includes/sessions.php
Sat, 17 Apr 2010 03:33:14 -0400 Dan Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically.
Tue, 06 Apr 2010 15:54:45 -0400 Dan Added Diffie-Hellman crypto support into the installer. Fixes issue 13.
Tue, 30 Mar 2010 11:37:00 -0400 Dan Added selection and popup for <pre> tags within wikitext. Also fixed more bugs found in the HTML paragraph parser (mostly self-closing tags e.g. <hr />).
Sun, 28 Mar 2010 23:10:46 -0400 Dan Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
Mon, 01 Feb 2010 02:15:04 -0500 Dan Fixed more places where author_uid wasn't right.
Sun, 10 Jan 2010 17:13:03 -0500 Dan Fixed author_uid in activation request insertion
Wed, 06 Jan 2010 02:02:51 -0500 Dan Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
Wed, 06 Jan 2010 01:18:19 -0500 Dan Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column
Fri, 18 Dec 2009 19:17:18 -0500 Dan AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8.
Fri, 18 Dec 2009 19:06:49 -0500 Dan Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Fri, 18 Dec 2009 05:12:02 -0500 Dan Comments (AJAX): Now paginated server side. Fixes issue 2.
Thu, 17 Dec 2009 04:31:55 -0500 Dan ACP: Added lockout management feature
Sat, 12 Dec 2009 15:44:36 -0500 Dan Re-merge changes from a2hosting dev
Sat, 12 Dec 2009 15:39:36 -0500 Dan CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Fri, 11 Dec 2009 17:11:47 -0500 Dan A couple fixes to permission out-of-scope errors.
Mon, 07 Dec 2009 15:21:47 -0500 Dan Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.
Sun, 06 Dec 2009 21:51:55 -0500 Dan PostgreSQL: Fixed $session->create_user()
Tue, 03 Nov 2009 22:08:48 -0500 Dan Logins: reorganized data structures a bit. WiP - needs test routine done.
Fri, 21 Aug 2009 20:41:38 -0400 Dan Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Fri, 21 Aug 2009 13:49:45 -0400 Dan User ACP: redirect to Special:Login on own account deletion
Thu, 20 Aug 2009 21:15:19 -0400 Dan Sessions: whoops, left a debug message in by accident, broke a few redirects
Thu, 20 Aug 2009 20:01:55 -0400 Dan Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Mon, 10 Aug 2009 22:43:26 -0400 Dan Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility
Mon, 03 Aug 2009 02:58:43 -0400 Dan Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
Fri, 31 Jul 2009 19:15:48 -0400 Dan Merged development from Scribus and Charlie
Fri, 17 Jul 2009 17:11:09 -0400 Dan AJAX Login: Fixed all known issues with lockout (and some unknown ones)
Wed, 29 Jul 2009 11:49:30 -0400 Dan Fixed logins with usernames containing Unicode characters
Thu, 02 Jul 2009 09:01:29 -0400 Dan Login and sessions: fixed some improper handling of the config for lockout logic
Sun, 21 Jun 2009 00:16:21 -0400 Dan AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Fri, 22 May 2009 13:49:02 -0400 Dan Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses
Fri, 15 May 2009 15:56:10 -0400 Dan Fixed undefined indices for user_extra in various places
Tue, 05 May 2009 00:10:26 -0400 Dan Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Sun, 19 Apr 2009 19:01:08 -0400 Dan Upgrader: UX: Added welcome page, different between Caoineag and Banshee
Wed, 15 Apr 2009 19:44:47 -0400 Dan New, beautiful, rethought Admin:Home. No, really, you'll like it.
Sat, 11 Apr 2009 16:58:32 -0400 Dan session: login_process_userdata_json hook should work with more than one installed auth plugin now
Sat, 04 Apr 2009 22:35:44 -0400 Dan Session: additional metadata passed back from auth plugins is passed through to client for optional further parsing
Sat, 14 Mar 2009 14:06:02 -0400 Dan Added support for alternate port numbers on database servers. Also in install-cli, merged in new sysreqs functionality.
Thu, 26 Feb 2009 01:07:32 -0500 Dan Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Mon, 16 Feb 2009 16:17:25 -0500 Dan Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Sun, 25 Jan 2009 21:20:14 -0500 Dan Replaced integer checks that used preg_match() to use ctype_digit() instead
Fri, 16 Jan 2009 13:13:37 -0500 Dan Deprecated old grab_password_hash() functions in session
Sun, 11 Jan 2009 21:37:49 -0500 Dan Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Sun, 04 Jan 2009 01:43:16 -0500 Dan Upgrades should work now.
Sun, 04 Jan 2009 00:55:40 -0500 Dan Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Sun, 21 Dec 2008 17:25:28 -0500 Dan Corrected a few issues with languages and client-side code
Sun, 21 Dec 2008 07:07:21 -0500 Dan Fixed a couple PostgreSQL bugs.
Sun, 21 Dec 2008 04:26:56 -0500 Dan Fixed timezone preference setting not fully implemented; added ability for users to select their own rank from a list of possible ranks based on group membership and user level
Thu, 20 Nov 2008 22:59:25 -0500 Dan Added dependency checking in ACL tracer
Sun, 09 Nov 2008 14:22:41 -0500 Dan Merging with upstream
Mon, 03 Nov 2008 08:56:44 -0500 Dan Fixed error-out when DiffieHellman not supported and respawn requested (part of OS X QA process)
Sun, 09 Nov 2008 09:03:10 -0500 Dan Added config option to grant userpage rights to new users (defaults to on, as it was hardcoded on before)
Sat, 08 Nov 2008 22:35:59 -0500 Dan Fixed DiffieHellman being included twice when not supported and login fails
Sun, 21 Sep 2008 09:01:27 -0400 Dan Added initial support for DST. Rules are defined in constants.php and are extensible.
Tue, 19 Aug 2008 20:57:17 -0400 Dan Made upgrades from 1.1.4 -> 1.1.5 work if keyhash is not present
Wed, 13 Aug 2008 08:48:03 -0400 Dan Made login forms that use $session->aes_javascript() use new whiteOutForm() function
Tue, 12 Aug 2008 00:06:35 -0400 Dan Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Mon, 11 Aug 2008 22:31:04 -0400 Dan Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
Sat, 12 Jul 2008 03:55:14 -0400 Dan Added Gravatar support in UserManager in admin panel
Wed, 09 Jul 2008 21:02:28 -0400 Dan Fixed undefined group_rank_id in sessions
Mon, 07 Jul 2008 02:49:26 -0400 Dan Moved all account deactivation notice presentation code to its own method in sessions
Thu, 03 Jul 2008 15:34:09 -0400 Dan As promised, dropped in the new librijndael. Benchmarks say about 3 times faster, but more performance testing will be done.
Wed, 02 Jul 2008 22:15:55 -0400 Dan More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Wed, 02 Jul 2008 19:36:44 -0400 Dan Another sweep from the optimization monster.
Mon, 30 Jun 2008 17:22:29 -0400 Dan Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
less more (0) -100 -64 tip