We missed last week, but lets make it up with a look at a bunch of new things coming in 1.2. We do still have various "big" things to show, but we'll save them for another day.
Template editing improvements: tabs, ctrl-s, auto tabbing
The template editor in the admin CP is now easier to code directly within with a few changes:
In certain situations, you may want to use the <xen:set> tag to set non-scalar values, generally arrays. You can now do that with this structure:
New <xen:callback> tag
While generally we don't recommend running PHP via templates, some times it's significantly simpler than writing a full add-on. Here's an example call:
For advanced usage, you can also pass params to the callback via the params attribute (like in template hooks).
To try to limit any untoward usage of this, we place a couple constraints:
Option to block logins entirely after a few failures
By default, we only CAPTCHA block accounts after several failed login attempts. This may be more user friendly but some people may consider it to be a security issue. You now have the option to disable logins instead of showing a CAPTCHA.
New password storage: Bcrypt
1.2 introduces a more secure password storage method known as bcrypt. Most hashing schemes are designed to be fast, which makes them unsuitable for password storage. Bcrypt is intentionally slow and is also tunable so it can do more work over time as computers become faster.
Whenever a user logs in, their password will automatically be upgraded to the bcrypt format.
Weekly and monthly stat groupings
Currently, statistics can only be generated on a daily basis. You can now choose to view the totals on a weekly or monthly basis. This allows you to see longer-term trends more easily.
Notable members, member list disabled
By default, the full members list page is now disabled. On larger boards, not only is it useless (and a spam magnet), it's actually a huge performance issue.
The notable members page looks a bit like the standard members list page, but it shows people of note:
Notification emails: easy unsubscribe
Thread notification emails now have 2 unsubscribe links that do not require users to login to use them; one link stops email notifications from the thread the email was from, while the other stops them from all content.
Setting custom routes as the index
The index page (that is, what is currently at http://xenforo.com/community/) can now be set to any route URL. By default, this will be the forum list, but you could set this to resources, a portal page, or something else entirely. If you do change it, the forum list will automatically be located at http://xenforo.com/community/forums/.
Right, let's leave it there today...
Template editing improvements: tabs, ctrl-s, auto tabbing
The template editor in the admin CP is now easier to code directly within with a few changes:
- Pressing tab will now insert an actual tab.
- You can save the template using ctrl+s (or cmd+s).
- When you press enter on a line that starts with whitespace, the next line will automatically start with that amount of whitespace. (Basically, this keeps your tab depth.)
- If you highlight multiple lines, you can use tab or shift-tab to indent or outdent all of the selected lines automatically.
In certain situations, you may want to use the <xen:set> tag to set non-scalar values, generally arrays. You can now do that with this structure:
Code:
<xen:set var="$var" value="{xen:array 'a=b', 'c=d'}" />
New <xen:callback> tag
While generally we don't recommend running PHP via templates, some times it's significantly simpler than writing a full add-on. Here's an example call:
Code:
<xen:callback class="Class_Name_Here" method="getHtml"><b>HTML that will be passed to the callback.</b></xen:callback>
For advanced usage, you can also pass params to the callback via the params attribute (like in template hooks).
To try to limit any untoward usage of this, we place a couple constraints:
- Like all of our other callbacks, it must happen to a method within a class. You can't just read out /etc/passwd directly.
- The method that you're calling must start with a limited set of prefixes: get, is, has, render, view, return, print, show, display
Option to block logins entirely after a few failures
By default, we only CAPTCHA block accounts after several failed login attempts. This may be more user friendly but some people may consider it to be a security issue. You now have the option to disable logins instead of showing a CAPTCHA.
New password storage: Bcrypt
1.2 introduces a more secure password storage method known as bcrypt. Most hashing schemes are designed to be fast, which makes them unsuitable for password storage. Bcrypt is intentionally slow and is also tunable so it can do more work over time as computers become faster.
Whenever a user logs in, their password will automatically be upgraded to the bcrypt format.
Weekly and monthly stat groupings
Currently, statistics can only be generated on a daily basis. You can now choose to view the totals on a weekly or monthly basis. This allows you to see longer-term trends more easily.
Notable members, member list disabled
By default, the full members list page is now disabled. On larger boards, not only is it useless (and a spam magnet), it's actually a huge performance issue.
The notable members page looks a bit like the standard members list page, but it shows people of note:
- Most messages
- Most likes received
- Most trophy points
- Today's birthdays
- (Non-hidden) Staff members
Notification emails: easy unsubscribe
Thread notification emails now have 2 unsubscribe links that do not require users to login to use them; one link stops email notifications from the thread the email was from, while the other stops them from all content.
Setting custom routes as the index
The index page (that is, what is currently at http://xenforo.com/community/) can now be set to any route URL. By default, this will be the forum list, but you could set this to resources, a portal page, or something else entirely. If you do change it, the forum list will automatically be located at http://xenforo.com/community/forums/.
Right, let's leave it there today...