XF 1.2 More Assorted Things

We missed last week, but lets make it up with a look at a bunch of new things coming in 1.2. We do still have various "big" things to show, but we'll save them for another day.

Template editing improvements: tabs, ctrl-s, auto tabbing
The template editor in the admin CP is now easier to code directly within with a few changes:
  • Pressing tab will now insert an actual tab.
  • You can save the template using ctrl+s (or cmd+s).
  • When you press enter on a line that starts with whitespace, the next line will automatically start with that amount of whitespace. (Basically, this keeps your tab depth.)
  • If you highlight multiple lines, you can use tab or shift-tab to indent or outdent all of the selected lines automatically.
<xen:set> improvements
In certain situations, you may want to use the <xen:set> tag to set non-scalar values, generally arrays. You can now do that with this structure:
Code:
<xen:set var="$var" value="{xen:array 'a=b', 'c=d'}" />

New <xen:callback> tag
While generally we don't recommend running PHP via templates, some times it's significantly simpler than writing a full add-on. Here's an example call:

Code:
<xen:callback class="Class_Name_Here" method="getHtml"><b>HTML that will be passed to the callback.</b></xen:callback>

For advanced usage, you can also pass params to the callback via the params attribute (like in template hooks).

To try to limit any untoward usage of this, we place a couple constraints:
  • Like all of our other callbacks, it must happen to a method within a class. You can't just read out /etc/passwd directly.
  • The method that you're calling must start with a limited set of prefixes: get, is, has, render, view, return, print, show, display
I should note that while we've deprecated template hooks, you can actually use this with the new template modification system to effectively create new hooks. That is, if you'd rather work on the final rendered output rather than the template itself.

Option to block logins entirely after a few failures
By default, we only CAPTCHA block accounts after several failed login attempts. This may be more user friendly but some people may consider it to be a security issue. You now have the option to disable logins instead of showing a CAPTCHA.

New password storage: Bcrypt
1.2 introduces a more secure password storage method known as bcrypt. Most hashing schemes are designed to be fast, which makes them unsuitable for password storage. Bcrypt is intentionally slow and is also tunable so it can do more work over time as computers become faster.

Whenever a user logs in, their password will automatically be upgraded to the bcrypt format.

Weekly and monthly stat groupings
Currently, statistics can only be generated on a daily basis. You can now choose to view the totals on a weekly or monthly basis. This allows you to see longer-term trends more easily.

Notable members, member list disabled
By default, the full members list page is now disabled. On larger boards, not only is it useless (and a spam magnet), it's actually a huge performance issue.

The notable members page looks a bit like the standard members list page, but it shows people of note:
  • Most messages
  • Most likes received
  • Most trophy points
  • Today's birthdays
  • (Non-hidden) Staff members
notable-members.webp
Notification emails: easy unsubscribe
Thread notification emails now have 2 unsubscribe links that do not require users to login to use them; one link stops email notifications from the thread the email was from, while the other stops them from all content.

Setting custom routes as the index
The index page (that is, what is currently at http://xenforo.com/community/) can now be set to any route URL. By default, this will be the forum list, but you could set this to resources, a portal page, or something else entirely. If you do change it, the forum list will automatically be located at http://xenforo.com/community/forums/.


Right, let's leave it there today... :)
 
I'm sure it could be one of your amazing "Enhancements" if it stays as it is, Shelley :)


No one who respects their user's security should care in the slightest about a few ms delay. And if users were to complain, the reasoning behind it is completely reasonable and justifiable. I am sure they care more about their data security than an extra millisecond delay.

But, and I think this is one of the major things with regards to bcrypt, as Mike already said: it is tunable.

So if you're on a much slower shared server presumably you can tune this down to less rounds? Therefore less of a delay? Similarly if you're on a beefy dedicated server you can tune it up further.

Seems like the best move possible for site admins and their users.

Of course, that's the beauty of BCrypt, it has been designed to store passwords safely using a configurable number of rounds for when CPUs/GPUs (tho it doesn't run well on GPUs which is great) increase their speed. Instead of millions/billions of tests per second (say like SHA1 etc) you only get thousands per second using BCrypt.

SCrypt is currently being ratified and is a slightly more robust algorithm, unfortunately library support is not that widespread as BCrypt.
 
As our current leaderboard listings does not have a date cut off, it also display banned members from years ago, as these members posted a lot back then. This does not make sense. The same would happen with notable members if there is no exclusion of usergroups or abandoned accounts.
 
The current member list already excludes banned members. I'm sure this will too.

And, if it isn't a feature that is included officially, it's actually a one line template edit to exclude usergroups from the member's list.
 
And, if it isn't a feature that is included officially, it's actually a one line template edit to exclude usergroups from the member's list.

Thank you Chris yes I use this. Better than nothing.
But we don't have a template edit to give users a choice of buttons to select different usergoups.
 
Besides banned members I also would not want to show discouraged members, abandoned accounts, users with bounced email, awaiting approval, and several custom usergroups.
 
The member list only shows valid users (not banned, confirmed email, not discouraged, approved members). I am certain that will continue with the new version of the member list.

That only leaves you with abandoned accounts and custom usergroups to deal with.

Custom usergroups can be dealt with easily using template conditionals.

Abandoned accounts can potentially be handled with with template conditionals too based on the last activity date.

Best bet is to post a thread in Styling and Customizations forum where me or someone else can advise on the template conditionals that might work. The conditionals will work on the current member list and the new member list (though the implementation will likely be slightly different on the new member list).
 
Thank you Chris yes I use this. Better than nothing.
But we don't have a template edit to give users a choice of buttons to select different usergoups.
Best bet is to post a thread in Styling and Customizations forum where me or someone else can advise on the template conditionals that might work. The conditionals will work on the current member list and the new member list (though the implementation will likely be slightly different on the new member list).
I did request this but got no response other than the conditional to Hide usergroups which was very welcome.
As it will probably change a bit in 1.2 probably best to wait. Thanks for your advice.
 
Could we have both notable members and members list on the same page?

Just hide members list from guests.
 
Setting custom routes as the index
The index page (that is, what is currently at http://xenforo.com/community/) can now be set to any route URL. By default, this will be the forum list, but you could set this to resources, a portal page, or something else entirely. If you do change it, the forum list will automatically be located at http://xenforo.com/community/forums/.
Oh, forgot to ask about this. Does this setting have any effect on the canonical URL of the index? Just that all the email templates will link to your site with {xen:link canonical:index}. Would all the URLs in the emails look like "xenforo.com/community/forums/" or "xenforo.com/community/"?
 
I can only assume it'll be the normal one ("xenforo.com/community/") and it'll be rerouted based on the setting.
 
I can only assume it'll be the normal one ("xenforo.com/community/") and it'll be rerouted based on the setting.
Ah okay, that would be good for me, hopefully that is the case. Currently I'm using an addon that basically creates a new route called home, and replaces the index controller with the home controller. Thus, the URL of the index doesn't actually change which means your site URL looks like xenforo.com/community/forum in any emails, which isn't too desirable, at least for me.
 
Ah okay, that would be good for me, hopefully that is the case. Currently I'm using an addon that basically creates a new route called home, and replaces the index controller with the home controller. Thus, the URL of the index doesn't actually change which means your site URL looks like xenforo.com/community/forum in any emails, which isn't too desirable, at least for me.
I'm sure Mike has thought of that, but don't quote me on it. lol. If I was coding it, that's how I would have written it.
 
The index is the index, regardless of what page it actually displays. It's basically just "give me the front page". If you want to link to a particular page (eg, the forum list), you link to it as you normally would (as of 1.2, {xen:link forums} for the forum list). If that page happens to be the index, the system will change the URL for you to ensure the link is correct. (If you're doing URL canonicalization, this approach will work there too.)
 
Notable members, member list disabled
By default, the full members list page is now disabled. On larger boards, not only is it useless (and a spam magnet), it's actually a huge performance issue.

The notable members page looks a bit like the standard members list page, but it shows people of note:
  • Most messages
  • Most likes received
  • Most trophy points
  • Today's birthdays
  • (Non-hidden) Staff members
Would it be possible to set like 'most' of the week/month/day/alltime ?

Something like that is VERY valuable to me as we push out newsletters and magazine info - thank you!
 
I'm intrigued by the member list changes.

While I realise the downside to having the full memberlist, as stated, I'm not entirely convinced the memberlist being the way it is now is entirely a good thing. Yes, there will be less performance hit and less spam for the general populace but putting the top posters/top liked people etc on a pedestal like this could actually lead to them getting more spam (e.g. PCs for help when not always desirable)

I'm intrigued to see where it plays out, that's for sure.
 
I've tried to not ask this before the beta release, but i'm too curious because i'm working on something similar since several weeks...:/ :rolleyes:

How powerful is the new callback tag?
e.g. in lithium or symfony, i'm able to make a "rest call" or subrequest to get 5 online users and use the response inside the template


Code:
//lithium:
<#assign users = rest("/users/online/registered?page_size=5").users />
<#list users.user as onlineUser>
              <#assign avatar = rest(onlineUser.@href+"/profiles/avatar/size/message").image />
                  <a href="${onlineUser.@view_href}"><img src="${avatar.url}" ></a>
</#list>
//in symfony it's very similar, with the subrequests
{{ render(controller("MyDemoBundle:User:online", {'limit': 5})) }}

will xf allow this too?:D
or will the xen:callback allow at least something similar? e.g. include this via the template merge system into the sidebar and that's it?
just like my sexy pseudocode
Code:
<xen:set var="$onlineUsers">
<xen:callback class="Foo_TemplateCallbacks"
                        method="getOnlineUsers"
                        extraparam="{xen:array 'limit=>5'}" />
</xen:set>
<xen:if is="$onlineUsers">
<xen:include template="myaddon_onlineuserscontainer" />
</xen:if>
 
Top Bottom