summaryrefslogtreecommitdiff
path: root/inc/auth.php
Commit message (Collapse)AuthorAge
* amend $_SERVER to $INPUT->serverChristopher Smith2014-03-06
|
* use isset() + ?: or error suppression where value may not be setChristopher Smith2014-03-05
|
* removed pre PHP 5.2 code wrt setcookie and session settingGerrit Uitslag2014-03-04
| | | | - moved cookiedir determination in the if-statement
* PHPDocs auth.phpGerrit Uitslag2014-02-20
|
* AUTH_ACL_CHECK event around ACL checkingAndreas Gohr2014-01-05
| | | | | allows to modify ACL results in the AFTER event or to implement a completely different ACL mechanism in the BEFORE event.
* replace \s, \S with [ \t], [^ \t] in regexs used with aclsChristopher Smith2013-10-21
|
* replace boolean conditional checks on possibly uninitialized vars with ↵Christopher Smith2013-10-16
| | | | \!empty/empty/isset as appropriate
* update for deprecated '/e' flag in preg_replace (php 5.5)Christopher Smith2013-10-16
|
* Fix CodeSniffer whitespace violoationsMatt Perry2013-09-10
| | | | | Removed extraneous whitespace to eliminate errors reported by the Squiz.WhiteSpace.SuperfluousWhitespace sniff.
* Fix CodeSniffer violationsMatt Perry2013-08-22
| | | | Change indentation to ensure code confirms to CodeSniffer rules.
* Fix CodeSniffer violationsMatt Perry2013-08-20
| | | | | Remove whitespace from end of lines to reduce the number of CodeSniffer violations.
* Fix a couple of bugs in ACL substitution mechanismChristopher Smith2013-08-03
| | | | | | | | | - %GROUP% & %USER% can now both be used in the same rule, e.g. %GROUP%:%USER% 2 - rules with tokens will be skipped when the user is not logged in previously %USER% was attempted
* Merge branch 'FS#2751' of git://github.com/splitbrain/dokuwiki into ↵Andreas Gohr2013-08-02
|\ | | | | | | | | | | | | | | | | | | pull-request-245 * 'FS#2751' of git://github.com/splitbrain/dokuwiki: coding corrections. correct type hint, remove unused variable assignment de/de-informal: localization updates (delete user function) unit tests for self deleting of user accounts FS#2751 - self deletion of user account
| * coding corrections. correct type hint, remove unused variable assignmentChristopher Smith2013-08-02
| |
| * FS#2751 - self deletion of user accountChristopher Smith2013-07-31
| |
* | Merge pull request #246 from splitbrain/profileform_improvementsAndreas Gohr2013-07-31
|\ \ | | | | | | HTML5isation of some forms
| * | Change error message shown for incorrect current password on update profile ↵Christopher Smith2013-07-31
| |/ | | | | | | | | | | | | | | form. The current message confusingly mentions bad 'username' when username is not involved. The new message is the same as that introduced for an incorrect current password on the self delete profile form (FS#2751)
* | auth_en/decrypt: Add explanation and more efficient decryptionMichael Hamann2013-07-31
| | | | | | | | | | | | | | Added an explanation that what we do is like normal CBC but that we additionally encrypt the IV which is actually suggested by the NIST for non-random (but unique) IVs. In the decryption process it's not necessary to decrypt the IV, this should save some time.
* | auth_random: remove exception comment as there is no exceptionMichael Hamann2013-07-31
| |
* | Add AES from phpseclib and use it for cookie encryptionMichael Hamann2013-07-30
| | | | | | | | | | This replaces the deprecated and broken Blowfish implementation that has previously been used and should provide a lot more security.
* | Use a new, truly random secret for cookie encryptionMichael Hamann2013-07-30
| |
* | Add truly random numbers and use them in places where randomness mattersMichael Hamann2013-07-30
|/
* Fix and add type declarations for the auth systemMichael Hamann2013-07-30
|
* removed tabsAndreas Gohr2013-06-16
|
* Increased strength of auto generated passwords a bitAndreas Gohr2013-06-14
| | | | | If you want better random initialization and more control over the password strength install the passpolicy plugin.
* fixed syntax fuckupAndreas Gohr2013-06-09
|
* AUTH_PASSWORD_GENERATE event addedAndreas Gohr2013-06-09
| | | | | This is needed to replace the password generator by a plugin implementation. Related to PR #166 and FS#2147
* make password reset token completely randomAndreas Gohr2013-05-31
| | | | | | No need for HMAC here because there's no length attack vector here. We only care for the existance of the file and each reset request is completely (random) independent from each other.
* use HMAC in password reset token FS#2794Andreas Gohr2013-05-31
|
* fixed wrong use of quotes in authtype warning messageAnika Henke2013-05-27
|
* Fix wrong config key in deprecated auth messageKlap-in2013-05-15
|
* restrict 'authtype deprecated' alert to superusers onlyChristopher Smith2013-04-01
|
* backward compatibility for old authtype settingsGuy Brand2013-03-17
|
* Fix remaining missing $INPUT uses FS#2577Michael Hamann2013-02-20
| | | | | | This adds $INPUT in all places where it was still missing and available. $INPUT is now also used in places where using $_REQUEST/... was okay in order to make the code consistent.
* Fix handling of failed authentication loadingMichael Hamann2013-02-20
| | | | | | | | | In the case of a failed authentication initialization, the authentication setup was simply continued with an unset $auth object. This restores the previous behavior (before merging #141) of simply returning after unsetting $auth. Furthermore this re-introduces the check if $auth is set before checking $auth and removes a useless check if $auth is true (could never be false).
* fixed auth_browseruid on IE9Dominik Eckelmann2013-02-20
| | | | IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the browser id calculation.
* introduced http_status() for sending HTTP status code FS#1698Andreas Gohr2013-02-16
| | | | | | | It seems, some servers require a special Status: header for sending the HTTP status code from PHP (F)CGI to the server. This patch introduces a new function (adopted from CodeIgniter) for simplifying the status handling.
* Merge branch 'master' into futureAndreas Gohr2013-02-03
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (162 commits) fixed revision JS for images upgraded SimplePie to 1.3.1 FS#2708 removed obsolete browser plugin (migrate does it) adjust spacing to match standard 1.4em grid added comment on use of whitelist vs blacklist Updated idfilter() function for IIS use var and remove suggestions when needed Use variable for maximum number of suggestions for quicksearch. And hide suggestions when search field is emptied, or when no suggestion are found. added 'home' class to first link in hierarchical breadcrumbs reduced required max width to go into tablet mode re-added linear gradients for firefox added missing styling for disabled form elements (FS#2705) fixed acronyms in italics (FS#2684) improved print styles (includes fixes for FS#2645 and FS#2707) basic styles improvements Greek language update Use list in acl help text, for more structure Galician language update touch the config on save, even if no changes were made unwind the width narrowing commit put some whitespace between form submit button and fieldset bottom border ... Conflicts: lib/plugins/config/admin.php lib/plugins/config/settings/config.class.php
| * Merge branch 'subscription' Pull Request #125Andreas Gohr2013-01-26
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * subscription: (25 commits) link directly to subscription management in mails only use mailfromnobody for bulk mails added missing context for list mails readded mailfromnobody to subscription sending correctly escape diffs in HTML mails fixed lists in HTML mails simplified subscription->add() code a bit comment adjusted removed unused vars removed data parameter in subscription_handle_post() fixed tests some reformatting added compatibility function moved registration notification to subscription class fixed merge error in inc/auth.php consolidate more notification code in subscription class minor cleanup initialize new subscriptions with current time fixed subscription management correctly check if subscriptions are enabled ...
| | * moved registration notification to subscription classAndreas Gohr2012-11-30
| | |
| | * fixed merge error in inc/auth.phpAndreas Gohr2012-11-30
| | | | | | | | | | | | merged the wrong change here
| | * Merge branch 'master' into subscriptionAndreas Gohr2012-11-30
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (175 commits) some coding style improvements added .idea project folder to gitignore use correct setUp method and parent calls. Correct German plugin manager translation (download != install) correct return in sendDigest() Fix case-insensitive match in ACL checking GeSHi update to 1.0.8.11 ignore empty header on mail sending remove empty BCC/CC mail headers Galician language update some welcome page changes Combine subsequent calls to strtr into a single transformation changed semicolon to colon in link to welcome page to make it less confusing fixed wrong sidebar showing in namespaces when sidebar is disabled Typo fix for TL;DR removed a bunch of outdated and irrelevant networking acronyms added another place to look for logo to make it more consistent (FS#2656) French language update Czech language update compat js findPosX/y more closely mimic historical function ... Conflicts: inc/auth.php inc/common.php inc/subscription.php lib/exe/indexer.php
| | * | consolidate more notification code in subscription classAndreas Gohr2012-09-21
| | | | | | | | | | | | | | | | This is untested and probably broken currently
| * | | Made auth_aclcheck always return intGuillaume Turri2013-01-06
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The returned type is important in particular when we deal with xmlrpc. Indeed, this value is directly returned to the client eg when the wiki.getAllPages method is queried. Currently the 'perms' attribute may be either an int or a string, and its up to the xmlrpc client to resolve it (although Dokuwiki's documentation only tells it can be an int). This patch makes sure we'll always return perms as int.
| * | Fix case-insensitive match in ACL checkingKazutaka Miyasaka2012-11-25
| | | | | | | | | | | | | | | | | | | | | ACL checking of DokuWiki is currently always case-sensitive regardless of auth backend setting ($auth->isCaseSensitive). This commit enables case-insensitive match in the same way of auth_isMember().
* | | Merge branch 'master' into futureAndreas Gohr2012-11-04
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (45 commits) TarLib code cleanup TarLib: fixed appending in non-dynamic mode fixed third method of adding files in TarLib fix lone zero block in TarLib created archives fix use of constructor in TarLib Slovak language update Korean language update Latvian language update removed redundant variables in tpl_include_page() (because of 3ff8773b) added cut off points for mobile devices as parameters to style.ini Corrected typo: ruke -> rule Persian language update Spanish language update russian language update Kazach language update correctly check hash parameter in media dispatcher FS#2648 avoid broken browser_uid on IE Removed acronyms for "Perl" and "PERL" as Perl is not an acronym. See http://learn.perl.org/faq/perlfaq1.html#Whats-the-difference-between-perl-and-Perl- Made striplangs.php executable release preparations ...
| * | avoid broken browser_uid on IEAndreas Gohr2012-10-18
| | | | | | | | | | | | | | | | | | | | | Internet Explorer 8 (and maybe others) seem to use different capitalization in the ACCEPT_CHARSET header between "normal" requests and AJAX requests. This causes a browser UID mismatch and thus an unecessary reauthentication.
* | | changed default auth to authplainAndreas Gohr2012-10-06
| | | | | | | | | | | | | | | | | | We need to decide how to handle the renaming of the auth classes. Should this be done automatically somehow? Or is an admin expected to fix this manually when updating?
* | | Merge remote-tracking branch 'janschumann/master' into futureAndreas Gohr2012-10-06
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This merge fixes all conflicts but is otherwise untested and might break funktionality in the auth system somewhere. It NEEDS MAJOR TESTING! Some refactoring of the auth plugins is still needed: * move to PHP5 style * fix comments * add plugin.info.txt * janschumann/master: Refactored auth system: All auth methods are now introduced as plugins. Bugfix: auth types are now correcty added Setup auth system from plugins Added Auth-Plugin-Prototype to autoload Load auth types from plugins in settings_authtype class Added prototype for Auth-Plugins added plugin type 'auth' Conflicts: inc/auth.php inc/auth/pgsql.class.php inc/init.php inc/load.php lib/plugins/auth.php lib/plugins/authad/auth.php lib/plugins/authldap/auth.php lib/plugins/authmysql/auth.php lib/plugins/authplain/auth.php
| * | Refactored auth system: All auth methods are now introduced as plugins.Jan Schumann2012-02-20
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-06 20:29:55 +0000