aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
AgeCommit message (Collapse)Author
2009-01-23Refs #562: Configuration flag to disable database sessions.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2605 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-14Closes #669: Logins rate limited. Accounts are limited to 5 fails in a 5 ↵marcus
minute period, meaning an attacker can try one password per minute. git-svn-id: https://code.elgg.org/elgg/trunk@2568 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-13git-svn-id: https://code.elgg.org/elgg/trunk@2561 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-09Closes #668: Banning now works through a flag in the users_entity table. ↵marcus
Database upgrade required. * Added ElggUser::isBanned(); * Added 'banned' column to users_entity * Modified ban() and unban() * Modified pam functions to check $user->isBanned() * Modified login() to check $user->isBanned() * Modified sessions_init() to check isBanned() and destroy session accordingly * Modified profile views to highlight banned users and prevent menus for non-admin users. git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20git-svn-id: https://code.elgg.org/elgg/trunk@2483 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20Added site secret to fingerprint to make it harder to guessmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2482 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20Fixes #548: Introducing set_last_login($user_guid). Called from login(), but ↵marcus
call from any authentication code where appropriate. git-svn-id: https://code.elgg.org/elgg/trunk@2481 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14* Introducing get_loggedin_user() and get_loggedin_userid()marcus
* ACLs now using get_loggedin_user* * Some logic cleaned up * Some "Undefined..." messages cleaned up git-svn-id: https://code.elgg.org/elgg/trunk@2459 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14git-svn-id: https://code.elgg.org/elgg/trunk@2449 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14* Candidate for initial ElggSession magic classmarcus
* Session now properly cleared on init and logout - this has knock on effect that you can no longer assume that $_SESSION['id'] or 'guid' will be integer, making it necessary to cast. git-svn-id: https://code.elgg.org/elgg/trunk@2448 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-13Experimental ElggCachemarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2446 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-22Closes #453 and #463: Completed work. Sessions now stored in database.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2292 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-22Semi-working session code. Still won't permit logging in, commented out ↵marcus
until there is time to fix. Problem seems to be based around the action_gatekeeper() and the values set for the __elgg_session. Removing this component from the key causes the token to be valid. My feeling is that the session is not being saved or loaded correctly. git-svn-id: https://code.elgg.org/elgg/trunk@2291 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-21Database session code.marcus
IMPORTANT NOTE: The trigger for this is commented out, so old session code is used. There are serious problems with using the new code since it causes a chicken and egg problem with the upgrade script. git-svn-id: https://code.elgg.org/elgg/trunk@2289 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-03Refs #311marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2168 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-25git-svn-id: https://code.elgg.org/elgg/trunk@2141 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-25Committing what I have at the end of the day, api still not 100%marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2138 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-01Additional per-session random token, additional randomness protection ↵marcus
against CSRF. Report problems. git-svn-id: https://code.elgg.org/elgg/trunk@2048 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Some session fingerprinting code. Requires user agent to be consistent ↵marcus
across requests. git-svn-id: https://code.elgg.org/elgg/trunk@2047 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Regenerates session ID on user login. This helps prevent some hijacking attacks.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Minor tweak, logout now calls session_destroy()marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2045 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-21Blanking session code on initialisation failmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2031 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-13Fixing some session blanking problems.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@1910 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-13Fixes #238: Problem was caused by authenticate not having the user email ↵marcus
validated flag set. Introduced new flag ->admin_created to distinguish between the two types. git-svn-id: https://code.elgg.org/elgg/trunk@1883 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-07Removed ElggDummy live code for now.ben
git-svn-id: https://code.elgg.org/elgg/trunk@1783 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-07removed print_rmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@1771 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-07Refs #174: Introducing the ElggDummy class which returns false for all ↵marcus
methods and set variables called on it. This is what the logged out $_SESSION['user'] is set to and is also what page_owner_entity will return if page_owner is invalid. This means that calls to things like $_SESSION['user']->getGUID() are now safe and will no longer cause a parsing error. Please report any issues. git-svn-id: https://code.elgg.org/elgg/trunk@1770 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-05Tweaked the way forwarding works.ben
git-svn-id: https://code.elgg.org/elgg/trunk@1721 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-04Closes #193: Added salt field to database and new users will be generated ↵marcus
with salted passwords. Existing users remain unchanged and should still be able to log in. Requires a schema change and the following code run against the database: alter table elggusers_entity add column salt varchar(8) NOT NULL default '' after password; git-svn-id: https://code.elgg.org/elgg/trunk@1676 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-01Closes #190. Note however that logins will be broken until #104 has been ↵marcus
resolved! git-svn-id: https://code.elgg.org/elgg/trunk@1647 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-07-17Fixes #164: Seems there is something erroniously setting 'guid' to something ↵marcus
in logged in systems (or alternatively this is just a session problem on my system) either way I have modified isloggedin to check both guid and id... which seems to work. git-svn-id: https://code.elgg.org/elgg/trunk@1453 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-07-07Administration tweaks; fixed users online functions, as well as last_action ↵ben
functions, and the 'make admin' functionality git-svn-id: https://code.elgg.org/elgg/trunk@1326 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-26Fixes #91 and #97marcus
git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-17isloggedin() doesn't touch the session if we're not fully installed yet.ben
git-svn-id: https://code.elgg.org/elgg/trunk@954 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-16CLOSED - #27: Standard login system to go through PAM marcus
http://trac.elgg.org/elgg/ticket/27 git-svn-id: https://code.elgg.org/elgg/trunk@927 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-11Marcus Povey <marcus@dushka.co.uk>icewing
* actions with admin only support git-svn-id: https://code.elgg.org/elgg/trunk@865 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-11Marcus Povey <marcus@dushka.co.uk>icewing
* Introducing admin_gatekeeper() git-svn-id: https://code.elgg.org/elgg/trunk@861 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-10register_event_handler and trigger_event have been renamed to ↵ben
register_elgg_event_handler and trigger_elgg_event respectively. git-svn-id: https://code.elgg.org/elgg/trunk@848 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-04Fixed the installation labels issue!ben
git-svn-id: https://code.elgg.org/elgg/trunk@798 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-04Fixed actions issuesben
git-svn-id: https://code.elgg.org/elgg/trunk@796 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-28A further fix for previous.ben
git-svn-id: https://code.elgg.org/elgg/trunk@730 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-28Solidifying the login() function so that the session data is always consistent.ben
git-svn-id: https://code.elgg.org/elgg/trunk@729 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-28Revamped the login functions to separate login from authentication.ben
git-svn-id: https://code.elgg.org/elgg/trunk@728 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-28login() can now be extended by other authentication methods. TODO: wrap this ↵ben
up with the PAM functionality. git-svn-id: https://code.elgg.org/elgg/trunk@727 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-28Adding login and logout events.ben
git-svn-id: https://code.elgg.org/elgg/trunk@726 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-19Session init now fails if the db hasn't been installed.ben
git-svn-id: https://code.elgg.org/elgg/trunk@652 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-02Configuration prerequisites are now loaded on boot time rathr than initben
git-svn-id: https://code.elgg.org/elgg/trunk@631 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-05-01Introducing gatekeeper();ben
git-svn-id: https://code.elgg.org/elgg/trunk@593 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-04-21Session init now gets priorityben
git-svn-id: https://code.elgg.org/elgg/trunk@509 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-04-21Fix for lingering sessions with nonexistent usersben
git-svn-id: https://code.elgg.org/elgg/trunk@498 36083f99-b078-4883-b0ff-0f9b5a30f544