aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
AgeCommit message (Collapse)Author
2010-11-10Fixes #2367: With fear and trepidation, converting events/plugin hooks to ↵ewinslow
use elgg_ prefixed versions git-svn-id: http://code.elgg.org/elgg/trunk@7284 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-10-30ripped out last remaining tentacles of old installer from core - just needs ↵cash
removal of install.php when elgg_view() is updated git-svn-id: http://code.elgg.org/elgg/trunk@7141 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-10-28Standardized code in all of core, not including language files, tests, or ↵brettp
core mods. git-svn-id: http://code.elgg.org/elgg/trunk@7124 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-10-22Removed @license, @copyright, and @author from files. License and copyright ↵brettp
are covered by LICENSE.txt and COPYRIGHT.txt in root. git-svn-id: http://code.elgg.org/elgg/trunk@7118 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-09-30Fixes #617, #2271 User validation removed from core to UserValidationByEmail ↵brettp
plugin. Without a validation plugin, users can login immediately. Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email. Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration. git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-09-15Refs #2220: Pulled remaining classes out of lib files. Core classes now ↵ewinslow
autoloaded via __autoload(). git-svn-id: http://code.elgg.org/elgg/trunk@6941 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-09-06Refs #2220: Pulled most classes / interfaces out of lib files (except ↵ewinslow
query.php and exception.php) into "classes" folder. Replaced inline classes with "require_once" statements for now. Ran unit tests to verify functionality before committing. git-svn-id: http://code.elgg.org/elgg/trunk@6908 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-08-22Merged r6757:6810 from 1.7 branch into trunkcash
git-svn-id: http://code.elgg.org/elgg/trunk@6850 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-05-14Merged 5928-6908 from 1.7 branch to trunk.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@6059 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-05-14merge -r5898:5928 (not excluding riverdashboard, notifications, and ↵brettp
messageboard) from 1.7 to trunk. git-svn-id: http://code.elgg.org/elgg/trunk@6058 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-05-05Merged 18_new_admin branch to trunk.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@5977 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-04-05Merged 5530:5604 from 1.7 to trunk.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@5622 36083f99-b078-4883-b0ff-0f9b5a30f544
2010-01-27Fixes #1464: A new session is created in logout() after destorying the old ↵brettp
session to display old $_SESSION['msg'] messages. git-svn-id: http://code.elgg.org/elgg/trunk@3847 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-09minor tweak in comment - closes #1264cash
git-svn-id: http://code.elgg.org/elgg/trunk@3746 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-08gatekeeper functions now display helpful messages - closes #1060cash
git-svn-id: http://code.elgg.org/elgg/trunk@3742 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-07Adding alias ElggSession methodsnickw
git-svn-id: http://code.elgg.org/elgg/trunk@3739 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-12-05if there is already a user in the session, we don't need to set the code ↵cash
from the cookie git-svn-id: http://code.elgg.org/elgg/trunk@3728 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-11-14user object needs to be loaded from database into session on each page in ↵cash
case the object has changed - this commit also handles a user who has been deleted with an active session git-svn-id: http://code.elgg.org/elgg/trunk@3681 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-11-04users now allowed to have multiple sessions but not multiple remember me ↵cash
cookies (yet) git-svn-id: http://code.elgg.org/elgg/trunk@3618 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-10-13First pass at removing $is_admin global.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@3528 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-10-08Brought access.php and sesssion.php up to code standards.brettp
git-svn-id: http://code.elgg.org/elgg/trunk@3517 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-09-10Updated fixes for checking for admin in get_access_sql_prefix()brettp
git-svn-id: https://code.elgg.org/elgg/trunk@3485 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-08-31All line endings are now Unix-style.brettp
git-svn-id: https://code.elgg.org/elgg/trunk@3451 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-08-20Whoa nelly this is a big one: Removed license and copyright for files.brettp
git-svn-id: https://code.elgg.org/elgg/trunk@3427 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-05-27Admin shortcut flag set on login as well as initmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@3303 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-04-21Belts and braces checking on isloggedin()marcus
git-svn-id: https://code.elgg.org/elgg/trunk@3225 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-02-24The session initialisation order is slightly altered to allow for language ↵ben
setup on the index page. Fixes #803 git-svn-id: https://code.elgg.org/elgg/trunk@2930 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-02-16Closes #429: Language loading now no longer loads all possible translations ↵marcus
- only english + user's preferred language/site preference git-svn-id: https://code.elgg.org/elgg/trunk@2762 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-02-13Fixed logic bug in login()marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2745 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-23Refs #706marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2611 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-23Refs #562: Configuration flag to disable database sessions.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2605 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-14Closes #669: Logins rate limited. Accounts are limited to 5 fails in a 5 ↵marcus
minute period, meaning an attacker can try one password per minute. git-svn-id: https://code.elgg.org/elgg/trunk@2568 36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-13git-svn-id: https://code.elgg.org/elgg/trunk@2561 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2009-01-09Closes #668: Banning now works through a flag in the users_entity table. ↵marcus
Database upgrade required. * Added ElggUser::isBanned(); * Added 'banned' column to users_entity * Modified ban() and unban() * Modified pam functions to check $user->isBanned() * Modified login() to check $user->isBanned() * Modified sessions_init() to check isBanned() and destroy session accordingly * Modified profile views to highlight banned users and prevent menus for non-admin users. git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20git-svn-id: https://code.elgg.org/elgg/trunk@2483 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20Added site secret to fingerprint to make it harder to guessmarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2482 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-20Fixes #548: Introducing set_last_login($user_guid). Called from login(), but ↵marcus
call from any authentication code where appropriate. git-svn-id: https://code.elgg.org/elgg/trunk@2481 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14* Introducing get_loggedin_user() and get_loggedin_userid()marcus
* ACLs now using get_loggedin_user* * Some logic cleaned up * Some "Undefined..." messages cleaned up git-svn-id: https://code.elgg.org/elgg/trunk@2459 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14git-svn-id: https://code.elgg.org/elgg/trunk@2449 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-14* Candidate for initial ElggSession magic classmarcus
* Session now properly cleared on init and logout - this has knock on effect that you can no longer assume that $_SESSION['id'] or 'guid' will be integer, making it necessary to cast. git-svn-id: https://code.elgg.org/elgg/trunk@2448 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-11-13Experimental ElggCachemarcus
git-svn-id: https://code.elgg.org/elgg/trunk@2446 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-22Closes #453 and #463: Completed work. Sessions now stored in database.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2292 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-22Semi-working session code. Still won't permit logging in, commented out ↵marcus
until there is time to fix. Problem seems to be based around the action_gatekeeper() and the values set for the __elgg_session. Removing this component from the key causes the token to be valid. My feeling is that the session is not being saved or loaded correctly. git-svn-id: https://code.elgg.org/elgg/trunk@2291 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-21Database session code.marcus
IMPORTANT NOTE: The trigger for this is commented out, so old session code is used. There are serious problems with using the new code since it causes a chicken and egg problem with the upgrade script. git-svn-id: https://code.elgg.org/elgg/trunk@2289 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-10-03Refs #311marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2168 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-25git-svn-id: https://code.elgg.org/elgg/trunk@2141 ↵marcus
36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-25Committing what I have at the end of the day, api still not 100%marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2138 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-09-01Additional per-session random token, additional randomness protection ↵marcus
against CSRF. Report problems. git-svn-id: https://code.elgg.org/elgg/trunk@2048 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Some session fingerprinting code. Requires user agent to be consistent ↵marcus
across requests. git-svn-id: https://code.elgg.org/elgg/trunk@2047 36083f99-b078-4883-b0ff-0f9b5a30f544
2008-08-31Regenerates session ID on user login. This helps prevent some hijacking attacks.marcus
git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544