Valery

Thanks kongondo, but how do I add "edit", "view", "new", "move", "copy" tags? I played around with InputfieldPageListSelect but that's not exactly what's needed. ProcessPageList tweaks? Please?

Hey, I notice you are using the "edit_content" permission for profile update. I have to ask: why? If the user is logged in, they can update their own profile just fine. Maybe you plan permissions for editing content? Cannot say for sure. This check would be enough: if ($user->isLoggedIn() && $user->name == $input->urlSegment1) // now you may update you profile, Mr. User Don't forget to sanitize urlSegments, too. You can never be too paranoid with user input. Don't be politically correct with external data. On a side note, You might want to keep an eye on a similar topic.

Let me go into detail here a bit. When a user logs in, a session starts. The user's browser gets assigned an id. You can see it in the `wire_challenge` cookie. This long string of numbers and characters is the link between the user's browser and the server's session. PW checks these IDs every time to be sure you are still logged in and you are still the user you are. Suppose this IDs generation mechanism is exploitable to an attacker. Now they can craft an ID for any user currently logged in. Still with me? The trick here is that PW is good at making strong session IDs. You cannot simply "craft" the right session ID. So, to alter someone else's profile, the following must hold: - the targeted user must be logged in; - the attacker must have their session ID. I can see XSS as the only way to steal someone's cookie. So it's your job to validate user input and watch for XSS hacks--not only in your PW forms but on the whole site in general.

Good day everybody, I am developing a backend page for a customer using ProcessPageList as the basis. I do not want the customer to see anything but product pages, but ProcessPageList always lists all pages starting from Home (id=0) I want to hide certain pages from the backend user but I don't want to mess with different templates and permissions. Example site structure: [ Home ] ---- Site settings ---- Products ---- Misc. Writings How can I set ProcessPageList up such that it builds a page tree starting from "Products" as parent? Thanks for any hints, guys.

Hi, You might want to check that the user is still logged in before updating their profile fields: if ($user->isLoggedin())

Hi all, Thank you all for the feedback. To refresh, I am doing a backend for a shop owner. My challenge was to display a page with ordered articles, each one of these being a repeater item (I am sticking with the "good old" reppies for now because I also need to store the quantity of ordered items somewhere). Ideally, the shop owner should see a table of ordered items, not the combersome list of repeaters. At first I went down the wrong way trying to modify the way repeaters are rendered. However, some tips (thanks kongondo!) gave me a different idea of how to display repeaters (and actually any other field) in the backend the way I want. So here's a quick update: I switched from messing with repeater formatting/output to writing a custom module. The module uses the standard ProcessPageEdit except that I construct the form manually ($field->getInputfield($page) + InputfieldMarkup). There's a hook after buildForm() which makes ProcessPageEdit display my form rather than the default one. Now I have a custom InputfieldForm combined with hooks, which allows making use of ProcessPageEdit with no modifications. I've never been happier. Oh, and a couple of screenshots to go with the post. One shows how my backend page looked with repeaters, and the other one shows a leaner, present-state page made with the approach described above.

Thanks guys. kongondo, I like the idea of designing a tailored field type or taking apart a PadeEdit process for that matter. However, my initial goal was to go for a ready made solution in the first place. I guess I will have to stick to repeaters for now (orders are usually up to a dozen of items for a small web shop), but I will keep thinking here. Craig, good idea. I will add it to my "knowledge base" even though I would like something different for my "orders" template. What I am thinking of right now, is a new field type programmable through the API, which would be displayed in the backend. Think of this field type as a holder for your code. A Lego field type, so to speak, or a field-template. Not ready to get down to detail here for now.

Netcarver, This is happening at the back-end.

Hi kongondo, What I am developing is, basically, order management for shop owners. My "order" template has a Repeater inside of which there's a Page field that links to a product name. I keep it read-only because shop owners are unlikely to modify names of ordered products. Every product has its own page. It works like this: people select products from the front-end, then place their order --> a new page is created with template=orders. Inside this page I have a repeater with all the ordered items. Shop owners can see this page from the backend. I attach a screenshot for clarity. I like repeaters for their scalability. Let's say my customers want to see product photos inside an order page. No problem, I just add the image field into the repeater. Event field? Database modifications, code modifications. No means to delete an event when it's displayed as locked/read-only. There's some thinking for me to do before I decide on either solution...

Hello, Anyone tried setting an Events field visibility to "Locked, value visible but not editable"? After I did that, I am getting raw HTML: <p><strong>2014-04-22</strong><br /><em>Moon</em><br />Moon party!</p> Is there a way to have plain values displayed without getting into the module code?

Thanks, Martijn. Events do look more "hard-coded" than Repeaters but they also look more suitable for a product list (I am doing a small web shop). Guess I will be sticking to Events then.

Thanks for the hint, fmgujju. I forgot to mention that I need to modify the output of repeater items for a backend module, not a template. To be a bit more clear: public function ___executeEdit() { $editor = $this->modules->get("ProcessPageEdit"); return $editor->execute(); } Is there a way to do the same trick for a module?

Hello everybody, I am a bit stuck with the code, so I am asking for a helping hand here. Where should I hook to if I want repeater fields to be rendered differently inside repeater items ? For example, instead of rendering them as a stack I would like them to be displayed as a table. How do I do this? Any advice is appreciated.

Classic stuff, bwakad! Goes well with blogs and shops. Thanks for the code, Take care !

Thanks, Arjen! Sometimes obvious things get the last to be thought of. Also, thanks Soma. You guys helped me a lot with this nuissance.

Soma, that's exactly what my problem is: I can't! I attach a screenshot of my setup just to make it easier to understand. When I try to save my page selection (the page has a different parent) I get the "Page <id> is not valid for <field>" error.

Bwakad, thanks man. But I start to think that this is somehow OK for Page fields to behave this way. I found a workaround by setting Input Field Type to PageListSelect because of this: + Types indicated with a plus assume a "parent" to be the root of a tree, rather than an immediate parent. (it's sort of okay for my case just because I have this field locked, and it means it's not giving me the long-loading ajax page tree every time) What really bugs me is why a Custom Selector of a Page field is giving me pages which I can select but cannot save?

Hey Soma, everyone of us is better off with a tar or two backups of our php's Good luck!

Hi everybody, I am setting up a web shop where customer would be able to select any of the offered products. My "orders" template has a single-page page field "product" linked to the products (for the reason of simplicity, it's 1 product per order). My product pages tree looks like this: [ Products ] ---- [ T-shirts ] --------- Yellow shirt --------- Blue shirt The "product" page field is set up like this: Parent of selectable page(s) = /products Custom selector = has_parent=/products, template=products The problem is that I can see the pages which match the custom selector just fine while editing my "orders" page. However, it seems that I can only save those pages which have "products" as their parent. Example: I can see "Yellow shirt" in the drop-down menu but I cannot save it unless I set "Parent of selectable page(s)" to "Products > T-shirts" How would you advise me to go about it? I want to setup a page field which would allow me to select and save any page with a certain template, regardless of what parent this page has. UPDATE: PageListSelect for a page field is indeed a workaround of sorts but I am still puzzled: why does not a custom selector override Parent of selectable pages? And how on earth does one set up a Page field that would allow any page with a given template to be selected (wherever that page might be!) ?

Better yet: $input->urlSegment1, $input->urlSegment2, $input->urlSegment3 etc

Hi friends, Being a tiny bit lazy, I copied the $input->urlSegment[n] code from the description of "Allow URL segments" in the template settings. Up to 3 URL segments are supported after the page URL. These may be any combination of lowercase ASCII letters (a-z), numbers (0-9), dashes and underscores. You can access the URL segments from your template API code by referencing the $input->urlSegment(n) function or $input->urlSegment[n] property (replacing [n] with 1, 2 or 3). However, that did not work (actually, it displays a character at position n). I scanned through up my older code and saw that I used $input->urlSegment(n) elsewhere and it worked just fine. So, the question is probably to Ryan: does the description of "Allow URL segments" need an update? Otherwise, please correct me.

Hey again, I found OpenShift quite nice and I am liking it a lot. There was one problem with custom domains, however: I could not make it work with my second-level domain (I will use example.org as, well, an example). So people could see my website just fine at www.example.org but could not reach it at example.org. Bummer! Technically speaking, there's no way you can have your "root" domain name as a CNAME for another one. Despair not, there is a way to make it work both ways. Here's how: 1. Add an alias to your OpenShift gear, the alias should be a domain name you pwn (I will continue to use example.org for this example) 2. Register for free with cloudns.net and create a DNS zone for your domain there (create NS records at least). 3. Update name servers for your domain (ns1.cloudns.net up to ns4.cloudns.net). 4. At Cloudns, create a Web Redirect (WR) record so that example.org would point to http://www.example.org 5. Finally, Add a CNAME record www.example.org pointing at <gear>.rhcloud.com Now you are good to go. Each time you go example.org you will be redirected to www.example.org -- and to your OpenShift application!

Hi, Are you pulling a field from a page with restricted access from the front-end? (It looks like you are trying to access pages with template=user as a guest. If so, this violates template access rights.).

Thanks, Dups & OrganizedFellow. @ the moment rhcloud are having issues with their DNS (d'oh!). Hope this gets resolved soon.

Hey, The trick is that you have to call trackChange() before changing image/file properties. Here's a piece that works for me: $page_id = '9999'; // set to a real ID $image_field_name = 'images'; $file_name = '10072882.jpg'; $p = $pages->get($page_id); $p->of(false); $img = $p->$image_field_name->get("name=$file_name"); $p->$image_field_name->trackChange("description"); $new_desc = "Surfing bird"; $img->description = $new_desc; $p->save($image_field_name); Hope it works for you too.