Thor
Members-
Posts
32 -
Joined
-
Last visited
Everything posted by Thor
-
I searched if PW had regex support for users input before and even a few days back and was not able to find any accurate information, but it seems the reason is that they call this Pattern here instead. This is the description in the admin side: Optional regular expression pattern to require in the input. This is used both client side (HTML5 pattern attribute) and server side for validation. Be sure to provide an example of the required pattern in your field description. This seems like regex to me So I'm very happy to see that this is implemented for data input validation. I usually just used PHP regex with my forms so my questions are related to this in particular. I used in the past just JS for users validation (just for GUI friendliness) but of course, PHP (server side) when data is actually submitted. This seems like it will kill 2 birds at once saving me a lot of work Is this just browser/JS regex or does it indeed have server validation for the same regex saved? If this is just browser side, its mostly useless for security reasons as the server (PHP) should be doing any validation. It says there that its used for both, but I'm not sure if browser regex is the same as server PHP one. I assume PW makes the proper check and I will not end up with a case where it works nice on the browser but fails on the server side. The other thing which I'm bit confused about is if the other fields are still valid like Minimum length, Maximum length if you are using a pattern. As far as I understand, the pattern (regex) makes those checks already, so would that setting be redundant? Thanks guys! And really loving PW so far. It seems like everything I'm looking so far is build in. I'm impressed by how much potential this has and I feel great about making PW the choice for my current project. I will of course also buy some commercial modules to support Ryan and his great piece of software.
-
So if I have 1000 users I have to create a unique role for everyone or 1000 roles?
-
Well, I was not referring to the security of ProcessWire itself as the core, but the end user result. (create by me, you, or others with PW). Example, you create a nice GUI/web/frontend for your web users, and with all the beautiful entry and data but your form, the way you are saving data into the system has a big SQL injection problem, or the way its retrieving data also poses a problem. I'm not sure if the software does this, our you still need to sanitize all input saved correctly. If you think about it, every data is still saved into the MySQL database, which means the data has to be checked somehow to make sure it's the right data that is saved. In the case of getting data or queries, you need to make sure it's only for that particular authorized person and not someone else. I searched but I was not able to find if ProcessWire supports regex checking or validation on fields. In my case, I need to add things a bit more complicated that just words or numbers, but make sure they have the proper format when saved, so regex is mostly the only way to do it correctly. If there are fields that can have regex validation, that would be amazing. Otherwise, I will have to create my own PHP fields/forms which means most of the work would be done outside of PW. As for the roles/permissions you posted, that seems to restrict users groups/permission to a page if I'm not mistaken. I found out how to do this with templates, groups and assigning users to that group only. It seems this can also be done with fields and that would solve that issue but I was referring to users unique data (that belongs only to that one user and nobody else). Think of it like a profile page, where users update their password or avatar. So users "Joe" is logged to a template page called "Profile". I want Joe to save his home address here and avatar. (Or I want to save it directly to the DB and Joe can retrieve this when he access that page), then Joe can access a page and check his address, avatar. Now you don't want user "Mike" to access the same template and see Joe's address or be able to modify his avatar. That is the part I was asking. How do you related data to a particular user only?
-
Thanks, I'm actually reading some tutorials as we speak. The concept of using pages as data holders seems strange but I guess I will flow with it for now
-
Great to hear that I was not the only one thinking of using it for web apps instead of just blogs, content or community sites (but if you think about it, those sites are also simple web apps ). So what you are saying is that you did not create a separate database or tables and are using PW as a database storage and as well front end? That is the part I'm a bit confused. Are pages used as data tables here? How do you relate a table to a user? With PHP I would just relate it to the user id that is logged. Example: Get X data from Table A for user ID 50 How secure and efficient is this with ProcessWire? I don't plan to create something big, I'm sure that would be a disaster in terms of slow SQL queries (in particular if PW is storing everything into the DB) and I'm sure that creating a particular DB schema would be far more efficient, but I'm curious for simple stuff how people are doing this. They create a page, assign fields to it, put in a group, restrict users to a group. But how do you avoid other users pulling out data that does not belong to them? I'm not a programmer in any way either. More a web developer&system/network admin. Sure, I can code, and I coded things before and I also have a fancy PHP IDE, but just like you I do most things using examples and Googling alot. And while I'm impressed on how I managed to create fairly complex stuff in the past, I take forever even for basic stuff. One reason to pick ProcessWire, I did not manage to understand frameworks in the day I tried but after reading a bit of tutorial's and stuff on ProcessWire it's starting to make sense. Sure, I can't still think of things in my head, the reason why I ask. I guess every system has a learning curve. Once you are into that curve, things start to flow once you see the magic, but getting on board is the tricky part and I think most people give up on that part. Having knowledge of code in my case of course helps but I still don't understand how ProcessWire works when it comes to storing users data or manipulating it, and then storing it back.
-
What do you mean your hosters does not has your database? What kind of provider are you using that is not doing data backup of their servers or customers data? Any decent hosting provider, even those cheap budget ones are doing daily backups. I would run away and fast from anyone company that doesn't protect its user's data. I also don't think ProcessWire deletes your database. I never heard of a software that deletes its own database. Either you deleted it by mistake from your control panel or your host did. I saw your other post where you mentioned the database is not in cPanel visible anymore. Is the MySQL user still there? If nothing is there, then indeed it would mean someone deleted your database.
-
Hi, beloved ones. Sorry if my intro post is a bit long but like most of those that were new once, I assume you had questions. I knew ProcessWire from some years back, never used it before and I used mostly ExpressionEngine for sites, as well just custom PHP/MySQL for other things as well other stuff with Smarty and other CMS. So it was mainly CMS for site parts and for other more fancy things, just PHP. Recently a new project landed on my feet, and I was struggling just to pick and learn a framework or go plain vanilla PHP. The obvious choice was CodeIgniter, CakePHP and maybe Laravel, but I was inclined to CakePHP when I decided to dig a bit more. For some strange reason, I landed again on ProcessWire and more than one here claimed its more like a framework than a CMS, so you can build as many custom things as you want. And decided to finally give it a go instead of trying to learn something completely new. Installed in a few minutes, and then in the past 2-3 days I was reading and learning a bit. Boy, I love it. No boxed CMS or forcing me to stick to a specific convention, and I can code straight PHP code without any particular needs or requirements, not to mention use my own files like CSS, JS and mix code with Processwire. It just works! I assume this is really the best tool for those doing PHP things that need a bit of help from a framework or just a software like PW that can speed up things. I finally decided that instead of trying to do everything from scratch in PHP I would pick up Processwire for several reasons. Authentication and permissions system build (why re-invent the wheel), cache and many other features, like plugins and other things I could need in the future, not to mention an amazing community it seems. So here come my questions.... My project consists of a web app, not a content site. More an interface where users need to log in and manage their own unique data which I also need to pull out using other databases and API's. So this is already different to what most people probably build here in terms of sites. Now don’t get me wrong. I don’t expect ProcessWire to do everything and my idea was to just use ProcessWire for he GUI part to simplify things and stick to my own code and database for more complex tasks. But then reading the forums and looking at what some people are doing it seems why would I even do this? It seems if I’m not mistaken that every data in ProcessWire is a database field (I checked and it seems everything is saved to the DB) and people are using it to store users data and process them after that. So my question is should I maybe stick to using ProcessWire for most things or still go with a mixed route, GUI processWire mixed with my own modules and codes? The first thing that came to my mind was if I am going with separate/split databases or just use the same ProcessWire database and build extra tables for my data. For security and stability reasons, the obvious choice is to split databases, but then again, I could always do the sharding in the future if I need and just use for now (for simplicity reasons) the same MySQL database that processwire is using but my own custom tables. But then after digging more, it seems maybe not even that is required as ProcessWire is able to store users data by nature. I’m not sure and still a bit confused about but Im not mistaken it would not be complicated to store users data with specific formats in the database. The other reason I want ProcessWire is security. I really don't want ot be having to do all the sanitization and SQL inyection protection or have some forms badly build by myself and have a security hole. I guess like with other systems, ProcessWire can do all the XSS, SQL protection, etc. out of the box. Is ProcessWire the right tool for this? Storing users accounts data, which they can retrieve in the GUI or I can tap into the database to use for other purposes? Or should I just stick to using my own tables/DB and access and manipulate that data with my own PHP code build in PW templates? So far this is where I got so far in a few hours:" Installation. Locked everything requiring a login. Investigating how the user/roles/permissions works. I didn't tested anything related fields, or storing/retriving users data yet. For my surprise when I looked the database, I could not find a users table either. I'm not sure how I'm supposed to identify or access users data, while the test users I created have an ID which I can pull out, this seems randomly created by ProcessWire. I would need to identify specific users, so data can be unique to them, and then make granular permissions for those users to what they can or can't access based on this data. Thing a control panel or admin panel type of site.