Leaderboard

I don't want to dismiss your frustration — I get that problems like this one can be really annoying! — but I do want to stress a couple of points about this: This is very much a needed (even required) security feature. I wouldn't recommend disabling it unless it's causing major issues, and even then there's a 99% chance that you should just fall back to one of the "less strict" options (as mentioned earlier). Without session fingerprinting attacks involving session hijacking are a very real possibility. Providing UI way to disable any security feature is something I'd be wary of. Of course it depends on the situation, but generally decisions like these should be a) made by folks who have enough technical know-how to make educated decisions knowing what the consequences will be, and b) disabling any security feature should never, ever be something you can do "on a whim" — it needs to be a decision made after serious consideration. Of course technical know-how and well considered decisions don't equal being a developer with access to site's config files or code, but the point is that providing an easy way to decrease the security of the system is definitely not something I'd consider a best practice. Quite the opposite, in fact. Also, one more thing to consider is that if someone did somehow gain illegitimate access to the admin panel, providing an UI way to disable security features could potentially allow them to escalate the attack. (This particular setting is not the best example of that, but generally speaking.) As for session fingerprinting: I've personally not had real problems with it, but I know others have, so not trying to dismiss this problem. It should, though, only happen if your IP or user agent string changes constantly, which is a pretty rare situation — though I'm not an expert in this subject. For me the only case where I've experienced something similar was while testing the site using developer tools, going between mobile UA string and regular UA string... ?

Hello @ all ! Today I want to share another new inputfield with the community! It is called Fieldtype OpeningHours and it is designed to enter one or multiple times per day (especially for company opening times). I know that there is another great fieldtype in the repository (https://modules.processwire.com/modules/fieldtype-business-hours/), but I wanted to create my own with a different UI than the other one. Here is a screencast of what it looks like in action: OpeningHours.mp4 A lot of things going on behind the scenes and I dont want to write it all down here, because you can find the whole information on my Github account. https://github.com/juergenweb/FieldtypeOpeningHours Requirements: PHP >= 8.0 (because it uses union types, I have also tested it with new PHP 8.2) ProcessWire >=3.0.181 If you may find any bugs, have any ideas to improve this fieldtype please report it in my Github repository. Greetings from Austria and have a nice day! CHANGELOG: 21.7.20 Add new option to show (true) or hide (false) days with no opening hours on various methods (please be aware that setting options has been changed - it is recommended to deinstall old version and install this inputfield again) . Take a look at the READ.ME for further instructions. 1.1 Add multilang support for timeformat and add 2 additional Schema.org markup methods UPDATE: 09-06-2023: The module has been added to the module directory and can be downloaded from there after it has been published.

It's very likely that your IP will change every now and then. My understanding is that regular ISPs often charge extra for static IP addresses and (at least around here) some don't even offer this sort of service to consumers. When your IP changes and session fingerprinting (involving IP address) is enabled, you'll have to renew your login session. This is unrelated to session lifetime limit. That's a valid question! In many services that I use the situation is exactly the same as with ProcessWire. if I disconnect from the company VPN (or first log in to the service and only then connect to the VPN) I'm forced to redo the login process, which in turn may involve new 2FA confirmation request. Most likely these services use a similar fingerprinting mechanism as ProcessWire. On the other hand I wouldn't be terribly surprised if some big services skipped this step, especially if they happen to have many "consumer users". It can indeed be problematic for some users, and on the other hand session hijacking can also be mitigated using other measures. Storing the cookies securely and so that no one should get easy access to them is the most important step (obviously ProcessWire does that as well.) After that it's more about adding extra layers of security. According to Invision Community documentation our forum software has IP address based fingerprinting enabled by default. They recommend keeping it on, unless it causes issues. Just to make sure I just tried "hijacking" my own session — and so far it looks like the forum doesn't really care about which IP I'm using, what my UA string look like, etc. I was able to "transfer" a session to another browser, and it continued to work even after IP address change. It's important to keep in mind that lacking session fingerprinting is not a security issue in itself, more like a precaution that could've (and, in my opinion, almost always should've) been taken, yet wasn't. In this particular sense our forum could indeed be considered less secure than a typical ProcessWire site where fingerprinting is enabled ?

v0.0.19 adds support for RepeaterFields @zoeck $rm->migrate([ 'fields' => [ 'my_repeater_field' => [ 'type' => 'repeater', 'label' => 'This is my great repeater field', 'repeaterFields' => ['title', 'body', 'images'], ], ], ]);

It's possible with a hook. In the "List of fields to display in the admin Page List" setting for the template, enter a string that identifies where the value from the first repeater will go, e.g. first_repeater_datetime. Don't put the normal { } delimiters around this string. Then add a hook like this in /site/ready.php: $wire->addHookAfter('ProcessPageListRender::getPageLabel', function(HookEvent $event) { $page = $event->arguments(0); $out = $event->return; if($page->template == 'your_template') { $datetime = ''; if($page->datetimes->count) { $first_item = $page->datetimes->first(); $datetime = $first_item->date . ' ' . $first_item->time; } $event->return = str_replace('first_repeater_datetime', $datetime, $out); } });

Hi @Mats thank you for this module! I noticed an issue when trying to crop images which where downloaded via this module on saving. The error said that the image could not be found. I assume this has to do with the page file name, which has a "." in its name, which seems to be a problem. I replaced the renaming with following line, which solves this problem for me. Maybe it's helpful for someone else coming accross this. $pagefile->rename(str_replace('.', '-', $pagefile) . ".jpg");

Welcome @bookie! This tutorial by @kongondo could be a good starting point for your intention: Don't worry if it looks difficult - it is not!

I added tests for two of my modules, VersionControl and ProcessChangelog, back in the day. VersionControlTests is the more recent project, though I haven't touched or used it in years. There's only one test class in that project, and sadly I'm pretty sure it goes against so many best practices that I probably wouldn't consider it a very good starting point ? While I did use PHPUnit, it wasn't really unit testing — more like integration testing. The test class starts from a blank ProcessWire installation with required module files included, installs the module, sets up language support and adds some languages, makes changes to page(s) and after each one checks what was stored in the database, etc. In the end it attempts to restore the site to its original "untouched" condition, so that new tests can be started. In my experience ProcessWire involves so many interconnected parts and processes that creating "good enough" mock data would've been a major pain, and still wouldn't really have answered the question of "does this module work as expected in all supported ProcessWire versions, different operating systems, and different database system(s/ versions)". Of course there's still need for unit testing, but in my case it just didn't seem like the best approach ? As for current testing best practices with ProcessWire, I'd definitely check out Process Nette Tester. And — this is very opinionated, sorry in advance! — I'd probably steer away from PHPUnit. I mean... I'm sure it's an amazing tool once you really get to know it, but the more I've worked (read: fought) with it, the more frustrated I've become. In my humble opinion it's not particularly developer friendly, and there are too many limitations. Again, this might be a result of using it for wrong type of testing, so take it with a grain of salt. I just feel that there are now better options out there.

I figure this could lead to a collision if there were someone with the e-mail jim@ex-ample.com and someone with the e-mail jim-ex@ample.com.

Example implementation: Info: So this is very much an ALPHA version of what I hope turns into a swiss armory knife payment module. Currently you are able to take payments with the payments form or cross browser payments button (Apple Pay etc). Please read implementation details here and consider contributing https://github.com/benbyford/PaymentStripeIntents TODO: Add subscription functionality Add customer functionality More testing and code clean up More usage examples anything else?

Since it's featured in ProcessWire Weekly #310, now is the time to make it official: Here is Twack! I really like the following introduction from ProcessWire Weekly, so I hope it is ok if I use it here, too. Look at the project's README for more details! Twack is a new — or rather newish — third party module for ProcessWire that provides support for reusable components in an Angular-inspired way. Twack is implemented as an installable module, and a collection of helper and base classes. Key concepts introduced by this module are: Components, which have separate views and controllers. Views are simple PHP files that handle the output for the component, whereas controllers extend the TwackComponent base class and provide additional data handling capabilities. Services, which are singletons that provide a shared service where components can request data. The README for Twack uses a NewsService, which returns data related to news items, as an example of a service. Twack components are designed for reusability and encapsulating a set of features for easy maintainability, can handle hierarchical or recursive use (child components), and are simple to integrate with an existing site — even when said site wasn't originally developed with Twack. A very basic Twack component view could look something like this: <?php namespace ProcessWire; ?> <h1>Hello World!</h1> And here's how you could render it via the API: <?php namespace Processwire; $twack = $modules->get('Twack'); $hello = $twack->getNewComponent('HelloWorld'); ?> <html> <head> <title>Hello World</title> </head> <body> <?= $hello->render() ?> </body> </html> Now, just to add a bit more context, here's a simple component controller: <?php namespace ProcessWire; class HelloWorld extends TwackComponent { public function __construct($args) { parent::__construct($args); $this->title = 'Hello World!'; if(isset($args['title'])) { $this->title = $args['title']; } } } As you can see, there's not a whole lot new stuff to learn here if you'd like to give Twack a try in one of your projects. The Twack README provides a really informative and easy to follow introduction to all the key concepts (as well as some additional examples) so be sure to check that out before getting started. Twack is in development for several years and I use it for every new project I build. Also integrated is an easy to handle workflow to make outputs as JSON, so it can be used to build responses for a REST-api as well. I will work that out in one section in the readme as well. If you want to see the module in an actual project, I have published the code of www.musical-fabrik.de in a repository. It runs completely with Twack and has an app-endpoint with ajax-output as well. I really look forward to hear, what you think of Twack?! Features Installation Usage Quickstart: Creating a component Naming conventions & component variants Component Parameters directory page parameters viewname Asset handling Services Named components Global components Ajax-Output Configuration Versioning License Changelog

BETA: SplashAndGrab https://github.com/madebymats/InputfieldSplashAndGrab This module attaches a search input to selected image fields that lets you search and download images from Unsplash. (Unsplash is a stock photo service where you can download images for free and use as you wish. No strings attached.) You can search by string, colors, orientation/crop and order by relevance or time published I find Unsplash useful both for placeholder images when building sites but also as a time saver for editors if they don’t have any images at hand, just search, download and publish. Thanks to @apeisa for building the FlickrInputField Module and @Robin S for AddImageUrls, took a lot ideas and code from those modules.

This means that the value you are saving to the title field has had its special characters converted to HTML entities. You don't want this because the PW admin automatically applies htmlspecialchars() to the title and so the entities are being double-encoded. So if $baslik[1] is being entity encoded somewhere in your code then simply don't do this step, or if you are getting the value from somewhere where the value is already entity encoded then you can use html_entity_decode() or instruct $sanitizer->text to convert entities: $p->title = $wire->sanitizer->text($baslik[1], ['convertEntities' => true]);

He's on fire ??? Really not a big thing, but how would one remove this item? ? Business hours can be a pain... Have you thought about using a library? eg https://github.com/spatie/opening-hours Maybe you have an idea for a good UI regarding exceptions (like holidays etc)? Very nice UI btw! ?

My approach from today: $wire->addHookProperty("Page::myFooLabel", function($event) { $page = $event->object; if($page->template != 'foo-page') return; $event->return = $page->title . " (foo label)"; } Then just set the label field to "myFooLabel" and enjoy. This also has the benefit of having the dynamic label always available easily via $page->myFooLabel

In the sense that no automated/programmatic tests are used: most likely yes. Third party modules often don't come with any tests, and as for sites — well, I don't really know, but my assumption is that many don't have tests. ProcessWire can be used for a lot of stuff, but the most common use case are still bespoke websites, and for those testing is rarely a key requirement. Hence the gap in testing support compared to pure web application frameworks such as Laravel ? As for core code, I don't really know. Ryan used to use a set of tests for the Selector engine, but I can't say for sure what the status of that project is.

How could I forget this? Hehe. Thanks for the reminder ?

Maybe the ProMailer can help out?

In case you decide to go with another testing framework, I found these PHPUnit lessons very helpful:

Maybe @tpr has some experience he could share. He is the author of the ProcessNetteTester module which is relevant to this topic.

Relative to ProcessWire 3.0.161, version 3.0.162 contains 24 commits that continue upgrades/improvements to selector operators, fix various minor issues, add new API convenience methods, improve documentation, optimize and refactor various portions of code and DB queries, and much more. For full details, see the dev branch commit log as well as last week’s post. Next week I hope to finally finish up a new version of ProCache and continue with some additional core to-do items. By early August my hope is that we’ll have the next master branch version ready. Also added this week is a new dedicated documentation page on this site that covers all of ProcessWire’s selector operators, including all the newly added ones here: selector operators. Thanks for reading and have a great weekend!

I'm totally agree with your opinion. Even it's beta.. We could start to implement it, use it, find bugs, help to fix it etc. We could start our projects and show something to our clients, get familiar with the system.

https://vanillajstoolkit.com/ is another good location to look for VanillaJS

I haven't tested it much but it looks like you can hook Page::getMarkup() $wire->addHookAfter('Page::getMarkup', function(HookEvent $event) { $page = $event->object; if($page->template->name !== 'TEMPLATE(S)_USED_IN_YOUR_PAGE_FIELD') return; $out = $page->title; // add more stuff to $out using $page $event->return = $out; });

Labels are generated inside InputfieldPage::getPageLabel method (\wire\modules\Inputfield\InputfieldPage\InputfieldPage.module), but unfortunately it's not hookable. You can prefix the method with 3 underscores ___ to enable hooking (it works that way) but when you update the core it will be overwritten with unhookable version. Feel free to make a feature request on Github. // /site/ready.php wire()->addHookAfter('InputfieldPage::getPageLabel', function (HookEvent $e) { $field = $e->object; if($field->name !== 'myPageField') return; $page = $e->arguments(0); $e->return = "$page->title @ {$page->parent->title}"; });

https://processwire-recipes.com/recipes/resetting-admin-password-via-api/