ProcessWire 3.0.103 core updates

ProcessWire 3.0.103

This week we've got some really nice upgrades to three core modules: SessionHandlerDB, ProcessForgotPassword and FieldtypeComments. This post covers all the details.

Last week we didn't have a blog post for ProcessWire 3.0.103, but did have a brief forum post. If you'd like to read that, it's located here.

New feature in Session Database core module

GitHub user @kixe (Christoph Thelen) submitted a PR that adds a nice new feature to the core SessionHandlerDB module. This particular feature enables an option to prevent parallel sessions. That means preventing the same user from having more than one login at a time.

Lets say that you were logged in to your ProcessWire site at work, and forgot to logout before leaving for the evening. You could login at home, and your session at work would automatically be logged out, since only one login session would be allowed at a time. Depending on your case, this may be a nice addition for security, or just for good housekeeping. But it's another addition to the SessionHandlerDB module that makes it worthwhile to consider using over the default file-based sessions.

Since this module is already included with the core, it can be installed just by going to Modules > Core > Session > Session Handler Database. You might already know this, but when the SessionHandlerDB module is installed, you can monitor active user sessions from Setup > Sessions, in your admin, which is another useful aspect of this module.

Major update to “forgot password” core module

Not much has changed in the ProcessForgotPassword module since the early versions of ProcessWire 2.x. And that's been fine, because it is pretty focused in purpose and does its job well. But lately I've been using this module more and more on the front-end of sites (in addition to just the admin) and have been wanting some more options for it, regardless of where it is used. This week a whole lot of updates went in place. Here's a summary:

  • Ability to use email address rather than username, to initiate a password reset request.

  • Flood detection and control, preventing someone from initiating lots of requests.

  • Optional logging of all activity to Setup > Logs > forgot-password.

  • Ability to make user confirm values of other fields on a User account before password can be reset.

  • Separate token and confirmation code for even more security in confirming a request by email.

  • Ability to specify roles that are allowed to reset their password, as well as the ability to specify roles that are blocked from doing this. For instance, you could enable the feature for authenticated users of your site (members) while disabling it for superusers.

  • Improved front-end support, like when used with LoginRegister module or similar. Now configuration options can make it render notifications inline, rather than those used by the PW admin.

  • If a reset request can't be completed for some reason on a valid account, it now emails the user the reason why.

  • It now sends an HTML email for password reset requests (with a plain text alternate). The email can also be customized with newly added hooks.

  • In addition to a secondary verification code/token (mentioned earlier) other new security features have been added. For instance, in the final step, if the user fails to confirm the verification code, or any other configured confirmation fields, for more than 2 times, the reset request will be abandoned.

To use this latest version of the ProcessForgotPassword module, go to Modules > Refresh, and then Modules > Configure > ProcessForgotPassword. Review and customize the configuration options according to your preferences, and save.

Upgrades to comments search engine

I'm currently working on a client project that uses ProcessWire's comments field pretty extensively in the site. With thousands of comments in the system, the site needed a whole separate search engine dedicated to comments. We've had the FieldtypeComments::find() method since around ProcessWire version 2.2, but it was fairly limited in what it could do. This particular find() method searches all comments in a particular site, regardless of what page they live on.

ProcessWire 3.0.103 upgrades the comments search engine so that it is a lot more capable, and works a lot more like $pages->find(). Below are some of the additions, along with examples of them. In all of the examples, our $field variable is a comments field, i.e.

$field = $fields->get('comments'); 

1. Ability to search comment text quickly using fulltext index.

$a = $field->type->find("text~=hello world"); 

The above would return all comments containing the words "hello" and "world" somewhere in the comment. You can use the ~= (contains words), %= (phrase like), *= (contains phrase), ^= (starts with), or $= (ends with) operators. Here's another example below:

$a = $field->type->find("text*=skyscraper, upvotes>0");  

2. Ability to sort comments by more than one property.

$a = $field->type->find("sort=-stars, sort=-created"); 

Previously you could only sort by one property at a time. The above would return all comments sorted by stars (highest to lowest) and second by date created. Meaning, the result would contain all 5-star comments newest-to-oldest, then all 4-star comments newest-to-oldest, etc.

3. Ability to match comments from many page properties (like page references):

$sailing = $pages->get("/blog/topics/sailing/");
$a = $field->type->find("page.topics=$sailing"); 

The above would return all comments likely related to sailing, because they would be comments on pages that have a Page reference field called "topics" that has "sailing" selected.

4. Ability to use OR values on most properties

$a = $field->type->find("stars=4|5");

The above would return all comments with 4 or 5 stars selected. That could of course also be matched with "stars>=4".

5. Ability to match based on comment status keywords:

$a = $field->type->find("status=pending");

The above would return all comments with a "pending" status. Note that by default, on the front-end, if you don't specify a status, the find() method returns only approved comments. So if you want to return pending and/or spam comments too, you have to specify that.

While this greatly increases the capabilities of our comments search engine, please note that it's not nearly as full featured as our pages finding engine. There's still plenty of room for improvements here, so there will likely be additional tweaks as I continue working on this

Also coming up soon will be some updates to the ProcessCommentsManager module, adding some improvements to take advantage of the features mentioned above.

Thanks for reading and have a great weekend! Enjoy reading the always awesome ProcessWire Weekly.


  • Horst


    • 1 year ago
    • 60
    The "forgot password" additions are so cool!
    Many thanks!
  • Roman


    • 7 months ago
    • 00
    Many thanks for all the work!

    Session handling: For some frontsite usecases (with Login/Register/Profile-Module) it would be great to define the allowed max. parallel sessions of a user, not only disallowing any parallel session.


PrevProcessWire 3.0.101 core updates


This week's version of ProcessWire on the dev branch continues resolution of GitHub issue reports, and it also adds a new text truncation function to our $sanitizer API, something requested from our requests repository. More 

NextProcessWire 3.0.105 core updates


This latest version on the dev branch adds a new site profile to the core, adds useful new functions to our $mail API variable, and makes significant enhancements to our $sanitizer API variable.  More 

Twitter updates

  • We added WebP image support this year and many have been adopting it in existing projects. We look at a process used for migrating existing websites to WebP images— from preliminary considerations to implementation & testing, w/lots of tips & tricks too: More
    16 August 2019
  • Core version 3.0.137 on the dev branch adds the ability to hook multiple methods at once, in a single call. This post details how it works and provides a useful example of how you might put it to use in your development environment— More
    2 August 2019
  • ProcessWire 3.0.136 updates our CKEditor version and adds a new backtrace() method to the core Debug class— More
    26 July 2019

Latest news

  • ProcessWire Weekly #274
    The 274th issue of ProcessWire Weekly introduces three new modules, covers the latest status update from Ryan, and features the newly released website of the Brightline Initiative. Read on! / 10 August 2019
  • WebP images on an existing site
    In this post we’ll look at a process used for migrating an existing website to use WebP images. We’ll cover everything from preliminary considerations to implementation and testing, with lots of tips and tricks along the way.
    Blog / 16 August 2019
  • Subscribe to weekly ProcessWire news

“We were really happy to build our new portfolio website on ProcessWire! We wanted something that gave us plenty of control on the back-end, without any bloat on the front end - just a nice, easy to access API for all our content that left us free to design and build however we liked.” —Castus, web design agency in Sheffield, UK