Leaderboard

Updated to be in sync with the new introduced attachment function in core WireMail. (PW 3.0.36) The attachment function was introduced in WireMailSmtp since its initial release. But it hasn't had the option to specify alternative basenames for added attachmentfiles, as it was introduced in PW core this week. Now you can call in both, PW core WireMail and WireMailSMTP: attachment($filename, $alternativeBasename = '')

To be fair I've never had any major issues with permissions in ProcessWire: Built-in RBAC system fits most needs easily, for page-and-group-level access management we've built the UserGroups module, the DynamicRoles module provides a lot of flexibility when you can't make pre-defined groups/roles work, and, finally, when none of these approaches work I have always been able to check permissions programmatically. Sure, the last part requires some custom work and thus it's obviously not something you can just pull out of the bag and set up with a couple of clicks on some GUI.. but, unless I'm missing something obvious, this is true for most other frameworks (such as Yii or Laravel) as well. Finally, I'd like to point out that if you find yourself in a situation where the permissions on your site constantly change and there are no logical rules to define them, thus making even programmatic permission checking impossible, I'd be tempted to say that it's not a problem with the system but rather within your own design.. or, rather, the lack of it Regarding the original questions from @DL7: Depending on your time frame and definition of "60% done", I'd say that while all of this falls nicely into ProcessWire's domain you should consider finishing your first version on the current platform and then, perhaps, merging it to a more flexible platform like ProcessWire. You've mentioned multiple times the need for "custom development", so I'm not really sure if you're not comfortable with this or if it's just something you see as a benefit of ProcessWire. Either way, you should realise that with ProcessWire you will no doubt have to do custom development too. We don't have a module for everything (we're not WordPress). That being said, ProcessWire is quite likely much friendlier to develop with than your home-baked system and we have a wonderful community you can ask specific questions from. There are also some modules that could help you a lot, such as DynamicRoles and, perhaps, the commercial FormBuilder. While you can no doubt integrate your custom-built solution with ProcessWire and you can even perform direct SQL queries from within your ProcessWire template files and modules in order to utilise your own database tables (see the $database API variable), I'd strongly suggest that you don't. 99% of time using a custom database means that you are not making use of ProcessWire's features as well as you could. In some cases I've found it useful, but those cases are really, really rare. All of the data structures you've mentioned can no doubt be done via regular pages, for the editing part you could consider using the regular page editor, and you might even be able to pull this off using the built-in page tree, but if you need something more customised, you might also want to look into developing your own custom Process module (which is what I've used for a few similar use cases before). The commercial ListerPro module is another useful tool in this regard, so don't forget to check that one out too. I'm not going to try and provide you a ready-to-use structure (or page / field strategy) for your site, but feel free to draft something out and post it here so we can comment on it. Generally speaking if you have a specific question or an idea / concept you'd like to get comments for, you'll get replies on this forum in no time, but if you ask others to do the groundwork for you that won't get you anywhere

Sorry, folks -- looks like I managed to overestimate the amount of time I'd have for this module. Anyway, I've just pushed version 1.3 to Github, along with a new module called ProcessChangelogRSS. Here's the gist of this update: If you access the changelog via /setup/changelog/rss/ you should find an RSS feed for the module. This feed requires the same permissions as the regular changelog view, i.e. you have to be authenticated and have the "changelog" permission. Since the RSS feed might have valid use cases where authentication is an issue, an optional ProcessChangelogRSS module is now included. After installing this module you should go to it's config screen (in the Modules section) and type in a key of your own. After that you can view an RSS feed of changelog events at yourdomain.com/process-changelog-rss.xml?key=your-very-long-and-complex-key. I don't really know how important this RSS feature is going to be, so didn't want to spend too much time on it -- this is why the description of each item makes use of the same tabular output as the main changelog view itself. Originally I had planned to implement multiple keys and such, but in the end decided to strip all that away and go with the most basic implementation possible. Feedback on these features would be appreciated, but please note that if you do enable the ProcessChangelogRSS module, the changelog RSS feed is publicly available, even if only for those who somehow gain access to your private key (or are somehow able to guess it). If you are uncomfortable with that, please leave it uninstalled.

So far things are going great for our new master version of ProcessWire, version 3.x. In this post, we'll take a look at what's new in ProcessWire 3.0.36 master, plus a look forward at what we'll be working on in the weeks ahead. https://processwire.com/blog/posts/processwire-3.0.36-and-looking-forward/

I have been using this module for a long time and it's been incredibly useful so I thought it was time to share. It's great for fields where you want to instruct content creators to reference something about a the page, its template, or its parent, or grand parent, etc Specify fields/properties of the page in your field's Description or Notes content, eg: [page.parent.url] [page.title] [page.template.label] You can also define a str_replace to be performed on the returned value, eg: [page.name.(-|_)] which will return the page name with the dashes replaced with underscores. An option to allow raw HTML is available. You can also use hanna codes within your description and notes fields - big thanks to @Robin S for this idea. http://modules.processwire.com/modules/dynamic-description-notes/ https://github.com/adrianbj/DynamicDescriptionNotes/ Hope you find it useful.

Nice team effort and thanks Francesco Schwarz and the other people for creating time to handle the issues. Looking forward to new demo front.

@Robin S I have just find the time to try out your approch and since I like the Hanna Code module I will use it for sure. I recommend updating your post at least with: if(!$this->wire('modules')->isInstalled("TextformatterHannaCode")) return; Just to make sure we never run into a fatal error. Also for the sake of completeness, an example might be good to add in the Hanna Code itself: return $p->url; // an example to return the URL to the page without scheme and hostname Or something similar It would also be nice to add this to http://processwire-recipes.com/ but contribution to the PW Recipes sounds convoluted to me, so probably that is why it is not so popular among forum contributors. It's a pity though...

The methods for setting new options for an Options field via the API seem to be a bit convoluted - I think it's probably an oversight and it would be worth raising a feature request at GitHub. There's a method that seems to be primarily intended for the admin back-end: setOptionsString(). You can use it but the way the options are defined (string with line break separator) is a bit weird for API use and it's not easy to get it to play nicely with existing options. $f = $fields->my_options_field; $manager = new SelectableOptionManager(); $options = 'red green blue'; // you can also set IDs and values if needed $manager->setOptionsString($f, $options, false); // if last argument is omitted/true you will remove any existing options Otherwise you could manually create SelectableOption objects, add them to a SelectableOptionArray, and use addOptions(), deleteOptions(), setOptions(), etc, with that SelectableOptionArray. See the module source code. It's hardly a simple process though. I think what's needed are methods to go from options to PHP array and PHP array to options.

It's in the modules directory here: http://modules.processwire.com/modules/fieldtype-assisted-url/

Welcome to the Forums! If it is 60% done, you are probably better off finishing it. However, if you have the time, you can start it from scratch and learn ProcessWire at the same time. Learning ProcessWire is a nice experience with a good, linear learning curve, but it is still something new to learn. For example the above mentioned "page/field/template strategy" depends on your needs and experience too, so this is something you need to examine in detail before you make the plunge. You can find a lot of topics on it in the forums and in the docs. If you want to save time on coding, look up the Modules Directory. I recommend modules with v2.7 and/or v3 compatibility. Always check out the module's forum topic to learn more about its current status and get more info on them. As for Yii2 or Laravel suggested by @Sephiroth, I do not think it is something everyone should follow, at least ProcessWire is perfectly suitable for "anything" and development can be quite rapid with it, one just needs the experience to build something quickly in any framework one uses.

Another possible use of this is pointing the user to edit another related page by making use of the ID of the related page, eg: Test link to [Edit Parent](./?id=[page.parent.id]) which looks something like this: Anyway, there are lots of possibilities for enhancing the content of your Description and Notes text.

No, I just played with the settings, since you can allow user to see all the branches but edit just some.

Sorry, my bad. I forgot to apply correctly the page-edit permission to the template! It works.

Hi, i haven't used ProcessWire in a multisite context but have already used the Admin Restrict Branch module to limit to a given subpages set of theProcessWire page tree.

Hi Horst, I totally understand the concept and process. What I dont under however is that after installing the module the first image I cropped the cropped image was visable in the backend under "homepage afbeelding" as being the sole image to be used in the front-end. The cropped overwrote the uploaded image. Of course the orginal image was still available (in the folder structure). No problem, but just wanted to let you know that I had two seperate behaviour using the plugin. I'll try this evening to replicate the first behaviour.

No this is not intended. The original image never is changed in PW, at least 99%. The original uploaded image never is touched and should be in high quality (best 100%). Also, my opinion, it never should be outputed to the frontend. It is the source or master for all variations needed in a site. To be short, your suggestion can't work at least, as you can specify multiple crop settings, and how should they all be able to update the original image? But you can and should call every defined crop variation by its name everywhere you like it. Also you can call every other variation derived from Pageimage, incl. the original image. Does that make sense for you?

Not familiar with Laravel that much but I will talk on Yii2, Yii2 has a class responsible for adding Roles and Permissions, the roles are stored in the Database and there's a console tool to aid in creating of Roles, however how it works in Yii2 is that you create roles , create permissions, and you can also create more complex roles system in a way that goes like this Younglinh -> Padawan -> Jedi Knight -> Jedi Master with each higher roles having the existing permissions of the lower role, and when creating a user all you simply do is assign a user to a role, to use it, you simple check the users role and also infer if the user has permission to access that resource. http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#access-control-filter you will see how it's implemented here. However since Processwire works with composer easily, there should be package around this.

ProcessWire's core permission system currently falls short as soon as permissions need to be dynamic, e.g. if a user is part of a team or something like that. Basically everywhere were you cannot create a static role or permission per case. The dynamic roles module does help a bit, as you can dynamically assign those roles, but it's still one dynamic role per team (to stay with the above example). The optimal case would be to be able to have a single dynamic role, which would work like this: "If user is part of a team XY then give access to pages owned by team XY", where XY would be dynamically adjusted and not static.

I should have a pull request for magnific support and to fix some raw markup issues ready tomorrow evening.

Thanks, I see now what the module author was trying to do. The problem is the CSS targets the wrapping list item as well as the text input. For a basic fix you can just change the CSS file so it consists only of: li.InputfieldAssistedURL input[type="text"] { width:75%; } Or you could add some wrapping divs in the render method that would let you achieve more precise styling: public function ___render() { $field = new InputfieldURL(); $field->set('name', $this->attr('name')); $field->set('value', $this->attr('value')); $field->set('class', 'InputfieldAssistedURL'); $btn = $this->modules->get('InputfieldButton'); $btn->attr('id', $this->attr('name') . "_assistedurl_open"); $btn->attr('data-page-id', $this->page->id); $btn->class .= " InputfieldAssistedURLOpen"; $btn->icon = 'link'; $btn->value = ''; $out = '<div class="InputfieldAssistedUrlButton">' . $btn->render() . '</div>'; $out .= '<div class="InputfieldAssistedUrlText">' . $field->render() . '</div>'; return $out; } .InputfieldAssistedUrlButton { float:left; width:60px; } .InputfieldAssistedUrlText { margin-left:60px; padding-top:6px; }

$f4 = new Field(); $f4->type = $this->modules->get("FieldtypeOptions"); $f4->name = "name"; $f4->label = "Label"; $f4->save(); $manager = new SelectableOptionManager(); $options = 'red green blue'; // you can also set IDs and values if needed $manager->setOptionsString($f4, $options, false); $f4->save(); That did it, had to save the field before adding the options, took me a while to figure it out. Thanks for the help.

Thank you @Robin S. Sorry about that.

If you need a default (pre-filled) value for a field you can also use a hook to populate this field before the page is rendered.

Hi @ethfun - welcome to PW! We do have default values now for certain fields. I don't recall all of them, but definitely for Integer, which should work if you are looking for a span value like in Joss' post. Of course if you need another fieldtype, you can always just do this in your template code: $value = $page->fieldname ?: 4

@horst to the rescue again:

@Macrura Here's what's above the PW directives in my .htaccess. Notice that I'm pointing explicitly to a 403 html file, right below the 6G directives: ErrorDocument 403 /403.html Start of .htaccess: # 6G FIREWALL/BLACKLIST # @ https://perishablepress.com/6g/ # 6G:[QUERY STRINGS] <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} (eval\() [NC,OR] RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR] RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR] RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REFERRERS] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REQUEST STRINGS] <IfModule mod_alias.c> RedirectMatch 403 (?i)(wp-admin|wp-content|wp-login) RedirectMatch 403 (?i)([a-z0-9]{2000}) RedirectMatch 403 (?i)(https?|ftp|php):/ RedirectMatch 403 (?i)(base64_encode)(.*)(\() RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\. RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$ RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|) RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack) RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ) RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php </IfModule> # 6G:[USER AGENTS] <IfModule mod_setenvif.c> SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot # Apache < 2.3 <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all Deny from env=bad_bot </IfModule> # Apache >= 2.3 <IfModule mod_authz_core.c> <RequireAll> Require all Granted Require not env bad_bot </RequireAll> </IfModule> </IfModule> ErrorDocument 403 /403.html <FilesMatch "\.(js|css|html|htm|php|svg)$"> SetOutputFilter DEFLATE </FilesMatch> <ifModule mod_headers.c> Header set Connection keep-alive </ifModule> # ---------------------------------------------------------------------- # Expires headers (for better cache control) # ---------------------------------------------------------------------- <IfModule mod_expires.c> ExpiresActive on # Your document html ExpiresByType text/html "access plus 0 seconds" # Data ExpiresByType text/xml "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" # Favicon (cannot be renamed) ExpiresByType image/x-icon "access plus 5 days" # Media: images, video, audio ExpiresByType image/gif "access plus 1 week" ExpiresByType image/png "access plus 1 week" ExpiresByType image/jpeg "access plus 1 week" ExpiresByType image/webp "access plus 1 week" ExpiresByType image/svg+xml "access plus 1 week" # HTC files (css3pie) ExpiresByType text/x-component "access plus 1 month" # Webfonts ExpiresByType application/x-font-ttf "access plus 1 month" ExpiresByType font/opentype "access plus 1 month" ExpiresByType application/x-font-woff "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" # CSS and JavaScript ExpiresByType text/css "access plus 1 week" ExpiresByType application/x-javascript "access plus 1 week" </IfModule> ################################################################################################# # START PROCESSWIRE HTACCESS DIRECTIVES # @version 3.0 # @indexVersion 300 ################################################################################################# ....

@bernhard I've used various versions of the firewall over the years (it's usually updated once a year), and while I ran into the occasional conflict a few years back, it's been solid ever since. I'm currently using it on a couple of Apache servers (Ubuntu 14.04 with the most recent version of Apache) on about 6 different PW-powered sites (both http:// and https://), and so far so good. I haven't run any specific test to measure its efficiency, but I see fewer traffic peaks from questionable sources and fewer errors in my logs. And it gives me an additional peace of mind to have this added layer of protection against bad actors. I've added this additional block as my logs showed persistent automated (and dumb) attempts to access Wordpress login or directories. # 6G:[REQUEST STRINGS] <IfModule mod_alias.c> RedirectMatch 403 (?i)(wp-admin|wp-content|wp-login) I don't think this really needs a module as it's a quick copy and paste operation, although it's true that releasing a module would raise awareness and more people would discover it. @Mike Rockett I'm certainly not a Regex expert, but if you look at the "Learn more" section, there are various articles over the years that show how some highly optimized regex rules can go a long way.

After trying several SaaS options I've settled with StatusCake (referral) for a year now. They offer free unlimited servers. You can receive an e-mail free (or use several third party integrations) or text (costs a little like 25$ for 100 credits). The only drawback is that you can't select from which location you want to check and you might find the 5 min interval too slow. But hey: it's free Right now I'm thinking of upgrading to get additional 1 minute checking, Locations, SSL Monitoring and Page Speed tests for 20$ a month.

For everyone interested in disabling cookies at all to avoid every possible need for this plugin checkout out this blog post from Ryan http://processwire.com/blog/posts/multi-instance-pw3/#more-session-control