Jump to content

johnstephens

Members
  • Content Count

    34
  • Joined

  • Last visited

Community Reputation

24 Excellent

About johnstephens

  • Rank
    Jr. Member

Recent Profile Visitors

4,307 profile views
  1. That appears to have fixed the issue! I can log in after uncommenting the RewriteRule and the RewriteBase / line. Thank you! The installation was the latest stable version as of yesterday, ProcessWire 3.0.123. And the server runs PHP 7.2.17. I appreciate the help! Is there anything else I should look out for when running ProcessWire on a subdomain with this PHP version? Thank you again!
  2. I see the following message in my Apache error log file—I think it's associated with the attempts to load a page with the password reset code: [Mon Apr 29 11:10:13.761290 2019] [core:error] [pid 12889:tid 4057058112] [host opm.beardedbaby.net] [client 73.134.72.106:51354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
  3. Hi! I just created a fresh installation of ProcessWire on a subdomain. After commenting out the following rule in my .htaccess file, I was able to access the admin panel: RewriteRule ^(.*)$ index.php?it=$1 [L,QSA] But then I hit a dead end. When I attempt to log in, the same login screen reloads without any error display. I attempted to reset the password following the method here, but when I load the page with the password reset code, I get an error saying "Superuser has never logged in", and I still can't log in via the admin panel. I expect this is a known issue do to some quirk of my hosting that I never noticed before. Can anyone suggest steps I could take to troubleshoot this? Thank you!
  4. I'd like to understand this too. I too made sure that the editor role had user-admin permissions enabled, before coming across this problem.
  5. I can confirm that this fixed the problem for me, when I typed check_access=0 by hand into the selector field instead of copying and pasting it from Adrian's message. Thank you @adrian, for identifying the solution! And thank you, @Robin S for figuring out where I went wrong!
  6. Thank you, @adrian! That seems to cause ProcessWire to choke when loading a page in the editor. If I set the selector to this: template=user, roles=managing_editor It works perfectly for a superuser. The above selector throws no error when loading the editor using my managing_editor role—it simply doesn't populate the options. But if I set the selector to this: template=user, roles=managing_editor, check_access=0 ProcessWire throws this error, no matter what role I log in with: Unknown Selector operator: '' -- was your selector value properly escaped? Thanks again! I appreciate any insight someone might offer. Cheers!
  7. Hi! I created a page reference field linked to ProcessWire's "Users" page array. I do not have "create new pages" enabled for the field, and I don't want to use this field to create new users. When I am logged in as the superuser, it works as intended: I can select one or more registered users and associate them with the current page. But when I log in under a different role, the page reference field is empty, and does not allow me to select any users. I've checked the permissions for the role that I want to authorize to use the this field, and the permissions under the "Access" tab on the field itself. I don't see any role-based permissions I could add to the role that seem pertinent to this issue. Under the field's "Access" tab, I have added "View" and "Edit" privileges for the given role, but that does not seem to change the behavior at all. Can anyone offer some guidance in troubleshooting this? I know there must be some privileges I have not considered, but I don't know where to look. Thank you all in advance!
  8. Hi! I'm setting up a site search form and results page. Something I wanted to include in the search results was an excerpt of the content showing the highlighted search term plus some surrounding text—like the search_result_excerpt tag in Textpattern (function definition). I searched the forum and couldn't find an example of this. I suppose I'm just not hitting the right keywords relative to ProcessWire's API. Can anyone suggest examples or documentation that might help me with this? Thank you!
  9. I'm seeing this error and the site doesn't use jQuery at all on the front-end. It does have caching enabled on some templates (the type of caching offered natively by ProcessWire, not ProCache). Do I have to conditionally load ckeditor's jQuery on the front-end when edit-access users log in?
  10. You're wrapping up a design project for a new or substantially redesigned website. What are the not-so-obvious things on your list that you don't want to forget before you work on something else for a while? I realize that what counts as not-so-obvious in one project might be completely obvious and the first thing you do on another. Still, I'd love to hear what are the little things you do to tighten the screws and clean up before moving on to other work?
  11. So one of my requirements is that the shell script that must access the secret content is executed on the editor's personal machine, not on the server. After scouring ProcessWire's API, I think I've stumbled upon a way to do the main thing I use smd_access_keys for: function showSecretContent() { return "<pre>Secret content</pre>"; } /** * Generate a key unique to this user and for this day only. */ $segment = sha1($user->name . $datetime->date('Y-m-d') . $this->config->userAuthSalt); /** * Add the key to the URL for this page to use in links. */ $urlkey = $page->url . '?key=' . $segment; /** * If there is a key in the URL request, save it. */ $key = $input->get('key'); /** * To authenticate the key for certified users only, save all users to an array. */ $allusers = $users->find('id>0'); /** * If the current session is logged in to ProcessWire, show the URL key and the secret content. */ if (!$user->isGuest()) { echo '<pre><a href="' . $urlkey . '">'. $urlkey . '</a>' .'</pre>'; echo '<pre>This is what you will see:</pre>'; echo showSecretContent(); } else { /** * If the page is accessed without a ProcessWire login, check if the key is set. */ if (isset($key)) { /** * If the key is set, check all the users for a user who matches the key. */ foreach ($allusers as $thatuser) { if ( $thatuser !== $users->getGuestUser() && $key == sha1( $thatuser->name . $datetime->date('Y-m-d') . $this->config->userAuthSalt ) ) { /** * If there is a user who matches the key, who isn't a "guest", show the secret content, * But only if the session isn't logged in. */ if ($user->isGuest()) echo showSecretContent(); } } } else { /** * Don't show the secret content if the session isn't logged in or when the request doesn't include a key. */ echo '<pre>Go away</pre>'; } } Compared to smd_access_keys, this script does not allow keys to include custom expiration windows or expiration after a given number of requests—a "key" expires at midnight regardless of whether it was created at 00:01 or 11:59. This script also does not save keys to a database or allow keys to be voided in the ProcessWire admin. It also doesn't offer file protection. (smd_access_keys can be used to generate keyed links to download assets that you want to limit, like if you offer a MP3 or PDF download only to someone who signs up for your newsletter.) But I didn't need those features for this implementation. Can you see any problems with this approach? Are there security issues that I have overlooked? Are there any obvious improvements I should make? Thanks for any guidance you can offer! I appreciate your comments and support.
  12. Howdy, I have a document created and served by ProcessWire. I want to make it visible only to someone who is logged in to ProcessWire OR to an external shell script being run by an authorized user. I see how to designate authorized roles for access in the template's "Access" panel, and I see how to devise what content visitors can see in a page's template file using the API. Those cover the first scenario perfectly. However, if I exclude "guests" (or any other roles) from accessing a page via the template's Access menu or via the API, that also prevents someone from getting the URL via a shell script. I've solved this problem on other sites that use the Textpattern CMS, by adding the smd_access_keys plugin. The solution is twofold: The template or template section first detects whether an authentic user has privileges to view the page. If a privileged user is logged in, the template displays a special access URL that the user can use with their shell script. The URL access key has a built-in expiration, which prevents unauthorized access if someone somehow "guesses" the hash and salt at a later time. One of my uses for this feature is to allow a managing editor to generate documents that can be converted to PDF using Prince XML. I have also used it to provide temporary access to web forms and other content. I might use it to give someone temporary access to a file hosted on the site, as per the plugin's documentation. I'm not convinced that temporary access URLs is the only way or the best way to solve this problem, but I'm not sure how to do it at all using ProcessWire's API. Do you know a way to allow temporary access to resources managed by ProcessWire to designated external services (like a shell script), without giving access to anyone who goes to the URL? Thanks in advance!
  13. @cobrown Wouldn't that include all architecture that uses right angles?

  14. Thank you, ottogal and Zeka! The Autocomplete field + allowing page creation is exactly what I needed. Perfect!
  15. Hey, Intelligentsia! I have an unusual data modeling need, and I'm not sure how to approach it. I'm creating a ProcessWire template to track Events (after the fact). When creating an event, the user will be able to select a category (Page reference field), start and end times (datepickers), etc. One datum we need to track is the number of participants. - Some participants may have been enrolled previously, so I could have a multi-select page reference field linking to the individual participants. - But some of the participants will not be enrolled, so I'm thinking I need a numeric entry for those who are not enrolled. When I report on participant counts for each event, it would be fine to add the number of registered participants to the numeric entry of unregistered participants to form a total. But when I report on participant counts for a series of events, that won't work. Suppose Event 1 has 25 participants, and event 2 has 26 participants (one participant is new, and the other 25 attended the first event). I create a report that counts participants for both events. I want the report to show 26 participants total—not 51. I'm not sure how to model this. If *every* participant was registered in some way, we could just log unique persons via a mult-select page reference field. But creating a unique identifier for every participant—especially for participants who attend only one event—would be an overwhelming burden for the client. On the other hand, plain numeric entries seem wholly inadequate. I'm not sure how to normalize or finesse the data model to get the information I need without creating an unmanageable data entry chore. Any ideas?
×
×
  • Create New...