includes/sessions.php
Mon, 05 May 2008 20:06:37 -0400 Dan Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Sun, 04 May 2008 21:57:48 -0400 Dan Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Mon, 14 Apr 2008 12:13:12 -0400 Dan Rebrand as 1.1.4 (Caoineag alpha 4)
Tue, 08 Apr 2008 20:32:30 -0400 Dan Merging nighthawk and scribus branches
Tue, 08 Apr 2008 20:30:05 -0400 Dan Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Sun, 06 Apr 2008 14:02:20 -0400 Dan SECURITY: Disabled caching of decrypted DiffieHellman login requests
Wed, 26 Mar 2008 20:20:22 -0400 Dan Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Tue, 18 Mar 2008 14:32:40 -0400 Dan Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Sun, 16 Mar 2008 16:06:59 -0400 Dan Added support for embedding language data into plugins; updated all version numbers on plugin files
Sat, 15 Mar 2008 00:08:01 -0400 Dan Fixed some bugs with PostgreSQL and added a word_lcase column to the search_index table because collation is not working under MySQL. TODO: Trigger search index rebuild on upgrade to 1.1.4.
Sat, 08 Mar 2008 12:13:23 -0500 Dan Fixed undefined variable ($row['is_regex'] instead of $is_regex) in sessions.php
Thu, 06 Mar 2008 23:31:28 -0500 Dan [Security] made session manager have some degree of IP validation for session keys and upgrades
Thu, 06 Mar 2008 23:27:50 -0500 Dan Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Thu, 06 Mar 2008 20:53:26 -0500 Dan Added a cron task to sessions.php that deletes old admin keys once a week
Sun, 02 Mar 2008 19:32:19 -0500 Dan Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Sat, 01 Mar 2008 23:02:05 -0500 Dan Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Sat, 01 Mar 2008 18:55:54 -0500 Dan Fixed improper serializing of IP that could allow reusing of key from multiple IP addresses.
Sun, 24 Feb 2008 12:52:07 -0500 Dan Merging in changes from Nighthawk
Fri, 22 Feb 2008 12:51:53 -0500 Dan Merging fixes and updates from stable branch
Mon, 31 Dec 2007 21:16:27 -0500 Dan Integrating patch for PHP 6.0-dev compatibility
Wed, 20 Feb 2008 14:38:39 -0500 Dan Added support for Diffie-Hellman key exchange during login. w00t!
Mon, 18 Feb 2008 16:13:56 -0500 Dan Fixed typo in ban logic
Mon, 11 Feb 2008 14:33:31 -0500 Dan Rebrand as 1.1.2; made upgrade framework functional
Fri, 08 Feb 2008 23:20:20 -0500 Dan Added some basic timezone support; DST support is still to come.
Wed, 06 Feb 2008 19:27:43 -0500 Dan Fixed some captcha bugs and made all captcha fields case-insensitive
Wed, 06 Feb 2008 18:41:47 -0500 Dan Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Tue, 29 Jan 2008 23:15:44 -0500 Dan Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Tue, 29 Jan 2008 16:19:51 -0500 Dan Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Sun, 27 Jan 2008 22:57:40 -0500 Dan Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Sat, 26 Jan 2008 15:42:32 -0500 Dan Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Thu, 24 Jan 2008 22:14:40 -0500 Dan [minor] Trying to be a little more careful with values from users_extra in validate_session()
Thu, 24 Jan 2008 22:06:09 -0500 Dan A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Wed, 23 Jan 2008 12:48:22 -0500 Dan Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Tue, 22 Jan 2008 01:08:15 -0500 Dan Localized registration errors and activation/COPPA e-mails
Mon, 21 Jan 2008 10:09:48 -0500 Dan Implemented IP logging for comments and registration
Thu, 03 Jan 2008 00:53:33 -0500 Dan WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Fri, 28 Dec 2007 00:07:53 -0500 Dan Merging in the last couple of revisions from stable
Sun, 23 Dec 2007 17:58:21 -0500 Dan Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
Thu, 27 Dec 2007 22:09:33 -0500 Dan Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Wed, 19 Dec 2007 22:55:40 -0500 Dan Redid merge, the previous one had a few problems
Tue, 18 Dec 2007 23:44:55 -0500 Dan Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Sat, 15 Dec 2007 18:10:14 -0500 Dan SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Wed, 12 Dec 2007 21:37:23 -0500 Dan Rebrand as 1.0.3 (Dyrad)
Fri, 07 Dec 2007 16:42:22 -0500 Dan Merging in changes from stable
Mon, 03 Dec 2007 17:36:25 -0500 Dan Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Sun, 02 Dec 2007 16:00:10 -0500 Dan Merging in the newly stable Coblynau
Sun, 25 Nov 2007 17:53:03 -0500 Dan Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Sat, 24 Nov 2007 01:35:12 -0500 Dan Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Sat, 24 Nov 2007 00:53:23 -0500 Dan Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Sun, 18 Nov 2007 20:37:08 -0500 Dan Merging in fixes and updates from stable
Sun, 18 Nov 2007 18:44:55 -0500 Dan Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Sat, 17 Nov 2007 23:09:12 -0500 Dan Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Sat, 17 Nov 2007 22:25:37 -0500 Dan Merging in fixes from stable
Sat, 17 Nov 2007 20:31:01 -0500 Dan Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Sat, 17 Nov 2007 15:02:08 -0500 Dan Fixed: secure-cookie option is no longer set if $_SERVER['HTTPS'] is set but == "off"
Thu, 15 Nov 2007 18:00:39 -0500 Dan Merging in all changes from revision 185 (90b7a52bea45)
less more (0) -56 tip