-
- 11 Posts
I have read in the docs that editing the home page is off by default. Can I override this feature? I have added the home page id to the NpEditThisButton call via the &np_edit_id property, but that does not work.
Edit: I have noticed that I actually CAN edit the home page, but only in debug mode (although the button displays a "cannot edit home page" message). But this button message would be displayed to any visitor of the page, so I would need a different method than debug mode...
Thanks for any help,
Alex
[ed. note: gugelhuhn last edited this post 11 years, 1 month ago.]
-
- 24,544 Posts
Comment out the code that does that in the npeditthisbutton snippet (like this):
/* Don't show on the the home page */
/* if ($npEditId == $modx->getOption('site_start')) {
$defaultButtonCaption = $modx->lexicon('np_no_edit_home_page');
} */
You'll have to use the &noShow property in the edit button snippet tag or the home page will get added to the noShow list. If you don't have any other noShow pages, just use the id of the NewsPublisher page in that property.
The next version will have a property to allow editing the home page.
[ed. note: BobRay last edited this post 11 years, 1 month ago.]
-
- 11 Posts
Great!
It works! Thank you man, this is so cool!
Alex
-
- 24,544 Posts
I'm glad it worked for you. I kind of thought no one would want to let users edit the home page with it, but I guess I was wrong.
Keep in mind that all your users should have fairly secure usernames and passwords if you're going to let them edit the site's home page. It's quite a temptation for a hacker.
-
- 11 Posts
Thank you for the tip, I will give it a good thought. Security is always my big worry, as I barely manage to bring stuff online and wouldn't even know how to do a MySQL dump. I would definitely feel better if I could afford a MODX cloud install, but I am only doing MODX for fun at the moment, and hope it will do to use the password generator.
-
- 24,544 Posts
Remember that if you email the generated password to the user, it's in plain text and could, in theory, be grabbed in transit. Users should be encouraged to change their passwords once registered.
For a site with very sensitive information, users should be *forced* to change their passwords once registered and a password strength algorithm should be involved.
OTOH, if users are kept in the front end and all they can do is edit pages, they can't really do that much damage. That said, frequent site backups are always a good idea.
