Age | Commit message (Collapse) | Author |
|
git-svn-id: https://code.elgg.org/elgg/trunk@2605 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
minute period, meaning an attacker can try one password per minute.
git-svn-id: https://code.elgg.org/elgg/trunk@2568 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
Database upgrade required.
* Added ElggUser::isBanned();
* Added 'banned' column to users_entity
* Modified ban() and unban()
* Modified pam functions to check $user->isBanned()
* Modified login() to check $user->isBanned()
* Modified sessions_init() to check isBanned() and destroy session accordingly
* Modified profile views to highlight banned users and prevent menus for non-admin users.
git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2482 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
call from any authentication code where appropriate.
git-svn-id: https://code.elgg.org/elgg/trunk@2481 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
* ACLs now using get_loggedin_user*
* Some logic cleaned up
* Some "Undefined..." messages cleaned up
git-svn-id: https://code.elgg.org/elgg/trunk@2459 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
* Session now properly cleared on init and logout - this has knock on effect that you can no longer assume that $_SESSION['id'] or 'guid' will be integer, making it necessary to cast.
git-svn-id: https://code.elgg.org/elgg/trunk@2448 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2446 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2292 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
until there is time to fix.
Problem seems to be based around the action_gatekeeper() and the values set for the __elgg_session. Removing this component from the key causes the token to be valid.
My feeling is that the session is not being saved or loaded correctly.
git-svn-id: https://code.elgg.org/elgg/trunk@2291 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
IMPORTANT NOTE:
The trigger for this is commented out, so old session code is used. There are serious problems with using the new code since it causes a chicken and egg problem with the upgrade script.
git-svn-id: https://code.elgg.org/elgg/trunk@2289 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2168 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2138 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
against CSRF. Report problems.
git-svn-id: https://code.elgg.org/elgg/trunk@2048 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
across requests.
git-svn-id: https://code.elgg.org/elgg/trunk@2047 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2045 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@2031 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@1910 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
validated flag set.
Introduced new flag ->admin_created to distinguish between the two types.
git-svn-id: https://code.elgg.org/elgg/trunk@1883 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@1783 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@1771 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
methods and set variables called on it. This is what the logged out $_SESSION['user'] is set to and is also what page_owner_entity will return if page_owner is invalid.
This means that calls to things like $_SESSION['user']->getGUID() are now safe and will no longer cause a parsing error.
Please report any issues.
git-svn-id: https://code.elgg.org/elgg/trunk@1770 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@1721 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
with salted passwords.
Existing users remain unchanged and should still be able to log in.
Requires a schema change and the following code run against the database:
alter table elggusers_entity add column salt varchar(8) NOT NULL default '' after password;
git-svn-id: https://code.elgg.org/elgg/trunk@1676 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
resolved!
git-svn-id: https://code.elgg.org/elgg/trunk@1647 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
in logged in systems (or alternatively this is just a session problem on my system) either way I have modified isloggedin to check both guid and id... which seems to work.
git-svn-id: https://code.elgg.org/elgg/trunk@1453 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
functions, and the 'make admin' functionality
git-svn-id: https://code.elgg.org/elgg/trunk@1326 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@954 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
http://trac.elgg.org/elgg/ticket/27
git-svn-id: https://code.elgg.org/elgg/trunk@927 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
* actions with admin only support
git-svn-id: https://code.elgg.org/elgg/trunk@865 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
* Introducing admin_gatekeeper()
git-svn-id: https://code.elgg.org/elgg/trunk@861 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
register_elgg_event_handler and trigger_elgg_event respectively.
git-svn-id: https://code.elgg.org/elgg/trunk@848 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@798 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@796 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@730 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@729 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@728 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
up with the PAM functionality.
git-svn-id: https://code.elgg.org/elgg/trunk@727 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@726 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@652 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@631 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@593 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@509 36083f99-b078-4883-b0ff-0f9b5a30f544
|
|
git-svn-id: https://code.elgg.org/elgg/trunk@498 36083f99-b078-4883-b0ff-0f9b5a30f544
|