Jacek Tomasiak
0c38dc8456
Improve missing token check
...
Avoid "E_NOTICE (8) (classes/userhelper.php:78) Undefined index:
csrf_token" in logs.
4 years ago
Andrew Dolgov
0acd33abe3
OTP: generate longer secrets, also make them easier to read/copy
4 years ago
Andrew Dolgov
2cd159e2ce
use separate database column for OTP secrets (migrate previous format if needed)
4 years ago
Andrew Dolgov
fe06416f17
sessions: stop validating against hash of user agent because chromium is sending
...
different agent headers for whatever reason, example:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36
seems to be related, at least, to App.postOpenWindow() hack.
4 years ago
Andrew Dolgov
d6629ed188
move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class
4 years ago
Andrew Dolgov
031ee47a3e
don't try to pass string literal NOW() to ORM as a timestamp
4 years ago
Andrew Dolgov
8b1a2406e6
userhelper: use orm for a few more user-related things
4 years ago
Andrew Dolgov
127a868e40
userhelper: use orm for some things
4 years ago
Andrew Dolgov
6359259dbb
simplify internal authentication code and bump default algo to SSHA-512
4 years ago
Andrew Dolgov
ebf16a36a1
remove a bunch of return type hints that didn't quite fit
4 years ago
Andrew Dolgov
3fd7856543
* switch to composer for qrcode and otp dependencies
...
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
4 years ago
Andrew Dolgov
89ad25405e
userhelper: only notify failed login for actual logins
4 years ago
Andrew Dolgov
8915bd1b21
fix crash caused by non-numeric non-null _SESSION[uid] passed to sql logger
4 years ago
Andrew Dolgov
dcf0135285
logger: shorter syntax
4 years ago
Andrew Dolgov
59c14e9c00
api: remove base64 encoded passwords (wtf), log all authentication failures in userhelper
4 years ago
Andrew Dolgov
efd196839a
stop caching schema version entirely, fix some session_start() related warnings
4 years ago
Andrew Dolgov
c96172fa04
use constants in get_pref()/set_pref()
4 years ago
Andrew Dolgov
bd2314170d
implement prefs UI based on new prefs class and a few more things
4 years ago
Andrew Dolgov
988eb3ac91
initial (wip) for new prefs
4 years ago
Andrew Dolgov
e4107ac952
wip: initial for config object
4 years ago
Andrew Dolgov
fc0ebf0891
move bookmarklet-related methods out of public.php into the plugin
4 years ago
Andrew Dolgov
9d7ba773ec
move session-related functions to their own namespace
4 years ago
Andrew Dolgov
39604bedef
move reset_password to UserHelper
4 years ago
Andrew Dolgov
8e79f1717d
prefs: unify naming
4 years ago
Andrew Dolgov
a8cc43a0ff
move logout_user() to UserHelper
4 years ago
Andrew Dolgov
71dfc83466
force _ENABLED_PLUGINS to string when passed to pluginhost
4 years ago
Andrew Dolgov
09e9f34bb4
add UserHelper::find_user_by_login() and rewrite some user checks to invoke it instead of going through PDO
4 years ago
Andrew Dolgov
51d2deeea9
fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost
4 years ago
Andrew Dolgov
6e774a58fe
more php8 fixes mostly related to login
4 years ago
Andrew Dolgov
403dca154c
initial WIP for php8; bump php version requirement to 7.0
4 years ago
Andrew Dolgov
40f38fc87f
pluginhost: load plugin data automatically (also marks load_data method as private)
4 years ago
Andrew Dolgov
4e3ef7a4dd
get_user_ip: remove REMOTEADDR for the time being
4 years ago
Andrew Dolgov
a8302fb253
use X-Real-IP headers if possible while authenticating
4 years ago
Andrew Dolgov
6811d0bde2
use self:: in some places to invoke static methods from the same class
4 years ago
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
4 years ago