flydev

Hi Zeka, No mystery here, you get an error because you have SQL_NO_CACHE in more than one statement. It's also not permitted in sub-queries. What is your MySQL server version ?

Why not simply checking if the user has this permission (after installation) with hasPermission() ? What say the doc :

Just pushed an update - v1.3.12-ATO - the quantity of megabytes saved before an archive flush is now configurable. When the value is empty or equal to 0 then the option is disabled. @Autofahrn what is this check ? I don't have it in my code ?

Done. pushed the update in Duplicator 1.3.11-ATO. Does your domain name contain a dash char ? If yes, try the latest update (v1.3.11-ATO).

Please upgrade to the dev version 1.3.10-ATO here : https://github.com/flydev-fr/Duplicator/tree/dev Steps : - Rename the Duplicator folder to .Duplicator - Download the dev version and extract the folder in the modules directory - Rename Duplicator-dev to Duplicator - Go to Modules > Refresh It should works.

I ran Duplicator on a Windows Server 2012, IIS and PHP 7.2.18 without issue, which version of Duplicator have you tested ?

You could show us some titles to test it out. Did you read about how to work with the second argument there ? https://processwire.com/api/ref/sanitizer/page-name/

Thanks @horst ! Checking that this week-end - thanks for the sample too ! ?

A small news about Duplicator. There is a work in progress on a development version (v1.3.10-ATO) - nothing which can harm your server and could be already tested on different setup. You can download this dev version on GitHub : https://github.com/flydev-fr/Duplicator/archive/dev.zip or at the end of this post. The module still contain minor issues but the overall processing is faster than before and packages can be built and restored as well. Thanks to @Autofahrn for putting his hand in the module! Autofahrn also added a great feature which give the possibility to exclude file through regular expression. Also, image variations created by ProcessWire are now excluded by default. Duplicator-dev-1.3.10-ATO.zip

If used with HTTPS, "I don't see it" as a security hole that way. Anyway, the question is legit and could lead to his own post in the security section following by bad/good practices, it also depend on the scenario you are in. If a security token is intercepted, you're screwed up, if the login/password is intercepted, same here and cookies will be eat. The password could be weak and guessed but already a bit restricted in the current version of ProcessWire and can be configured to be stronger. SSL/TLS 0-day ? it's not happening everyday.. but it happen. As always, security.... its also about people "education".. The only real drawback I see, is that imagine 3 months later after a valid authentication, a token would be invalid, but the user/login should be still valid. Another scenario possible here but the issue could be tackled. References: http://restcookbook.com/Basics/loggingin/ https://tools.ietf.org/html/rfc2617 Meanwhile maybe @LostKobrakai will have a good comment about that.

Just a note, to give WireMailSmtp a third party access on your Gmail account, you have to enable "Less Secure Apps". https://support.google.com/accounts/answer/6010255 Thanks for this tutorial ?

I don't think but you could explain "in depth" what you need so we can suggest you something or even make something to get you started ?

Sorry dude, I am aware of this issue but forgot to update the first post and the github doc. So yes, basically, In the last version of Duplicator, its necessary (but unwanted) to move the unzipped data to the parent dir.. And about your last issue, try what its said in the github issue linked by @netcarver and more precisely this one : https://github.com/composer/composer/issues/7836#issuecomment-452341683 And just saying, I have not tested the module with PHP 7.x and it might have some issues on this version. sorry for the inconveniences, I hope to get the time to finally work on the V2 ? but I promise you guys to take a look at the actual version and make a revision in the last 10 days or ask to moderators to ban me from the forum ! ? ?

To paginate the result, you have to know the total amount of pages you fetch so we must add another hook to our module (full code here) : Then you just have to write a little script to paginate the result. To try it, create on you webroot directory a file called `test.php` and put the following code in then navigate to hxxp://example.com/test.php : Result : correct, corrected - a bad copy pasta moment ?

Hi @Elchin I got them in the past but the query was to slow so I finally used a custom query to achieve that, you might be interested as I don't know the number of pages your trying to fetch - I give you a small module which could be extended, shipped with a hook function which return all pages between two dates given a fieldname and a template id :

Another idea, a parent site with a Restful API to deliver content would be my way to go in this case.

It works like that, just FYI this function take 2 arguments so it need to be called : $http->setHeader("Authorization", api_key=". $this->api_key); After that, the API key is reconized. So I tested the module with the field in the template and trought the API, worked like a charm ? ...

On ProcessWire 3.0.124, I can't get it working. There is a weird issue with headers. The module keep saying that the API Key is invalid, I then tried with cURL on a terminal and it worked as expected. So I put a Tracy call to the core WireHttp to dump the headers set in the object : https://github.com/processwire/processwire/blob/dev/wire/core/WireHttp.php#L576-L578 [...] bd($key .' => '. $value); [...] and as a result, we can see a string ( "0 : " ) before the Authorization header : The header is treated as an array, see the index '0' ($key dumped here) : It's strange and its explain why my PulsewayPush module stopped working suddenly since some weeks after an upgrade. I just upgraded the system to ProcessWire 3.0.127, same things happen..

Just testing it, look great ? I suggest a more verbose message when there is an error. I got the following message "There was a problem sending the notification" and I needed to put a bd($resultObj); on line 200 to know which error was triggered. In my case, was : I also got a notice for an undefined variable when there are error with $resultObj , the variable should be affected to false just before the if($resultObj->success) condition to avoid this notice : Thanks again for this useful module !

Just a question, did you tried to unload those modules from apache and to run a new ProcessWire installation with a basic configuration to be sure that you can access the backend and login and will also confirm that the server config is ok ? If you are sure that your apache/php(fpm) configuration is green then try what @Robin S already said, first try to track down the issue with $config->sessionFingerprint Edit your /wwwroot/site/config.php, add/modify the two following config vars by referring to the PHP comments below and come back to use with your results. /** * Use session challenge? * * Should login sessions have a challenge key? (for extra security, recommended) * * @var bool * */ $config->sessionChallenge = true; // try without here (set to false) /** * Use session fingerprint? * * Should login sessions be tied to IP and user agent? * IP fingerprinting may be problematic on dynamic IPs. * Below are the possible values: * * 0 or false: Fingerprint off * 1 or true: Fingerprint on with default/recommended setting (currently 10). * 2: Fingerprint only the remote IP * 4: Fingerprint only the forwarded/client IP (can be spoofed) * 8: Fingerprint only the useragent * 10: Fingerprint the remote IP and useragent (default) * 12: Fingerprint the forwarded/client IP and useragent * 14: Fingerprint the remote IP, forwarded/client IP and useragent (all). * * If using fingerprint in an environment where the user’s * IP address may change during the session, you should * fingerprint only the useragent, or disable fingerprinting. * * If using fingerprint with an AWS load balancer, you should * use one of the options that uses the “client IP” rather than * the “remote IP”, fingerprint only the useragent, or disable * fingerprinting. * * @var int * */ $config->sessionFingerprint = 1; // try with different value here Edit: @fmgoodman Could you also adjust this directive from SessionCookieName session domain=myndtyme.com to SessionCookieName session path=/;domain=myndtyme.com;

OT #2: me too !

Hi @fmgoodman Please post the Apache and the PHP error logs. Also, what is the ownership of /var/www/lib/php/session|cookie ? You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp If you can't get it working, I offer you a ninja session on your server ?

For my project I need an implementation of Basic Auth, so I added a new option 'Basic Auth' available in the module config : and then, in the Router.php file, method handle(), I added the following code : // Basic HTTP Authentication if($authMethod === 'basic' && $routeNeedsAuth) { $authHeader = self::getAuthorizationHeader(); if(!$authHeader) { self::displayError('Bad Request', 400); } $hash = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; $authHeader = explode(':', $hash, 2); if(!isset($authHeader[0]) || !isset($authHeader[1])) { self::displayError('No Authorization Header found', 400); } $credentials = new \StdClass(); $credentials->user = $authHeader[0]; $credentials->pass = $authHeader[1]; RestApiHelper::checkAndSanitizeRequiredParameters($credentials, ['user|selectorValue', 'pass|text']); $loggedin = wire('session')->login($credentials->user, $credentials->pass); if(!$loggedin) { self::displayError('user does not have authorization', 401); } } and in the method getAuthorizationHeader() I added : if(array_key_exists('php_auth_user', $headers)) return ['user' => $headers['php_auth_user'], 'pass' => $headers['php_auth_pw']]; It works, but does it make sense ? Edit: Pull Request : https://github.com/thomasaull/RestApi/pull/3

Thanks mate ?

@thomasaull I noticed something annoying in the API endpoint config field, I need to open the devtools and remove the `pattern` attribute manually in order to save the settings, look : If you are short on time, I can send a PR.