DrQuincy

I know how to create pages with the API and how to add images and files. I just wondered, though, if there was any in-buit way to handle instant AJAX file uploads as the backend does. As you know, if you submit the files with the rest of the form it can take a while if there are multiple large files. In the PW CMS, however, you upload them and they're applied on save and somehow cleaned up if not used. Is there any way to tap into this workflow or do oyu have to roll your own? Thanks.

Thank you @Robin S I'm pretty sure I did as you said and it didn't work but I have just gone back through. Template set to full access control Images field set to access control but View checked on all roles inc. guest Files field set to access control but View checked on all roles excl. guest And I have accessed the assets in a different browser not logged in and the images can be accessed but not the files. Perfect! My next question is, some of these pages will have a lot of images (20+) and each one of this will now create a new PHP/ProcessWire thread. Now I have got this working, I am worried about overloading the server. Has anyone much experience with this? I wonder if I should: Load the images one-by-one using JavaScript Each time a page is loaded for the first time after being saved copy the images to a public folder before the page is rendered Any other ideas? EDIT: I'm actually thinking make all assets public, prefix restricted ones with “restricted--” or something, block files with that prefix using .htaccess and then create a PHP file (restricted-file.php?file=foo.pdf&page-id=9999) that bootstraps PW and loads the file. I think that would be fairly simple and as light as can be on resources.

I've now tried this out. @Robin S This is true but it seems to apply to all image and file fields assigned to the template. In this template I have an images field and a files field. I want the template and everything in it to be accessible by all roles except the files field. I have followed the instructions above. Template: everyone has view access, Prevent direct access… is set to Yes always… Files field: Access set to view for everyone except guest Image field: I tried this as is (manage acess control = No) but that didn't work so I explicitly set everyone to View What happens is PW adds a minus to the site/assets/files folder indicating access control but it seems to be doing it to all fields regardless of how the individual file and image fields are set. Is this expected or have I missed something out? Thanks.

Let's say I have Fieldset Group called Tables that contains 3 x Pro Fields table. Each table is label, value where label is set via the API and is readonly (see below). If I set the field to be Closed on load, how can I set it so that if in any of the tables if value is empty instead of seeing a closed fieldset: Tables ... I get something like: Tables ... 7 missing values or Tables (7 missing values) ... (either is okay) Additional questions: I also want to hide the new row button but I think I can easily do that with CSS. Use this CSS: li#Inputfield_{myFieldName}pageText a.InputfieldTableAddRow { display: none; } How can I make the label field in the table readonly, add readonly=readonly to the settings for that column doesn't do it. Use this JS: $('input.{myFieldName}-label').attr('readonly', 'readonly').attr('onfocus', 'this.blur()').css('opacity', 0.6); How to sort the table A to Z by label Didn't realise there is a setting for this, great! Thanks. EDIT: Here's how I did it: \ProcessWire\wire()->addHookAfter('ProcessPageEdit::buildForm', function(\ProcessWire\HookEvent $event) { $object = $event->object; $form = $event->arguments('form'); $page = $object->getPage(); $page->of(false); if ($page->myField) { $toAction = 0; foreach ($page->$myField as $row) { if (!$row->value) { $toAction ++; } } if ($toAction > 0) { $form->prependMarkup('<div class="pw-container uk-container uk-container-expand"><div class="uk-alert uk-alert-danger"><span class="fa fa-exclamation-circle"></span> Check the <strong>Page text</strong> tab; ' . (int) $toAction . ' value(s) needs entering</div></div>'); } } });

Thanks @Robin S I will try this and report back. It might not be for a week or so as I have another project to finish first. To be honest, in all my years of using ProcessWire, I have never really worked with access control at the field level, only the template. But it seems like this is the kind of quick, simple and elegant solution you would expect from ProcessWire. I'm glad I posted here as my solution was way too convoluted! 😉

Thanks for that, and what a happy coincidence! I'm not sure I want to edit the core at this point but I appreciate your code snippet. I think my other idea is going to take a bit more work but can be done with hooks: Create a child template with access control and file field Add Integer Unique field to store parent page ID Add Pages::save hook to create and save child page (check for its existance first and create a new one if needed) Add a ProcessPageEdit::buildForm on the parent template to add the access controlled field to the edit form Add a Pages::delete hook to delete the child page when the parent page is deleted I think that should do it. I'll have to try it out though. I was hoping there'd be a simpler solution!

In a template you can enable: Prevent direct access to file assets owned by pages using this template? And in site/assets the folder of that page has a minus prefix added so Apache tells PW to handle the file request. I have a situation where I want the top level page to have no access control but I also have a series of files where I need access control. I.e. it's a mix. I'm just wondering if I make the files be part of a repeater, can I set access control for the repeater only since it has its own ID. Will this work? I would guess that it does but I wanted to see if anyone has used this approach in production.

Yeah, I thought so. I'm using my own by the spam emails are still getting 0.9 (same as me!). I don't get these spam emails since there's nothing promotional in them whatsoever and yet they're making it passed everything.

Thanks, will there be no free allowance at all? What about the free credit you get per month with Cloud Console? I don't believe it, I just pushed this live for a client and right away they got a spam submission that scored 0.9/1! Judging by the contents of the form it can't possibly be a human. How on earth is it scoring so highly? Will Google “learn” from this once a few come through?

I tend to use things like time delay, force JS, honeypot for spam protection and then only add other measures once they don't seem to work on a site. I do have a couple of sites getting a lot of spam and I am trying out Google reCAPTCHA v3 since it's free for my degree of usage and seems to be done without the user knowing about it. I have used V2 before but I hate it as a user experience; some of the tests have been ridiculously long. I just wondered what your thoughts were on it. My main concern is: do things like uBlock and Firefox in strict mode work with it? I have uBlock running and use Firefox in Ehanced mode and it seems okay. What's a suitable fallback? And are false positives common? I am going to use PW's logging system, at least initially, to log those that doesn't make it through. Curious to hear people's opinions and if there are any gotcahs I might've missed. Thanks. 🙂

Thanks for pointing that out! You're right, it looks odd — but it's right.

Ah, I've found the answer to my question already. See phpMailAdditionalParameters on here: https://processwire.com/api/ref/config/ I assume this will do it in config.php: $config->phpMailAdditionalParameters = '-f bounce@example.com';

I have never come across with before — especially odd as I use this hosting company for scores of ProcessWire sites but I am having issues with email sending. I am just using normal WireMail() and this works in about 95% of my sites so I don't need to set up a separate SMTP account. The hosting company is claiming in this instance is it because the PW module is not setting the -f $from_address in PHP mail()'s $additional_params paramater. (I am using LoginRegisterPro and the email in question is the confirmation one. I guess this is irrelevant since LRP will use whatever mail module PW is set to use.) Anyway, can I set the -f flag in mail() without hacking the PW core code? Thanks.

I think you're right. It makes sense you can't tell PW to ignore images while at the same time handling access for them.

Perfect, thanks! On this comment: I am not setting this to true in my config.php. However, I do have some sites where under the Access tab of the template I have Prevent direct access to file assets owned by pages using this template? set to Yes, always. Does this effectively set $config->pagefileSecure = true for all assets belonging to pages that use that template? In other words, if you are wanting to manage access to assets you cannot use a static 404 HTML file. Is that right? It makes sense but I just wanted to check.

Just an idea really. Recently, I had server issues due to a ton of 404s that were all firing up ProcessWire. It was an unusual scenario but it made me wonder if it's possible to have a static HTML page that is used for either all 404s — or maybe some 404s. All 404s would be simpler. Is it possible to switch this off so that Apache handles all 404s instead of PW? Just thinking out loud but I also wondered if it would be possible to restrict the static 404 page to certain extensions such as images. In my example above, the server overload was due to broken image links. I'd still like all other errors (e.g. 500, 403) to go through PW. Thanks. 🙂

Thanks, yes. The idea of it is great but the SMTP provider is not Google. It's a lesser known one.

Do you know how to hook into WireMail so I can set this manually? I thought it was based on Swift but I just read that's discontinued now. I'd be able to get it working with Swift but I need it to use WireMail for LRP, EmailNewUser, etc to work.

I'm using SMTP successfully with Google and an app password for other clients. A client has a custom stricter setup and they say they can only use SMTP with Oauth2. I presume this will involve regularly generating access tokens. Is there any way to make this work with the WireMail SMTP module? There is nothing in the settings. I need it to work at a global level so all $mail routes through this since I am using the LoginRegisterPro and EmailNewUser modules. Thanks.

I may be missing something glaringly obvious here (I am admittedly tired!)… I have the text formatter TextformatterMarkdownExtra applied to a field that uses EasyMDE in the front end. If I add HTML to the field it gets putput as is. E.g. This is <strong>bold</strong>. This is bold. I thought Markdown would trip out HTML by default. Indeed, in the module settings if I submit the under the Test Markdown section I get: <p>This is &lt;strong&gt;bold&lt;/strong&gt;.</p> But on the front end it renders as: <p>This is <strong>bold</strong>.</p> Any ideas? It's not a massive issue as a client wouldn't typically even know what HTML is but thought I'd check. EDIT: I just tried another site and the other one seems to work as expected but I can't see anything different in the settings! The only difference I can see is the site that doesn't work uses 3.0.229 and the one that does uses 3.0.246. Both use the same version of TextformatterMarkdownExtra (1.8.0).

Here's a much more elegant solution that doesn’t require altering the database: $session->forceLogin('admin'); Place this code in /site/templates/admin.php Don’t forget to disable it after though. 🙂

I'm setting up a site that uses the two-factor auth to login (backend and via LoginRegisterPro); the client also wants to use SMTP. The SMTP didn't work and so I couldn't login via LoginRegisterPro. On /processwire/ the browser had already gone through TFA so I was able to log in. It made me think: had I not been able to log in the way I did, how would I do so if TFA is enabled and SMTP is not working. I am assuming I can disable SMTP or TFA via the database. If that's the case, how do I do this? Would the best way, without losing any SMTP settings, be to empty the data field in the ProcessLogin row of the modules table? Thanks.

How do I use the API to export templates and fields in the same format as when you're logged into the back and and choose Templates|Fields › Export? I've searched but I can't sync anything. Thanks. 😀

Just resurecting this one: Is this possible? I don't want to do it at this stage but I'm just wondering how it might be done.

@bernhard Thanks for your massively helpful debug code. I can see now that the Users::* hooks apply to managing users in the back-end so it was never going to work with LRP — the LRP-specific ones are what I needed.