includes/sessions.php
2008-05-05 Dan Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
2008-04-14 Dan Rebrand as 1.1.4 (Caoineag alpha 4)
2008-04-09 Dan Merging nighthawk and scribus branches
2008-04-09 Dan Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
2008-04-06 Dan SECURITY: Disabled caching of decrypted DiffieHellman login requests
2008-03-27 Dan Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
2008-03-18 Dan Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
2008-03-16 Dan Added support for embedding language data into plugins; updated all version numbers on plugin files
2008-03-15 Dan Fixed some bugs with PostgreSQL and added a word_lcase column to the search_index table because collation is not working under MySQL. TODO: Trigger search index rebuild on upgrade to 1.1.4.
2008-03-08 Dan Fixed undefined variable ($row['is_regex'] instead of $is_regex) in sessions.php
2008-03-07 Dan [Security] made session manager have some degree of IP validation for session keys and upgrades
2008-03-07 Dan Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
2008-03-07 Dan Added a cron task to sessions.php that deletes old admin keys once a week
2008-03-03 Dan Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
2008-03-02 Dan Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
2008-03-01 Dan Fixed improper serializing of IP that could allow reusing of key from multiple IP addresses.
2008-02-24 Dan Merging in changes from Nighthawk
2008-02-22 Dan Merging fixes and updates from stable branch
2008-01-01 Dan Integrating patch for PHP 6.0-dev compatibility
2008-02-20 Dan Added support for Diffie-Hellman key exchange during login. w00t!
2008-02-18 Dan Fixed typo in ban logic
2008-02-11 Dan Rebrand as 1.1.2; made upgrade framework functional
2008-02-09 Dan Added some basic timezone support; DST support is still to come.
2008-02-07 Dan Fixed some captcha bugs and made all captcha fields case-insensitive
2008-02-06 Dan Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
2008-01-30 Dan Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
2008-01-29 Dan Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
2008-01-28 Dan Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
less more (0) -50 -28 tip