XF 1.2 More Assorted Things

We missed last week, but lets make it up with a look at a bunch of new things coming in 1.2. We do still have various "big" things to show, but we'll save them for another day.

Template editing improvements: tabs, ctrl-s, auto tabbing
The template editor in the admin CP is now easier to code directly within with a few changes:
  • Pressing tab will now insert an actual tab.
  • You can save the template using ctrl+s (or cmd+s).
  • When you press enter on a line that starts with whitespace, the next line will automatically start with that amount of whitespace. (Basically, this keeps your tab depth.)
  • If you highlight multiple lines, you can use tab or shift-tab to indent or outdent all of the selected lines automatically.
<xen:set> improvements
In certain situations, you may want to use the <xen:set> tag to set non-scalar values, generally arrays. You can now do that with this structure:
Code: 
<xen:set var="$var" value="{xen:array 'a=b', 'c=d'}" />

New <xen:callback> tag
While generally we don't recommend running PHP via templates, some times it's significantly simpler than writing a full add-on. Here's an example call:

Code: 
<xen:callback class="Class_Name_Here" method="getHtml"><b>HTML that will be passed to the callback.</b></xen:callback>

For advanced usage, you can also pass params to the callback via the params attribute (like in template hooks).

To try to limit any untoward usage of this, we place a couple constraints:
  • Like all of our other callbacks, it must happen to a method within a class. You can't just read out /etc/passwd directly.
  • The method that you're calling must start with a limited set of prefixes: get, is, has, render, view, return, print, show, display
I should note that while we've deprecated template hooks, you can actually use this with the new template modification system to effectively create new hooks. That is, if you'd rather work on the final rendered output rather than the template itself.

Option to block logins entirely after a few failures
By default, we only CAPTCHA block accounts after several failed login attempts. This may be more user friendly but some people may consider it to be a security issue. You now have the option to disable logins instead of showing a CAPTCHA.

New password storage: Bcrypt
1.2 introduces a more secure password storage method known as bcrypt. Most hashing schemes are designed to be fast, which makes them unsuitable for password storage. Bcrypt is intentionally slow and is also tunable so it can do more work over time as computers become faster.

Whenever a user logs in, their password will automatically be upgraded to the bcrypt format.

Weekly and monthly stat groupings
Currently, statistics can only be generated on a daily basis. You can now choose to view the totals on a weekly or monthly basis. This allows you to see longer-term trends more easily.

Notable members, member list disabled
By default, the full members list page is now disabled. On larger boards, not only is it useless (and a spam magnet), it's actually a huge performance issue.

The notable members page looks a bit like the standard members list page, but it shows people of note:
  • Most messages
  • Most likes received
  • Most trophy points
  • Today's birthdays
  • (Non-hidden) Staff members
notable-members.webp
Notification emails: easy unsubscribe
Thread notification emails now have 2 unsubscribe links that do not require users to login to use them; one link stops email notifications from the thread the email was from, while the other stops them from all content.

Setting custom routes as the index
The index page (that is, what is currently at http://xenforo.com/community/) can now be set to any route URL. By default, this will be the forum list, but you could set this to resources, a portal page, or something else entirely. If you do change it, the forum list will automatically be located at http://xenforo.com/community/forums/.


Right, let's leave it there today... :)
 
Click to expand...
Mike said:
I added a screenshot to the first post of the notable members page. It's fairly simple and is subject to change (have a few thoughts in mind):

http://xenforo.com/community/attachments/notable-members-png.45984/
Click to expand...


Here is a new thread for suggestions, ideas and brainstorming regarding the "Memberlist" and the "Notable Memberlist"........ in order not to derail this "Have You Seen"-thread with suggestions, etc.

http://xenforo.com/community/threads/notable-member-list-ideas-brainstorming-suggestions-etc.50139/


:)
 
SchmitzIT said:
This is easily something that will allow XF to distinguish itself from its competitors, and would open up a whole new market for developers.
Click to expand...
vB5 is using something similar:) (just to say it^^)


OOOOOOOOOOOH, didn't notice this yesterday^^ This will be great:)
Something like template helpers, but easier to use:D
 
Feedback : on one of my forum (which is private and has a small community), the members list page is one of the most viewed page. This forum is still using vB 3.x. The vB 3.x members list page which its table layout looks like a directory especially with members real names, address, phones, etc. When a wave of new members arrives, this page is also used. It's actually the only way (or at least the easiest for members) to get access members datas if some of the new members don't post, which often happens if they don't familiar with forums.

So for alumni groups, associations, thinktanks, or any small & private community, this members list page is a need, which can explain why some customers are not that happy to see it disappear. Now, it's also true that for most of public communities, this page is not needed, at least its public view, and what has been said about spam is a fact.

Different customers, different needs.
 
cclaerhout said:
Feedback : on one of my forum (which is private and has a small community), the members list page is one of the most viewed page. ...
So for alumni groups, associations, thinktanks, or any small & private community, this members list page is a need, which can explain why some customers are not that happy to see it disappear. Now, it's also true that for most of public communities, this page is not needed, at least its public view, and what has been said about spam is a fact.
Different customers, different needs.
Click to expand...

Excellent analysis.
So for larger boards either memberlist disabled, or the new Notable Members, will be appropriate. For these the needs are met by 1.2.

For small boards, and especially for private associations, alumni groups, small public associations, thinktanks, workteams, study groups, personal support groups, campaigning staff teams, family networks, management seminars and organising conferences, specialist hobby clubs, local societies and so on - the memberlist is vital and needs development,
1.2 does snot as presently described, cover this range of boards.

Please can we stop the argument on whether or not the memberlist is useful. It is a waste of time energy and space on this board.
Either you belong to the group whose needs are met (or about to be by 1.2) or you belong to the group who need a better memberlist. If you belong to the group covered by 1.2 congratulations, but please don't obstruct others with different needs.
 
Morgain said:
Please can we stop the argument on whether or not the memberlist is useful. It is a waste of time energy and space on this board.
Either you belong to the group whose needs are met (or about to be by 1.2) or you belong to the group who need a better memberlist. If you belong to the group covered by 1.2 congratulations, but please don't obstruct others with different needs.
Click to expand...

You are completely missing the point of the forums: Discussion.
Whether people find it a relevant feature or not I think they have every right to comment on it here.
Click to expand...
It's strange to me that you find it obstructing.
 
Morgain said:
1.2 does snot as presently described, cover this range of boards.
Click to expand...
I think it does. Even it has not been explicitly written the "by default" of the below quote should imply that an option exists to get back the current page layout.
Mike said:
By default, the full members list page is now disabled.
Click to expand...

So if I correctly understood the above statement, my previous message was only to show that any debate on "I'm for !" / "I'm against !" is quite sterile. If I'm wrong, then I guess it might be a way to ask to make it as an option.
 
Andrej said:
You are completely missing the point of the forums: Discussion.
It's strange to me that you find it obstructing.
Click to expand...

Not disturbing - perhaps you're assuming I use 'argument' to mean quarrel. I am trained in academic philosophy so to me argument means discussion and is good stuff which I thoroughly approve.

But on a thread like this one whixh is practiv=cal, about about what 1.2 is going to do, I prefer discussion to stay focused, not wandering about on side issues as if it's in the offtopic forum.
The interesting issue of whether people find a feature useful or not, needs its own thread. Then they could all post in votes have apoll, describe how they hate it or love it to heart's content.
If we knew that hardly anyone found it useful that would be different. Then it would get dropped.

But the point here is that there are different needs so the issue is how to provide most efficiently for those different needs.
So as two groups are covered - to disable Memberlist, or use the new Notable list, that leaves the group who want a full memberlist with better design.
 
Morgain said:
1.2 does not as presently described, cover this range of boards..

cclaerhout said:
I think it does. Even it has not been explicitly written the "by default" of the below quote should imply that an option exists to get back the current page layout.
Click to expand...

The current version is not good enough as many have said since XF started.
- display data from membercard
- display custom field data
- search on usergroup/s to display
- admin Hide usergrou[/s

cclaerhout said:
So if I correctly understood the above statement, my previous message was only to show that any debate on "I'm for !" / "I'm against !" is quite sterile. If I'm wrong, then I guess it might be a way to ask to make it as an option.
Click to expand...

Agreed that for / against is sterile and pointless. That has been well explored elsehwere over the last 2 years or so.

Again, 2 groups of need are covered; the above list if features for a full meemberlist is not.[/quote]
 
Remove the members list (y)

I released this resource sometime last year (Remove Members List)
http://xenforo.com/community/resources/remove-members-list.1036/

I can't yet say that it has been completely deprecated without first seeing 1.2, but I'm happy that XenForo is working on making it an option.

Mike said:
Bcrypt is intentionally slow
Click to expand...

This is where you lost me. Anything that adds slowness is never good. If I have 100 - 1,000 members logging into the site at the same time.... I want that to be a quick process.

Would like to see support for this though (for those of us who will be using PPH 5.5)
http://www.php.net/manual/en/ref.password.php
 
Mike said:
You do realize that you basically just suggested bcrypt, right?
Click to expand...
As php makes no mention of it in their documentation (which doesn't all to surprise me, cause they're never 100% in detail on their documentation) ..... I wouldn't be all to surprised that it supports it.

Although the protocol used in PHP 5.5 can also be used with what we're already using (in xenforo 1.1.4). And there is no slowness.

I'm only quoting your words, Mike. You said, bcrypt was slower.
 
Adam Howard said:
As php makes no mention of it in their documentation (which doesn't all to surprise me, cause they're never 100% in detail on their documentation) ..... I wouldn't be all to surprised that it supports it.

Although the protocol used in PHP 5.5 can also be used with what we're already using (in xenforo 1.1.4). And there is no slowness.

I'm only quoting your words, Mike. You said, bcrypt was slower.
Click to expand...

Trying to be as fast as possible isn't necessarily a good thing when it comes to encryption, especially at the expense of security.

Did you miss Mike saying "more secure"?
 
RobParker said:
Trying to be as fast as possible isn't necessarily a good thing when it comes to encryption, especially at the expense of security.

Did you miss Mike saying "more secure"?
Click to expand...
That may have been true in the past, but that old way of thinking no longer really applies. It is possible today to be secure and fast at the same time.
 
Adam Howard said:
As php makes no mention of it in their documentation (which doesn't all to surprise me, cause they're never 100% in detail on their documentation) ..... I wouldn't be all to surprised that it supports it.

Although the protocol used in PHP 5.5 can also be used with what we're already using (in xenforo 1.1.4). And there is no slowness.

I'm only quoting your words, Mike. You said, bcrypt was slower.
Click to expand...
If the database is ever compromised, using BCrypt will take the attacker a very, very, very, very, very, very, (I can't emphasize enough on the 'very' part), long time to try out the passwords for each user.
 

Similar threads

Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
Kruzya
Assorted Interface Improvements
Replies
2
Views
846
Kruzya
Kruzya
M
Expand your Youtube tutorial series and docs to cover more of the basic setup and features
2
Replies
26
Views
2K
TPerry
TPerry
Tipmoose
XF 2.0 Beginner questions about *right* way to do things
Replies
1
Views
638
S Thomas
S
Mouth
8 things wrong with the XF2 mobile experience
2 3
Replies
58
Views
9K
Floyd R Turbo
Floyd R Turbo
Top Bottom