modifiedcontent
-
Posts
279 -
Joined
-
Last visited
Everything posted by modifiedcontent
-
Latest version of PW, PHP 5.6.30, Both MyISAM and InnoDB tables - is that normal/acceptable? Not sure how that happened. How do I do that 'debug a few line above where that error is being reported'?
-
adrian, with '... *=@ ...' I get 'Exception: SQLSTATE[42000]: Syntax error or access violation: 1064 syntax error, unexpected '@' (in /home/.../wire/core/PageFinder.php line 410)' *=@ does work as expected with other fields, like 'name', so I'll ignore this issue for now...
-
Thanks flydev. email*=@mail.ru was the first option I had tried, but it didn't work and the '@' produced a syntax error. ~= didn't work either. email%=mail.ru worked.- 'using slower SQL LIKE' according to the docs.
-
Using the API you can also search on users instead of via pages with user template: $users = $users->find('email=crap.hacker@mail.ru'); foreach($users as $u) { // don't use $user $u->delete(); } Still figuring out how to get wildcard like *@mail.ru to work...
-
Thanks bernhard and Juergen. I have implemented a very basic version of a honeypot. It has so far cut the dumb "hack" attacks to zero. There are plenty of ways to make the honeypots more difficult to pass. Great approach. Happy I don't have to resort to captchas etc. Turned autofill off as follows, also prevented tabbing to the hidden field: <input name=some_name class=some_class value='' tabindex='-1' autocomplete=off> Hidden via css; dozens of options to do that, make it harder for bots to figure out. Then in the process: if($input->post->some_name) { ... foad ...} I couldn't figure out Juergen's "Honeypot class" - still confused about composer, should I use it? - but see it also checks for minFormCompletionTime. Bots fill out forms inhumanly fast. That is another way to recognize them and block them.
-
I have my own register-login-profile/account page system. I know that Ryan recently released an official module for this, but there may be an advantage to having my own custom solution. Anyway, it seems to work well. But, I have been getting annoying Russian hack attempt accounts, mostly as 'guests' that don't bother to use the activation link. Most if not all of these accounts have this in the name field: No Subscription Detected Not Recognized ...which makes them relatively easy to filter out from real name accounts. Where do these "strings" come from? I can't find them in Processwire's source. Are the hackers using some kind of tool that inserts these for some reason? Or is it a PHP thing? Does anyone recognize them? Does it mean they are using some kind of backdoor instead of the registration form? In general, what are the best practices to secure my registration form, prevent spam accounts, etc.? I'll start with adding a check to block IP addresses that try to register with 'Not Recognized' etc. in the name field I guess.
-
Thanks adrian. Your module has been very effective in deleting users; I wouldn't mess with it too much. The spam/hack accounts usually have some string in a name field in common that allows me to select them as batch. It would be nice if some kind of batch delete was built in to Lister. And I am curious how 'using the API' would work for something like this; write a function and somehow add it to admin? Thanks for the code suggestion fbg13. I am mostly confused about where you would put this. In a template file? A setting page in the admin area? Would it have to be a module? And I have to figure out how to prevent bogus guest accounts. Could you make unverified guest accounts self-delete after 3 days?
-
Thanks dragan. But how would you use the API for something like this? Write a function? And add it to the admin area somehow?
-
Thanks! Where could I find user creation date? Lister only gives very imprecise 'three months ago' etc. It would help if you could delete by role, like delete all 'guests' who are not 'member' or 'superuser'. Are there any plans to build batch management of users into the core? Or make it easier? How would batch deleting users by 'using the API' work?
-
I was looking for this for this use case: home - news (news template) - - local (news template) - - - news item 1 (post template) - - - news item 2 (post template) - - - news item 3 (post template) Posts under 'local' should use the 'post' template; 'news' template should not be allowed as an option. kixe's solution looked promising, but disables any new child page creation. Is there a way to limit the number of page levels by template - still allowing new pages with another template? Or is there a way to set a default child template at the page level? Edit: Or is the way to do this to temporarily allow 'news' to be used as child template, create those subsections, then lock those pages and allow only 'post' template to be used for next levels? Changing the allowed template settings doesn't seem to affect previously created pages, which would be good. They stay on the selected template. Correct? Is that how it works? And/or you create the sections and subsections on the 'news' template and then set 'Can this template be used for new pages' to 'no'? Or can you control the template options via access control? What is the difference between 'create pages' and 'add children' in access settings on the template?
-
I have 100+ spam/Russian user accounts on a semi-test site. Is deleting them one by one the only option? Is there no way to select a whole page of spam user accounts and batch delete them?
-
I am trying to install Processwire + an exported custom profile and keep getting this error: Does anyone recognize this? What could cause this? I have installed Processwire + exported profiles many times before, never had problems. I have reuploaded fresh downloads for this, both regular master and dev, but keep getting the same thing. I am probably doing something dumb. Probably not a structural PW issue. I am out of ideas, so any feedback appreciated. Edit: Finally got something to install using the standard blank profile, instead of an exported profile. I am now manually reconstructing my custom site, using the new import/export functions - hit or miss so far. Did those break the ProcessProfileExport module?
-
Something inserts "/processwire/" in my form label
modifiedcontent replied to modifiedcontent's topic in General Support
rick, yeah, well, you know, that's just, like, your opinion, man. Leaving out quotes where they are not necessary is following the html specs by the letter and makes the html a lot cleaner and easier to read than the common quotes within double-quotes within single quotes mess - my text editor gives the classes and ids their own fun colors. So I guess something in PW somehow interpreted 'new password (confirm)' as code that it has to do something with, instead of plain placeholder text? That bit was inside quotes btw. -
Something inserts "/processwire/" in my form label
modifiedcontent replied to modifiedcontent's topic in General Support
fbg13, nothing wrong with the missing quotes. That is valid html and does not explain where the "/processwire/" insert comes from. -
Something inserts "/processwire/" in my form label
modifiedcontent posted a topic in General Support
I have a simple front-end password update form like this: In the browser the label of the second field shows up as follows: WTH?! I can't figure out what is changing the label, what is inserting /processwire/ and reformatting the thing. Is this something in PW? A "helpful" thing that browsers do? Edit: The problem disappears if I simply rename the second field to 'Confirm Password'. So my problem is solved, but I'll leave this here in case this is some kind of bug. -
Thanks Alxndre' This seems to work: If anyone can spot mistakes or knows a better way, let me know.
-
I am trying to rewrite Soma's suggestion here to export fields from the users database to a cvs file, with variations like this: $array = $users->explode(function($item){ ...etc. And $array = $users->find('start=0')->explode(function($item){ ... But keep getting 'Call to a member function ... on a non-object' errors. I guess $users is the non-object? I am trying to use this within a function, that is called with a button click. Is $users not available within a function? I see there are new export/import features coming up - great! - but it is all about $pages. Should $users work the exact same way? This works as demo starting point. Now I just have to replace the $list with something from $users:
-
How do you get the same 'set password' form/input fields on the front-end as in the admin area? I have a working front-end version, but the admin version has some nifty stuff around it. Should be easy to get the same on the front-end, right?
-
I am not 100% sure if or to what degree my issue is related. Apologies if this turns out to be thread hijacking: I get logged out constantly at certain wifi locations; '_The Cloud' wifi point that many pubs in London have and, I think, all similar public wifi systems that open a browser where you have to leave your email or click on a connect button if you are a returning customer. Does that sound familiar to anyone? Is there a way to make my PW sites work at these locations? Is the solution somewhere in the previous posts here? I have trouble following the thread. 'Enabling SessionHandlerDatabase should instantly get rid of the problem'? How would I do that? 'session fingerprint config setting'?
-
I had to add this... && $_FILES['headshot']['name'][0] != '' ...to this bit... if($input->post->img_upload && $_FILES['headshot']['name'][0] != '' ) { That was the only way I could find to prevent Internal Server Error if someone clicks submit without selecting a file. Is there a better, more Processwire way to do this? $input->post->headshot etc. doesn't work.
-
ankh2054, we can't get this code to work here. What are we doing wrong? Shouldn't it be possible/easy to get the same image upload UI as in the admin area? Or some other cropping or centering tool? Any jquery script would work or mess up the system?
-
Edit: I had posted here because I thought this didn't work: But it does work. The images just don't end up where I expected them - the 'headshots_uploads' directory is supposed to stay empty? You can see the result of the upload with: There should be a headshot/avatar field in the user template. It can get confusing if you have some kind of custom user profile page; you have to make sure you get the avatar of the relevant user instead of the logged-in user. And the upload is saved to $user, not the $page the form is on. There is no way to get the nifty image upload from the admin area on the front end? Edit: I have added $user->headshot->removeAll(); because I kept seeing old avatars. This way you can only have one image in the field/array, so you can't have a feature where the user can swith between uploaded avatars. Is there a more elegant way to "refresh" or make sure that only the latest modified profile picture is shown? Edit2: If you click Submit without selecting an image, you get an Internal Server Error. So I guess you need a check if the input field is empty or not. How do you do that in Processwire? What I have tried so far - adding && $input->post->headshot to the first if statement etc. - didn't work.
-
Nevermind. Long post deleted here. Sorted it out here.
-
how to compare a password for changing password ?
modifiedcontent replied to adrianmak's topic in API & Templates
I am trying to do the same thing as adrianmak - had you figured out how to do this? Do you need the 'current password' field? I think 'new password' and 'confirm new pass' should be enough if the user has access to this form. Or am I missing something? You can use $user->pass->matches($inputPass) to check the input, but, to be clear, there is no PW function or similar that adds the same 'change password' thing that is in the admin profile edit? Password is the same as any other input field? You can save a password from a form input simply with this? ... $user->pass = $sanitizer->text($input->post->pass); $user->save(); And then PW takes care of the hash stuff? The hash stuff is confusing... Or are there specific password checks or processes to take care of? Edit: I see there is an InputfieldPassword.module, probably part of the forms API that I still can't wrap my head around. I guess you should use that somehow? Adding this, as a quick test, produces a server error: -
Having trouble saving data from a post form?
modifiedcontent replied to ZionBludd's topic in Getting Started
I keep running into $p = new Page(); and $u = new (); , but how do you update an existing page or user? 'current Page()'? Do you have to define $p = current page? What is the proper process? Edit: Nevermind. I guess this is the basic process to update an existing user?
