Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by bernhard

  1. It should work just like any other PW api... Does it render empty divs? Does it throw an exception? I'm never using {include ...}, I'm always using {$rockfrontend->render(...)}, but both should work.
  2. The separation here is on purpose. Everything in the module folder comes from the module folder. Everything outside comes from the user 😉 Same as with /wire folder and /site folder.
  3. Why? This is the way everybody else does it 😉 I'd recommend using a folder in /site/templates, eg /site/templates/FrontendForms - if you choose one in /site/assets the files will not be translatable.
  4. Hi @Richard Jedlička thx for the update! Sorry for not replying to your request. I wanted to suggest taking the module under my control, but then I thought it might make more sense to create some RockMigrations tweaks instead. But I think your module is really useful and complete as it is (now with the fix 😉 ) and I guess it will work like this for a long time without any necessary maintenance, so I think there is no real pressure in changing anything. Or do you see that differently?
  5. I think your question totally depends on how you have built your frontend. When using RockFrontend for example you could hook into RockFrontend::render() and then trigger the halt() before or after any portion of code has been rendered.
  6. I'm also seeing this from time to time (but only on local ddev). Do you know WHEN the error occurs? I think in my case it was while debugging via xdebug so I didn't really care.
  7. Just hook into the page list label 🙂 https://processwire.com/talk/topic/26610-custom-page-list-label/?do=findComment&comment=220584
  8. Very interesting blog article that compares twig / blade / latte: https://blog.nette.org/en/quiz-can-you-defend-against-xss-vulnerability
  9. I don't think that this is true 😉 Repeater items are just regular PW pages. They are hidden in the page tree somewhere under the admin page. It should then be possible to create a page reference field with a selector like "parent=123,include=all" Where 123 is the id of the page that holds your repeater items. Not sure if the include=all is necessary, just try it without.
  10. Have you had a look at https://github.com/baumrock/PassPhraseJS ? You can simply include the js file and add 3 html attributes and you are done 🙂 Yeah I've had such a misconception in my head initially so I might have communicated that confusingly.
  11. You see in the screenshot that it's a regular form inputfield, so you can enter whatever password you want 😉 I just wanted to have a nice little helper to choose from a random generated one. First thought was to just create a random string with a random length, but it's a product targeted for non-tech people and should be as simple to use as possible, so a password like 237u89gdisjv783z9rfre90fuds is for sure not a good option in terms of UX 🙂 But if anyone wants to use such a password (because he/she is using a password manager for example) then that's no problem. No, I don't force the user to use this syntax, so he/she can use whatever he/she wants. I only add a minimum length rule to the password (using RockForms, so all rules apply both on the frontend and on the backend!): $this->addPassword('pass', 'Passwort') ->addRule( $this::MIN_LENGTH, 'Das Passwort muss mindestens %d Zeichen lang sein.', $dev ? 1 : 10 ) ->setRequired('Bitte gib dein gewünschtes Passwort ein.') ->setHtmlAttribute('autocomplete', 'new-password'); And an equal rule to the password confirmation field: $this->addPassword('pass2', 'Passwort bestätigen') ->addRule($this::EQUAL, 'Die Passwörter stimmen nicht überein.', $this['pass']) ->setRequired('Bitte bestätige dein Passwort um Tippfehler zu vermeiden.'); And then the markup for PassPhraseJS: $this->addMarkup("<div class='tm-pass-suggest'>Zufallspasswort verwenden: " . '<a href=# passphrasejs-renew="#pass">-- svg reload icon --</a>' . '<a href=# passphrasejs-copyto="input[type=password]">' . '<span id="pass" passphrasejs></span>' . '--svg copy icon--' . "</a>" . "</div>"); I've done some research on how to sanitize the password on the backend, but it looks like there is no method for it. I've tried setting "foo bar" as password via the API and that works and the user can log in. But I will disallow spaces in my passwords for sure. So I think it's enough to use $sanitizer->text() and then additionally check if the password has a space in it. But I'm not sure yet, so any input is welcome 🙂
  12. I think this is already quite impressive! I've updated the tool to support custom separators. This leads to an enormous number of possible combinations even if you only have 4 words in the dictionary, namely over 2 million!
  13. Of course. And that's the problem sometimes. If you don't know a lot about a problem you simply can't provide a good prompt. For example if you wanted a javascript array with some items and you didn't know what an array is, how would you ever get to that result? I'm on the free account, no idea what version that means. And I'm happy to learn, if you can show me how a good prompt in that example could look like 😉
  14. Ok, thank you both 🙂 Here are my learnings: I went to the backend user profile to see if the password field has some helpful information I searched the core files for "characters long" wich was found in InputfieldPassword.module $minlength was a variable there, so I thought - as always - this would be configurable by PW I looked into Modules > Core > InputfieldPassword and found no configurable fields *surprise I found this thread and especially this answer by ryan: https://processwire.com/talk/topic/3149-password-complexity-requirements/?do=findComment&comment=31155 Luckily @adrian posted a link to the blog post that shows that everything is configurable now, I was just looking at the wrong spot: https://processwire.com/talk/topic/3149-password-complexity-requirements/?do=findComment&comment=158365 / blog post: https://processwire.com/blog/posts/upgrades-optimizations-pw-3.0.22/#major-enhancements-to-our-password-field Then I took a breath and thought about it as I somewhere read that forcing the user to use numbers might not be the best/most secure option and using a random string instead could be better in terms of UX and also security. Also when creating users in PW via the API the password requirements do not apply - so I can choose whatever syntax/requirements I wanted. So I created created an array of 100 random german words with the help of AI and then played around with that a little. This is the result: https://github.com/baumrock/PassPhraseJS I've also built an interactive calculator to see how many random passwords are possible with your chosen settings: https://baumrock.github.io/PassPhraseJS/example.html What do you guys think? Any suggestions for improvements? I'm already working on making the separators configurable so that will increase the number of possible passwords tremendously.
  15. I have to say these new AI tools are really impressive, very powerful and more and more useful in my everyday work! I'm working on a small little javascript class to generate random pass phrases. I got an error so I asked chatgpt and copied the whole js file's content: The answer was spot on and it would have taken me a lot longer to find that issue on my own. Actually I learned something new as JS is not my strongest foot and I've had this issues a couple of times before where I was wondering why somethings this.foo() works and sometimes it doesn't. Everything makes sense now 🙂 I'm quite impressed!
  16. Hey @kongondo thx I'm already working on something and I'll keep you updated! 😎
  17. Does anybody (maybe @Juergen) know if there is a regex somewhere that I can use to validate user input in a frontend registration form? Of course I will sanitize/validate input on the server as well, but it would save some unnecessary form submissions and server requests 🙂 Thx!
  18. Sad to hear that @olafgleba Did they find a wordpress plugin for it? *scnr Jokes aside I'd be very curious to hear that oddity if it's nothing secret 🙂
  19. Great stuff, @ryan! Would you mind sharing how you measure those performance related things and maybe more importantly how you classify these results. I mean ... I guess you use ProfilerPro for the measuring, but what if, let's say a module that I'm developing adds 3ms penalty due to whatever. Is that what you'd call "a little bit of a performance hit" or would that mean 10ms or maybe 100?
  20. Thx! Ok if you prefer that I'll do single threads 🙂
  21. Thx @adrian and sorry for not providing the line numbers! The problem is on line 1330 and this fixes it for me: protected function getPHPUser($full = true) { if(function_exists('posix_geteuid') and function_exists('posix_getpwuid')) { $pwu_data = posix_getpwuid(posix_geteuid()); if($pwu_data) $username = $pwu_data['name']; } added "and function_exists ..."
  22. Hey @adrian my server does not allow that function (and maybe others needed by the diagnostics panel). If you find time, would it be possible to wrap all those checks around try/catch ?
  23. @Jonathan Lahijani why don't you just use a separate config-local.php where you set guestForceDevelopmentLocal = true? Such a dedicated config has a lot of other benefits like disabling sessionFingerprint to make sure you don't get logged out when you enable mobile view in devtools or filesOnDemand when using RockMigrations:
  • Create New...