netcarver

Did you push this repo anywhere? Github, gitlab, bitbucket, co-worker's machine etc? If so, you can pull the state back from the remote. Edited to add, if there's corruption on your local drive, you might want to think about immediately backing up your data. Try running git fsck.

Time to go to backups I think.

Do you have it in a backup you can compare it with? Or is it in a local git repo - if so, you can see what changed using git diff.

Great find Sergio, thanks for posting it. Seems like I'm going to have to stop using smear/smudge on images with fields that I want to stay private. Will now have to totally overwrite said info with a block of solid colour. Just in case it gets that good ? Edited to add: Very impressed with the output. This service works great!

What about, in principle, having an install-time option of making all non-standard files inaccessable unless whitelisted in the .htaccess file? If chosen, the installer could use a version of .htaccess file with rules that whitelist .css, .js, .htm(l) and perhaps .json extensions by default, along with the usual image file extensions. I'm suggesting this as I have, in the past, come across client sites with .pem certificate files in the site root directory and nothing in the .htaccess file to prevent their download. I think this would allow ProCache to work, as it compiles things down to these kinds files. Am I missing something with the idea?

Well, it's only day 2 of this module's use with folks other than yourself (as far as I can tell), so I wouldn't worry too much about it being "hacky" (from a code pov) at the moment. There are a few UX issues that did get me confused though, and these might be worth your consideration. Firstly, as you mentioned, the key registration process on the user account page is not intuitive. On most other websites where I have registered keys, you are allowed to name the keys and manage them individually. Whilst not being able to name/manage them is fine, I think the wording/flow of key registration could possibly be improved. Perhaps a pop-up when a key registration is successful? I ended up having to turn on the developer tools to look at the debug messages in the console to see when a registration went through OK. Secondly, could the two buttons ("Use Security Key" and "Submit") on the 2nd factor page be removed/hidden, as far as I can tell, neither of them needs to be visible - at least not for a Yubikey - as activating the key submits the page. Do these buttons need to be visible for other U2F key types?

@Adam Success! Version 1.0.1 works for me. Registered 3 keys (a Yubico Security Key, a NEO and a Yubikey 4) and can log in with any of them. Thank you for the module!

@Adam Not sure if this will help, but have you tried setting the maximum length for text fields to "0" in the InputfieldJsonNativeFields config page?

Would using a single json-fieldtype for packing config values for multiple keys help? There are a couple I know of, but bitpoet's is probably the most up-to-date.

@Adam Whilst it may be more difficult to allow multiple Yubikey's on an account, I'd definitely support a move to a Yubikey-specific module that permitted multiple key registrations. I would not want to be without a backup key registered on any accounts - potential lock-out is too risky (for me) should a lone key be lost/stolen or fail, that I still favour TOTP (on a client like Authy) over a single Yubikey on an account.

@Adam Ok, I am on localhost, but not using SSL. Will try (another day now) on a test site with an SSL certificate installed. Thanks for your help so far!

@Adam Thanks for the speedy update - the zip under the releases tab does now work for me and I can install the module. I'm now hitting a problem trying to activate it on the user's page. I choose U2F as the TFA method and submit the page and am then asked to click the on-screen "Add Security Key" button to enable U2F - but nothing happens when this is clicked but an error does show up in the js console in Chrome... "u2f-api-polyfill.js:545 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null')."

Ok, I missed that. Thank's Teppo.

Hmm, Trying to install this via the modules installation page and getting: "Session: Error reported by web service: That module is not currently tracked by the modules directory" despite the module being present in the directory. Odd. Trying to install via the Install from zip method leads to "Compile Error: require(): Failed opening required 'php-u2flib-server/src/u2flib_server/U2F.php' (include_path='.:/usr/share/php') (line 17 of /var/www/pwgeeks.local/public_html/site/modules/TfaU2F/TfaU2F.module)" on all pages of my test site.

Yes! Fantastic! This module is currently top of my list of modules to develop for Processwire - thanks so much for doing it for us! Will test with Yubikeys as soon as possible, and shorten my to-do list.

Paginated forms: Looking > Forward > To > This > Alot. Thank-you!

Yes, Linux here, either Mint or plain Arch depending on which machine I'm using. All my VPSs are running Ubuntu at present.

@J_Szwarga Thanks for the post. If you only need to output in 12 hour format, you can probably do it like this within your template files (untested)... # Pull the values from our page's time field... $timeparts = FieldtypeTime::getTimeParts($page->timefield); # Adjust name of field as needed. # Adjust the sign $sign = (empty($timeparts['sign']) ? '+' : '-'; # Create a time, based on the start of today, with the offset hours, mins and seconds from the timeparts. # See: https://www.php.net/manual/en/function.strtotime.php $time = strtotime("today $sign {$timeparts['hours']} hours {$timeparts['mins']} mins {$timeparts['secs']} secs"); # Format it for output as needed, in this case as 12hours with lowercase am/pm marker. # See: https://www.php.net/manual/en/function.date.php echo date("ga", $time);

Hi Chris, I had a chance to try this out today, and it's been pretty useful though I still have a lot to learn about CSPs. One quick observation is that it inserts at the start of the <head> block, before the charset and viewport meta tags. IIRC, the charset and viewport meta-tags are meant to be the first tags in the head block. Will keep experimenting with the module.

@PWaddict You could try Robin's module - https://github.com/Toutouwai/LimitRepeater. I don't know if this could help though, it's just a thought.

Nice, thank you Teppo. I'm pretty impressed by the Contabo VPS S SSD spec - especially the 8gigs of RAM - thanks for pointing to them.

@mr-fan What granularity of data do you need for things that are 5 years old? Do you need to drill down to get the exact temperature given a date and time from 5 years in the past? Or would an average do? If an average would be enough, then have a look at RRDTool. All you'd need to do is feed the data into it, then link the graphs it generates into your PW driven site. Although I've not used RRDTool for about 9 years, I ran it on a Raspberry Pi A (IIRC) to profile my house's thermal performance. I did this by collecting 1 minute temperature samples from a network of 8 x 1-wire temperature sensors I installed in the property. I ran this over a period of about 2 years, and all that data got squished into a fix-sized on-disk DB of a few megabytes. I used a cron job to pull the images from the graph generator and cache them on disk with fixed filenames. I had nginx serve a simple html webpage that referenced the images by name. Worked really nicely on my local network, but the output graphs aren't the prettiest. You might be able to feed the results into grafana or Bernhard's tool if nicer output is needed. If you do need high granularity of the old data, RRDTool isn't the tool for you. @dragan ESPs are a family of Wifi/Cellular capable microcontrollers. Very popular with electronics/systems makers. Example.

Well, I was thinking of Contabo, but now you mention it, could you post both?

@teppo, please could you post the output of lscpu from your vps and let us know which plan you are on. TQ.

Sounds like a useful tutorial. Looking forward to it.