August 17, 2014 at 7:14 pm #2089
GitHib has its fair share of complexities, but I think I’ve managed to successfully create a proper pull request, on the master branch. I still don’t even know how to modify the dev branch yet.
-JamesAugust 18, 2014 at 2:11 am #2090
Thank you for you interest in helping.
However, I’m not working on the master branch so I cannot accept that pull request to modify it. If you are modifying this code from the master branch then I’m sorry but you are wasting your time because it’s ancient.
In fact I’m not even working on the dev branch at the moment, which your code seems to include parts of, due to the previously mentioned WordPress plugin which I am working on. But I would accept pull requests for the dev branch if necessary, such as for security patches, since that is still what people will download from the development snapshot download link on this site.
I don’t yet have code available for the WordPress plugin as I am not very far along yet since I only recently started on it and have several other projects on the go.
If you aren’t familiar with git or GitHub then GitHub has a lot of help for people to use. Here is some info on selecting the proper branch and whatnot: https://help.github.com/articles/using-pull-requests#changing-the-branch-range-and-destination-repository
In this case you would have to have made your changes on the dev branch in the first place, rather then master like you have, and then it should be a matter of creating a pull request and making sure the dev branch is selected.
Alternatively you could just attach the files you modified to a post in these forums and if they are useful I could try to merge them in.
This Duo thing looks like two-factor auth which I personally have no interest in since I have no cell phone. However, if you want Duo in the future WordPress version it looks like there are already plugins for it. For example this one: http://wordpress.org/plugins/duo-wordpress/
August 18, 2014 at 5:48 pm #2092
- This reply was modified 2 years, 11 months ago by Ryan.
I’m sorry about you not having a cellphone, but I just felt that Duo adds an irreplaceable level of protection to any online admin account(s) no matter what the script. But given that situation, might I recommend an offline authenticator such as Google Authenticator, or Microsoft Authenticator (both work the same way on different devices, require no internet connection, and can be used even on app-ready, wi-fi enabled (only to download it to the device) devices with no cellular service!). What I need, but don’t know how to implement it yet, is an interface to input and store in the credentials in the admin panel when the user first installs the script, and they’re allowed to choose between offline authentication (as mentioned above), or cellphone SMS authentication. I was hoping you could help me with that, if you’re not too busy with other work, that is.
Also, you were right about me not knowing how to select the proper branch, because GitHub, while useful, is a bit confusing. I fixed it…I hope.
Hope to hear back from you soon
-JamesAugust 19, 2014 at 7:39 am #2093
While I do really appreciate your willingness to help out I feel these are more of a custom thing for your own site. Like I say, it’s going to be a WordPress plugin so you can use any authentication WordPress supports in the future version of MDS.
I think it’s kind of a waste of time to work on it as it is unless it’s a security patch of some sort which I don’t see this as being. I don’t really see this as a security patch but rather adding additional functionality and manipulating things in an unnecessary way with the images and so forth. It would be nice if things were organized better but I am saving that for the complete rewrite. I have mostly been trying to fix bugs and harden security since I took this project over because I have always had the plan to put it into some sort of framework and give it a complete rewrite.
I normally use a different method to protect my admin areas if I feel like its necessary. For login forms I generally just use CAPTCHA type systems with a math question and those seem to stop the spam just fine for me. I haven’t bothered adding such a thing to this script. However, if I want to block out admin access from people I normally just put an Apache authentication box on the admin area and then a firewall app scans the logs for invalid logins and blocks their IP in the firewall if they try the wrong credentials too many times. But this isn’t how everyones servers are setup and this is part of the reason why I am choosing to put it all into a system like WordPress.
I was originally going to do Joomla but I’m sick of trying to do things with Joomla only to have them change everything and have to redo it all again, not to mention making something in Joomla is very time consuming and is like coding in a new language called Joomla whereas making something in WordPress is quick and is like coding in PHP with the option of using the WordPress API.
For future reference, these should actually be separate pull requests as its very confusing to have it all lumped together, the images and the Duo stuff, plus they are separate things. However you are wasting your time trying to make pull requests if they don’t fit into the security patch category as I have previously mentioned in my last post.
Also, you shouldn’t remove the copyright/license headers in the files. That alone will get pull requests on just about any project rejected.August 19, 2014 at 4:19 pm #2094
OK, I understand. But please realize that I’m still learning GitHub.
I’ll wait to see how the WordPress version turns out.August 19, 2014 at 4:47 pm #2095
No worries, I know it will take some time, git and GitHub are fairly complex things. That’s why I was trying to explain it a little to help you out. I am still not an expert at it either though and I have been using it for awhile now. I often use Bitbucket as well for private projects for clients because it’s free for private projects and GitHub isn’t last I checked.
The WordPress version is started but it isn’t too far along yet and will take some time because this is not a very simple script. However I am hoping to have something by the end of the year if I don’t get too busy with things. Luckily things are starting to slow down right now so I should have more than enough time.
- This reply was modified 2 years, 11 months ago by Ryan.
You must be logged in to reply to this topic.