AndZyk
Members-
Posts
678 -
Joined
-
Days Won
10
Everything posted by AndZyk
-
Thank you, I haven't used CSRF protection until now but will try to implement it into the login form. As for the SSL certificate I am almost sure that this hoster doesn't support ssl certificates. Let's Encrypt is awesome though, I already tried it myself in private. There are maybe some more potential risks other than the file permissions I have to investigate. Maybe I will ask @ryan if he could take a quick look, but as this goes too much into details, I hope you can understand that I can't share more at the moment. If I find out what caused the attack, I will keep you updated.
-
The file permissions for the webroot are 775 which is almost as bad.
-
Now that you mention it, the site has a login form on the front end for users. The code for it looks something like this (I kept only the important parts): <?php echo "<form action='./' method='post'>"; if($user->isLoggedin()) { // Show user name and logout button } else { echo " <input type='text' name='user' placeholder='Username'> <input type='password' name='pass' placeholder='Password'> <input type='submit' name='submit' value='Submit'> "; } $user = $input->post->user; $pass = $input->post->pass; if($user || $pass) { if($session->login($user, $pass)) { // Redirect to internal page } else { // Show warning message } } echo "</form>"; Is there a more secure way to implement such a form? Also the form isn't secured by an SSL certificate, which is also an potential risk. This is the only site on this hosting account. But with the misconfigured file permissions on the hoster the attack could also came from another user of the shared hosting. Me too and the fact that the database and core were not infected proves that to me. Maybe after talking with the hoster I can tell more. I am also curious.
-
Right now I am not particular proud of myself, because I maybe had the first occurrence of an hacked ProcessWire installation known to mankind. But not because of ProcessWire itself, but of a stupid mistake I have made. Anyways I want to share my case here: Over one and a half year ago I developed a medium sized website with ProcessWire 2.6.1 for a small community. In the process of releasing the site I had troubles with getting the installation to run on the shared hosting webspace. Because the hoster hadn't configured their file permissions correct, I was forced to loosen up the file permissions inside the site/assets-folder. Because I was desperate and wanted the installation to work I ended up setting every file and folder permissions inside the folder assets to CHMOD 777. I wasn't very happy with this solution and now I know how stupid it was, but I didn't knew better and at least the installation was running. This week I wanted to make a small change to the site and noticed something strange: There was a file called sites.php inside the root folder. At this moment it was clear to me, that my installation was hacked. I immediately downloaded the whole infected installation and compared all files with my local clean installation using a diff tool (Kaleidoscope). After comparing I noticed that inside the index.php one line was inserted which included a functions.php inside the site-folder. Also I noticed that inside the site/assets/files-folder there were several php-files uploaded with the same naming convention like the generated images variants (f.e. filename-large.jpg). So what did those scripts do? Luckily not much, that is the reason I haven't noticed this hack for a long time. The database is as far as I can tell not corrupted and the site was still working properly. All those scripts were doing, was generating spam aliases and redirecting to a medical shop site using the http host of my site. Interestingly on my research I have found out, that most of those malicious scripts were intended to infect Drupal and WordPress installations. A few of those files inside site/assets/files are explicitly targeting WordPress specific functions. If you are interested I can share those scripts for further investigation. But I am not sure if uploading those scripts directly to this board is against the board rules, so if I should upload them to a external service, I am willing to do so. Meanwhile I am confident to have cleaned the site from almost all malicious scripts (I will investigate further) and I am still removing all spam search results from Google using the search console. Also I am in contact with the hoster and try to sort things out, even if it means switching the hoster (which I would prefer). Please don't be to harsh with me. I know I have made a stupid mistake and learned my lesson the hard way, but I wanted to share this story anyway to prevent others from making the same mistake. So always make sure to secure your file permissions! Regards, Andreas
-
Two of my favorite keyboard shortcuts so far in Sublime Text are: ⌘ + D: Select word - Repeat to select next occurrence ⌃ + ⇧ + W: Wrap Selection in html tag (or ⌃ + W for choosing the html tag) Of course there are much more.
-
You mean the one Facebook is providing? If so I am not quiet following how open graphs are related to structured data? I used so far the testing tool from Google. But for developing I had most of the time the source code directly opened to check if everything is looking the right way.
- 34 replies
-
- structured
- data
-
(and 2 more)
Tagged with:
-
I also would like to thank you for sharing your examples. Wrapping the data blocks in helper functions is smart. There is much I can learn from. That was also the reason I let JSON_PRETTY_PRINT enabled. The final JSON-LD is in my case minified with ProCache.
- 34 replies
-
- structured
- data
-
(and 2 more)
Tagged with:
-
@Macrura: Exactly that is the reason, why I want to dig deeper into this topic. I also noticed, that some WordPress themes for example provide a basic support for structured data. But mostly they are not very accurate and assume a lot of the data or generalize them. Luckily with the API of ProcessWire you have complete control of your data you want to use. If you have some examples you would like to share, feel free to do so. The main purpose of this thread was to see if some of you also want to share your experience with structured data. @Peter Knight: The benefit I noticed so far is that the search results provide more information (especially with breadcrumbs). But I don't have them in use for very long and Google takes its time to update their indexes, although they are fast compared to other search engines. So time will tell the difference. If you ever remember the article you have read, I would be interested in a link. @Craig A Rodway: Thank you for the hint. Using json_encode() is much more elegant than my original solution. I updated my code and you can see it below. This time I haven't separated my code into sections. Also there are probably still some thinks I can improve. <?php $homeUrl = $pages->get(1)->httpUrl; // Organization $organization = array( "@context" => "http://schema.org", "@type" => "Organization", "name" => "Your organization name", "url" => $homeUrl, "logo"=> "{$homeUrl}site/templates/images/logo.png", "sameAs" => [ "https://www.facebook.com/your-organization-url", "https://www.instagram.com/your-organization-url/" ] ); // WebSite $website = array( "@context" => "http://schema.org", "@type" => "WebSite", "name" => "Your site name", "alternateName" => "Your alternative site name", "url" => $homeUrl, "potentialAction" => [ "@type" => "SearchAction", "target" => "{$homeUrl}search/?q={search_term_string}", "query-input" => "required name=search_term_string" ] ); // Breadcrumbs $breadcrumbs; if(strlen($page->parents()) > 0) { $listItems = array(); $positionCounter = 1; foreach($page->parents() as $parent) { $listItems[] = [ "@type" => "ListItem", "position" => $positionCounter, "item" => [ "@id" => $parent->httpUrl, "name" => $parent->title ] ]; $positionCounter++; } $breadcrumbs = array( "@context" => "http://schema.org", "@type" => "BreadcrumbList", "itemListElement" => $listItems ); } // Article if($page->template == "post") { $article = array( "@context" => "http://schema.org", "@type" => "NewsArticle", "mainEntityOfPage" => [ "@type" => "WebPage", "@id" => $page->httpUrl ], "headline" => $page->title, "image" => [ "@type" => "ImageObject", "url" => $page->thumbnail->httpUrl, "height" => $page->thumbnail->height, "width" => $page->thumbnail->width ], "datePublished" => date('c', $page->created), "dateModified" => date('c', $page->modified), "author" => [ "@type" => "Person", "name" => "{$page->createdUser->first_name} {$page->createdUser->last_name}" ], "publisher" => [ "@type" => "Organization", "name" => "Your organization name", "logo" => [ "@type" => "ImageObject", "url" => "{$homeUrl}site/templates/images/logo.png", "width" => 244, "height" => 36 ] ], "description" => $page->summary ); } ?> <!-- Schema --> <!-- Organization --> <script type="application/ld+json"> <?= json_encode($organization, JSON_PRETTY_PRINT); ?> </script> <!-- WebSite --> <script type="application/ld+json"> <?= json_encode($website, JSON_PRETTY_PRINT); ?> </script> <?php if(strlen($page->parents()) > 0) { ?> <!-- Breadcrumbs --> <script type="application/ld+json"> <?= json_encode($breadcrumbs, JSON_PRETTY_PRINT); ?> </script> <?php } ?> <?php if($page->template == "post") { ?> <!-- Article --> <script type="application/ld+json"> <?= json_encode($article, JSON_PRETTY_PRINT); ?> </script> <?php } ?> Regards, Andreas
- 34 replies
-
- 1
-
- structured
- data
-
(and 2 more)
Tagged with:
-
That is a valid point and after all structured data are completely optional. There are a lot of trends, like the recent AMP project of Google for example, where I am thinking likewise, but as developer you sometimes have to make compromises to increase your audience.
- 34 replies
-
- structured
- data
-
(and 2 more)
Tagged with:
-
As a web developer I always want to improve the search results of my websites in popular search engines. Because of that I find the topic of structured data very interesting and want to learn more about them. Recently I tried out a few of the ways how to provide more information to a website and want to share my solutions. Most of the structured data can be included directly in the markup or as JSON-LD at the end of your document (right before the closing body tag). I prefer the last one, because I don't like to have bloated HTML markup. Breadcrumbs Breadcrumbs are an alternative way to show the your page hierarchy inside search results, instead of showing just the plain URL. Just like the breadcrumbs on a website. Following the example, I ended up with this code: <?php if(strlen($page->parents()) > 0) { ?> <!-- Breadcrumbs --> <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "BreadcrumbList", "itemListElement": [ <?php $positionCounter = 1; $separator = ','; foreach($page->parents() as $parent) { if($parent->id == $page->parents()->last()->id) { $separator = ''; } echo ' { "@type": "ListItem", "position": "' . $positionCounter . '", "item": { "@id": "' . $parent->httpUrl . '", "name": "' . $parent->title . '" } }' . $separator . ' '; $positionCounter++; } ?> ] } </script> <?php } ?> First I am checking if the page has parents, then I follow the follow the markup of the example. I save the position of each parent in the variable positionCounter and increase its amount after each loop. As a last step I tried to end the JSON objects by not include the separating comma after the last object. This is why I am using the separator variable. Site name and sitelinks searchbox Using JSON-LD you can provide an alternative site name and a sitelinks searchbox inside the search results (Inception ). <!-- WebSite --> <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "WebSite", "name" : "Your site name", "alternateName" : "Your alternative site name", "url": "<?= $pages->get(1)->httpUrl ?>", "potentialAction": { "@type": "SearchAction", "target": "<?= $pages->get(1)->httpUrl ?>search/?q={search_term_string}", "query-input": "required name=search_term_string" } } </script> I am not 100% sure, if the sitelinks searchbox works this way. Maybe someone who made this work before could confirm it, that would help me out. Organization For organizations you could provide a logo and links to your social profiles. <!-- Organization --> <script type="application/ld+json"> { "@context": "http://schema.org", "@type" : "Organization", "name" : "Your organization name", "url" : "<?= $pages->get(1)->httpUrl ?>", "logo": "<?= $pages->get(1)->httpUrl ?>site/templates/images/logo.png", "sameAs" : [ "https://www.facebook.com/your-organization-url", "https://www.instagram.com/your-organization-url/" // All your social profiles ] } </script> This one I think is self explanatory. Article If you have an blog or a news site you could enhance your articles with structured data with an thumbnail and author. <?php if($page->template == "post") { ?> <!-- Article --> <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "NewsArticle", "mainEntityOfPage": { "@type": "WebPage", "@id": "<?= $page->httpUrl ?>" }, "headline": "<?= $page->title ?>", "image": { "@type": "ImageObject", "url": "<?= $page->thumbnail->httpUrl ?>", // Image field in template "height": <?= $page->thumbnail->height ?>, "width": <?= $page->thumbnail->width ?> }, "datePublished": "<?= date('c', $page->created) ?>", "dateModified": "<?= date('c', $page->modified) ?>", "author": { "@type": "Person", "name": "<?= $page->createdUser->first_name . ' ' . $page->createdUser->last_name ?>" // Text fields added to core module ProcessProfile }, "publisher": { "@type": "Organization", "name": "Your organization name", "logo": { "@type": "ImageObject", "url": "<?= $pages->get(1)->httpUrl ?>site/templates/images/logo.png", "width": 244, // Width of your logo "height": 36 // Height of your logo } }, "description": "<?= $page->summary ?>" // Text field in template } </script> <?php } ?> Here I am enabling structured data for the template called post. I also have the text fields first_name and last_name added to the core module ProcessProfile, the image field thumbnail and the text field summary added to the template. Just a small note: I know you could use $config->httpHost instead of $pages->get(1)->httpUrl, but I found the second one more flexibel for changing environments where you have for example HTTPS enabled. Those are the structured data I have in use so far. I hope I haven't made a mistake, at least the testing tool doesn't complain. But if you find something, please let me know. I love how easy it is with ProcessWire to get all the information from various pages and use them in this context. As mentioned above, I am nowhere an expert with structured data, but maybe some of you would like to provide also some examples in this thread. Regards, Andreas
- 34 replies
-
- 13
-
- structured
- data
-
(and 2 more)
Tagged with:
-
Hello james, exactly like Ivan mentioned. Also, if you are already using jQuery and don't want an extra plugin for this effect, you could use the slideToggle function. Regards, Andreas
-
Hello berechar, sounds like the RewriteBase in the .htaccess file isn't set. Regards, Andreas Edit: Or it is what Ivan mentioned, since your pages are available in Firefox.
-
Thanks for the nice responses. @Sérgio: Unfortunately our hoster currently doesn't support http/2. Not even PHP7, which bothers me. I will definitely look into it, because I haven't tried http/2 out yet, but it sounds promising.
-
Our agency website is not exactly new, because we relaunched it late 2014. At this time we have build it with the CMS Contao and Bootstrap as framework. Although I always liked our website, I was never quiet happy with it. Contao is a great CMS, but knowing ProcessWire it felt tedious managing content. Also it limited me as a developer. So the past months I have rebuild our website with ProcessWire and switched the framework to UIkit, because it made a good first impression on me and I wanted to learn it. Now I am happy with our website, because it is cleaner, faster, easier to manage and more optimized for search engines. www.designconcepts.de Modules used: ProFields ProCache Map Marker Pages2JSON Markup Sitemap XML Tracy Debugger Email Obfuscation Regards, Andreas
-
Hello Tom., personally I never worked with hooks (although it is on my todo list). But I think the addHookMethod in the API reference is related to your question. Regals, Andreas
-
Hello Neo, you could approach this different and make the parent page "portfolio" visible. Then you could exclude it from your navigation and search function. At last step you have to exclude it from your XML sitemap. For this I prefer using a fork of the original module by tpr. Another approach could be to create your own XML sitemap, but that needs a little more effort. Regards, Andreas
-
Localization doesn't work with files in subfolders?
AndZyk replied to abdus's topic in Multi-Language Support
Hello OLSA, I don't know exactly how the structure of your template folder is, but I had the same error message "Call to undefined function __()", when I tried to use an translatable string inside an php include file like this: echo __("String to translate"); I solved this error by using the $this->_() wrap mentioned in the documentation: echo $this->_("String to translate"); Maybe this will solve your problem. Personally I never had problems with the template compilation, but If you have and want to disable the template compilation, you should be sure to add the ProcessWire namespace at the beginning of your template files. I wouldn't disable the module compilation, because most of the modules aren't yet compatible with PW3 without the module it. If Wamp supports PHP7 you could try if it improves your back end performance. Regards, Andreas -
This evening I had some time to investigate the UI glitches I mentioned earlier this week and found some solutions. 1. Popover gets cut off The popover gets cut off because of the Ajax loading of the Repeater Matrix items. The items have the overflow set to hidden as an inline style, even when opened. I can avoid this by not loading the items through Ajax, although it would be nice if this could be fixed, because I think setting the overflow of the item to hidden is not necessary, once it is opened. 2. Mix-up in detail view The mix-up in the detail view happened, because in my template I have one image field for a thumbnail and the Repeater Matrix with the slides item mentioned above. Right now I have many pages where the thumbnail field and slides item contain an image with an identical file name. If I try to toggle the detail view of one of those two images with the identical file name, the detail view gets confused and shows details to only of those two images instead separate. I can avoid this mix-up by using different file names, something I should have done in the first place, but just wanted to let you now. I hope I have explained this well enough. Regards, Andreas
-
FieldtypeCropimage croppableimage issues on PW3.x
AndZyk replied to icreation's topic in General Support
Hello icreation, the Form Builder Support area is probably the wrong place for this question. Maybe someone can move this. As for your question: You could also achieve cropping via the API. Personally I haven't used these modules in a while, because I try to stick to the core image field. But you should give the module creators some time to catch up, because ProcessWire 3.0.17 is just a few days old. Downgrading from 3.0.17 to an previous version is not that easy I think. At least I tried to downgrade to 3.0.16 once and had some issues, although I haven't really looked into what especially was wrong. So my advice is: Either wait for updates of the modules mentioned above or try to use the API. Regards, Andreas Edit: Downgrading is easy, just had to regenerate some thumbnails.- 3 replies
-
- 1
-
- crop image
- croppable
-
(and 1 more)
Tagged with:
-
First of all thanks to Renobird and LostKobrakai for the image field upgrades. I hadn't time yet to fully try them out, but after reading the blog post I am sure, that they are a huge improvement. Especially the drag and drop function in the old image field was a little bit tedious, when sorting images. Also I know, that huge improvements like this always come with some unexpected behavior. Some of those I noticed today in my current project: I have a Repeater Matrix called content and inside this Repeater Matrix I have a repeatable item called slideshow. This repeatable item has only one regular image field called slides. Using the latest ProcessWire 3.0.17 release and its additions to the image field I notice two bugs in the UI: 1. Popover gets cut off 2. Mix-up in detail view When I switch the detail view of the images, there is always one detail view displaying two images and one of them has no details at all. Has anyone else noticed this? By the way, I am using the latest version of Chrome and couldn't see any errors inside the console. Regards, Andreas
-
Hello hansv, if you are hosting a video on your own webspace, you don't need an Iframe and can use the HTML5 video tag instead. Here is an answer to your question from the Foundation forum.
-
Hello iNoize, I used on a project some time ago three different languages and I think it shouldn't be a problem using even more. As for your second question: I recently thought about this case too, but could only think of checking in the language switcher, if the default language has content and if not, don't include the option. Of course someone could try to access your default language page by guessing the page name, but in this unlikely case you could also check if this page has content in the default language and if not redirect to the 404 page template. But maybe there are better solutions for this case. Besides that I think it would be the best idea to provide all pages at least in the default language.
-
wireshell - an extendable ProcessWire command line interface
AndZyk replied to marcus's topic in API & Templates
I tried almost every command, but haven't noticed any issues with PW3. Maybe some of the heavy users will notice something. Thank you for this awesome CLI. -
Hello Hantsweb, on a project I am currently working on, I enabled the front end editing option for a page field using Option D. So in your case it would something look like this: <div edit="country"> <?php echo $supplier->country->title; ?> </div> Of course, if country is the name of your page field. I haven't fully tested out the front end editing options yet, but I noticed that with Option C, the </edit> tag doesn't get stripped out if you are not logged in. That bothered me, so I find Option D more useful.