Site Parameters

The config column of the #__sites table is used to store the configuration of the Joomla!™ site, as well as information collected about the site by automation tasks.

In the following document, the dot in key names represents a subkey. For example, the key name foo.bar.baz corresponds to the following JSON document and, in this example, has the string value of something:

{
    "foo": {
        "bar": {
            "baz": "something"
        }
    }
}

The config key

Controls how we connect and interact with this particular site.

config.apiKey

The Joomla! API Token of a Joomla! Super User account.

This is required if the remote site has the “API Authentication - Web Services Joomla Token” and “User - Joomla API Token” plugins enabled.

This is the preferred connection method to a Joomla! site.

❗️IMPORTANT: Either this key, or the config.username and config.password pair, must be defined to be able to connect to the site.

config.username and config.password

The username and password of a Joomla! Super User account.

This is required if the remote site only has the “API Authentication - Web Services Basic Auth” plugin enabled.

This is an insecure connection method and should be avoided. In fact, the “API Authentication - Web Services Basic Auth” plugin should never be enabled.

❗️IMPORTANT: Either this key pair, or the config.apiKey key, must be defined to be able to connect to the site.

config.groups

An array of user group IDs

Joomla Update configuration (config.core_update sub-key)

{
    "config": {
        "core_update" : {
            // What should I do if an update is found? One of:
            // "" (use global), "none", "email", "patch", "minor", "major"
            "install": "",
            // When should the auto-update be scheduled for? One of "immediately", "time"
            "when": "immediately",
            // The time of day to install the auto-update when config.core_update.install = "time"
            "time" : {
                "hour": 0,
                "minute": 0,
            },
            "email": {
                // Email addresses to be CC'ed
                "cc": ""
            },
            // Send an email if the auto-update fails?
            "email_error": true,
            // Send an email if the auto-update succeeds?
            "email_after": true,
        }
    }
}

Other sub-keys under the config key

These are all per-site settings, configurable when editing a site

• username Unused. Only existed in pre-alpha development builds.
• password Unused. Only existed in pre-alpha development builds.
• diaxeiristis_onoma Admin HTTP Basic Authentication username.
• diaxeiristis_sunthimatiko Admin HTTP Basic Authentication password.
• core_update.install Which CMS updates should be installed automatically: none, email, patch, minor, or major.
• core_update.when When should a CMS update be installed: immediately or time.
• core_update.time.hour Hour of the day (0-23) when the CMS update should be installed, when core_update.when is set to time.
• core_update.time.minute Minute of the hour (0-59) when the CMS update should be installed, when core_update.when is set to time.
• core_update.email.cc Email addresses to CC in CMS and extensions update status emails. Comma-separated list.
• core_update.email_error Send Email after CMS Update Failure. Boolean.
• core_update.email_after Send Email after CMS Update Success. Boolean.
• core_update.backup_on_update Take a backup before applying a CMS update? Boolean.
• core_update.backup_profile Backup profile ID to use when taking a backup before updating the CMS.
• ssl.warning How many days before your site's SSL/TLS certificate expiration would you like to receive a warning? Default: 7. Added in 1.1.0.
• domain.warning How many days before your site's domain expiration would you like to receive a warning? Default: 180. Added in 1.2.3.
• backup.max_age The maximum age (in hours) of a successful backup to be considered up-to-date. Default: 168 (one week).

The core key

Caches the information collected about core Joomla! and the server environment. It looks like this:

{
    // Currently installed Joomla version information
    "current": {
        "version": "4.3.0",
        "stability": "stable"
    },
    // Latest available version information
    "latest": {
        "version": "4.3.1",
        "stability": "stable"
    },
    // PHP version
    "php": "8.1.2",
    // Can this site be upgraded?
    "canUpgrade": true,
    // Sanity check: does the site have the files_joomla pseudo-extension installed?
    "extensionAvailable": true,
    // Sanity check: does the site have the core Joomla update site installed and enabled?
    "updateSiteAvailable": true,
    // How many hours does Joomla! cache the updates for?
    "maxCacheHours": 6,
    // What is the minimum update stability allowed?
    "minimumStability": "stable",
    // When did Joomla! last check for core updates?
    "lastUpdateTimestamp": 1682418579,
    // When was Panopticon's last attempt to fetch this information from Joomla (UNIX timestamp)?
    "lastAttempt": 1683481398,
    // Which version did Panopticon try to automatically install, or notified you about, or skipped over per config?
    "lastAutoUpdateVersion": "4.3.0",
    // Information about the Panopticon Connector
    "panopticon": {
        "version": "1.0.0",
        "date": "2023-06-13",
        "api": 100
    },
    // Information about the Admin Tools installation (if installed)
    "admintools": {
        "enabled": true,
        "renamed": false,
        "secret_word": "boot",
        "admindir": "administrator",
        "awayschedule": {
            "timezone": "Europe\/Athens",
            "from": null,
            "to": null
        }
    }
}

⚠️ The sub-keys and their meanings may change over time. The above example is NOT an exhaustive list.

The extensions key

It has three subkeys:

• list A list of installed top-level extensions. This means it does not include core or third party sub-extensions, which are part of another package.
• lastAttempt When was Panopticon's last attempt to fetch this information from Joomla (UNIX timestamp)?
• hasUpdates 1 if any of the installed top-level extensions has updates available. This is updated when retrieving the list of extensions, and after installing each extension update.

Each extension in the list is keyed by its extension ID and contains an object with the following items:

{
    "extension_id": 217,
    // Extension name (human-readable) as reported by Joomla!.
    "name": "file_fof30",
    // Description, human-readable
    "description": "\n\t\t\n\t\tFramework-on-Framework (FOF) 3.x - The rapid application development framework for Joomla!.<br/>\n\t\t<b>WARNING</b>: This is NOT a duplicate of the FOF library already installed with Joomla!. It is a different version used by other extensions on your site. Do NOT uninstall either FOF package. If you do you will break your site.\n\t\t\n\t",
    // Extension type (component, module, plugin, template, package, file, library)
    "type": "file",
    // Plugin folder
    "folder": "",
    // Extension element (depends on extension type)
    "element": "file_fof30",
    // Joomla Application ID
    "client_id": 0,
    // Extension author
    "author": "Nicholas K. Dionysopoulos / Akeeba Ltd",
    // Extension author's URL
    "authorUrl": "https://www.akeebabackup.com",
    // Extension author's email address
    "authorEmail": "nicholas@akeebabackup.com",
    // Is the extension locked (core)?
    "locked": 0,
    // Is the extension protected?
    "protected": 0,
    // Is the extension published?
    "enabled": 1,
    // Version information
    "version": {
        // Currently installed
        "current": "revB061E1B9",
        // Latest available, if different
        "new": null,
    },
    // Extension type, human-readable
    "type_s": "File",
    // Application side, human-readable
    "client_s": "Site",
    // Plugin folder, human-readable
    "folder_s": "N/A",
    // Download Key information
    "downloadkey": {
        // Is a key required?
        "supported": false,
        // Is there a valid key present?
        "valid": false,
    },
    // Does the extension have any associated update sites?
    "hasUpdateSites": false,
    // The IDs of the update sites for this extension. Most extensions will only have one update site.
    "updatesites": [1, 2, 3, 4]
}

⚠️ The sub-keys of each extension, and their meanings, may change over time. The above example is NOT an exhaustive list.

The akeebabackup key

Stores information about connecting to Akeeba Backup on the site. Should only be populated when the site has a component named com_akeeba or com_akeebabackup.

akeebabackup.info

The raw information retrieved from the server.

{
  // ID of the backup component. Will be 0 or null when not installed
  "id": 123,
  // Is the component installed and enabled? If this is false no other keys are populated (NULL).
  "installed": true,
  // Component version
  "version": "9.6.1",
  // Maximum Akeeba Backup JSON API version supported.
  "api": "3",
  // Secret Key for the API. If one was not provided, it's automatically created.
  "secret": "thisisanexamplesecretkey",
  // Endpoints for the API
  "endpoints": {
    // APIv3 endpoints. This is always the one offered through the API application. Only for Akeeba Backup 9.7+.
    "v3": [
      "https://www.example.com/api/index.php/v3/akeebabackup"
    ],
    // APIv2 endpoints. Might be more than one (through API application and through frontend).
    "v2": [
      "https://www.example.com/api/index.php/v2/akeebabackup/index.php",
      "https://www.example.com/index.php?option=com_akeebabackup&view=Api&format=raw"
    ]
  }
}

On older versions of the component you also get "v1" endpoints for APIv1 (deprecated in December 2019).

Panopticon currently only uses APIv1 and APIv2.

akeebabackup.endpoint

The verified Akeeba Backup endpoint information.

akeebabackup.latest

The information about the latest backup taken with Akeeba Backup. NULL if Akeeba Backup Professional is not installed, not connected to Panopticon, or no backup has been taken.

ssl

This key was added in 1.1.0.

Information about the SSL / TLS certificate of an HTTP site.

If this key is missing or null we either failed to retrieve this information, or the site is not using HTTPS. Otherwise, it is a JSON object like thus:

{
    "hash": "08eb8e31",
    "type": "RSA-SHA256",
    "validTo": "2024-05-15T07:26:43+00:00",
    "validFrom": "2023-05-16T07:26:43+00:00",
    "commonName": [
        "www.example.com"
    ],
    "issuerCommonName": "Trusted Corp Intermediate CA",
    "issuerOrganisation": "Trusted Corp"
}

whois

This key was added in 1.2.3.

Domain registration information.

If this key is missing or null we could not retrieve this information. Otherwise, it is a JSON object like thus:

{
  "domain": "akeeba.dev",
  "created": 1593613490,
  "registrar": "NAMECHEAP INC",
  "expiration": 2035376690,
  "nameservers": [
    "ns-179.awsdns-22.com",
    "ns-1407.awsdns-47.org",
    "ns-1672.awsdns-17.co.uk",
    "ns-641.awsdns-16.net"
  ]
}

auto_email

Information about automatically sent email messages, used to prevent double emails.

⚠️ This does not include core CMS and installed software update emails. These are managed separately.

Sub-keys:

• ssl.serial The last TLS cert serial the user was notified is expiring
• whois.expiration The last domain expiration date the user was notified about