includes/sessions.php
Wed, 06 Jan 2010 01:18:19 -0500 Dan Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column
Fri, 18 Dec 2009 19:17:18 -0500 Dan AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8.
Fri, 18 Dec 2009 19:06:49 -0500 Dan Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Fri, 18 Dec 2009 05:12:02 -0500 Dan Comments (AJAX): Now paginated server side. Fixes issue 2.
Thu, 17 Dec 2009 04:31:55 -0500 Dan ACP: Added lockout management feature
Sat, 12 Dec 2009 15:44:36 -0500 Dan Re-merge changes from a2hosting dev
Sat, 12 Dec 2009 15:39:36 -0500 Dan CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Fri, 11 Dec 2009 17:11:47 -0500 Dan A couple fixes to permission out-of-scope errors.
Mon, 07 Dec 2009 15:21:47 -0500 Dan Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.
Sun, 06 Dec 2009 21:51:55 -0500 Dan PostgreSQL: Fixed $session->create_user()
Tue, 03 Nov 2009 22:08:48 -0500 Dan Logins: reorganized data structures a bit. WiP - needs test routine done.
Fri, 21 Aug 2009 20:41:38 -0400 Dan Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Fri, 21 Aug 2009 13:49:45 -0400 Dan User ACP: redirect to Special:Login on own account deletion
Thu, 20 Aug 2009 21:15:19 -0400 Dan Sessions: whoops, left a debug message in by accident, broke a few redirects
Thu, 20 Aug 2009 20:01:55 -0400 Dan Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Mon, 10 Aug 2009 22:43:26 -0400 Dan Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility
Mon, 03 Aug 2009 02:58:43 -0400 Dan Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
Fri, 31 Jul 2009 19:15:48 -0400 Dan Merged development from Scribus and Charlie
Fri, 17 Jul 2009 17:11:09 -0400 Dan AJAX Login: Fixed all known issues with lockout (and some unknown ones)
Wed, 29 Jul 2009 11:49:30 -0400 Dan Fixed logins with usernames containing Unicode characters
Thu, 02 Jul 2009 09:01:29 -0400 Dan Login and sessions: fixed some improper handling of the config for lockout logic
Sun, 21 Jun 2009 00:16:21 -0400 Dan AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Fri, 22 May 2009 13:49:02 -0400 Dan Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses
Fri, 15 May 2009 15:56:10 -0400 Dan Fixed undefined indices for user_extra in various places
less more (0) -100 -50 -24 tip