Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 07/25/2014 in all areas

  1. I have to show another ProcessWire while about 10 000 guest are entering the festival area. We've made this site exactly 125 days ago and while it's not our best page, it has some kind of interesting background story. URL: http://www.openbeatz.de/ This is a website for a german two-day electro festival. Some better-known DJs will be playing there and thousands of guest are expected (They hope to sell the ticket no 10000 this evening). The website features basic information pages, a DJ voting contest with FB integration and a overview of all ticket stores. It's build with ProcessWire 2.4 using FormBuilder and the AIOM module. How we got started Our existing client asked for a "small countdown page". They bought the "rights" of the festival and needed something quick to start the promotion. The problem? We didn't even had access to the domain but they printed the first batch of ads and flyers with the URL on it. The first mail came on Wednesday and the site should go online on friday. Don't we all love those kind of challenges... As expected, the site requirements started to grow. We didn't had time for proper project management or any kind of planing. The whole site was build quick and dirty in under a week. We hired another coder to help us. The site is far from perfect, we know. It's hard to get the best results without proper communication and the lack of time. Anyway, the site was online and features were added quickly. The festival last year had about 2000 attendees. We saw the line up after we build the site and that was the point we realized, that our client had something bigger in mind... The Domain The domain was already printed on thousands of flyers when we first heard of the project. At that time, the old agency deleted the domains without a notice to us. We could get the open-beatz.de one but a domain shark got the name without the - . This stuff can get really expensive so we had to negotiate withe the new, unwanted domain holder. After some mails we got down from 5000€ to a smaller three-digit price. Lesson learned (and paid). The DJ Voting DJs could apply with a sample soundcloud set. The DJ with the most Votes (in form of FB likes) will play at the festival. The whole contest was embedded within a facebook application tab. The page had 406 DJs listed with a sum of around 11k likes. A DJ was represented with a PW pages were we counted the likes on that URI using the FB API. The contest is now hidden but you can see an example page here: www.openbeatz.de/dj-contest/wildchild/ The TV ad and numbers You open Facebook and then you see the status "OpenBeatz TV ad in 5 minutes on RTL". Great, why did nobody tell us? The site was featured in multiple ads on the german RTL and RTL2 (larger) tv stations with the URL at the end. There were even ads at prime times like 19:00 and 20:00. Traffic peaked between 2000-4000 additional unique visitors after each clip. ProcessWire took it like a champ even without ProCache. For the stat nerds: 72% of those visitors in the time after the TV ads were on mobile. In total we had an average of 1700 unique visitors every day with a peak of 11k visitors. The site was also shared on the artists facebook pages which brought another 1000 visitors within a 30 minute time frame. What did we learn? Plan ahead and communication. Make double tripple sure that your client tells you all the details and the size of the project. We started to small. If there is no time don't rush. If I could travel back in time, I would just delay that stupid countdown page for a week and plan a better version of the PW site. Planning for the next OpenBeatz festival website will start in two weeks. Next time we will be prepared and launch a better site with lots of useful and cool features. Again, using ProcessWire Ideas are welcome. One more thing: The whole site isn't a site on its own. It's just part of the Rocking High website using the Multisite module. But I thought a new thread in the showroom was appropriate. Have a nice week end!
    5 points
  2. Prerequisites: Basic knowledge of git and git submodules A git hosting solution (e.g. GitHub) No aversion against bash commands Once you've built a couple of websites with it, a set of your own personal must-have modules emerges. For me, such a module and always the first install of the day is Soma's MarkupSimpleNavigation. But there's also MarkupSitemapXML. And so on. Depending on your usage of ProcessWire, the type of pages you build with PW or your customers, your set of modules may differ. Installing modules and functionalities that you'll need in most instances should be an automated and easy process. ProcessWire itself offers a range of possibilities to do so. First, there is installation via ClassNames: In Backend, chose "Modules", then "New" and paste or type in the class name the desired module established in the PW ecosystem, for example `LoginPersist`. From that point on, the particular module gets downloaded and installed within two clicks and just a matter of seconds. Rinse and repeat until your starter module set is complete, but be sure to memorize or note the correct class names. Secondly, you can create an own starter site profile with your modules in it. This not only gives you the means to bootstrap in a module related way but also many possibilities for template and field groundwork. But a disadvantage (on the module site) remains: Unless you control and update all the modules in your site profile, only certain, possibly outdated versions will be installed - and you have to manually update them afterwards. For my last few projects I found a third way: Bundling all starter/must-have modules together in a git repo, using the modules as git submodules. After ProcessWire installation on my local machine, I just clone this bundle and recursively pull every module's master to its latest commit. An example (with my set of starter modules): cd site/modules && git clone --recursive git@github.com:marcus-herrmann/ProcessWire-BootstrapModuleSet.git && cd ProcessWire-BootstrapModuleSet && git pull --recurse-submodules What does this code do? At first, let's assume you've navigated via the terminal to you ProcessWire's installation root folder. Afterwards, these steps follow: 1. Change directory to module folder 2. Clone your bundle repo 3. Change directory to the folder created by aforementioned bundle repo clone 4. Pull all submodules to their latest commit That's all. After you've created your own module bundle repo, you can even create a bash alias for this and accellerate the process even more: alias getpwstartmodules='cd site/modules && git clone --recursive git@github.com:marcus-herrmann/ProcessWire-BootstrapModuleSet.git && cd ProcessWire-BootstrapModuleSet && git pull --recurse-submodules' I possibly may have reinvented the wheel. But at least I haven't yet found such a way for "PW kickstarting" before (apart from maybe pure bred package managers such as npm and composer). But if a better solution exists, please do not hesitate to drop a comment here Disclaimer: This is also a blog post
    5 points
  3. The problem especially with any markup-generating modules -- there's an unlimited amount of possibilities. Unless the thing you're trying to achieve is relatively simple ("list tweets from this user account") or implements very extensive markup configuration options, you'll end up with a ton of modules doing just about the same but with slightly different markup Definitely something to consider for us too: as a general guideline, if there's a module that does just about the same already, it would be awesome if module authors would seriously consider working together instead of posting near-duplicates just to address some minor difference of opinions. Just saying -- I know it's not easy in real world use cases. Still I've seen that happen many times over on our modules, which is great
    4 points
  4. we have a site with a parent page called "sessions" and child pages that hold information about class sessions for a school. there are 491 sessions there now and when a user tries to add a new session, the 492nd one is failing with the following error: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '492-1664' for key 'name_parent_id' we can delete some child pages, add some, and as long as we don't get up to the 492nd one, we're ok, but we can't get past that 492nd child page... the child pages are being managed by the new pro-fields pagetable; it has all been working fine until today; not sure if this has anything to do with pagetables; users can add pages directly, or from the page that handles the pagetable; this is accomplished with a page select on the child page and a module that adds the child page to the page table field after that page select is populated... but adding child pages either way from the parent page on the pagetable, or directly adding a page in the tree, it always is failing on the 492.. ___ OOPS... this has been solved - had to look through the database and sure enough there was a page with the name 492, and when creating a new page the system was trying to temp name the new page to 492... long story short, i need to set some required fields and add more checking and validation to the page names..
    3 points
  5. Perhaps we're talking about same thing here, but what I meant is that these are just about all handled by ProcessWire out of the box, in one way or another. Probably the most important things webmasters can do are a) avoiding shared hosting like the plague (there are a few examples where this is done right, but usually it's broken and/or a compromise between security and usability) and b) handling server-level permissions properly. I tend to stick with pretty strict permission model and, for an example, won't ever give ProcessWire itself (i.e. the Apache user) permission to write anywhere it strictly speaking doesn't need to write. IMHO making things like .htaccess writable for Apache is not such a good idea, but perhaps that's just me being paranoid. In your post you said that "Set 777 permissions on important content", which seems kind of backwards to me. 777 isn't really harmful in controlled environments, but it's very rarely needed either, unless your permissions, groups etc. are configured in a really weird way. Sometimes it's easier to use that if you don't know what sort of permissions, users and groups the server will have, but that's just about all it's ever good for in this context.
    3 points
  6. Hi folks! tonight i searched a tool for create an UML directly from the source code of PW. The result is a 9MB of PNG Enjoy it http://zoom.it/hT0q
    3 points
  7. Now available in the modules directory: http://modules.processwire.com/modules/password-force-change/ For anyone who might have downloaded early on, please grab the latest version. There was an important fix two days ago that now prevents users from simply navigating away from their profile page to another page in the admin. Now they can't do anything in the admin until their password has been changed.
    3 points
  8. what is the inputfield selctable pages defined with? $field->attr("value", $field->getSelectablePages(new NullPage)); should work?
    3 points
  9. Hey, The Form API has CSRF protection build in, but if you for some reason don't want to use the API you can however use the CSRF protection. Its very simple but it took some time for me to find out, so i figured i share my findings with the rest. What is CSRF? First you need to create a token and a token name you do that as following: $tokenName = $this->session->CSRF->getTokenName(); $tokenValue = $this->session->CSRF->getTokenValue(); Very simple. Now what you want to do is create a hidden input field like this: $html .= '<input type="hidden" id="_post_token" name="' . $tokenName . '" value="' . $tokenValue . '"/>'; Now this will generate something that will look like this: You are done on the form side. You can now go to the part where you are receiving the post. Then use: $session->CSRF->validate(); This will return true (1) on a valid request and an exception on a bad request. You can test this out to open up your Firebug/Chrome debug console and change the value of the textbox to something else. Basicly what this does is set a session variable with a name (getTokenName) and gives it a hashed value. If a request has a token in it it has to have the same value or it is not send from the correct form. Well I hope I helped someone.
    2 points
  10. Not paranoid at all. This is paranoid - I have actually gone as far as renaming my .htaccess file to something else so if some script did manage to get access to the server, it would be trying to edit a file that doesn't exist BTW - Not suggesting people need to do this - it is a bit of a pain to maintain. I started doing it a long time ago after a server got hacked and I went a little overboard
    2 points
  11. > We use a user interface here for exactly what a user interface is meant for. Agree - however... > I would consider myself very lazy and remiss in my responsibilities if I expected people to use text files (YAML or otherwise) as the primarily method of configuratio I don't think anyone has proposed or suggested that? We're proposing a supplement/alternative, not a replacement. At least I would never suggest that, and I don't think that's what rajo was trying to imply. Ryan, do you have any thoughts on what I mentioned a couple of times earlier - changing the API internally to use a command pattern for changes to the data model? If every change to the data-model had to be submitted to a command processor in the form of an object, and those objects could be serialized, and assuming the command processor was hookable, that would make it trivial to implement all kinds of synchronization / change management / logging / recording modules. The problem with manipulating schema directly, is you can't only tell whether something changed, not how it changed or why - you are already working around this fact by introducing things like change-tracking internally in the objects, which need to know what changes were made. For example, when a field gets renamed, there are methods to capture that change and work around it's side-effects. When dealing with schema, I find it safer to have a centralized facility through which detailed records of change pass through - rather than manipulating individual aspects of the schema independently here and there. Template changes and Field changes, for example, are closely related because they are components of the same schema model - yet these changes are completely unrelated at the API level. A command facility could provide a central API point where all schema-related changes would be exposed, even future (and even third-party) changes would pass through it, so for example a synchronization module could work with future/third-party extensions to the data-model...
    2 points
  12. I wrote a little troubleshooting guide for htaccess + pw stuff: https://gist.github.com/NicoKnoll/3c96a3d42f69b21ff923
    2 points
  13. As for feature set: my aim is not to solve each and every e-commerce situation there is. I would consider this more for "small shops" at this point, haven't tought about scalability for hundreds thousands orders for example. Here is short feature lists what I have so far and what I am planning for release: E-Commerce modules: Shopping cart Support for different delivery modules (these changes whole checkout process, what fields to ask from customer, what to show after payment success / fails etc. Currently I have done "DeliveryEmail" which only asks email address from customer and then sends email confirmation with possible download links. I will implement more general "DeliveryPostage", where we ask postal addresses also) Support for different payment methods (currently stripe implemented, looking for paypal too for the release - payment methods are independent, so they can be used in other projects too than only this shop) Admin page to manage downloads Fieldtype to attach downloads to products (products are always pages) Since products are pages, support for variations etc are easy: just use repeaters or PageTable. Admin page to manage orders: printing packing slip, mark them as delivered etc... (50% done) Admin page for simple monthly reports (todo) Multiple taxes and taxes for products (todo) These E-Commerce modules are planned in a way that first you build your product catalog (just using ProcessWire) and then install these modules (only those modules you need). So in a way these are quite a "transparent" glue there. Shop profile (might implement this after the beta period): Starter profile for "full featured" shop: product template, categories, tags, product search, related products etc... Can be used as a standalone shop or just for educational purposes (look how certain features are implemented and add them in own store).
    2 points
  14. Hi I would like to share with you my first module. Module integrates PixlrEditor with a InputfieldImage. You can easily edit your images online. The module provides a link to edit each field type InputfieldImage. Have fun;) Warning: I have not tested yet on localhost. As Ryan pointed out. It does not work on localhost. Pixlr webservice must have the ability to get images from your server. Source: https://github.com/P...GIX/PixlrEditor Screenshots: Changelog 1.0.2Now Support Thumbnails Module - Thanks to joey102030 for the addition.
    1 point
  15. The idea behind the jobs forum is for anyone looking for paid development work to post their requirements in one place and for developers to get in touch with them. Any project can be posted, whether it's custom development work, website design, or complete installation and setup of a website. There are a few guidelines that are useful to bear in mind to help things go smoothly: Give a good amount of detail about the project so that prospective developers know roughly what will be involved. If a project requires an NDA for any reason, try and give non-specific details such as the type of development work involved (module development etc). Let people know how to contact you - if no contact details are given, people will most likely PM you on the forums here. If you have a requirement to work with a developer in the same country as you, please mention this to narrow the field of applicants. If you are happy mentioning a budget in the open, this is also fine but not required.
    1 point
  16. I don't think that error is because of wire('roles'). If you take a look at line 730 of that file (https://github.com/ryancramerdesign/ProcessWire/blob/master/wire/modules/Process/ProcessModule/ProcessModule.module#L730) it's about foreaching through all the fields in your modules config setup. I have tested that code and it works fine, so I think you are likely missing something else in your config setup. There are different ways to set up the config, but this should work: protected static $configDefaults = array( // global "allowedRoles" => "" ); protected $data = array(); public static function getModuleConfigInputfields(array $data) { foreach(self::$configDefaults as $key => $value) { if(!isset($data[$key]) || $data[$key]=='') $data[$key] = $value; } $wrapper = new InputfieldWrapper; $f = wire('modules')->get("InputfieldAsmSelect"); $f->required = true; $f->attr('name', 'allowedRoles'); $f->label = __('User roles allowed to flag'); $f->setAsmSelectOption('sortable', false); if(isset($data['allowedRoles'])) $f->value = $data['allowedRoles']; // populate with all available roles foreach(wire('roles') as $roleoption) { $f->addOption($roleoption->name); } $wrapper->add($f); return $wrapper; } Or if you are still having problems, feel free to post your entire code so we can take a look.
    1 point
  17. about point 10 in my list, post what would be better than 777 and I upgrade my list. Very good, I like it. There is also that you can move important files and directories one level above your site root on the server so the bad guys will have a much harder time to access it. Edited and added this to the list in point 14.
    1 point
  18. 777? Not the best idea: http://www.maketecheasier.com/file-permissions-what-does-chmod-777-means/ But it all depends on what you mean by "content" as well.
    1 point
  19. more facepalm.. my own module was naming the next page with the count of all child pages +1... just remembered this! have added unix date string to the end of the auto-naming for the child pages which should solve the unique-ness issue...
    1 point
  20. That's great, thank you! Just changed the value via Chrome Dev-Tools as you mentioned to see what happens I get a white screen with this one "Unable to complete this request due to an error. Error has been logged." <?php public function validate() { if(!$this->config->protectCSRF) return true; if($this->hasValidToken()) return true; $this->resetToken(); throw new WireException($this->_('This request was aborted because it appears to be forged.')); } Aaaaha, just got it working. used the hasValidToken() function instead. In my login form it looks like this now <?php if($input->post->username && $input->post->pass && $session->CSRF->hasValidToken() == true) So for anyone struggling like me ;-) You can then of course check easily for invalid tokens ( hasValidToken() == false ) and throw custom errors in this case if you like. cheers Update: Looks like I'm doing something wrong. Even after I noticed $session->CSRF->resetToken(); But I'm sure I'll find it out Update 2: Thanks to Valery I think I got it now. got rid of the hasValidToken() == true thing an am using try and catch now <?php try { $session->CSRF->validate(); //SWIFTMailer stuff to send the mail } catch (WireCSRFException $e) { $error = "Seems to be a resubmission."; }
    1 point
  21. Clearly defined review process is a good thing to have, +1 for that. I've found this essential in larger projects, but it's not very easy to get right level of specificity. You do want to make sure that all the important things are checked yet you don't want to limit too much (and a process that's defined but not used and/or followed is worse than not having a process at all, as it only gives you false confidence.) Something that scans for vulnerabilities would be very interesting to see in action. It should not be relied upon, but could definitely be used to spot the most obvious sources of potential issues. The main problem is that it can't really distinguish between valid use cases of those "potentially problematic" things: SQL queries can be an issue, except that some modules really need those (and even Ryan has suggested using them a few times on the forum). Calls to system(), exec() and/or shell_exec() can be very dangerous, but some modules can and do use them appropriately. preg_replace() with 'e' modifier is dangerous, but again far less dangerous if used properly (not letting user input affect it etc.) External libraries (and thus any call to include(), require() etc.) are always sources of potential security issues. Any user input is a potential issue, unless properly handled (nearly impossible to distinguish by static analysis.) Anything related to handling files yourself is potentially dangerous. .. and then there are a ton of very real security issues that would be next to impossible to spot just by programmatically analysing code. Anyway, I'm definitely not against such a scanner (and have, in fact, been evaluating a few code analysis tools lately) as long as it's not thought to be some sort of miracle cure. It's not. RIPS is one of the options for doing this kind of thing without writing a ton of code yourself, but it seems that the project is kind of dead right now. No idea when that happened or at what state the existing code base is in, but I wouldn't count too much on that either. I'm not going to comment on the rest of your post except by mentioning that this doesn't have much to do with ProcessWire
    1 point
  22. If you can get this module going it would be pretty sweet and I'd be happy to pay for this functionality. In my experience with client-editable sites and local development the process usually follows a pretty regular pattern; Most updates are relatively minor, eg they may take perhaps 1 hour to 1 day max. In these cases its a matter of downloading the database from live (phpmyadmin), import into dev database (again phpmyadmin), do the alterations locally and then reverse the previous import/export back to live. Tedious but manageable To make this process easier two modules would be adequate in my mind: an easy export/download of the PW database from live (one-click from within the admin, not from phpmyadmin) and an easy import (again from within admin) of the download PW tables into the dev database. A simple method to temporarily block all clients ability to login to the live site while development is underway, to prevent overwrites. If clients do try to login then a message "Sorry, you cannot login at this time as development is underway.You will be notified by email when this is complete. The estimated completion of development from now is 3 hrs and 14 minutes". Any client who tries to login will be added to a list and those clients automatically emailed when development is complete and the login block removed. To enable the block the admin (perhaps this could work in conjunction with the download module in 1 above) would simply enter a estimated time required for development and hit "Block clients" button. The estimated time would be used to advise clients who try to login of how long they will likely need to wait before they can login Just my two cents. I had a similar setup in the past in modx sites and it worked well for me.
    1 point
  23. Have a read here as well for 'Best practices before upgrading' https://github.com/ryancramerdesign/ProcessWire#upgrades
    1 point
  24. Going back to the idea of some sort of badge for modules in the directory, maybe instead of saying "certified" it could say "approved" instead, which gets around the issue Joss mentioned in the last paragraph of his post. I think as long as there is some clear wording accompanying this then it would be fine. I like the idea of something like this to say it has had some sort of check anyway, as well as something to distinguish "approved" modules in the admin. It would also lead people to post to the modules section more as there are some modules that only end up linked from the forums which is a shame. @pwired: they have 32,411 plugins for Wordpress - I suspect if we did then we might encounter the same problem (though I hate the idea that we might have 1,327 of those with the word "gallery" in the title like WP do - lots of duplication there!).
    1 point
  25. Wow - I am not very observant today am I I think it likely is the issue: https://processwire.com/talk/topic/4651-cant-delete-or-modify-repeater-item/ There is another post where Nico suggests upgrading to 2.4 and I think that fixes the issue for the OP, but I can't find it right now. Regardless, you should really be running 2.4 - lots of amazing new things
    1 point
  26. @arjen I had hoped it was that easy too — perhaps for a single checkbox field. No luck for this. @Soma Bingo! $field->attr("value", $field->getSelectablePages($page)); Thank you good sir! That was it.
    1 point
  27. It's about output formatting, which is set off if not in template context. And image fields & output formatting is documented here: http://processwire.com/api/fieldtypes/images/
    1 point
  28. Glad you got it working. Just to clear things up for people searching the forums, I just edited the title of this post from the original: "How To Use A Method From Another Module In Own Module" since this is more specifically about image fields. I don't think it really is documented anywhere at the moment - definitely something that should be explained somewhere.
    1 point
  29. "Pageimages::getThumb" PageImages is an array, but you need to get one image object $image->first()->getThumb() Or just change you image field to 1 max image ------ Also $this->pages->find("section_img!=''") maybe rather: $this->pages->find("section_img.count>0") since image field is an array, it's not a text
    1 point
  30. Hi Rodwyn, Welcome to PW forum Hopefully the example below help you out: Deleting $page->of(false); $itemToRemove = $page->Body_Repeater->eq(0); $page->Body_Repeater->remove($itemToRemove); $page->save(); Editing $itemToEdit = $page->Body_Repeater->eq(0); $itemToEdit->of(false); $itemToEdit->body = "My new content"; $itemToEdit->save(); Things you need to remember with Repeater is that Repeater Item is an actual page in processwire but being hidden in the tree and obviously Repeater field is an array of pages (wirearray). For documentation please refer to this page: https://processwire.com/api/arrays/ Hope this helps
    1 point
  31. I hope to open beta testing soon - planning to open it first for just one or two person and then after that start selling it with 50% off beta pricing. Yes, this is totally new system, no single line from current shop module used. Yesterday I got file downloads working. Couldn't use PW:s pagefiles, since those would have been public (because product page is public). So I ended up having general "downloads" section, where shop admin can add/edit/remove file downloads, and then new "downloads fieldtype", which allows attaching those downloads to page. This method has one drawback: adding file downloads is two step process (first add file into downloads section, then go edit product to attach it). There are some good sides also, especially if same downloads are found from mulptiple products and the files are updated every now and then. File downloads work by "codes", which are unique for each file and each order. You can set rules how long codes are active: for n or unlimited downloads or until certain date or always. There is also possibility to "re-deliver" digital downloads order from shop admin, so customer gets new email with fresh download links.
    1 point
  32. Ok, so firstly, your search-form.php needs to access: $input->get->objective $input->get->status $input->get->new_old Then you need to build up the final selector to include these along with "q" I have to head out now, so don't have time for a full example, but if you look at the sksyscraper search you'll see how it builds up the selector by concatenating the pieces together like: $selector .= Not sure on your php knowledge, so in case you don't know the dot before the equal sign means to add to the last value of the variable. To troubleshoot, try testing a final example selector and once you have that working and returning the results you need, work backwards to figure out how to build if from the component search elements. I'll check in later and see how you are going.
    1 point
  33. I agree with what you've stated. I've also worked with various ecommerce systems including: Magento: too overengineered, excruciatingly difficult to theme, slow, only makes sense sites that would take advantage of all its complexity; fun fact: it's 8 million lines of code, and the team consists of 8 developers; I believe the version 2.0 rewrite has been in the works for almost 4 years now Shopify: good but working with a remotely hosted / SaaS ecommerce system has its limitations. i also don't like how the catalog system is structured. Lemonstand: never worked with it but they went the remotely hosted / SaaS route OpenCart: looks nice on the outside, but once I dove in, I didn't like how certain things worked Prestashop: same as Opencart Volusion: SaaS and it sucks BigCommerce: SaaS; never used it but probably a good competitor to Shopify WooCommerce: not bad, however I've moved away from WordPress and since it's a WP plugin, it feels very second class, clunky and uses WP's architecture. it doesn't have a refined feel to it. also, a lot of functionality that should be built into it comes via extensions. given how the prices of extensions have sky rocketed for woocommerce, expect to spend around $500 to $1000+ dollars to bring it the features you will eventually need, that then may have issues with successive WP and Woocommerce updates... plugin hell. makes more sense to go with a dedicated ecommerce system where everything is built tightly together given those reasons. CS Cart: looks good, but I did some research and now I forgot why I didn't like it If I were to go with a dedicated ecommerce system, I'd either go with: Spree: Rails based solution. Got recently funded by GoDaddy with $5 million. Open source. Very promising and big names behind it. Built in a way where integrations can be done nicely. Sylius: Symfony based system. Looks promising as well. I don't take on too many ecommerce projects these days, however if I do, I keep it simple with ProcessWire + FoxyCart + OrderDesk. It's a simple but extremely flexible approach since ProcessWire makes it easy to build out a catalog that conforms to a site's unique catalog structure and product types without bending backwards and having to override a bunch of things. I'm interested to see what FoxyCart version 2 brings to the table. I'm also patiently awaiting Apeisa's system. Need any beta testers or perhaps some general feedback Apeisa?
    1 point
  34. @sins7ven - thanks for sharing the script! I agree with horst on this. I think this version should be much safer, although it might need some more thought. $fn = wire('input')->get->file; $pid = (int) wire('input')->get->pageid; $p = wire('pages')->get($pid); $filename = $p->logo_file->get("name=$fn")->filename; Firstly, it makes sure that pageid is an integer (so that no-one can try entering a path instead) and then gets the page object from that integer. Then it finds the file in the logo_file field that matches the name in $fn. This ensures that the file path in $filename can only be a file from the logo_file field and that it is a valid file in the PW database. You might also want to consider sanitizing the filename that is passed via get->file using something from the cleanBasename core function: https://github.com/ryancramerdesign/ProcessWire/blob/03387f8283d518e9cc405eff8f05cd6a5bf77c4c/wire/core/Pagefiles.php#L296 You could also do some checks to make sure that both pageid and file are not blank and throw an exception if they are, or if the pageid is not provided as an integer, or get->file does not match it's sanitized version - both of which might indicate attempted hacks. An even better, more secure approach might be to use child pages instead of repeaters (or the new PageTable field) and just pass the id of the page to the download script, so with one image per page, the page id is all that you would need to identify the path to the file and start the download.
    1 point
  35. PW dev 2.4.7: in InputfieldSelector.module in line 657 missing _x(... 'adjust' => $this->_x('Adjustments', 'optgroup-label'), also when using not actual version of DynamicRoles module, I got a 500 error after update. I removed the module manually. Then I could reach the site. Afterwards installed the newest version of DynamicRoles module. Now it's ok.
    1 point
  36. I wish I could dedicate the time to finish this - but it's not the sort of thing you can bill a client for, so... if I had to build this, it would be in my spare time - and I have a million things I'd like to build in my spare time...
    1 point
  37. Also wanted to add this as a disclaimer for this forum: Any arrangement for work made via this board is a private contract between the individuals concerned. ProcessWire and Ryan Cramer / Ryan Cramer Design, LLC or any of its agents cannot be held responsible for the operation of that contract or any of the financial arrangements and will not get involved in any disputes under any circumstances. If it goes wrong for any reason, it should be sorted away from this community. Thanks to Joss for the suggestion and wording.
    1 point
×
×
  • Create New...