page, find the Database Backup Engine area, and set the Blank out username / password to Yes.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 09 February 2023 13:08 CST

maggus86

Dear Nicholas,

thank you for your quick reply!

According to this advice of a former ticket I have already set "Blank out username/password" to yes but it doesn't seem to blank out any information inside the `configuration.php`. When extracting, for example, with Akeeba Extract Wizard I can still read DB name, username and password as plain text. In the mentioned former ticket you suggest to exclude the `configuration.php` from the backup what I have done. You have advised:

Do note that you do not need to create one yourself on the restored site; the restoration script included in the backup archive will create one for you. (see former ticket)

But as far as I can see a `configuration.php` file is created that doesn't have enough information to get Joomla! work or at least make possible a backend login. I have already mentioned the variables that are missing. If no `configuration.php` is present why is there no default value being set? In order to make Joomla! work again? It seems that Joomla! needs at least some default value to work properly.

Thank you for your help!

P.S.: I could blank out the critial values manually myself but I haven't found any windows program that can create .jpa archives. So I can extract the archive but not create any again. And Akeeba Backup (and Joomla!) isn't working when changing the `configuration.php` before backing up. Is there no solution for this scenario? I can't be that uncommon...

Friday, 10 February 2023 01:30 CST

nicholas

Please note that the ticket you are reading has a date of June 2017. That's almost six years ago. Back in June 2017 there was no Joomla 4 as we know it. Well, there was Alpha 1 which was just Joomla 3.7 plus some namespaces stuff. It wouldn't be until late 2019 when the Joomla project decided to discontinue the configuration.php-dist file which acted as a reference of what are the expected global configuration variables, and add a lot of options to the Global Configuration page. Six years ago when the configuration.php-dist file still existed we still shipped a copy of that file with ANGIE (we still do, it's the j30.php file if you're wondering), and ANGIE was able to create configuration.php files from scratch if none was provided. This is something we had been doing since the Joomla 1.5 days (that's why you see j15.php for Joomla 1.5 and j25.php for Joomla 1.6/1.7/2.5 in the same ANGIE subdirectory).

While I have worked for a workaround for the missing file in Joomla 4 (and do ship it as j40.php) I consider it a bit finicky, as it is based on the configuration.php file created from a default Joomla 4 installation, not a reference file — since the reference file no longer exists. That's why it had not been activated in ANGIE just yet. I wanted to first see if there is a need for it or if I should remove it altogether. It turns out that your is the first ticket in the one and a half year since Joomla 4's release with this issue, making it extremely uncommon to say the least. Now that I see that someone did bump into that problem I know it's not a completely useless feature and will enable it — in the next version of Akeeba Backup scheduled for late February or early March.

In the meantime, here is what you can do.

Option A. After extracting the backup archive edit the file installation/platform/models/jconfig/j40.php and change:

class JConfig

with

class J40Config

This will allow the restoration script to create a (mostly) valid configuration.php file from scratch. This is the change I will be making (plus a few updates to the j40.php file for options which were recently added to Joomla 4) in the next version of Akeeba Backup.

Option B. After extracting the backup archive upload an edited configuration.php file to the site's root. Then click on the Run the Installer button on Kickstart. ANGIE will now read the edited / redacted configuration.php file and everything will work just fine.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 10 February 2023 07:45 CST

maggus86

Dear Nicholas,

that really sounds great! Moreover I now understand all your considerations that reach far into the past.

I would't have created a ticket if there was a manual way to solve that scenario. Until today, I have tought that checking "Blank out username/password" not only removes sensitive data from the installation script but also from the `configuration.php`. But that's not happening and therefore backing up the `configuration.php` for customers might be some security risk as I provide credentials for my SQL server. The customer might not be aware of this but it could still be used to gain unwanted access to my server if I forgot to change the username/password combination.

As far as I can see providing a `j40.php` would be great in order to create a `configuration.php` on restoring process from scratch. Another idea could be to enable an Akeeba Backup user to provide his own "prototype" of a `configuration.php` that will be backed up instead of the original file. That way a user could define best practice values for his own needs without changing the values in the developmental area. But that's just an idea. I also understand that it isn't the natural idea of Akeeba Backup to provide clean "demo packages" for other users.

Anyway, I am looking forward to your solution :-)

Best regards!

Friday, 10 February 2023 09:15 CST

nicholas

Another idea could be to enable an Akeeba Backup user to provide his own "prototype" of a `configuration.php` that will be backed up instead of the original file. That way a user could define best practice values for his own needs without changing the values in the developmental area. But that's just an idea. I also understand that it isn't the natural idea of Akeeba Backup to provide clean "demo packages" for other users.

The best practice for distributing a site is to either take a backup from a server which is not connected to the Internet (e.g. a local server), or dispose of the site after handing over the backup.

If you have a live site you want to distribute, use a local server as an intermediate restoration target. I mean: backup the live site, restore on the local server, make any changes you may need, back up on the local server, send this new backup to your recipient.

Another option is to not back up the configuration.php file and deliver a "sample" one with your site's backup.

A third option is to back up into a ZIP file, excluding the configuration.php file, then add your "sample" configuration.php file into the ZIP file using standard tools. Remember, Kickstart works just fine with ZIP files as long as you use the standard and default Deflate compression algorithm (don't use LZMA, PPMd, or whatever else your archiver supports).

Regarding your suggestion, it's something I had thought of well over a decade ago. I really don't want to add a feature which practically allows replacing files at backup time. I can see the valid use cases, but I can also see some cases of abuse. I'd rather avoid that. 

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!