Jump to content

Andy Millne

Invision Community Team
  • Posts

  • Joined

  • Last visited

  • Days Won


 Content Type 


Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory





Everything posted by Andy Millne

  1. The app now allows you to set a cover photo image for each competition. You can set these in the competition settings in the admin control panel.
  2. Please feel free to send me a PM with ACP access so I may investigate this. The theme is editable via the admin control panel as with all apps. Unfortunately I'm not able to assist with customization requests but there is a directory of 3rd party designers in the resources section at https://invisioncommunity.com/third-party/providers/
  3. I am planning to update this for 4.5 but I'm not sure when exactly it will be available unfortunately.
  4. Sorry @christopher-w, missed that. The theme templates/css are customisable via the default template editors if you wanted to change the layout but the aspect ratio is not configurable by default, no.
  5. Your screenshot is not showing and I'm not able to reproduce this locally but if you send me a PM with an admin login I can investigate that. @jesuralem and @Nathan Explosion There isn't any native support for videos currently. Any file uploaded will show as a downloadable link. I can look into adding video playback however.
  6. This hasn't been very popular so I wasn't planning to update it but that said it's quite straightforward and doesn't require much in the way of support so I'll see what I can do.
  7. Please send me a PM with access info and I will investigate. Thanks these are some great suggestions. I'll see what I can do for the next version.
  8. Are you logged in as a restricted administrator perhaps? If so you may need to enable the completion restrictions using a different admin user.
  9. For a very long time Invision Community has allowed community owners to choose how open or private their communities should be. Communities could optionally allow guests to post without registering, they could allow the use of pseudonyms or they could require the use of real names. This covers a diverse range of communities but feedback from our clients made us realize that some use cases have not been accounted for. For some types of community, where discussion topics are particularly sensitive, community owners want to make sure that members register with their real details but are given the option to post anonymously where appropriate. For example, organisations dealing with abuse or sensitive topics might want the member to feel safe and disinhibited to post info without fear of being identified by the rest of the community. With our next release, we are pleased to introduce Anonymous Posting to make this a reality. When enabled, members will see the option to post anonymously when creating or replying to content. Starting a new anonymous topic Author details for anonymously posted content is hidden throughout the community and instead a default profile picture and name is shown. Total anonymity is not always desirable however and in some cases it may be necessary for trusted staff members to know who posted the content. Where allowed, these staff members will be shown an option to reveal the content author. Author details are hidden but can be revealed by trusted staff members Anonymous posting can be enabled on a per group basis and also limited to specific forums, albums and categories etc. The ability for staff members to reveal who really posted the content is a moderator permission. We hope this new feature is a useful addition and where appropriate makes your members feel safe or comfortable to share info they might not have otherwise. How open or private is your community and what do you find are the benefits or disadvantages of anonymity?
  10. There is a 4.5 compatible version currently submitted and in the review process now. Thanks for your patience.
  11. The app is not officially compatible with 4.5 currently. It may work without issue but I will be reviewing shortly and releasing a confirmed compatibility update in the next couple of weeks.
  12. New Application Extensions Three new application extensions are available; core/RssImport core/MobileNavigation core/OverviewStatistics \IPS\Application::getRootPath() A new \IPS\Application::getRootPath() method is available to return the path to application files regardless of the server environment, which should be used instead of \IPS\ROOT_PATH Stock Photos The WYSIWYG editor now includes an "allowStockPhotos" options array parameter. A boolean value is accepted and will determine whether or not the editor can have images attached via the Pixabay stock photo picker if also enabled in community enhancements. Admin Control Panel CSRF Protection Additional protections are now required for admin control panel controllers to protect against cross site request forgery attacks. The steps required are described in the security considerations guide.
  13. The Invision Community framework is set up with security best practices in mind but there are a few things you should make use of in order to not inadvertently bypass these protections. Validating User Input Where your application or plugins request user data the built in Form handling methods should be used. By default form input is protected against vulnerabilities but you should still ensure the correct form types are used for example using email address, number and radio fields etc. where appropriate. This not only provides the best user experience but also means the input is validated using appropriate methods. When using environment, request and cookie variables you should also be sure to use the \IPS\Request methods that are adjusted to account for environment differences. This data is *not* validated and should be treated as untrusted and validated and sanitised as appropriate. Escaping Output Invision Community template syntax automatically escapes variables on output but this can be bypassed with the raw modifier as explained in the template syntax guide. The raw modifier should only ever be used with trusted and sanitised content otherwise a risk of introducing a vulnerability exists. Querying The Database The database class contains distinct methods for selecting, updating, inserting and deleting data and contains security features to prevent database injection vulnerabilities. The raw query() method should be avoided wherever possible and if used, only ever with sanitised and pre-formatted queries. Protecting Against Cross Site Request Forgeries Any methods that alter data/state, or which process any data, should be protected against cross site request forgeries to make sure requests are initiated by the user that intended it. When using the built in form handling methods this will occur automatically when called in conjunction with the $form->values() method. Outside of forms you can protect links generated with the built in URL classes by using the built in csrf() method. For example the following; \IPS\Http\Url::internal( "app=myapp&module=mymodule&controller=mycontroller&do=myaction" )->csrf() ...will add the csrf key to your link. The controller that acts on the request should then be protected by adding the following before the action is performed. For example; public function myaction() { \IPS\Session::i()->csrfCheck(); // Your code here } Both of these steps must be in place for an effective CSRF defense. When deleting something, you should also implement the deletion public function delete() { \IPS\Request::i()->confirmedDelete(); //your deletion logic } In addition, within the admin control panel you should add the following class property to confirm suitable CSRF checks are in place; /** * @brief Has been CSRF-protected */ public static $csrfProtected = TRUE; This page is not an exhaustive list of security considerations and serves only as a guide to the most common pitfalls new developers face. Industry best practices should be followed at all times when developing applications and plugins for the Invision Community platform.
  14. What it is MobileNavigation extensions are used to add new tabs to the mobile app navigation menu, tying in directly with the menu manager in the AdminCP. How to use Many of the same methods are implemented as the core/FrontNavigation extension so if you are familiar with this extension you already have a head start. Implemented methods in the mobile navigation extension are as follows; /** * Can the currently logged in user access the content this item links to? * * @return bool */ public function canAccessContent() The canAccessContent() method allows you to dynamically check if the current viewing member an access the page or not. Often this will come down to checking if the member can access the module or not, however you can perform whatever checks you want, returning TRUE if the member can access the tab and FALSE if not. /** * Get Title * * @return string */ public function title() The title() method returns the tab title to display within the app. /** * Get Link * * @return \IPS\Http\Url */ public function link() The link() method, as you might expect, returns the link that the tab should point to. A full \IPS\Http\Url object should be returned. /** * Permissions can be inherited? * * @return bool */ public static function permissionsCanInherit() By default permissions can be inherited by menu items (e.g. if you cannot access any menu items, do not show the tab), however you can disable this if you wish by overriding this method and returning FALSE. /** * Allow multiple instances? * * @return string */ public static function allowMultiple() By default, only one instance of a menu item is available to set up (so you cannot create two 'Gallery' tabs by choosing Gallery in the menu manager), however if your menu class would benefit from supporting multiple instances this method can be overridden and return TRUE. This is used for the base generic Menu mobile navigation extension, for instance, as you may want to create multiple menus. /** * Get configuration fields * * @param array $configuration The existing configuration, if editing an existing item * @param int $id The ID number of the existing item, if editing * @return array */ public static function configuration( $existingConfiguration, $id = NULL ) If your menu requires special configuration, you can define a static configuration() method to return an array of form helper elements to display in order to configure the menu. /** * Parse configuration fields * * @param array $configuration The values received from the form * @return array */ public static function parseConfiguration( $configuration, $id ) If your menu requires special configuration, you can define a static parseConfiguration() method to process the form helper elements returned with the configuration() method described above. /** * Can this item be used at all? * For example, if this will link to a particular feature which has been diabled, it should * not be available, even if the user has permission * * @return bool */ public static function isEnabled() As the docblock states, you can return FALSE from the isEnabled() method if you need to completely disable the menu item regardless of user permissions. MobileNavigation extensions extend \IPS\core\MobileNavigation\MobileNavigationAbstract so it is worth taking a look at this class to understand the methods being extended and how they interact if there is any confusion.
  15. Ah I see, it's the vertical menu that prevents a sub item. It's not possible to add a link Link as in your screenshot unless you're comfortable making theme edits in which case you would edit the "competitions" template. Alternatively you could edit the "There are no competitions available" language string to include a link. I don't have a date yet but it will likely be inline with the Invision Community 4.5 release or shortly after.
  16. If you still have a primary nav bar for the contest page you could add an external link type as a sub item using the menu manager. Would that work?
  17. Since the feature was announced at last year’s World Wide Developer Conference (WWDC) we have received lots of requests to implement Sign in with Apple in Invision Community. We’re pleased to announce that as of 4.5 this is now available. You will need a paid Apple developer account to use it but once enabled users will be able to sign in using their Apple ID and all the convenience that brings. Touch ID and Face ID is supported natively where available and works across all your devices. Choose to share or hide your email address Isn’t it just another login button? Sign in with Apple is built on similar technologies as other login buttons such as those already available in Invision Community from Facebook, Google and Microsoft. The difference is Apple’s unique focus on privacy. On certain community types users can be reluctant to sign up when they fear they need to disclose lots of personal details. Every community is different so allowing your users to share as little or as much info as they like could be important to your success. Apple have stated that no user tracking will take place in contrast to other services where this forms a part of their business model. When signing in with their Apple ID the user can choose whether or not to share their real email address with your community. If the user chooses to hide their email address then your community will receive a relay email address that will forward to their real address. The email address used is unique to your community so the user can retain control. Can users link their existing Invision Community accounts? Yes! If a user signs in using the Apple button and shares their real email address, then providing they already have an account on your community they will be prompted to link their account in the same way as other social login buttons. They can also link an existing account from their account settings. If linking from account settings then the email addresses used do not need to match. Sign in with Apple is already enabled here on our community and is available in the 4.5 beta available to download now.
  18. Can you please send me a PM with admin control panel access and a link to the issue so I may investigate this?
  19. This is a bug. The rules should only show if any are set. I have fixed this for the next release. This is in interesting idea. I think this could work by blurring images for competitions marked as NSFW until a user toggles a preference. Their preference could be stored per session.
  20. You can allow your members to sign in to your community using their Apple ID with the benefits that brings such as FaceID/Touch ID and Two factor authentication. Using this method, members can also protect their privacy by choosing to hide their real email address. Their account will be created using a relay email address unique to your community. Sign in with Apple requires a paid Apple developer account that can be created at https://developer.apple.com. Creating the Credentials Once you have an Apple developer account you can create the credentials needed. Create an App ID Go to Certificates, Identifiers and Profiles. Click on Identifiers from the side menu and then the + icon to create an identifier. Choose App IDs on the first step and click continue. Enter a description and Bundle ID. The description can be anything you like but your community name is a good one. The recommended bundle ID is the reverse DNS style of your domain name e.g. com.yourdomain. Select "Sign in with Apple" from the list of capabilities and then confirm. Create a Services ID Return to the identifiers page, click the + icon again and this time choose Services IDs followed by Continue. For the description you can enter the same as you did for the App ID above. For the Identifier field enter the same identifier as in the first step followed by .client e.g. com.yourdomain.client. This is your Services ID - make a note of it, since you'll need it later when setting up Invision Community. Click Continue and then Register. You will see your service listed on the Services page. Click the service you just created. From the capabilities list, again select Sign in with Apple and then configure. This is where you will add your community domain name. First select the App ID you created in the first step above and then enter your domain name. If you only have one App ID on your developer account it should already be selected. The return URL should be set as the path to your community followed by /oauth/callback/ e.g. yourdomain.com/oauth/callback Click Next, then Done to close the popup. Click Continue then Save on the page. Create a Private Key After returning to Certificates, Identifiers & Profiles choose "Keys" from the side menu and then the + icon to create a new key. Enter a key name select Sign in with Apple from the list of capabilities and click configure. Select the App ID you created earlier and click Save. On the page you are returned to, click Register. A .p8 key file will now be generated. Be sure to save this key now as it can't be retrieved later. Finally, return to the key details page and make note of your Key ID. Fetch your Team ID The Team ID can be found on the Membership page in your Apple developer account, or at the top of most pages when creating/editing keys and services. Set up Invision Community You should now have a Services ID, Team ID, Key ID and Key file you can use to set up Invision Community. In your Invision Community admin control panel go to System > Settings > Login & Registration and click "Create New" on the Methods tab. Choose Apple from the list of handlers. You can now enter the credentials obtained above and upload the .p8 key file and set the other settings according to your preference. Click Save. A test of your settings will be performed and if everything is correct Sign in with Apple will be enabled on your community.
  21. This is not a feature unfortunately. The app is focussed on connections between users.
  22. Does it happen on the default theme? Could you send me a PM with an admin login so I can look into that for you? I'm not able to reproduce the issue locally.
  23. OK, I'll keep it if it's being used 👍
  24. I have released a new version to address the latest reported bugs. I have also been working hard on 1.4 which has some rather large changes now so I think I will target 4.5 for this. I will still be doing bug fix releases for 1.3 on 4.4 for the foreseeable future. @misfit76 Can you PM me about the horizontal widget issue please? I'm not able to reproduce that locally. Does anybody use the scheduler? I'm thinking of removing it to reduce complexity but will leave it if people say they are using it. You will still be able to create competitions with future dates in advance but they won't be automatically created on the weekly/monthly schedule.
  • Create New...