Do you know those features some people have been requesting for a long time, and when you finally sit down to build them, it takes no more than 30 minutes to code the first version? This latest one definitely falls in that category.

Getting Groovy with the CLI

See, not everyone wants to use a nice GUI to manage their site. Some people are hardcore, and would rather use the commandline. Rawr. Truth be told, I'm not one of them, but here's a goodie for the people that do.

modCli is a command line php script enabling you to run any of the MODX processors from a (ssh) terminal, in just shy of 180 lines of code (including comments). After you dump the file in your MODX_BASE_URL, you can start running processors from the command line. It's kind of like Drush for Drupal, but then for MODX.

Examples

While you can find exact usage instructions and some other examples in the code, here's two quick examples as to what you can do with modCli.

php modcli.php resource/create pagetitle=Awesome! parent=6 content=Awesomer!
php modcli.php workspace/packages/getlist limit=1 start=2

Security Concerns

As to my knowledge you can't have sessions in a Terminal, this script basically bypasses the login process for MODX. Yes, you read that right, it just loads MODX in API mode, in the mgr context, which in my tests gives it full access to everything.

While it's a nifty tool which in some cases can be very convenient (I still prefer shiny buttons), do NOT EVER EVER EVER leave this available in the root of your site. Even better, don't put it there in the first place, but adjust line 44 of the script to point to your MODX install from, say, a non-web accessible SSH-only directory.

Disclaimer: use at your own risk and don't come whining if the script worked as intended for someone else, too.

Get the Code

I want to make sure you read the security concerns above before I even tell you where to get the code from, or how it exactly works. Only tick the box below if you did!

Happy New Year!

As the last post of 2012, it's my statutory duty to wish you a happy new year today. My hope for you is to make the next year at least twice as ambitious, successful and awesome as 2012!

Of course there's no way to say goodbye to 2012 as with an old fashioned list of what went on in 2012. So without further ado, here's the top 5 most visited blog posts in 2012:

I challenged the community a while ago. If we would hit 200 documentation bugs in the tracker, I would spend two full days working on closing as many as I could. Even though it received some good response and the amount of bug reports went up quite a bit, we still didn't hit 200 yet. But that's okay, cause now we have even better initiative: Documentation Friday.

Meet Scott Borys.

Scott Borys, Gobi Desert Photo © 2010 Mike Buchinski

Scott Borys is many things. He's a web developer, hitchhiker, blogger and (even though I never met him in person) I'm pretty sure he's a genuine nice guy, too. 

He just happens to build sites in MODX, and has recently single-handedly created a new recurring initiative causing all sorts of uproar in the MODX Community. The good kind of uproar, that is. The kind of uproar that impacts people's experience with the MODX system, most likely without them realizing it!

Introducing Documentation Friday

Take one avid tweeter, who goes in and fixes documentation issues, while live tweeting the progress and involving members of the community in doing so. That about summarizes what Documentation Friday is. It's a continuous effort to improve the documentation based on bug reports and new tutorials about specific subjects.

Like last week, it usually starts with something like this:

And ends up with some very important updates to the MODX RTFM.

One very interesting side effect that Scott mentioned to me on Skype some time ago (and which I can attest to myself as well), is how writing documentation is a great way to learn and to be sure the information you need is available for reference. Win-win-win!

It's been phenomenal for increasing my working knowledge of MODX. It also makes me happy whenever I need to check something that I *know* is in the documentation because I wrote it.

— Scott Borys, September 28th, 2012

Join the movement!

I've seen various people in the community hitchhiking along with Scott on this amazing initiative (see what I did there?), and I'm hoping that we can kick this into gear and make this a real weekly thing that we as a community help out with. It would be awesome if everyone would hop on board and start fixing things, but even if you just report issues with the documentation so the editors know what to do, that would be fantastic!

So yes, I am going to sunset my Community Challenge in favor of #documentationfriday, in trying to get at least an hour of documentation work in every Friday. Or at least a #catchupsunday. 

Scott; thank you so much for doing this and being such an amazing part of the MODX community. I hope this initiative stays around a long time! Oh, and if you ever end up hitchhiking and couchsurfing in The Netherlands, just give me a call: you're very welcome to stay here for a while. (I know you wouldn't mind me staying at your place either!)

As the first work for this event started ages ago (early 2012), this post is way overdue. And I've been neglecting this blog lately, too.. But if you've missed the announcements so far, please allow me introduce you to MODXpo Europe!

What?

MODXpo Europe is a one day (two if you count the friday night social) event on November 10th, 2012. Similar to the MODX event in Dallas two and a half years earlier, it's the premier event where MODX users, community and team get together to talk about MODX, MODX, MODX and a little more MODX. Less than a month left to get your tickets!!

Who?

We're seeing all sorts of people signing up for the event. All the way from hardcore back-end MODX Developers and front end integrators to entrepreneurs and project managers.

This mixed audience is also equally represented in our speaker line up. We've got several well known developers such as Menno Pietersen and Bert Oost speaking about front and back end subjects, while community rockstars Bob Ray (who also wrote a book) and Susan Ottwell also fly in from other continents to talk to you about a range of subjects: Evolution, Building sites in Revolution, Packaging Extras and the Revolution Security Model. We'll also hear about what clients need to know about MODX from Skytoaster PM Matt Fuller, and I will personally share my experience of Building Extras for MODX as well.

That's just a quick sample though, head over to the MODXpo.eu site to view the entire schedule.

When?

Saturday November 10th, 2012, from 8.30am until about 8pm. For those in town the night before, we will also be announcing a social event on the Friday night with sponsored beer and snacks real soon.

Where?

Cursus- en Vergadercentrum Domstad, Koningbergerstraat 9, 3531 AJ, Utrecht, The Netherlands, Europe. View on Google Maps or on the MODXpo Website.

If you need a place to stay, we've collected a couple of hotel deals in the area for you, so be sure to check them out!

What are you waiting for?!

Get your tickets today (only € 39,95!), and see you in November!

MODXpo Europe | November 10th, 2012

 

If you live in Europe, you have probably heard about the crazy EU directive that is forcing EU Countries to adapt and enforce new laws which ban the use of cookies, unless you kindly ask for permission.

My opinion is that politicians shouldn't mess with things they don't know anything about, like this internet thing.

You see, the intent is right (protecting the end user from privacy issues relating to third party cookies and beacons tracking their every online move), but right now they are only making our job harder for zero gain to the people supposed to benefit. Actually, we're now starting to throw popups, scary tech lingo and (commonly) ugly banners at users. How does that help anyone? 

Anyway. This site uses one cookie to help the server know who you are to prevent authorizations and personal data from getting mixed up between users. I also track your every move on my website using Google Analytics and Gauges, which each set a few cookies of their own to see if you are new or have been here before. The collected data is aggregated before made visible on the respective sites: I cannot see what pages you specifically looked at, just what pages are being looked at and (again: aggregated) entrance/exit paths within the site. This data helps me figure out what people want to read and over time will increase your experience on my site. 

If you do not approve of these cookies, please use your browser to disable cookies all together or browse in private mode. Or don't visit again, though I would hate to see you leave.

Still here? Awesome! Now I can tell you a bit about Cookies in MODX.

Cookies in MODX Revolution

Out of the box, MODX sets one (1) cookie, by default called "PHPSESSID", which, as the name might indicate, has to do with sessions. Specifically, it sets a session ID/hash which relates to a row in the sessions table. By doing this, the system knows in a simple way who you are, allowing you to stay logged in among other things. 

In other words, it's an essential cookie that the infrastructure depends on. To my knowledge, that is a cookie which is allowed without asking for consent, at least in the Netherlands and the UK! If you absolutely don't want this cookie, you can change the MODX Session Handler to use the server default. In that case it could be the server that sets a session cookie, though. 

If you want to follow this crazy law anyway, I would advise using Silktide's Cookie Consent plugin. It's free, looks good and they offer a sweet wizard to get the code set up.

Disclaimer: I am not a lawyer and while I hope this page is helpful to you, consult your favorite lawyers office if you want to comply to the law. I'm not responsible for your (lack of) action(s) following this post. 

What's your favorite cookie flavor? Share it with the world in the comments section below.

As promised in a recent announcement, I was going to provide some tips on serving MODX sites over SSL based on my move to a complete SSL-based website. Here they are!

SSL Tip 1: Using protocol insensitive URLs for assets from the get go

You can apply this tip, even if you are not going to be serving anything over SSL soon! If you, like me, point to assets complete with the domain, you will risk serving non-secure content when making the switch. This is easy to prevent by not specifying the protocol, which is the "http" or "https" part.

An example before:

and after:

So basically you take a full URL, and instead of specifying "http://" or "https://", you simply specify "//" which will make it relative to the protocol in use.

SSL Tip 2: Generating HTTPS urls with MODX by default

When using the url syntax (like [[~1]]), this is usually relative to the site_url, the default. However it's easy to change this to use any other scheme both on a per case basis, and across the entire site through a system setting.

To change one link, pass &scheme=`https` to the link tag. Wait, you can add properties to link tags too? Yeah! For example, this is completely valid: [[~1? &scheme=`full`]].

To change all links to use https, find the link_tag_scheme system setting and change its value to "https". When not using https, I like to change this setting to "http" so all urls are absolute. All possible values for the &scheme property or link_tag_scheme setting can be found in the makeUrl documentation

Now, there are some Extras that don't neccessarily follow suit here and use their own defaults. Wayfinder, for example, has its own &scheme property you will want to change. And when Wayfinder points to the homepage of a context, it points directly to the contexts' site_url, so make sure that has https as well.

SSL Tip 3: Telling Quip to use secure Gravatar URLs

If you're using Quip for comments (like me!), you will usually use Gravatar for comments which usually serves over http. Luckily, Gravatar does offer a secure link to avatar images but Quip isn't aware of that by default. But it does give you the opportunity to change the link to the gravatar images. This allows you to use a proxy on your own server, or to point to the secure Gravatar url instead! :) This is the &gravatarUrl property. As the secure url for Gravatar is https://secure.gravatar.com/avatar/_MD5_of_email_h..., that's what we set the property to.

Before

After

That concludes this list for now. Do you have any good other ideas? Let me and other readers know in the comments below.

I've been really busy at my new job in between moving, throwing anniversary parties for the folks and trying to manage a couple of projects I'm still involved in personally. I've got some article ideas (and drafts) nearing a publish-ready state, but it really has been too quiet. In this post I want to provide you with a few quick updates with a promise for more quality posts "coming soon"!

Slight updates to my Design

You may have noticed while browsing the MODX Blog, Category or Archive pages, but I have been spicing things up a tiny bit! Blog items now show up with images in the listings, and the homepage has been updated to funnel people to the blog more easily as well. I am also using more images in article contents where applicable using my MIGX Gallery set-up and I have subtly improved the way my sidebar widgets appear on tablets. If anything my site is a constant work in progress and I hope you can appreciate these updates. If you have any feedback be sure to get in touch, or to leave a comment!

Doing my bit to make the web more Secure

Obviously by simply using MODX I'm doing my bit to make the web a more secure place to hang out at, but over the past week or so I've been working with my awesome hoster on serving my site over SSL.

Why?

Well, why not?

I'm already paying for a VPS (I need the processing power and storage for one of my personal projects) and as SSL certificates start at like €15 a year, I couldn't come up with a good reason not to. My visitors will be able of browsing my site securely (even if there's no log-in or personal data going 'round) and it's a nice experiment in general. 

There were a few challenges to getting to this point, but all in all it went mostly smoothly.

  1. The site needed to move to its own dedicated IP. Normally this is quite smooth, but it resulted in a few hours of down time due to the odd way I originally set up this site, which meant that for this to work smoothly, the site needed to be migrated to a new user on the server manually (which is harder than it may sound with all the loosely connected legacy cruft this site has already built up!). 
  2. As I've been using an assets sub-domain (among others) to split requests and speed up site loading, the sub-domain also needed to be served over SSL. Patrick did a great job helping to get that up and running. 
  3. This is probably the most annoying challenge, which is making sure you do not point to any non-ssl scripts or images - anywhere. There's stylesheets in the header, scripts in the footer, and most importantly: images in the content. There is also comments which uses Gravatar over non-SSL by default.

I will be publishing a new article probably next week with some specific and easy to action tips on preparing your MODX site for running over SSL.. stay tuned for that! Over the next few days I will start enforcing HTTPS as well (you can still visit over HTTP for now by changing the url), so if you do spot any issues - be sure to let me know!

VersionX 2.0.0-rc2 and 2.0.0-rc3!

I have to admit: VersionX is my favorite Extra right now. It sits in the background doing its thing, and when you screw something up you can go back and restore an older version. RC2, released on May 28th and RC3 released on July 8th, both fix a number of bugs that people have reported on the Github page, and it now has an interface for all data it collects! The next version will likely get rid of the "release candidate" moniker and introduce some more restore options that are not yet available. 

Read more about VersionX, just download the package, or make a donation

getRelated 1.2.0

If you don't know what this is, getRelated can be used to automatically show related items on a Resource. It's used in this site and I have seen many examples of it in use all over the place. By taking a getResources-like approach and offering easy ways to customize the sorta complex algorithm it uses, the result can be fine tuned to the bone and templated all the way you want it. 

In the June 7th release of getRelated 1.2.0 this is even further improved, as it now features a &stopwords property to assign a custom comma separated list of words to ignore for that instance, it properly supports multiple (different) snippet calls per page now, adds Russian support and the default output is now a bit more sensible too.

Read more about getRelateddownload the package or read the documentation.

ContextRouter

While released in March already, I never really publicized it much, but with the MODX Cloud Beta rolling out (which was the inspiration for writing it!) I'm plugging it here. ContextRouter is a plugin that eases setting up different (sub)domain contexts by taking your http_host context settings into a custom cache file, and routing requests to the proper context based on that. It's available via the package manager as well.