includes/sessions.php
Mon, 30 Jun 2008 17:22:29 -0400 Dan Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
Mon, 30 Jun 2008 17:20:02 -0400 Dan Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Thu, 26 Jun 2008 18:03:04 -0400 Dan Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Thu, 26 Jun 2008 17:01:42 -0400 Dan Fixed missing table_prefix in generate_rank_sql()
Wed, 18 Jun 2008 22:43:16 -0400 Dan Fixed SQL syntax error thrown during rank data fetch
Mon, 16 Jun 2008 19:05:16 -0400 Dan Fixed undefined index left over from scope system rewrite a few days ago
Sun, 15 Jun 2008 01:30:00 -0400 Dan Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Sun, 15 Jun 2008 00:59:37 -0400 Dan Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Sat, 14 Jun 2008 22:01:24 -0400 Dan Fixed some plugin compatibility issues seen in Nuggie
Tue, 10 Jun 2008 00:21:34 -0400 Dan A bit of UX improvement to upgrade UI; updated readme for 1.1.4
Sat, 07 Jun 2008 12:39:24 -0400 Dan Modified $template->init_vars() to pivot to local page metadata and permissions from a PageProcessor object instead of global data from $paths and permissions from $session to allow redirects to affect on-page controls as well as the actual content (only partially complete, protection and several other elements still need to be localized)
Sat, 24 May 2008 23:40:42 -0400 Dan More work done on effective permissions API, namely reporting of page group and usergroup names
Fri, 16 May 2008 12:22:26 -0400 Dan Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Mon, 12 May 2008 00:59:46 -0400 Dan Revamped some ACL code and added effective permissions calculation code into session manager
Mon, 05 May 2008 20:06:37 -0400 Dan Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Sun, 04 May 2008 21:57:48 -0400 Dan Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Mon, 14 Apr 2008 12:13:12 -0400 Dan Rebrand as 1.1.4 (Caoineag alpha 4)
Tue, 08 Apr 2008 20:32:30 -0400 Dan Merging nighthawk and scribus branches
Tue, 08 Apr 2008 20:30:05 -0400 Dan Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Sun, 06 Apr 2008 14:02:20 -0400 Dan SECURITY: Disabled caching of decrypted DiffieHellman login requests
Wed, 26 Mar 2008 20:20:22 -0400 Dan Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Tue, 18 Mar 2008 14:32:40 -0400 Dan Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Sun, 16 Mar 2008 16:06:59 -0400 Dan Added support for embedding language data into plugins; updated all version numbers on plugin files
Sat, 15 Mar 2008 00:08:01 -0400 Dan Fixed some bugs with PostgreSQL and added a word_lcase column to the search_index table because collation is not working under MySQL. TODO: Trigger search index rebuild on upgrade to 1.1.4.
Sat, 08 Mar 2008 12:13:23 -0500 Dan Fixed undefined variable ($row['is_regex'] instead of $is_regex) in sessions.php
Thu, 06 Mar 2008 23:31:28 -0500 Dan [Security] made session manager have some degree of IP validation for session keys and upgrades
Thu, 06 Mar 2008 23:27:50 -0500 Dan Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Thu, 06 Mar 2008 20:53:26 -0500 Dan Added a cron task to sessions.php that deletes old admin keys once a week
Sun, 02 Mar 2008 19:32:19 -0500 Dan Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Sat, 01 Mar 2008 23:02:05 -0500 Dan Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
less more (0) -100 -50 -30 tip