Jump to content

Entice

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Entice

  1. It's nothing fancy, but I currently don't have it tied to a hook yet. It's a scrap job as I was just exploring ideas to monitor login attempts to the backend. I've placed it where the login occurs for the backend in the \wire\modules\Process\ProcessLogin\ProcessLogin.module if($name != "admin" // Or whatever username){ // Log Attempt $this->wire('log')->save('attempts', long2ip($this->wire('session')->getIP(true)).':'.$name.':'.$pass); // Get Honeypot Page that contains textarea of banned ips $honeypot = $this->pages->get("/processwire/honeypot/"); // Get IP Address $ip = long2ip($this->wire('session')->getIP(true)); // Concatenate to textarea and Save Page $honeypot->of(false); $honeypot->banned = ($honeypot->banned != "")?($honeypot->banned.','.$ip):($ip);; $honeypot->save(); $honeypot->of(true); // Redirect to 404 $this->wire('session')->redirect('/404/'); } // The rest of the login occurs below: if($this->wire('session')->login($name, $pass)) { //.... } I'm sure you can hook it before the session login but I didn't bother looking into it so I'm going to just leave it in the process module for now and see what gets captured. It might just be google previewing the url before I visit it or something. We'll see.
  2. So I've been monitoring one of my sites' login sessions and noticed visits to the backend login page. While I believe having the session throttle module installed does its' magic, I was still concerned about any login attempts. So I decided to create add a honey pot into the admin login process since no one should be trying to login except me under a specific username. Before even the session login occurs in the module, if the username doesn't match, it Logs the attempt Saves the ip to a list on an admin page Redirects the user to the 404 page Site immediately checks if ip address exists in the banned list. Throws error on all pages thereafter for that ip address. This may be going a bit overboard but after seeing constant visits to the backend login page that I believe only I should be visiting, it peaked interest as to what ways I could further protect the back end. As long as I'm careful not to ban myself, should take care of those attempts. I know I may have a chance of banning an IP shared by many such as a cafe or cell phone network, let alone having ips cycle around, but we'll see how it goes. Anyone else have any thoughts on methods of protecting the backend of processwire? (Aside from https://processwire.com/docs/security/admin/)
  3. So I've been working on a special class for the app interacting with the app's db tables. I've went and added 2 tables onto here. pwusers - This is where I store just the id of PW users (since the app has its' own users table as well) users_pwusers - A relationship table connecting pwusers to the existing users table of the app. The idea is when a new user is created in PW, I would simply: Add that id to the pwusers table Create the user in the users table in the app Add the 2 ids into the relationship field. From there, I have a way to retrieve information from the app associated with the user created in PW. I believe this is the focal point between the app and PW. Setting up this way will allow me to keep the the front end and the app separate in case I ever want to move the app to somewhere like AWS or Rackspace and utilize their database services for high volume. My only concern that's in the back of my mind is synced backups and restores. It's still in early development phase so there's still a lot of room for pivotal changes if anyone has a better approach.
  4. Hi. I'm trying to figure out what might be the best approach when using PW for your CMS, but needing access custom tables. I know you can query your custom tables, so that's not my question here. What I'm trying to figure out is if I should separate an application from PW. Out of the box, the application I will be using has its' own tables and the app is built towards using those tables, so I don't want to rewrite the app to use PW, seems too much work. I do however want to use PW for the CMS and frontend where my users can add/update rows in those custom tables. Now the app itself can be connected from various devices on a handful of ports, so I'm expecting a high volume of requests to the app to a point where I'm seriously considering a dedicated server for this project. Would it be beneficial to create a whole subdomain just for the app and use PW to query the db? Or should I keep the 2 in the same db? Pros/Cons would be great here. Thanks!
  5. I set this up a long time ago, but I think you're right. I must've ran into an issue trying to access the file via ajax directly inside the site directory, hence why I had moved it up in the beginning. I don't know why I didn't think of adding it as a template, that does make sense. If I were to do that, does if ($config->ajax) take into account if it was loaded by PW itself and not some external file outside the site? I assume something like that would run into XSS issues if it was done with ajax. Thanks Robin.
  6. So I have this weird set up: file.php index.php /site/templates/test.php From test.php, I perform an ajax call to file.php. For the most part, I can access the API and use everything properly in file.php. But when I check in in the (Admin > Setup > Sessions,) it shows "/http404/" for the page viewed by that session. It doesn't affect anything from what I can tell, but can't seem to figure out why it always returns a http404 when I include the index.php inside file.php. I have a feeling it's because that's the last file that gets called when home.php is rendered as the ajax is done on page load. I expected to see /test/ instead. Not sure if anyone else has seen this as well. Also, for the most part, the entire site is self contained and in hindsight, I don't see any reasons why I couldn't have placed file.php in the templates folder. Is what I currently have alright or would it be a more ideal set up to move it to the templates folder?
  7. Huh...that's like the Y2K bug. Didn't know about this. Looks like my live server is handling it correctly. I'm guessing linux have already distributed a fix for it then. Thanks.
  8. So I've ran into this weird issue where I can't save a date that has a year 2038 or later. I'm hard coding these dates in when I save the date field. Here's what I get when I print out the results: \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Original:2017-12-31 23:59:59' (length=28) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2035-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:2035-12-31 23:59:59' (length=26) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2036-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:2036-12-31 23:59:59' (length=26) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2037-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:2037-12-31 23:59:59' (length=26) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2038-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:' (length=7) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2039-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:' (length=7) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2040-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:' (length=7) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Updating to 2041-12-31 23:59:59' (length=31) \site\assets\cache\FileCompiler\inc\functions.php:40:string 'Result:' (length=7) So I start with my date field set as today's date. Then I incrementally set the date starting from the year 2035 till 2038. Each time, I'm pulling the saved result of the field for the page. But when It gets up to 2038, it can't save that year, nor any year past 2038 (Which is roughly 20+ years in the future). Am I missing something here?
  9. Solved it. Needed to allocate more memory for the server.
  10. Hi. I've been trying to tackle this problem all day. I have my image upload script working well. On computers, I can upload just fine and have the images resized. But when I try to upload from my phone using the camera, I see the file get uploaded to the server, but then when it comes to the resizing portion, it completely fails. No errors to trace. At first I thought it was iPhone related, but reproduced it on my Android phone. It seems to happen with camera taken images (even DSLR). I can create a photoshop image that is a larger image size, and that works. I'm able to call the image itself it and it displays the original image data, the original file is on the server, the code is pretty basic. I first try getting the URL of the first (and only) image: Start $user->avatar->first->url End Result: Start /site/assets/files/1525/profile.jpeg End BUT when I do this: Start $user->avatar->first->size(100,100)->url End I send up with: Start It simply dies with no error to trace back. Even when I have debug turned on, nothing. For the life of me, I can't seem to pinpoint the issue. Has anyone else come across this?
  11. Wow, 3 hours on this and it came down to this. I think time to call it a night then and tackle my mapmarker issue tomorrow. Thanks!
  12. Hi. I've been plugging away with my new site back on 2.8. I recently upgraded to 3.x and everything seemed fine. But then until I noticed that my ajax-image-upload script wasn't working anymore. The error I'm getting back is Error: Class 'Processwire\WireUpload' not found (line 31) That line in my script is this: $i = new WireUpload('file'); //also tried the following: //$i = new Processwire\WireUpload('file'); //$i = new \Processwire\WireUpload('file'); None of the above works. I'm so confused on what I'm missing as I do have a copy for 2.8 that works fine. Haven't done any modifications to the file since the update to 3.x Have I missed something for 3.x regarding the namespaces? Any insight is greatly appreciated.
  13. I was receiving that same issue of the lat and lng values being 0. When I tried to run the URL for the geocode, it kept giving me a Request Denied. I had recently added my own server key and as well as postal codes components (for my own needs), and now can't reproduce the issue for the life of me. Rather strange error as saving the address through the api was not geocoding correctly, but worked fine on the admin page if I clicked on the address input and clicked off.
×
×
  • Create New...