Jump to content

netcarver

PW-Moderators
  • Content Count

    1,769
  • Joined

  • Last visited

  • Days Won

    35

netcarver last won the day on November 17

netcarver had the most liked content!

Community Reputation

2,650 Excellent

About netcarver

  • Rank
    Code Monkey

Profile Information

  • Gender
    Male
  • Location
    UK

Recent Profile Visitors

14,068 profile views
  1. @humanafterall If you are developing on localhost and need to override the https settings in your template files you can do this by using copying your site/config.php file to site/config-dev.php file, and adding this option to the new file: $config->noHTTPS = true; ...and it should work. There are several posts here in the forum that talk about how to setup your dev and live config files.
  2. Hi @modifiedcontent have you considered just using Ryan's ProcessForgotPasswords module that is already part of PW and just loading it in your template file and having it take care of things for you? I've not tried it myself in my own template files but it is certainly possible. Something like this might work for you on your reset page template (totally untested, but you seem to be willing to experiment)... <?php if ($user->isLoggedin()) { $session->logout(); $session->redirect('/'); } else { $pfp = wire()->modules->get("ProcessForgotPassword"); $pfp->useInlineNotices = true; $pfp->emailFrom = 'your-from-address@your.domain'; echo $pfp->execute(); } There are several other settings like 'useInlineNotices' that are documented in the module from lines 17-28, linked here. You'll be better served using this core module if you can, rather than writing something yourself. If you do want to use this as a learning opportunity, and decide to go with your own code then I'd suggest research in the following areas: CSRF tokens, session variables, cryptographically secure random number generators, MD5 weaknesses and password hashing.
  3. Version 1.4.0 released: improves translation tools compatibility.
  4. Thank you to everyone who purchased at the Early-Bird rate, all those licenses are now sold-out. Announcing the availability of the not-quite-so-discounted batch of NiftyPasswordsPlus licenses. Once this batch is gone, pricing reverts to normal. 2nd Batch of Discounted Licenses on Gumroad. >>> Please include your forum username when purchasing. <<<
  5. I take it that everything is working for you as needed, @Jozsef? Please let me know if there is anything wrong or needing correction.
  6. Hello fellow PW devs, Do any of you know if it's possible to have or use multi-language textareas within a configurable module's settings page? I know it's possible to translate individual strings from within the module using the language tools - but I'd like to be able to offer different translations for a configuration field, if possible, without having to do something like use a multiplier field.
  7. @Jozsef Yes, this works by extending ProcessForgotPassword which is used by LoginRegisterPro to handle password resets.
  8. Ryan's ProCache module is the other obvious candidate to mention here.
  9. That's basically impossible for anyone to answer as there are so many other variables involved than just the row count and your machine specs. It will also depend on how much of that data needs to be loaded per page view, how many requests per second you expect to handle, will you be using caching, are there background updates happening, are the tables correctly indexed and using the most suitable storage engine, how many sessions will be active at peak, will you be triggering external API calls as part of the page views, what about asset loading - all assets optimised, and how often you'll need to be updating rows in the DB, do the pages involve JS rendering anything on the frontend etc. etc. I think you'd be better off setting a target for acceptable page loading times and then asking "What do I need to do to get 80% of my page loads to this time or better?" You also need to consider if PW's API is a good fit for your programming needs and if the Admin interface is suitable for you and any users who may need access to the admin. I'd suggest setting your speed goals and then trying an import of a subset of your data and then seeing how your resource needs and page speeds scale going from say 100 thousand to 200 thousand rows and then extrapolating from that. If you do try out PW, please keep us updated with your results.
  10. Pete and I can finally announce the availability of a discounted "Early-Bird" batch of NiftyPasswordsPlus. Once this batch is gone, we will be offering one further discounted batch before the pricing reverts to normal. Details in the opening post above this. Please feel free to ask any questions you may have about the module here.
  11. @Davis Harrison Dion Hello, whilst there has been sporadic chat in the forums regarding sqlite over the years, I don't think we are any closer to seeing core support for it. I'm also unaware of any third party integration that's using it. I'd be delighted if I were wrong about that though; perhaps someone lurking in here does know how it can be done.
  12. Just to update everyone: in case you missed it, we intend to release this as a commercial module sometime this coming week, testing feedback permitting.
  13. Hi @modifiedcontent, yes, it's now all packaged up as a module and currently in testing. I posted about it here. Please be aware, as mentioned in that post, Pete and I intend to release this as a commercial module sometime this week.
  14. You might also be able to use ESRCH's PagesSum module to do this - but I never tried it on checkbox fields before. https://github.com/netcarver/PW-PagesSum
  15. Announcing the availability of the not-quite-so-discounted batch of NiftyPasswordsPlus licenses. Once this batch is gone, pricing reverts to normal. 2nd Batch of Discounted Licenses on Gumroad. >>> Please include your forum username when purchasing. <<< This is a module pack by Nifty Solutions for Processwire CMF/CMS (running on PHP 7.2+) that extends the core features for password recovery making them more flexible and easy to use. Features Can send just the verification code in emails (removing the clickable link), and immediately show the reset verification page. This forces the reset to be completed in the same session it was started from. Allow the password reset to be initiated in one session and completed in another. You no longer have to complete the reset from the same browser and tab. There are options to allow you to still require reset completion from the same IP address. Prevention of incorrect data entry in the reset initiation step, users are warned if they enter an email in a username field. Optional auto-completion of the verification code field in the password reset step. This makes things easier for users as they don't have to copy-and-paste from their email client. Be warned, however, that this can facilitate automated reset attempts. Control how long reset links are valid for (sometimes an hour is much too long) and update the text of outgoing emails and reset screens to report the new value. Optionally allowing automatic user login following a successful password reset. This is not recommended but is supported. This option is never available to Superusers or users with 2-factor authentication requirements on their accounts. You can additionally limit this to users with specific roles. Allows the reset process to require input of the user's Time-based one-time (TOTP) value - if they have TOTP setup on their account. You can also mandate the entry of a valid TOTP in order to complete a password reset. The TOTP field extends ProcessForgotPassword and operates with or without NiftyPasswordsPlus. Works by extending the core ProcessForgotPassword module so it works on the Admin login page and your custom LoginRegisterPro pages. You'll also get access to NiftyHashedTokens in your template and module files - a HMAC-Hashed key-to-value store, providing tamper-detection of the key and controlling how many times it may be accessed in a given period along with IP address checking. Pre-Requisites This requires PHP7.2 or better and a recent copy of Processwire with the ProcessForgotPassword and InputfieldSelect modules installed. Installation After purchase you will have access to the latest version of the pack as a single zip file.If this is your first Nifty installation: simply unzip the file in a temporary location and transfer the resulting Nifty folder into the site/modules directory of your site. Then refresh the modules in Processwire and install the NiftyPasswordsPlus module.If you already have other Nifty products installed: unzip the file in a temporary location and look in the Nifty folder you unpacked. Copy any new subdirectories from there into your existing site/modules/Nifty directory. Log in to Processwire, refresh your modules and install NiftyPasswordsPlus. You will need to acknowledge the disclaimer, enabling the module in order to proceed. Refunds We offer a no-questions-asked refund policy in the first 14 days from the date and time of your purchase. Settings Step 1: Step 2: Gives options changing how the reset link works. Step 3: If you install FieldtypeUserTOTPValue as well, you also have additional options to require TOTP 2FA for reset. Step 4: Additional settings: FieldtypeUserTOTPValue allows you to add TOTP as a confirm field in ProcessForgotPassword: Which then requires the user doing the reset to enter their TOTP 2FA code (if set on their account) in order to reset their password: If the user does not have TOTP set up on their account, they just leave this blank. If they do have TOTP set up, they need to enter the current value. If you are using this along with NiftyPasswordsPlus, then you can additionally enforce role-based requirements for entry of a correct TOTP value in order for password reset to work. It does this by hooking FieldtypeUserTOTPValue's RequireTfa() method. You can do the same from your site/ready.php file to add any additional checks you'd like for your particular site. We currently only support TOTP 2FA as it is simple, avoids sending another email (in case email is compromised) and the bar to user adoption is quite low. Finally, we have NiftyHashedTokens: Announcing the availability of the not-quite-so-discounted batch of NiftyPasswordsPlus licenses. Once this batch is gone, pricing reverts to normal. 2nd Batch of Discounted Licenses on Gumroad. >>> Please include your forum username when purchasing. <<<
×
×
  • Create New...