cwsoft

Just working on a new module for a customer who is concerned about the wire frontend cookie set w/o prior consent by the user. The customer uses frontend forms which require session cookies (wire) e.g. for CSRF checks, input validation, failed attempt restrictions etc. So he wanted to show a cookie dialogue asking for consent for technical required cookies, even if this is not 100% required by the DSGVO. First used a modified PrivacyCookie module to achieve this, before I went to create a minimalistic module myself. My module hooks before page::render and adds a cookie consent dialogue which asks for consent for technical required cookies and shows an Accept/Decline button and links to imprint and privacy policy sites. My module also hooks into $config->sessionAllow and sets it to true if user gave consent, requested a backend page or a wire session already exists. This way wire cookie is only created in frontend if user gave consent. On the form page of my customers site the display and processing of the frontend form is wrapped in a $session->hasCookie() block to execute only after user gave consent. Without consent a message is shown that using the form requires cookies. By default the consent cookie is stored for 7 days if accepted, so the cookie dialogue won‘t show up on next visit unless user cleared cache. If user declined, the consent cookie expires after the browser session so the cookie banner pops up again on next browser session. So who may be using this module? Clients only using technical required cookies by default (no google fonts, youtube etc.) maybe with an optional frontend form, which are still afraid or simply want to have a cookie consent dialogue before the PW wire frontend cookie gets created. Will do some more tests and polishing, before uploading the module to my Github repository.

@bernhardIt’s on my list to install and test your modules once I find some time to do so. So far I looked into the code of yor modules on Github to get some inspiration and insights how the PW ecosystem works. Especially interested in the LESS template system. Used Twig (PHP) and Jinja (Python) in the past for medium to large size projects, while sticking to plain PHP/Python for small projects.

@bernhardIn my case I prefixed the Github repo with the suffix pw - as I plan to release at least one module more - but named the module folder and class EmailToEnryptedMailto without that pw suffix. I could add a ZIP package to the release section with the right folder naming convention, or just do it via command line inside the site/modules dir of my PW installation. git clone https://github.com/cwsoft/pwEmailToEncryptedMailto.git ./EmailToEncryptedMailto P.S.: May change the naming of the Repository in the future, but I do not think there will be much downloads of my module anyway, so I stick with it for now :-).

@bernhardGuess the core way is fine if you deal with just a couple of translation strings in one or maybe two PHP module files and only support one or two additional languages to the default English (like German in my case) out of the box. But this way may suck if you have 20+ strings spreaded over 5+ files and want to support 3+ languages.

@bernhardThanks for your suggestions. Fully agree with you on linked JS/CSS. In my dev env I use SASS/Typescript with bundlers to create one combined and minified CSS and JS file, which I include. Set it up like this so no one needs to modify templates or add CSS rules to template files manually. I also wanted something which just works without tons of settings you can apply e.g. add to head/body, add as inline/link etc. As there are at least three similar modules with lots of possible setting options, I just did a clean, small, tidy one with almost no settings at all as my first module. P.S. Thanks for the tipp with the install from url field, will check this out.

Updated module to version 0.0.2 with tranlations of the mailto subject text in English and German. In addition I added the CSS class automatically, so there is no need to add it manually to your template anymore.

Ok, managed to do it the ProcessWire core way by following the steps at the bottom of the Helloworld module by Ryan Cramer. Updated my first PW module for obfuscating emails accordingly.

@joer80Used various CMS like Joomla, TypoLight/Contao, Silverstripe, ModX, WordPress, WebsiteBaker, Plone, ProcessWire, …, in the past to build client websites. As a backend developer I liked Silverstripe, Plone and recently Processwire the most as they give you much freedom in doing things the way you like. The Processwire API is really outstanding here, as it allows to access/hook into about any process/resource you need with an easy to understand API. Don‘t know why, but from all CMS I used to build client sites, I hated WordPress the most. Used it only if customers wanted features or designs which where already available for free in the WP eco system. Best part for me was the automated updates of core and addons in WP. Most of my clients however want to host their sites on own servers and do not want to use cloud services or CDNs due to data protection requirements and general politics. In this eco system, PW is the perfect match for me as backend dev for now. And yes. Recent PHP 8.x features are really cool, especially if you used e.g. C#/TypeScript in the past.

@WarranDepending on what you want to achieve/include, AJAX requests may be used to load static texts (like cookie consent cards) as well.

@bernhardThanks tor the module. Have read about it on your Github/project site but as usual wanted to try the PW core way first. However I struggled what the core way is or the way it works. Initially I thought PW supports language files automagically by just putting a key/sprintf per line to translate into a CSV file per language/module. But than I checked out the hello world module and found there is an 'en' and a 'foreign' language column, a description and a hash. Didn‘t realize one needs another module to translate strings, as I never worked with__() functions yet.

@AndZykThanks. Seems to be the missing link. Thanks for pointing me into the right direction. Will try tomorrow and see if I can make it.

@sz-ligaturMost ProcessWire global config stuff is not available within the early stage of the bootup process inside $config->sessionAllow. My sessionAllow function looks like follows and works as supposed. $config->sessionAllow = function($session) { // Allow sessions in backend. if (strpos($_SERVER['REQUEST_URI'], '/your_path_to_pw_backend/') > 0) return true; // Enable PW session in frontend if user accepted cookie consent notice. if (array_key_exists('pwconsent', $_COOKIE) && $_COOKIE['pwconsent'] == 'allow_necessary') return true; // If a PW cookie is present, session is likely already in use so we keep it. if ($session->hasCookie()) return true; // Otherwise we disable cookies in the frontend. return false; }; I enable Cookies if request Url contains backend path (2nd line) or if a pwconsent cookie was found. This Cookie is set via my template file in case user gave his consent for using technical required cookies via module PrivacyWire. Cookies are required in frontend to protect my form (e.g. CSRF protection, etc.). As PrivacyWire uses localStorage to store users consent action, I put the following JS code at the end of my template _main.php just before closing body tag to create a Cookie in case user gave consent to technical required cookies on my site. Why? Cookies access is easier in PHP than trying to read from localStorage (e.g. via AJAX). <script> // Check if user already accepted technical required cookies. let json = localStorage.getItem('privacywire') || ''; if (json) { data = JSON.parse(json); if (data?.cookieGroups?.necessary) { // (Re-)create session cookie if user agreed usage via local storage. if (document.cookie?.indexOf('pwconsent=') == -1) { document.cookie = 'pwconsent=allow_necessary;path=/;SameSite=Lax;'; setTimeout(function() { window.location = "<?=$page->httpUrl?>"; }, 0); } } else { // Avoid that user gets locked out by e.g. changing local storage values manually. localStorage.removeItem('privacywire'); } } </script>

@PWaddictHave not yet used SimpleForm myself. If a human scans a site and modifies a bot, most forms can automatically be filled I guess. Seems there is no counter for failed submits logged by IP or general wrong submits yet implemented, which would limit the amount of trials to lets say 5. Thats something I always want to have in frontend forms to protect my side against bots and script kiddies. FrontendForms and the pro module from Ryan do implement such protection by default if I remember right. How many failed trials were in the logs before the success message appeared? Only one failed, than success? That would be strange.

Hello, after reading forums, old PW weekly and reading through language support docs and Ryans HelloWorld module, I am still struggling to add two translations in German and English to my own module. How would I create the CSV file(s) with description and the hash (md5?). Is there a module used to create the language files, or just create manually? If manually, how is the hash created, or what string/values are used as input to the hash function? Any tip, hint or link would be appreciated. I must have overseen some important parts so far. Thanks in advance.

@Vineet SawantForm Builder Pro from Ryan (commercial) or at least with FrontendForms from Jürgen (free), if the project will be realized with processwire. However as Jim already pointed out, you should take some time to invest in the requirements and the best tool around to achieve what you want. That may involve another framework, coding language etc.

Hi, have used the site/config.php $config->allowSession handler in combination with the PrivacyWire module to disable frontend cookies unless the user opt-in to accept technical required cookies for a booking form shown on my frontend w/o user login required. The booking form is not displayed and processed until user opt-in. Instead a message is shown that the booking form requires cookies to work. The other pages can be viewed but with the consent form displayed. Once the user opt-in, the PW wire cookie is created and the booking form can be used as normal. Don‘t know if that is really necessary, but that way should be ok with the lawyers out there in EU/Germany. P.S.: If Url contains backend path, sessions and cookies are enabled by default. Its just disabled for the frontend guest users by default.

Just uploaded the module files to my Github profile in case someone is interested in. If you want to use it, just download the attached Zip file in the Github Release section of the linked repo.

@flydev: Damn red pill ?. Created my first module hooking after Page::render and replacing text emails like (example@domain.com) into encrypted mailto links which gets automatically decrypted from a Javascript function embedded into the head section if emails are found on the rendered page. Really enjoy my PW journey so far. If you need more options, want to configure stuff from the backend etc. I propose you try out the EMO module from Roope. My module will stay like this without more profound checks like mailto: links, embedded emails in other tags. If you are interested in the code, just send me a PM or post here.

As strftime is deprecated and it‘s alternative is a bit overshoot to me, I tend to just create an associative array with the short Weekday names like $shortWeekdays = array(1 => 'Mo.', 2 => 'Di.', …, 7 => 'So.'); and access them like $shortWeekdays[date('w', (int) $page->getUnformatted('datefield'))]; Just put this stuff in my _init.php file so I can use it where I need it in the template files. If I would need multilingual support, I would create an associative array with the required language codes like array('de' => array(1 => 'Mo.', …), 'en' => array(1 => 'Mon.', …));

Thanks for the link, didn‘t knew this site. As I am still new to PW I am still in discovery/experimental mode. To learn a new CMS/CMF I always try to use core stuff first and see how far I get by adapting things like templates, modules myself rather than jumping into 3rd party addons right from the start. Once I get more familiar with PW ecosystem, I test out 3rd party addons and check their code base to see how others would implement stuff.

Almost. Guess I will turn my working solution in a custom text field type sanitizer first so there is no need to „hack“ the template files anymore. But really nice how PW stays out of your way and allows you to test/implement ideas very fast and to refine/adjust the POC later. Also like that it‘s up to yourself to use procedural or object oriented code or a mixture of both similar to Python for quick tests. P.S.: I knew there is a PW module available to obfuscate email addresses, but I was curious how long it would take me to port over an working solution from some older projects of mine to PW myself.

Hi, just ported over an old mail encryption/decryption routine using a Caesar cipher from some old projects to protect email addresses from spam bots, but show it normal for humans into a ProcessWire module. How it works: Enter email with double brackets where you want it [[example@domain.com]] in any CKEditor field Turns to <a href="javascript:cdc('dbfnrgmzfumx','SubjectX')">example<span class="hidden">(</span>@<span class="hidden">)</span>domain.com</a> A Javascript function decrypts the encrypted email on click Link is obfuscated from bots, but visible for humans (example@domain.com) Email placeholders are automatically detected via template _init.php file Placeholders gets replaced in template _main.php by wrapping $content around a PHP function Was super easy to implement with Processwire using the Intermediate / delayed output template strategy of the advanced default PW template and the great API. Super fun. P.S.: If someone is interested, I can post some code examples too.

@Jay DYou could try to hook into the page save event via the ready.php file to create/update images of a given page/template. Not dealed yet much with image manipulation myself. But doesn‘t the default image field allow to manipulate the image already. Coding wise you could use the image API https://processwire.com/api/ref/pageimage/size/.

@netcarverThanks for your reply. Will most likely deactivate Cookies in frontend, unless you are in admin/backend, or the user checked the confirmation in the frontend form to use CSRF protection. Most likely in combination with a user consent module asking for permission. Your posts and links helped a lot to understand the background to get things done.

@flydevThanks a lot. Exactly what I searched for. Will try to play around with those settings. Regarding lawyers. Interesting post, but stuff may differ in Germany. The lawyer of the company I am working for has a completely different view of what Cookies are technical required and what Cookies are not ? Cheers.