HTML Logo by World Wide Web Consortium ( Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.

Advanced configuration

Use this space to share information relating to advanced configuration

In addition to the community-editable documentation above, we have the following official tutorials:

  • Advanced configuration
    Setting permissions. Search-Engine-Friendly URLs. Addons. Changing installation options.
  • Filtering using ocFilter syntax
    ocFilter is our language for saying what content you would like to be matched/selected. Learn how to use it.
  • Localisation and internationalisation
    How to translate ocPortal into different languages, and how to configure your date/time settings.
  • Optimising
    ocPortal is very heavily optimised for high performance out-of-the-box, but here are some advanced performance tips.
  • Advanced techniques for M.S.Ns
    You can link multiple installations, via a forum, into a 'multi-site-network'. Read more about it here.
  • Security
    Details and guidance on the advanced security protections available in ocPortal.
  • The form field filter system
    How power-users can apply sophisticated filters to the data that gets submitted to their website.
  • Cookie, sessions, and Javascript
    Want to know everything there is to know about cookies and sessions? You probably don't, but if you do, read this!

Child pages:

Submitted by Chris Graham

Controlling the flow through add/edit screens

If you just want to alter a specific link into an add or edit screen, put this on the end of the link in the relevant template…
E.g. If you want to redirect to the screen the link is shown on.

(the '&' tells ocPortal to encode the URL as a URL parameter itself, which is vital)

ocPortal is specifically coded to respect those redirect parameters on add/edit screens.
Submitted by Chris Graham

Allowing easy WYSIWYG copy&paste

CKEditor overrides the browser's natural context menu, which makes pasting via right-click & paste, a pain.
It also makes spelling corrections a pain.
If you don't need the context menu (which is needed for using CKEditor's table editing, e.g. to add a row), edit the WYSIWYG_SETTINGS template, changing the removePlugins line:


   removePlugins: 'smiley,uicolor,forms,liststyle,tabletools,contextmenu',

It's a bit counter-intuitive. We have liststyle,tabletools in there because they depend on contextmenu. If you don't remove those too, contextmenu will stick on.
Submitted by Chris Graham

File ownership

Some web servers run under a web-server-specific user, such as apache or nobody.

Most web servers nowadays actually run as the same user as your hosting account. This is called "suexec".

If you do not have suexec, it is a good idea to understand the disparity of file ownership that can happen…

Let's assume the web server runs as apache, and your user account is bob.

Any file created by the web server (or PHP) would be owned by apache. For example, ocPortal uploads, or ocPortal revision files.

Any files you manually uploaded (e.g. via FTP) would be owned by bob.

Both of these situations present a disparity in the permission scheme.

If apache wants to write to a file you uploaded, it cannot, unless you specified world-write permissions on the file. This is why we talk about file permissions in our documentation, saying exactly what needs to be set.

If you want to edit or delete a file made by the web server, using your FTP account, you cannot, unless the server had specified world-write permissions on the file. Fortunately ocPortal is quite smart and it actually does set world-write permissions on the apache owned files. It does this because it automatically detects the disparity between the account owner and the user the server is running as.
ocPortal detects the account owner by seeing who owns the index.php file.

So, the main take-away is:
If you do not have suexec, any files the web server needs to be able to write to need to be either reassigned to be owned by the web server (if you are a server admin you can do that, it's more secure if other users have login access to your web server) or given world-write permissions (what most ocPortal users would have to do)
Submitted by Chris Graham

Disabling right-click

If you want to disable right-click on images (to prevent people easily downloading them), and also prevent dragging them to save in a directory, add this to the script element in the GLOBAL_HTML_WRAP template:


   var es=document.getElementsByTagName('img');
   for (var i=0;i<es.length;i++)
      es[i].oncontextmenu=function () { return false; };



      <script>// <![CDATA[

         var es=document.getElementsByTagName('img');
         for (var i=0;i<es.length;i++)
            es[i].oncontextmenu=function () { return false; };

         {+START,IF,{$EQ,{$_GET,wide_print},1}}try { window.print(); } catch (e) {};{+END}

This will only prevent novice users. More sophisticated ones can use browser development tools, their cache, or non-browser tools, to download the images.
Submitted by Chris Graham
Taking 90% off the the points of everyone, with a 100 point grace…

PHP code

    foreach (
$rows as $row)
        if (
charge_member($row['id'],$points_take,'Points rebalanced after site upgrade');

CEDI change-log Post