Leaderboard

Sooner or later, everybody gets hit by the dreaded "can't we integrate this with [Azure|Google|Facebook|whatever|...]?" question. Lately, those have more or less assaulted me, and I've been looking for a clean-cut solution to link my PW instances up to a big Identity Provider. There is already the SamlAuth module in the module repository, but it has not been updated in a while and it's not as "graphical" as I'd like it to be - I want to be able to take long holidays away from cellphone reception while our IdP's certificate might expire. So I started wiring things up from scratch (as much as "building a PW UI and endpoints around php-saml) can be called "from scratch". So I've been starting to build: PoetSaml2 A SAML2 Service Provider for the ProcessWire CMS/CMF The module is still very alpha, rough around the edges and lacking a bunch of features I consider essential for long-term production use. Still, I decided to get the word out there early, maybe find even find some daring early adopters willing to restore a backup or two of their PW instance in case things go wrong, and also perhaps get some feedback about use cases and requirements I am not aware of. My SAML2 experience so far is limited to an enterprise environment with only Azure / Entra Id and SamlTest.id. It uses OneLogin's php-saml library for the hard work. The necessary SSO endpoints are realized with ProcessWire's URL hooks. Requirements ProcessWire >= 3.0.218 FieldtypeOptions FieldtypeRepeater PHP-OpenSSL Compatibility Basic compatibility has been verified with both Entra Id and SamlTest, meaning I could initiate successful logins into ProcessWire both from PW itself and from the Identity Provider. Screenshots SAML2 login button on the admin login form: PoetSaml2 comes with an admin page that lists all configured profiles and gives you quick links for adding and deleting profiles, lets you download your metadata file so you can upload it to your Identity Provider and even lets you backup profiles to a file. Uses ProcessPagesExportImport to import backup files. The profile configuration is a regular page edit screen. There are sections for the local endpoint (SP Configuration) and for the Identity Provider (IdP Configuration). You can set a redirect URL or even role specific URLs so PW knows where to take you if you initiate a login on the IdP side. Fine grained login permission, redirect URL discovery and even user creation based on SAML Claims can be realized through hooks. A checkbox lets you create a self-signed SP certificate. You can import your IdP's metadata.xml from a file or URL instead of having to copy & paste the URLs and certificate (thanks to php-saml's metadata parser). A lot of it is already documented to some extent in the README file on GitHub.

Thanks Brendon. Happy to know that I’m not blind. I will give a thanks trophy anyway. People in this forum are so friendly, if I can boost their ego, it will be my pleasure... ?

TL:DR I've updated a PW page we've built 9 years ago for the first time and it's still a solid experience. Backstory Back in May I was on a crowded train somewhere in the middle of Germany. Now working as a "Consultant" who builds slidedecks instead of websites, I happily noticed the men next to me talking about responsive webdesign with his friend. During the obligatory "This train is late" announcement we started to chat. My seatmate, a geography teacher, recently attended a web workshop at a large Hamburg agency. He told me he now understands the value of a CMS for updating their site and he wonders how to build a responsive layout. They don't get paid for this and work on their homepage in their spare time. And they have a Typo3 installation ? Back in 2013, together with my friend Marvin, we've rebuild our school website with ProcessWire optimized for mobile devices. Launched in 2014 this was quite an impressive feat including online time tables, a working event calendar (with import feature) and many small nice touches. After my encounter on the train, I checked the page and yes, It's still online and updated daily! The next day I wrote my old teacher a short email if we should have a closer look into the underlying tech and within minutes I got a super happy reply that he is so glad that somebody would help (again). So let's dive into what we've done. Situation First some details about this ProcessWire installation that is updated by a few teacher on a regular basis. Over the 9 years they've wrote nearly 900 news articles and kept more than 250 pages up to date. The asset folder is over 11GB. Build with Processwire 2.4 (?) and lots of janky code we've updated the page once to 3.0.15 somewhere in 2016 quick and dirty. They even used the old admin layout. ProCache, CroppableImages3 and a few other plugins were used. Every single one of them required an update It's used the classical append-template approach with a single big "function.php" included file. It's running on PHP 5.6 and for whatever reason no PHP update was enforced by the hoster (But the admin panel screamed at me) A privacy nightmare: Google fonts embedded directly, no cookie banner and a no longer working Google Analytics tag included The old ProcessDatabaseModule made a database backup every week as planned over all these years. Nice. No hacks, no attacks and all teachers are using their own account with assigned permissions Changelog I've updated the page with a focus on making it stable and reliable for the next 9 years. After making a development copy of the page, I've started working on the following changes: Updated ProcessWire and all modules to the latest stable version. After reloading a few times, no errors encountered Updated the whole templates to make it work with PHP 8.2 Removed all externally hosted scripts, disabled cookies for all regular visitors and introduced a 2-click-solution for external content Reworked a few frontend style issues around the responsive layout, made slight visual changes for 2023 (e.g. no double black and white 1px borders) Ported the image gallery feature to more templates (Big wish of the people updating the site, they've used a workaround) Cleaned up folder and structures, removed a few smaller plugins and admin helpers no longer needed All this was done back in May and - with a big break - completed now in October. It took a few days and most of the time was spent figuring out our old code. Learnings ProcessWire is robust as f*ck. I just clicked "Update" and it mostly worked instantly I nearly removed features for the PHP update. A custom written importer for the proprietary XML schedule was hard to debug and understand (5-dimensional-arrays...). Gladly I've tossed a coin and just gave ChatGPT the php function source and error message and within a single iteration it updated the code for PHP8. The "responsive" CSS framework aged badly. The used 960gs skeleton uses fixed widths for the responsive layout. I couldn't get it be wider than 320px on mobile screens. So the site is responsive but with a slim profile for now. Replacing it would be a complete layout rewrite Result and looking forward The Werkgymnasium site is now updated and live again. It still loads superfast and looks great after all these years. We have a few more features planned to help our editors input new content but overall it just works. Looking forward a few issues remain. ProCache would require the paid update but it still works fine. The layout needs improvement on mobile screens. There is still an error with the pagination. We'll cleanup the code more and then make the whole template public on Github so that maybe a few students after us can continue with the updates. Maybe even rebuild the frontend one day. I hope I can give you an update in a few years again. As a closing note: I'm still grateful for the amazing community here and all the features ProcessWire has to offer. My daily work no longer resolves around websites but PW has a permanent spot in my heart. Thanks Ryan and all the contributors.

@BitPoet - thanks so much for your hard work on this and sharing it with everyone. Just curious though about the need for the PHP-mcrypt library. I thought it was considered important to instead use sodium these days. I'd love your thoughts on this because it seems like you are pretty in-tune with these types of things.

The "Thanks" trophy is nice in that it provides reputation points back to members, but aside from a little ego boosting, I don't think it has any terribly high value or merit -- with perhaps the exception of visually providing a means to let other visitors know what replies are worth reading carefully? The "mark as solution" feature is not enabled, or is at least hidden. I'm not sure why the email notifications are still worded that way, but you won't be able to find that button. ?

This week there are a few updates on the dev branch. Since I'm short on time today, I'll just briefly cover the most interesting ones. Support for OR-groups, sub-selectors, and match same (1) @item groups (see last example at that link) have been added to ProcessWire's in-memory page matching selectors, as used primarily by the $page->matches() method. Previously these features were supported only by the database selectors from $pages->find() and methods that delegated to it. The $page->matches() method that gained these features is used by the core in various places for runtime matching of pages, such as when finding/filtering in a PageArray, for example. Support has also been added for OR-groups to the base Selectors class, which makes it possible to use OR-groups on non-Page objects too. These database-specific selector features were added because there's been a recurring request to support OR groups in places that currently use memory selectors, so this should do that. Though it'll remain just on the dev branch until it's had more thorough testing. While there will always be some differences between database and memory selectors, this does narrow the gap a bit. Thanks for reading and have a great weekend!

Generate image placeholders for smoother lazyloading. Currently supports ThumbHash, BlurHash, and average color placeholders. I've been using the wonderful ImageBlurhash module for this in the past, but unfortunately it's no longer in active development. This new module adds ThumbHash and Average Color placeholder algorithms, improves performance by caching generated placeholders, fixes an issue when replacing images, and allows regenerating and clearing placeholders via the admin interface. Try it out using the installation instructions below or check out the GitHub repo for details. Why use image placeholders? Low-Quality Image Placeholders (LQIP) are used to improve the perceived performance of sites by displaying a small, low-quality version of an image while the high-quality version is being loaded. The LQIP technique is often used in combination with progressive lazyloading. How it works This module will automatically generate a small blurry image placeholder for each image that is uploaded to fields configured to use them. In your frontend templates, you can access the image placeholder as a data URI string to display while the high-quality image is loading. See below for markup examples. Placeholder types The module supports generating various types of image placeholders. The recommended type is ThumbHash which encodes most detail and supports transparent images. ThumbHash is a newer image placeholder algorithm with improved color rendering and support for transparency. BlurHash is the original placeholder algorithm, developed at Wolt. It currently has no support for alpha channels and will render transparency in black. Average color calculates the average color of the image. Installation Install the module using composer from the root of your ProcessWire installation. composer require daun/processwire-image-placeholders Open the admin panel of your site and navigate to Modules → Site → ImagePlaceholders to finish installation. Configuration You'll need to configure your image fields to generate image placeholders. Setup → Fields → [images] → Details → Image placeholders There, you can choose the type of placeholder to generate. If you're installing the module on an existing site, you can also choose to batch-generate placeholders for any existing images. Usage Accessing an image's lqip property will return a data URI string of its placeholder. $page->image->lqip; // data:image/png;base64,R0lGODlhEAAQAMQAA Accessing it as a method allows setting a custom width and/or height of the placeholder. $page->image->lqip(300, 200); // 300x200px Markup Using a lazyloading library like lazysizes or vanilla-lazyload, you can show a placeholder image by using its data URI as src of the image. <!-- Using the placeholder as src while lazyloading the image --> <img src="<?= $page->image->lqip ?>" data-src="<?= $page->image->url ?>" data-lazyload /> Another technique is rendering the placeholder and the original image as separate images on top of each other. This allows smoother animations between the blurry unloaded and the final loaded state. <!-- Display placeholder and image on top of each other --> <div class="ratio-box"> <img src="<?= $page->image->lqip ?>" aria-hidden="true"> <img data-src="<?= $page->image->url ?>" data-lazyload> </div>

So, after jumping through the code, I found that v4 includes xmlseclibs through composer (2 and 3 ship an integrated, outdated version). The code in the xmlseclibs GitHub repo doesn't have any references to mcrypt left. So it seems I can hard wire v4 (only dropping backwards compatibility with eol PHP releases) and be done with mcrypt ?

It's a dependency of php-saml. I haven't looked to deeply into the why and where there, but it's on my radar. The php-saml docs are still a bit of a mix of old and new from versions 2, 3 and 4, so I'll have to dig into the code to see if it's really still needed.

Impressive. I was thinking about some of the higher latency I've seen in databases that aren't located on the same server that is hosting ProcessWire. I'm sure it will be fine. I'm sure someone will come back and let me know if it's too slow ? Started working on this but have been super busy with work. Will report back here when the release is ready.

Give wireRenderFile a try instead of wireIncludeFile.

Hi all, My 1st submission here - MeBilling.com - A website for a medical billing solution provider. What I did in this: Logo, Website Design, Processwire integration Processwire modules used: Mostly utilised core 3.0.x modules, with Frontend editing feature for ease of content editors. Let the opinions flow in.

@adrian with v1.5.1 you can write your dump script in the custom shell script config field like that: #!/bin/sh # Custom Remote Dump # (1) Set up all the mysqldump variables FILE=%%FILE%% DBSERVER=%%SERVER%% PORT=%%PORT%% DATABASE=%%DATABASE%% USER=%%USER%% PASS=%%PASS%% CACHEPATH=%%CACHEPATH%% # Fix trailing slash in cache path if needed CACHEPATH="${CACHEPATH%/}/" OUTPUT="${CACHEPATH}${FILE}" # (2) in case you run this more than once a day, remove the previous version of the file unalias rm 2> /dev/null rm ${FILE} 2> /dev/null rm ${FILE}.zip 2> /dev/null # (3) do the mysql database backup dump (remote) mysqldump --opt --protocol=TCP --user=${USER} --password=${PASS} --host=${DBSERVER} --port=${PORT} ${DATABASE} > ${OUTPUT} You can of course also set hardcoded values.

OK, the problem with the two mentioned pages is the usage of webfonts with a required counter call from myfonts.net: https://hello.myfonts.net/count/379b36 In this request the Expect-CT header is set ?‍♂️ - so that is not caused by processwire.

Hi, sorry for the delay guys. @adrian I made it configurable, it should also check for carriage return when a custom script is given, please check releases/tag/v1.5.0 and tell me if you need something more. Edit2: Rereading your post again, I just realized that I omitted a detail... it'll be ok on v1.5.1 sorry. @Boost Thanks ? . You can check if mysqldump is avail. on the config page. And if needed, to be sure that mysqldump is found, you could run some tests, also make sure - with Duplicator 1.4.29 - that the binary zip is available. Duplicator v1.5.0 show you this information on the module configuration page, with some more friendly exec return code error when the script run (see link at the end of this post). Some suggestions/debug steps if needed: is mysql in env path and runnable? with normal user type `mysqldump` and `zip` if #1 is ok, try with user/group assigned to your web server, eg. with www-data: sudo su www-data -s /bin/sh mysqldump zip For `mysqldump` only - grab the dump script there and adjust variables in order to make a test cd /path/to/site/assets/cache sudo wget https://raw.githubusercontent.com/flydev-fr/Duplicator/v1.5.0/scripts/mysqldump.unix.sh sudo nano ./mysqldump.unix.sh and set correct or dummy values (or with vim, etc..) sudo chown www-data:www-data ./mysqldump.unix.sh sudo su www-data -s /bin/sh chmod +x ./mysqldump.unix.sh run a test: ./mysqldump.unix.sh Anyway, you should grab the last version I just release before messing with it, because if the issue is that zip isn't available, it will fallback using WireZipFile. Edit: Just a word, I got this issue and it was zip that was missing (about exit code 2). https://github.com/flydev-fr/Duplicator/blob/8d2ee3c0327baf4cee0128b12a0724d20dadfb53/Classes/BackupDatabase.php#L253-L270

Thanks @ryan - this is fantastic update. My initial testing shows that OR selectors are now working for the WireCache $expire selector (https://github.com/processwire/processwire-issues/issues/1828) which really opens up the ability for some huge performance benefits. Thanks again!

Last time it did, but I guess not being a complete failure this time is something to celebrate. Kudos to WordPress for doing the bare minimum! Here's a gold star ⭐

@kongondo Is there more to see in the meantime? ?