Leaderboard

Hi everyone. Lots of new stuff this morning. 1) Terminal panel (available in a panel and also as a dedicated Process module - similar to how the Adminer feature is set up) NOTE: It does not support interactive commands like vi, nano, apt, etc. DO NOT attempt to use these as they may result in you needing to restart apache. This is a bash terminal that lets you quickly execute commands on a server. In addition to normal commands like: ls, cd, cat, mkdir, rm, chmod, chown, etc, you can also do mysql command line calls which is very handy if you need to add a new user, create a mysqldump etc. Note that for mysql commands you need to issue them individually - you can't simply start "mysql" and issue commands from there - each call needs to include your username and password and the command to be run, eg: mysql -u root -p mypassword -e "CREATE DATABASE newtablename"; There is also an upload and download command, eg "upload test.txt" which will spawn a file selector dialog on your machine to upload that file to your server with the given name. It also has arrow up and down for command history as well as tab autocompletion of commands and file names. 2) Lots of new filterbox implementations @tpr has again put in lots of work to implement filterbox on the APIExplorer, Captain Hook, and PHPInfo panels - these will be super helpful to search through these complex panels. I have also added a ALT+F shortcut to get your cursor into the Find input for all these panels. Let us know how these new features work out for you. Cheers!

Thanks! The part in question would be this: "Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate [...]" GDPR doesn't state that the controller and the processor must encrypt all personal data, period. Loosely translated it says that, taking a lot of things (such as the cost, nature, scope, context, and purpose of data processing) they must take measures appropriate to the risk and its likelihood, and one of the measures that may be appropriate depending on a lot of factors would indeed be encryption. The truth to the matter is that unless there's a court case stating essentially that everything (including specifically email addresses) must be encrypted during storage, this can be interpreted in a multitude of ways. Then again, I'm still not a lawyer, and am mainly relying on opinions on the Internet – so don't take my word for it, and please do take every precaution you feel would be appropriate to your case ?

From time to time, I copy/paste snippets of code in the forum here to my editor (SublimeText). Unfortunately, I think the forum software sometimes throws in invalid, INVISIBLE unicode characters that break the copied code and usually will throw PHP errors that at first sight don't make any sense. These characters are impossible to detect in SublimeText, but with the following plugin I just discovered, it will identify them: https://packagecontrol.io/packages/Gremlins

I've finally managed to to remove my 1.5 decades old, all-ugly, frame-based photography site to something more modern. So what looked like this for a much too long time: now present the images much better, has a consistent layout and finally is responsive: The intention of the site is to provide some inspiration for the ambitious photographer and also provides a tips section focusing on some aspects of digital photography. After being idle for too long, I feel new motivation for adding even more tips as time allows. We'll see. https://www.tofahrn-foto.de/en/ Layout is basically pure UiKit and all content (including menu and footer) is managed using my RepeaterFlex as a kind of real world test. The RepeaterFlex is inspired by the commercial RepeaterMatrix fieldtype but uses plugins to define item templates (in case you're interested, there is a small Demo Site for RepeaterFlex including some documentation). The site uses lazy load of images (lazysizes.js) and page transistions (barba.js V1) to obtain a hopefully smooth experience. There also is ProCache running to deliver minimized css and markup. Enjoy.

Here is GoodKidsClothes.com, a blog about kids clothes - news, style tips, sale alerts, and more. GoodKidsClothes.com originally ran on Wordpress, and I moved it to Processwire recently, the new Processwire version is shown above. There was a fair amount to change over, since it had 4 years on Wordpress before switching! I kept the colors, background, etc in line with what it had been before - a soft, friendly look. I wasn't seeking for it to be identical to its previous appearance, just similar but updated/better/more fun. The html I did from scratch, although I used the W3CSS framework. I love W3CSS because they handle all the responsive breakpoints, and the default styling is a clean flat modern look with plenty of great pre-sets. The reason I moved this site over to ProcessWire was not looks but actually functionality: the new Wordpress editor (Gutenburg) had just come out - one of its quirks is that it couldn't keep up with my typing, so I had to literally slow down my typing, which really defeats the purpose of WP as a blogging CMS. (Processwire's editor keeps up with me just fine). Also it was anyway time for me to manually go through and update old articles, put in new affiliate links etc, so I decided to do everything all at once and switch over to ProcessWire. In case anyone is wondering, the switch-over was manual since I was going to examine every article I'd written to either a) update it, b) move it to another of my sites, or c) trash it. This was not time-efficent but this way I wound up with being certain everything was up to date content-wise, plus no unwanted bloat (like extra WP fields) could make its way into my Processwire database. I simply installed Processwire via 1-click Softaculous install in a subdirectory of the original Wordpress site, with the original site still running. Then after I had the Processwire version fully finished (this took several weeks), I simply uninstalled the Wordpress version and moved the Processwire site into the document root. This way I had less than 1 minute downtime. UX/UI The first menu link is an all-abilities-inclusive version of "skip to content". The actual text displayed depends on which page template is being used ( this text is assigned in _init). For example, the Article template will display "Scroll to article", while Search Results template will display "Scroll to results". Link styling in the body of article content is designed for both the desktop and mobile user, with simultaneous underlining and highlighting showing the entire link region to aim for when tapping on mobile. On the home page and some other templates as needed, skip links are available within the page. They offer the option to skip past a series of links such as social sharing links, pager navigation, etc for a) the screen reader user and b) the fully-sighted keyboard-only user (no mouse). These links only become visible to the eye when focus comes upon them via tabbing. Tab through the home page to see it in action - this is the template where the most skip links have been needed. Cookie manager - originally I used a slider for turning Google Analytics tracking on/off but changed to checkbox because I could not work out a way to manipulate slider without mouse. Newsletter - field, and feed One feature of this site is its newsletter, and you'll see here how Processwire shines. The setup was (and still is) that on days when a new blog post relevant to children's clothes is published, subscribers get a brief email notifying them of the new article and linking to it. This is all handled by MailChimp, which I highly recommend. Under the old Wordpress system, I had to use categories to classify which of the posts wound up going into the newsletter (kids clothes) and which posts didn't (other topics like parenting etc). There was always the chance that under default WP behavior, things would be classified incorrectly if I forgot to specify categories. Under Processwire, I've set up the article template to have a field called "Newsletter" which is a simple drop-down choice of "For newsletter" or "omit from Newsletter". There is no default value, and it's a required field, ensuring that I do remember to specify it one way or another. It's such a relief to do it this way! My newsletter feed was easy to customize under Processwire: I created a feed template that selected a) all the pages using the article template that also had b) the "For newsletter" field selected, and those are listed at /newsletter in feed format. Please note that this feed may be empty right now - I omitted my existing articles from newsletter feed as subscribers have already seen them, and haven't had time to write new articles yet. To clarify, I'm expecting the newsletter feed at /newsletter to only ever be read by MailChimp, although it's certainly possible to be used by feed readers or read by humans. XML sitemap Under Processwire, I was able to generate a list of articles in XML format at /sitemap.xml that I can then submit to Google as the XML sitemap for this site. Best of all, unlike web-based crawler-type sitemap generators which generate a static sitemap that you then upload to the document root, my Processwire /sitemap.xml auto-generates each time the page is loaded, so it's always auto-updated - any changes in back office like article deletion, unpublishing, adding new articles etc are reflected automatically in /sitemap.xml. Some advantages of Processwire features when templating 1. _init.php file - my theme was designed for subsequent use in my other sites, so selected pages for use in nav menu (About, Privacy Policy) are automagically "found" in _init.php as follows: $pp = $pages->findOne("template=BN-infopage, sort=created, title*=Privacy"); $ab = $pages->findOne("template=BN-infopage, sort=created, title*=About"); 2. Made use of Processwire's built-in retina-friendly image resizing class, class="hidpi" to ensure social sharing icon links render at a decent resolution on mobile screens. Other info To check my html and to help identify problems that are not visible to the eye, I found it incredibly helpful to use the "audit" feature available on Chromium and other Chrome-based browsers. (F12->Audit-> select options you want). The order of the blogroll looks a little odd at first glance but it's ordered based purely on publication date. However, I updated some articles and they display the last updated date, which makes the blogroll look like it's not in date order even though it's in publication date order. Also some dates (the older article dates) reflect a user-specified date field, to show the article was valid at the time it was written (e.g. time-sensitive info such as reviews, sale alerts, etc). I'd be happy to explain further if anyone's interested. Moving forward as I write more articles, there should not be an issue, since I usually update only on or very soon after the publication date, so we should not expect to see wildly different dates on sequential articles from here on in.

If all of this is correct, I personally think that the stakes are too high for sending any kind of email in a place where anyone can accuse another of emailing them and subject them to thousands in penalties from a single email sent by accident. It seems like that creates a dark market for people to pursue receipt of email as a litigation model. It seems like sending any email at all is huge risk where one accidental email could bankrupt you (reminds me of the US healthcare system). Personally, I wouldn't have the ability to pay a lawyer to even respond to such a complaint, so would be inclined to play it safe and simply remove email as a communications method from my business entirely. I don't think you could safely run a software like this one (IP.Board) with those kinds of restrictions. But as far as ProMailer goes, if people subject to those kinds of laws still want to use it, I do think I can support much of what's been mentioned so far. Actually I think it's a good opportunity for ProMailer as a product to provide answers for these kinds of needs, and would enjoy implementing solutions for them. But I consider everyone here my friends, and with the stakes being so high, I would prefer that friends dealing with such laws stay far away from any software or service involved in sending email. Sending email sounds like a death trap as dangerous as swimming with crocodiles. I understand some will take the risk anyway, so I'll do my best to make sure ProMailer has answers for these kinds of things. The only one I'm really not wild about is encrypting email addresses, just because that would place major limitations on the ability to search subscribers, which might increase the risks in other ways. For instance, Mike sends you a C&D letter, but you can't find Mike in your lists in order to remove him, so he ends up getting another email, and BAM, Mike gets to take over your life savings. But I think I can provide hooks for those that want to do it anyway. In my development version, this morning I added an option to log IP addresses with subscribe request and confirmation logs. It's off by default, but can be enabled in the module settings. As I understand it logging of IP addresses is not legal in some places, so anything that has potential to record IPs I usually keep disabled as a default. But the option will be there for those that want to enable it. With regard to a blacklist, we've been talking about it in the ProMailer board and I'm currently thinking a blacklist might be better supported in the core WireMail rather than just in ProMailer. That way you could blacklist an email address for anything in PW that might send an email via WireMail, rather than just ProMailer. For instance, modules like LoginRegister use WireMail to confirm account creation, so a lower-level blacklist could affect that module or any others too, in addition to ProMailer. That way an errant confirmation email or password-reset email won't cause someone to lose their retirement savings. I understand one of these blacklists can be individual email addresses, or entire domains, but am wondering about scale: are blacklists usually fairly small, or might it be an existing published list with thousands of domains/emails?

Perhaps I was too hasty in removing the live option, so maybe it will make a comeback now that LAZY is the default - just need some more testing to see if it actually helps with large dumps, and whether there are issues with the integrity of the data. So far from what I can tell, LAZY does an awesome job even with: bd($page, array('maxDepth' => 99)); or the shortcut: bd($page, [99]);

Thanks for the info. From the discussion you linked to it sounds like the LIVE/LAZY features are still a work-in-progress and subject to change. So will wait a while before I delve into it. The thing that was confusing me was that the previous barDumpLive() didn't take any $options argument for maxDepth or maxLength which made me think there is no limit for these when a live dump is used. But no problem to keep using bdb() for larger dumps.

Here you go: http://www.privacy-regulation.eu/en/article-32-security-of-processing-GDPR.htm

I've just upgraded the forums to the latest version 4.4.x as there was a critical security patch that warranted it. As usual, there is some pain in upgrading from a 4.x to 4.x branch due to template changes and feature changes/additions so you may find things have moved around a bit. There is still work to do on the template as this was a little rushed (security update forced my hand) but it should be functional at the very least. If you spot anything drastically broken that I may have missed, please let me know here. Minor template tweaks (fonts, alignment etc) will be updated in the next few days.

WIP module (90% done) following this request expression of interest ? by @szabesz. A (Process) module that allows the posting of Notes in the ProcessWire admin. Inspired by WP Dashboard Notes (see video in link above). The module is almost complete. As usual, I hit a snag with the CSS! PRs highly welcome, please! (see below). Setting note sizes and display was a bit tricky. Module is now available for alpha testing here. https://github.com/kongondo/DashboardNotes Contributing I should have mentioned this earlier and done it properly but I am lazy, so this is the rough guide. I know we all have our preferences but please note: No heredoc syntax No alternative syntax for control structures (i.e. endif, etc) Indent using tabs (4) Doesn't matter in this case, but no PHP short tags For methods, opening curly bracket on same line as the method name (there's a technical wording for this, I can't remember now) Features Set Notes priority (low/normal/high) Note text and background colours Enable/disable replies to Notes Lock Notes for editing Viewing of Notes can be controlled using users IDs, roles or permissions. Default is all Notes can be viewed by all who have access to the module Edit Note after posting Global note settings (accessible only to those with dashboard-notes-settings permission) - default colours, date format, if users can delete notes they did not create, if users can edit notes they did not create, note display dimensions, maximum depth of (nested) replies, maximum characters of note preview before truncate, etc.) Sort notes by date, title or priority Pending Bulk actions (delete, lock, change priority, etc) Reply/commenting on notes More testing on visibility Requests/Ideas Mine is: PRs are welcome! Especially with the CSS and/or Design (Use the Dev Branch please) Display Note author title (if present, or any other named author title field) rather than their (user)name? Other? Screenshots Thanks!

got a copy of ProMailer anyway ?

I would say, rather small (max a few dozens to hundreds for bigger companies). YMMV

Just in case, you love the module as much as i do ... and you think it looks a bit old fashioned. I did a little styling update (just the css and a few fether svg icons): To use it just put the attached files to site\modules\AdminBar @Apeisa: You may apply this to the original module if you like! AdminBar.zip

@flydev For http basic auth I'd only use user/password for initial logins and for any subsequent request use some kind of token. Generally I'd support what you said about tls and intercepted requests holding any information be it a password or token, but I think more important is the fact that a user won't insert a password for each request and you don't want your app to somehow cache the supplied password. That's what should never be promoted.

@flydev Thanks for your PR. I'm going to investigate (feel free to remind me, if you don't hear back)! One concern though, do you think it's a good practice to send the password on every request? In this case you'd have to store the password somewhere in your frontend, which I think is security bad practise. Maybe other people do have an opinion about that?

I think it is amazing that you took to writing a tutorial for us this early in your involvement with the community. Good job amigo ?

Thanks for the tip. My php.ini file has this line: realpath_cache_size = 4096k I'll leave that there and see what performance increase I notice ? (but more important this post so I can come back to it later)

I realize I never updated about this, sorry. It was all OK in the end - I reached out to Ryan, and it just looked like something had slipped through the cracks - my submission was made around the time that they changed they layout of the PW site directory. It got added in fine after I resubmitted. Thanks all for the input!

@bartelsmedia The case you linked to is to prevent unsolicited advertising emails. An opt-in email is NOT an advertising email, depending on the contents of the email. If it just says, "you are subscribed", or "please confirm your subscription", without links to products or special offers, or something else that has advertising character, sending it is allowed. Like @teppo said, it is not required to store the emails in an encrypted format. I am also no lawyer but had to inform myself a lot about this, because I needed the information for some of my customers.

Don't shoot the messenger – I know this is from WordCamp, not ProcessCamp, but there's plenty of quality material there not strictly tied to WordPress ? https://wpwoofi.com/wordcamp-nordic-paneelit-2019/ Sadly the recording misses the beginning of the UX for everyone talk by Piccia Neri. This was my absolute favourite in the whole event, there were so many good points there. She has the ability to explain scary-sounding concepts and processes in a way that makes them really easy to grasp, and actually makes them seem attainable even in relatively low-budget projects ? "Lessons from WordPress core on how to (not) write code" has some good pointers for anyone designing dev tools, "Cache is keeping you from reaching your full potential as a developer" contains valid arguments, and although "Continuous integration and deployment with WordPress" is definitely WP-specific, the basic principles can be easily applied to other platforms as well. Just to mention a few. Anyhow, I hope someone finds these interesting ?

Sadly the recordings are no longer available. For anyone interested, they will be available at wordpress.tv at some point. On a related note I think that's also a great source of information, even for non-WP users ?

Teppo, good points. Though on the servers I work from at least, you'd need access to the server account before you could ever get into the DB. Though I know this isn't representative of all environments. In general, I think DB backups are where there's more potential need to protect things. Those might be downloaded to the developers computer and then become more independent of the server, where encryption could actually be a more valuable protection. Encrypting emails does seem pretty silly given their purpose, so it's not something I'd do unless I had no choice, but for people where that's the case the good news is that it would be very simple to do.

As Processwire seems to be quite successful in Germany, some GDPR considerations: Are the subscriber email addresses stored with encryption in the database? GDPR enforces to use "state of the art" methods to protect user data which includes encryption. Is there a email black list of users who do not want receive a newsletter under any circumstances. Germany is quite lunatically rigid regarding "spam" emails with penalties of around $5000 for each unwanted received email. Example: User receives newsletter, denies to ever have subscribed and asks for a ceise and desist letter. If you then send another letter to such user, it will be expensive. Does the module save the newsletter subscriptions with sufficient evidences of the subscription? Time stamp, IP address and header (of course also saved with encryption in the database)?

When you do an accessibility audit on the forum (and the main PW site) there are tons of color contrast failures (among many other issues). WCAG 2.1 states that color contrast has to be at least 4.5:1 for copy text, whereas here most text is below that. And yes, font size and line-heights are too small. body base font size should be at 16px with line-height 1.6 (unitless, not in pixels). And ideally, all other font-sizes further down should be specified in em or rem. The main container could be reduced: e.g. max-width 1280px instead of 1630px.

This is less of a bug and more of a.. well, issue: the line length in the forum is kind of crazy. I'm getting 220-240 characters on a single line, while 100-120 would be good for readability. Would be great to get this fixed as well. I'm thinking that there probably should be a max width for the content area – or perhaps the font size should be double what it is now? ? The font is also really tiny and way too light (at least in some places, such as the breadcrumbs and other "less important" texts), neither of which really helps with the readability issue. Anyway, great job getting the update rolled out, and the forum looking more like the main site! Edit: I'm officially getting old. Setting browser zoom level to 125% or 150% makes things way more comfortable ?

Update re previous post Following on from a bit more testing, I have forked the Indexer module mentioned above and started a new thread...

You can also use the following code in your site/ready.php: <?php if($page->template->hasField('name-of-your-ckeditor-field')){ $string = $page->name-of-your-ckeditor-field; //create string replace for blockquote $string = str_replace('<blockquote>', '<blockquote class="blockquote">', $string); //here you can add further manipulations.... //.............. //finally set the value back with manipulations $page->name-of-your-ckeditor-field = $string; } Replace "name-of-your-ckeditor-field" with the name of your field. In this case you can use the default blockquote button from CKEditor. Best regards

Not sure if you can use these, but this, to the best of my knowledge, is the home of PW Tips and Tricks: https://processwire-recipes.com/

$page->images->eq(1); // second image

I also know what you're saying, but I have to strongly disagree. I could've write this in any other similar thread. The problem is the code posted in a wysiwyg is "horrible" to read and even copy it. Then after this is working (as with 1000 other code here in the forum), there comes the next who takes this code but need another feature.. then the game start again with same story same code but different bugs issues. What I would like to do is helping how to code and debug, not have 1 million snippets that are sometimes very bad coded and not complete best practice or not even working spooking around the forum. It already happened many times and it will get worse by time. I know what you're wanting to do and I understand, but in the long run what we are practicing here since 2 years is very bad for newcomers. We better this energy and time to help with little tutorials and snippets that are good to start with in a dedicated site/place.