ProcessWire Weekly #57

57th issue of ProcessWire Weekly brings in all the latest news from the ProcessWire community. Modules, sites, and more. Read on!

Welcome back to our weekly news – this time, in addition to our regular core updates section, we've got two fantastic modules and a very nice site of the week to introduce. Once again it's been a busy week around here, and our community seems as lively as ever!

Now, without further delays, we're going to go straight into business. We hope that you enjoy our latest weekly issue, and if there's anything you'd like us to know, please don't hesitate to drop us a line via the feedback form. Have a great weekend!

Core updates of the week, and a new version of the ProFields Table field

This week, as explained by Ryan in his latest blog post at processwire.com, the bulk of the core updates were related to the release of a new version of the commercial ProFields Table module. Since the weekly processwire.com blog post mentioned above is all about PageTable updates, here's a list of those for your convenience:

  • Support for unlimited number of table columns, with wider than 100% tables automatically converted to a kind of a fieldset (instead of plain old table rows, which would obviously have some trouble representing very complex data structures)
  • Support for both single and multi value Page-reference fields, with available inputfields ranging from radio buttons to asmSelect (autocomplete support is on its way)
  • Support for rich text fields via the built-in CKEditor module; note, though, that this feature requires the latest version of the ProcessWire core package (2.6.4) to work!
  • Support for multi-language text fields (text, textarea, and CKEditor) with separate language values cleanly displayed on their own tabs

Other notable updates to the Table field include new help texts for most column setting properties, support for multi-language column labels (a much-needed addition for multi-language sites), improved support for selecting Table field properties within Lister and ListerPro, and support for select-multiple options field as an alternative to checkboxes.

More details can be found from Ryan's weekly blog post, so head down there if you're interested in hearing more about the very powerful ProFields Table!

Fieldtype Reference creates references to remote fields with great flexibility

Fieldtype Reference, a module by Benjamin Milde, adds support for fields that reference values of remote fields. By adding a new reference field, you can literally pull values from other pages on the fly and without any template-level custom code. Referenced pages are located with PHP snippets, and the specific field referenced is defined by template=field pairings.

For an example, you could easily create a Reference field contact which would automatically find the first parent page with product or product-category template, pull the value of field owner or category_owner depending on the template of the page found, and display it both in the admin (as an non-editable, display-only field), and also allow you to use it in the template (as a read-only field).

While API usage is a nice shortcut and can help avoid code duplication, the Reference fieldtype also adds a whole new level of flexibility for your Admin designs. For an example, imagine the possibilities when combined with showIf rules. Displaying given field only if a checkbox on the home page is checked, if a field on another page is empty, etc. Pretty neat, right? :)

Thanks to Benjamin for building this very useful module – we've no doubt that it'll come in handy in our future projects! For more examples and details, we'd suggest checking out the README file of the module at GitHub.

Social Login: a new work-in-progress social sign-on and registration module

Lately, we've been following the development of Social Login, a module by Mauro Mascia integrating the HybridAuth social sign-on library to ProcessWire. In a nutshell, Social Login provides support for authenticating via social media services. Currently Twitter, Facebook, and Google are enabled by default, but since HybridAuth supports a whole flock of other providers too, the possibilities are quite extensive.

Notably, in addition to authentication, Social Login introduces registration feature, which makes it suitable for sites that are open to the public in this way. Please keep in mind, though, that in most cases public registration is not recommended – public registration can result in a whole lot of potential security risks, and should only be enabled in cases where it's really necessary.

If you'd like to know more about Social Login, please head down to the support forum thread. Keep in mind that this module is still a work in progress, isn't yet part of our modules directory, and should be considered "potentially risky". We'd suggest using this module only in testing and development environments, at least until it's officially submitted to the modules directory.

Nevertheless, this module does look very promising, and we'd very much like to encourage the developers to continue their work on the module. Thanks for sharing this with us, Mauro!

Site of the week: Gabriela Estates

Recently there have been many great additions to our sites directory, making it harder and harder to pick just one each week. Nevertheless, we believe that the site we've chosen this week, Gabriela Estates, represents some of the best qualities of sites built with ProcessWire:

  • it's clean, responsive, and usable;
  • makes use of ProcessWire's core strengths, including its ability to define flexible data types;
  • and, finally, the whole site looks really awesome and shows obvious signs of true craftsmanship!

The focus of the site is on the properties currently for sale or available for rent via Gabriela Estates, displayed in a clean, attractive, and distraction-free manner. The overall design looks well thought out, call to action buttons are easy to spot, and property details are neatly listed. The carousel displaying photos feels particularly usable on touch devices – a relatively small detail, but one that often greatly enhances the experience of mobile users!

The site in question belongs to Gabriela Muñiz, a real estate agent in Mérida (Yucatan, Mexico), and was skilfully put together by Joshua Gatcke of 99Lime. Congratulations for both the client and Joshua for having such a great site!

Stay tuned for our next issue

That's it for the 57th issue of ProcessWire Weekly. We'll be back with more news, updates, and content next Saturday, 20th of June. As always, ProcessWire newsletter subscribers will get our updates a few days later.

Thanks for staying with us, once again. Hope you've had a great and productive week, and don't forget to check out the ProcessWire forums for more interesting topics. Until next week, happy hacking with ProcessWire!

This post has 2 comments:

teppo on Friday 19th of June 2015 21:17 pm

Hi there, Uli – and sorry for taking so long to answer, it's been a busy week!

Generally speaking *any* method that allows visitors to automatically create content *of any type*, including (but not limited to) user accounts (or applications for such) is risky. Such content needs to be strictly filtered and sanitised, and there should also be some way of preventing misuse of such a feature by, for an example, flooding the system with meaningless requests.

In the case of public registration this is extremely important, since the whole purpose of registration is to generate user accounts, which in turn allow users to authenticate with your service, often gaining some privileges not available for the public. Depending on the purpose and audience, validation methods in use, the way registered users are separated from users with more permissions, and other implementation details, such registration system could potentially be exploited to gain illegitimate access and – as an absolute worst case scenario – even compromise your whole system.

Even if registered users have no (or very few) special privileges compared to public users, getting an unprivileged user account could be the first step towards gaining access to a privileged one, or perhaps used for snooping around to see how your site is built and protected. Security through obscurity is not a very good strategy, but exposing the inner workings of your site unnecessarily should also be avoided.

To be clear, I'm not saying that public registration is always a bad idea. It's important for many sites out there, and in some cases it can actually improve the security of a site. Regardless, it should never be done just "because it's possible", and if/when it's deemed necessary, it should be implemented carefully, and involved risks should be evaluated properly.

Hope this helps clarify things a bit, and thanks for reading and commenting!

Uli on Sunday 14th of June 2015 23:22 pm

Hi, thanks for this new issue. You state that "in most cases public registration is not recommended – public registration can result in a whole lot of potential security risks, and should only be enabled in cases where it's really necessary." – could you explain that in more detail? Many modern websites have some sort of public registration...?

Post a comment