aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
AgeCommit message (Collapse)Author
2009-12-09minor tweak in comment - closes #1264cash
git-svn-id: http://code.elgg.org/elgg/trunk@3746 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-08gatekeeper functions now display helpful messages - closes #1060cash
git-svn-id: http://code.elgg.org/elgg/trunk@3742 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-07Adding alias ElggSession methodsnickw
git-svn-id: http://code.elgg.org/elgg/trunk@3739 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-05if there is already a user in the session, we don't need to set the code ↵cash
from the cookie git-svn-id: http://code.elgg.org/elgg/trunk@3728 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-11-14user object needs to be loaded from database into session on each page in ↵cash
case the object has changed - this commit also handles a user who has been deleted with an active session git-svn-id: http://code.elgg.org/elgg/trunk@3681 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-11-04users now allowed to have multiple sessions but not multiple remember me ↵cash
cookies (yet) git-svn-id: http://code.elgg.org/elgg/trunk@3618 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-10-13First pass at removing $is_admin global.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@3528 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-10-08Brought access.php and sesssion.php up to code standards.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@3517 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-09-10Updated fixes for checking for admin in get_access_sql_prefix()brettp
git-svn-id: https://code.elgg.org/elgg/trunk@3485 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-08-31All line endings are now Unix-style.brettp
git-svn-id: https://code.elgg.org/elgg/trunk@3451 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-08-20Whoa nelly this is a big one: Removed license and copyright for files.brettp
git-svn-id: https://code.elgg.org/elgg/trunk@3427 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-05-27Admin shortcut flag set on login as well as initmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@3303 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-04-21Belts and braces checking on isloggedin()marcus
git-svn-id: https://code.elgg.org/elgg/trunk@3225 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-02-24The session initialisation order is slightly altered to allow for language ↵ben
setup on the index page. Fixes #803 git-svn-id: https://code.elgg.org/elgg/trunk@2930 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-02-16Closes #429: Language loading now no longer loads all possible translations ↵marcus
- only english + user's preferred language/site preference git-svn-id: https://code.elgg.org/elgg/trunk@2762 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-02-13Fixed logic bug in login()marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2745 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-23Refs #706marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2611 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-23Refs #562: Configuration flag to disable database sessions.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2605 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-14Closes #669: Logins rate limited. Accounts are limited to 5 fails in a 5 ↵marcus
minute period, meaning an attacker can try one password per minute. git-svn-id: https://code.elgg.org/elgg/trunk@2568 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-13git-svn-id: https://code.elgg.org/elgg/trunk@2561 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-09Closes #668: Banning now works through a flag in the users_entity table. ↵marcus
Database upgrade required. * Added ElggUser::isBanned(); * Added 'banned' column to users_entity * Modified ban() and unban() * Modified pam functions to check $user->isBanned() * Modified login() to check $user->isBanned() * Modified sessions_init() to check isBanned() and destroy session accordingly * Modified profile views to highlight banned users and prevent menus for non-admin users. git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20git-svn-id: https://code.elgg.org/elgg/trunk@2483 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20Added site secret to fingerprint to make it harder to guessmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2482 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20Fixes #548: Introducing set_last_login($user_guid). Called from login(), but ↵marcus
call from any authentication code where appropriate. git-svn-id: https://code.elgg.org/elgg/trunk@2481 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14* Introducing get_loggedin_user() and get_loggedin_userid()marcus
* ACLs now using get_loggedin_user* * Some logic cleaned up * Some "Undefined..." messages cleaned up git-svn-id: https://code.elgg.org/elgg/trunk@2459 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14git-svn-id: https://code.elgg.org/elgg/trunk@2449 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14* Candidate for initial ElggSession magic classmarcus
* Session now properly cleared on init and logout - this has knock on effect that you can no longer assume that $_SESSION['id'] or 'guid' will be integer, making it necessary to cast. git-svn-id: https://code.elgg.org/elgg/trunk@2448 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-13Experimental ElggCachemarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2446 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-22Closes #453 and #463: Completed work. Sessions now stored in database.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2292 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-22Semi-working session code. Still won't permit logging in, commented out ↵marcus
until there is time to fix. Problem seems to be based around the action_gatekeeper() and the values set for the __elgg_session. Removing this component from the key causes the token to be valid. My feeling is that the session is not being saved or loaded correctly. git-svn-id: https://code.elgg.org/elgg/trunk@2291 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-21Database session code.marcus
IMPORTANT NOTE: The trigger for this is commented out, so old session code is used. There are serious problems with using the new code since it causes a chicken and egg problem with the upgrade script. git-svn-id: https://code.elgg.org/elgg/trunk@2289 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-03Refs #311marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2168 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-25git-svn-id: https://code.elgg.org/elgg/trunk@2141 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-25Committing what I have at the end of the day, api still not 100%marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2138 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-01Additional per-session random token, additional randomness protection ↵marcus
against CSRF. Report problems. git-svn-id: https://code.elgg.org/elgg/trunk@2048 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Some session fingerprinting code. Requires user agent to be consistent ↵marcus
across requests. git-svn-id: https://code.elgg.org/elgg/trunk@2047 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Regenerates session ID on user login. This helps prevent some hijacking attacks.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Minor tweak, logout now calls session_destroy()marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2045 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-21Blanking session code on initialisation failmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2031 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-13Fixing some session blanking problems.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@1910 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-13Fixes #238: Problem was caused by authenticate not having the user email ↵marcus
validated flag set. Introduced new flag ->admin_created to distinguish between the two types. git-svn-id: https://code.elgg.org/elgg/trunk@1883 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-07Removed ElggDummy live code for now.ben
git-svn-id: https://code.elgg.org/elgg/trunk@1783 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-07removed print_rmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@1771 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-07Refs #174: Introducing the ElggDummy class which returns false for all ↵marcus
methods and set variables called on it. This is what the logged out $_SESSION['user'] is set to and is also what page_owner_entity will return if page_owner is invalid. This means that calls to things like $_SESSION['user']->getGUID() are now safe and will no longer cause a parsing error. Please report any issues. git-svn-id: https://code.elgg.org/elgg/trunk@1770 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-05Tweaked the way forwarding works.ben
git-svn-id: https://code.elgg.org/elgg/trunk@1721 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-04Closes #193: Added salt field to database and new users will be generated ↵marcus
with salted passwords. Existing users remain unchanged and should still be able to log in. Requires a schema change and the following code run against the database: alter table elggusers_entity add column salt varchar(8) NOT NULL default '' after password; git-svn-id: https://code.elgg.org/elgg/trunk@1676 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-01Closes #190. Note however that logins will be broken until #104 has been ↵marcus
resolved! git-svn-id: https://code.elgg.org/elgg/trunk@1647 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-07-17Fixes #164: Seems there is something erroniously setting 'guid' to something ↵marcus
in logged in systems (or alternatively this is just a session problem on my system) either way I have modified isloggedin to check both guid and id... which seems to work. git-svn-id: https://code.elgg.org/elgg/trunk@1453 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-07-07Administration tweaks; fixed users online functions, as well as last_action ↵ben
functions, and the 'make admin' functionality git-svn-id: https://code.elgg.org/elgg/trunk@1326 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-06-26Fixes #91 and #97marcus
git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544