Leaderboard

Thanks for your questions. I suspect that what they are really referring to with encryption has to do with using HTTPS, though I could be wrong. That's where encryption would matter most here. If they are instead referring to private storage of the data on a server/DB, then "user data" is probably too general a term. Things like SSNs or financial info would be confidential user data that you might want to encrypt with a user's password as the key, so that it would not be reversible except by the user. Things like an email address or website URLs probably not. That's because they are already public identifiers used by the internet as a network, passing through perhaps dozens of other servers on their way to their destination, and stored in non-encrypted logs by both originating and recipient recipient server. So if one is using some kind of confidential data as part of their email address, they probably shouldn't use it for... email. Storage of any data, whether confidential or not, is of course "protected" by the access control of the server. At the other end of the spectrum, if one can access data already, encryption doesn't add any protection if the means of reversing the encryption is located on the same server where the encryption occurs (as it would have to be to make use of it on a website). That's why I think that GDPR statement must be referring to HTTPS, since encrypting these things at the server side would require decrypting them at the server side, and thus wouldn't be very useful (false sense of security). Nevertheless, if it's something you want it do, it would be fairly simple to implement, and I'm happy to outline the hooks necessary to do it. The big drawback is that the data would no longer be searchable. But if one has the need for whatever reason, then yes, it's definitely possible A user can only receive a newsletter if they subscribed to it and also confirmed that they wanted to receive it by verifying their identity via email. So that could not be considered "unwanted" email since one has to specifically opt-in to receive it. However, if there are some kind of public blacklist services or lists that you want to use to prevent users from even attempting to opt-in to a newsletter, then I could definitely add support for them. I'm not aware of any at present, so if you are, please let me know and I can get a closer look. Though I'd think just the public existence of such a blacklist would probably invite unwanted email to those addresses, from outside the jurisdiction of the blacklist. ProMailer is not a tool for sending spam, and if that's someone's intention ProMailer is not the right tool for that. Regardless of tool, if someone can make false claims and subject someone else to $5k per email of penalties, then I would probably eliminate email as part of any business model in those jurisdictions. So if that's the case, email would be dead in my book and I'd move user communication to another medium like SMS or even traditional postal mail. You can only subscribe if you confirm it with your email address (double opt-in). So the only situation where you can subscribe is if you yourself confirm it from your email. You can test it out from here if you'd like. But if someone breaks into your email, then yes they could subscribe you. If that's a concern, then this is another situation where I would avoid email as a medium for communications. We do store the timestamp of both subscription request and confirmation. No IP addresses or information about the browser client are stored by default, but you can store the information on your own if you'd like to.

Just a quick note on this one: to my best understanding GDPR doesn't explicitly require encryption. Encryption is mentioned as a suitable option for data processors and controllers in order to secure user data, but it isn't strictly speaking enforced – and thus not encrypting data (such as email addresses) wouldn't automatically mean that the product can't be GDPR compliant.

I've finally managed to to remove my 1.5 decades old, all-ugly, frame-based photography site to something more modern. So what looked like this for a much too long time: now present the images much better, has a consistent layout and finally is responsive: The intention of the site is to provide some inspiration for the ambitious photographer and also provides a tips section focusing on some aspects of digital photography. After being idle for too long, I feel new motivation for adding even more tips as time allows. We'll see. https://www.tofahrn-foto.de/en/ Layout is basically pure UiKit and all content (including menu and footer) is managed using my RepeaterFlex as a kind of real world test. The RepeaterFlex is inspired by the commercial RepeaterMatrix fieldtype but uses plugins to define item templates (in case you're interested, there is a small Demo Site for RepeaterFlex including some documentation). The site uses lazy load of images (lazysizes.js) and page transistions (barba.js V1) to obtain a hopefully smooth experience. There also is ProCache running to deliver minimized css and markup. Enjoy.

Just merged the localisation branch into master and pushed up the latest version of this module. We are now at version 1.1.1.

Teppo, good points. Though on the servers I work from at least, you'd need access to the server account before you could ever get into the DB. Though I know this isn't representative of all environments. In general, I think DB backups are where there's more potential need to protect things. Those might be downloaded to the developers computer and then become more independent of the server, where encryption could actually be a more valuable protection. Encrypting emails does seem pretty silly given their purpose, so it's not something I'd do unless I had no choice, but for people where that's the case the good news is that it would be very simple to do.

There is actually one benefit: if data is stored encrypted and the key is stored separately, even if it's on the same server, someone gaining illegitimate access to just your database but not full access to the server would mean that said data could be considered much less useful to the offending party. At the very least it could take them a long time to figure out what it is that they actually got their hands on. Although this predates GDPR, in opinion 03/2014 the Article 29 Working Party stated that breach affecting only encrypted data may also mean that the source of the breach isn't subject to typical breach notification procedures: Just something to consider. I'm personally still not convinced that storing emails encrypted makes a whole lot of sense on a typical website, but I'm also not a lawyer, or a specialist in data privacy for that matter. Still, if my business relied largely on storing personal data, I would probably consider taking every precaution in order to avoid a full-blown disaster ?

Some time ago I created a site profile for creation of a REST API with ProcessWire. Since I kept struggeling with updating stuff between different projects which use this, I decided to convert it into a module. It is now ready for testing: https://github.com/thomasaull/RestApi Additionally I added a few small features: automatic creation of JWT Secret at module install routes can be flagged as auth: false, which makes them publicly accessible even though JWT Auth is activated in module settings To check things out, download and install the module and check the folder /site/api for examples. If you find any bugs or can think of improvements, please let me know!

A huge shout out thank you to all the PW developers who have, and continue to help me.

I've just upgraded the forums to the latest version 4.4.x as there was a critical security patch that warranted it. As usual, there is some pain in upgrading from a 4.x to 4.x branch due to template changes and feature changes/additions so you may find things have moved around a bit. There is still work to do on the template as this was a little rushed (security update forced my hand) but it should be functional at the very least. If you spot anything drastically broken that I may have missed, please let me know here. Minor template tweaks (fonts, alignment etc) will be updated in the next few days.

Thanks for spotting the left over LIVE reference. Actually between 2.6 dev and the releases version of 2.6 of the Tracy core, they actually changed LIVE to LAZY. LIVE still exists as a separate option but it still has some downsides. In most cases LAZY is better. You can read more about it here: https://github.com/nette/tracy/issues/344#issuecomment-468123490 Your data is still truncated because of the default maxDepth of 3 which is tweakable in the module settings. With lazy it's possible to have a much greater depth without performance issues so maybe I will up that at some point. You can of course still use db() or bdb() or bd($var, [10]) or one of the other combinations to up the depth. You'll find that with the new LAZY approach you can actually do a bd($page, [10]) and it won't cause an out of memory error like it would with Tracy 2.5. Hope that helps. If you have any more technical questions let me know, or perhaps address them to @dg at Nette.

Hi Adrian, Now that "live" is used as the default dump method there's an item in the shortcut methods description that should be deleted: And maybe in the docs too? https://adrianbj.github.io/TracyDebugger/#/debug-methods?id=bardumplive Or maybe move the explanation of live dumping to the intro of this section. Also, I'm trying to get my head around how this live dump works. Are you able to point me to a page in the Nette docs that covers this feature? I've been looking but haven't been able to find it. And if the dump data is loaded in realtime as the levels are expanded then how come there is truncation in the example shown below? Thanks.

Here is a tip in general to speed up whatever local server you are using: 1) Open the server php.ini 2) Search for "realpath_cache_size" 3) Remove the semi-colon at the beginning of the line and change the 16k into 32M or 64M

Cross-linking this post from Diogo here ?

Thanks for for the write-up of how you got this working. I've tried many different AMP stacks for Windows over the years and Laragon is the best. Among the useful features is a built-in mail sender: I recommend it to any Windows user - you'll be sending email from your local dev environment within minutes rather than days. ?

What about: if($image->width > 9000) $image->size(9000, 0, $defaultOptions); I'd anyway prefer something generic like (You'll probably want to account for landscape and portrait as well): $imgWidth = $image->width; while($imgWidth > 400) // Larger than minimum? { $imgWidth /= 2; // half size (or whatever factor) $image->size($imgWidth, 0, $defaultOptions); } Not sure about the ImageMagick quality setting, but "max" quality of a JPEG normally relates to its (I'll name it) "cluster" size. The higher the quality setting, the smaller the cluster is. This has nothing to do with "keep quality from original", which may be encoded with a lower quality setting, which seems to be the case in your example.

Oh gosh, no, that's not what I meant ?....just a more friendly error than a fatal one. I didn't notice though that you were using type hinting in the function arguments, so, my bad.

Personally, but I don't like to have my functions silently fail on invalid input. In this case, there's no useful thing the function can do if it doesn't receive a Pageimage, so you'd end up returning an empty string or null in this case (would need to make the return typehint nullable for the latter): function buildResponsiveImage(?Pageimage $img, int $standard_width): string { if ($img === null) { return ''; } /* ... */ } To me that feels like I'm creating a hard to debug error down the road, when I can't figure out why an image is not being displayed. Also, I want to be able to see all permutations of a given template by looking at it's source code; if an image field is optional, I want to see a conditional clause covering the case of an empty image field. Also, though I wrap the functions as static methods in a class, it's really more of a functional approach, so I'd rather create a higher-order function to wrap around this one and catch empty image fields in case I want to build on this. But this really comes down to personal preferences, and after all it was a tutorial on how to build such a function. I'd encourage everyone to build upon it and adjust it to their personal workflow / preferences, especially for things like error handling and default arguments ?

Hi @adrian_gp, Welcome to the forums. Let's say you have a category 'Technology' whose URL is /categories/technology/. In the template file of the template CategoriePage, you can do this: // @note: we set a limit here. You can use pagination if you have many posts $posts = $pages->find("template=BlogPost, limit=10, categories=$page"); $out = ''; // category title $out .= "<h2>{$page->title}</h2>"; // found posts in this category if($posts->count) { foreach($posts as $post) { $out .= "<h3><a href='{$post->url}'>{$post->title}</a></h3>" . "<p>{$post->summary}</p>";// assuming you have a summary field } // no posts in this category yet else $out .= "<p>No posts found in this category</p>"; echo $out; Quickly typed in the browser, check for errors, just an example. Btw, there are blog profiles and a Blog module you can look at for more examples.