summaryrefslogtreecommitdiff
path: root/inc/auth.php
Commit message (Collapse)AuthorAge
* Merge branch 'master' into htmlmailAndreas Gohr2012-04-15
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (382 commits) Romanian language update Marathi language update Arabic Language Update when there's not enough space for images, make sure they stay proportional (might be FS#2480) added minimal RTL print styles (part of FS#2185) moved plugins' rtl.css to their style.css counterpart (part of FS#2185) removed all browser-specific gradients as the recently (in 42ff6730) introduced svg makes them unnecessary removed comments from accidentally commented lines in tpl_includeFile() removed obsolete template file added tpl_includeFile() to core Make getTitle method in remote interface public Changed an error code in XML-RPC interface. This error hasn't anything to do with the rest of the -32600 errors. BG: language update Korean language update fixed performance issues with gradient in Firefox (which also added gradient support for IE9) (FS#2447) deleted very old (and unused) images added accidentally removed '<?php' back in (was in 57fc5edd) wrapped X-UA-Compatible meta tag with conditional comments added explanation to todo in _forms.css removed problematic 'overflow: hidden' from lists again ('unfixes' FS#1950) ... Conflicts: inc/auth.php inc/load.php
| * Merge branch 'master' of https://github.com/dom-mel/dokuwiki into ↵Andreas Gohr2012-03-23
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pull-request-87 * 'master' of https://github.com/dom-mel/dokuwiki: (38 commits) removed requires, changed conf check in xmlrpc.php removed require_once for autoloaded fulltext.php updated comment added dokuwiki.getXMLRPCAPIVersion and wiki.getRPCVersionSupported added RPC_CALL_ADD event. replaced $HTTP_RAW_POST_DATA with http_get_raw_post_data function changed error code for unauthorized method calls. typo fixes moved plugin and core method calls to seperate function corrected comment added getapi methods to remote plugin removed unused class fixed testcase refactored RemoteAccessDenied to RemoteAccessDeniedException adjusted test cases delegate file and date transformation to remote library treat null as empty array added missing getTime added missing getVersion set login as public method ...
| | * Merge branch 'master' of https://github.com/splitbrain/dokuwikiDominik Eckelmann2012-03-14
| | |\ | | | | | | | | | | | | | | | | Conflicts: lib/exe/xmlrpc.php
| | * \ Merge branch 'master' of github.com:dom-mel/dokuwikiDominik Eckelmann2011-11-19
| | |\ \
| | * | | use correct phpdoc @return tag.Dominik Eckelmann2011-10-22
| | | | |
| * | | | coding style updatesAndreas Gohr2012-03-16
| | |_|/ | |/| |
| * | | Merge branch 'resetpassword'Andreas Gohr2012-03-10
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No longer autogenerate passwords for password reset when $conf['autopasswd'] is disabled. Instead allow to change the password online. * resetpassword: added a timelimit for password reset tokens removed commented line use correct lang string for password mismatch removed outdated language string. it has to be retranslated German translation for password reset honor autopasswd setting for resend password Conflicts: inc/lang/no/lang.php inc/lang/sl/lang.php
| | * | | added a timelimit for password reset tokensAndreas Gohr2012-02-19
| | | | | | | | | | | | | | | | | | | | | | | | | passwords now need to be reset within 3 days of requesting the password change mail
| | * | | use correct lang string for password mismatchAndreas Gohr2012-02-17
| | | | |
| | * | | honor autopasswd setting for resend passwordAndreas Gohr2011-10-31
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When autopasswd is disabled, the resend password option now asks for a new password instead of autogenerating a new one and sending it by mail. Note to translators: the wording for btn_resendpwd and resendpwd changed to be more universal. English and German language files where updated - other languages need to be adjusted. Conflicts: inc/lang/en/lang.php
| * | / use in_array to filter groups instead of preg_grep for aclDominik Eckelmann2011-12-20
| | |/ | |/| | | | | | | | | | the usage of preg_grep can result in "regular expression is too large" warnings, which leads to errors in auth_aclcheck.
| * | Use mailprefix also for registration and resend password notification mails ↵lupo492011-11-12
| |/ | | | | | | (FS#2366)
* / Replaced mail_send calls with new Mailer classAndreas Gohr2011-11-12
|/
* Merge pull request #19 from gbirke/masterDominik Eckelmann2011-08-18
|\ | | | | Make cookie path configurable
| * If cookiedir is configured, use it.Gabriel Birke2011-01-02
| | | | | | | | If $conf['cookiedir'] is set, use this setting instead of DOKU_REL.
* | stay logged in when updating your passwordAndreas Gohr2011-04-11
| | | | | | | | | | | | This functionality broke in recent updates to the cookie handling. This patch makes it work again. Binding to the session is now a functionality of auth_cookiesalt()
* | bind non-sticky logins to the session id FS#2202Andreas Gohr2011-03-19
| |
* | store session pass as hashAndreas Gohr2011-03-19
| | | | | | | | | | This avoids having the blowfish encrypted pass stored together with the decryption key on the same server.
* | improved actionOK and its useAnika Henke2011-02-22
| |
* | refactored passowrd hashing functions to a classAndreas Gohr2011-01-22
| | | | | | | | | | | | | | | | | | | | | | | | this splits the long auth_cryptPassword() function into many member functions of a new class PassHash which should make it more maintainable and reusable for other projects. This also adds two new methods djangomd5 and djangosha1 as used by the popular python framework Django. Maybe the auth_cryptPassword() and auth_verifyPassword() functions should be deprecated in favor of using the class directly?
* | Handle renamed authorization variablesMichael Hamann2011-01-15
| | | | | | | | | | | | | | | | Sometimes (when using rewriting with the workaround for CGI mode described at http://www.besthostratings.com/articles/http-auth-php-cgi.html) the HTTP_AUTHORIZATION variable is renamed, this change detects this renaming and uses the renamed variable.
* | Added support for Wordpress' password hashing FS#2134Andreas Gohr2011-01-15
| |
* | Merge branch 'master' of github.com:splitbrain/dokuwikiAdrian Lang2011-01-14
|\ \
| * | Fix handling of case in auth_isMember; add and fix test casesAdrian Lang2010-12-21
| |/
| * preg_quote namespaces in auth_aclcheckMichael Hamann2010-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Like ids namespaces are now preg_quoted in the acl check (and therefore the escaping of "*" has been removed). When plugins call the ACL check function with strange ids the regex fails otherwise (in the case of the include plugin errors like "Warning: preg_grep() [function.preg-grep]: Compilation failed: missing terminating ] for character class at offset 47" have been reported by two users). I've run the acl tests after this change and everything passes so this shouldn't break anything but please test this especially with protected wikis as this change modifies the code that handles namespace permissions. Furthermore permissions for a namespace foobar are no longer applied to namespaces with names like foo.ar, I hope nobody has used that "feature". When you are using per-user namespaces, user registration is open and either write or read protection for these namespaces is important to you this is a security fix for you: When someone wants to get access to the namespace of a user "foo.bar" he can register as "fooxbar" (where "x" is an arbitrary character) and will have access to the user namespace of the user "foo.bar" as when a page in "foo.bar" is checked it will match the rule for "fooxbar".
| * added auth_isMember()Andreas Gohr2010-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This function abstracts checking a given user and her groups against a given member list (as used in the superuser and manager options). It is also used in auth_isManager() and auth_isAdmin(), unlike the previous function, this one skips the nameencode step as it should be unnessary here (all input is given decoded). The test cases where extended by some non-ID user and group names. People with non-plain auth backends should check that their administrator and manager setups still work as expected
* | tmpAdrian Lang2010-12-08
|/
* Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3Michael Hamann2010-11-29
| | | | | | As of VIM 7.3 it is no longer possible to specify the encoding in the modeline. This gives an error message whenever such a file is opened, thus this commit removes the enc setting from the modeline.
* a more correct fix for FS#2039Andreas Gohr2010-10-02
|
* properly encode user wildcard in ACLs FS#2039Andreas Gohr2010-10-02
|
* Do not allow empty strings as superuser or manager FS#2009Andreas Gohr2010-08-27
|
* Use config_cascade for ACLs and plain auth users FS#1677Andreas Gohr2010-06-27
|
* fixed wildcard handling in ACL manager FS#1955Andreas Gohr2010-06-26
| | | | | This patch also removes legacy support for @USER@. Only %USER% is valid now.
* new auth capability 'logout'Andreas Gohr2010-06-22
| | | | | | | | | | | | | | | | | | | | This patch implements what Adrian's patch "Hide logout button if auth backend cannot logout" intended to do. The 'logoff' capability was used to decide if a special method called $auth->logOff() should be called when the user logs out, not if the backend supports logouts at all. This was a superflous capability since an empty logOff() method is implemented in the base class anyway - it doesn't hurt to always call the method. The 'logoff' capability is now deprecated. Backends who want to do actions on logout simply need to overwrite logOff(). A new capability 'logout' was added which defaults to true. Backends that can't logoff the user (eg. because they use some automatic login/logoff mechanism) can set this to false. Probably makes sense to add a 'login' capability as well...
* Avoid broken ACL check if Auth Backend failsDominik Eckelmann2010-04-28
|
* Fixed selffail.Adrian Lang2010-03-24
|
* No warning for an undefined variableAdrian Lang2010-03-23
|
* first attempt to centralize all include loadingAndreas Gohr2010-01-31
| | | | | | | | Classes are loaded throug PHP5's class autoloader, all other includes are just loaded by default. This skips a lot of require_once calls. Parser and Plugin stuff isn't handled by the class loader yet.
* Provide AFTER event for AUTH_LOGIN_CHECKAdrian Lang2010-01-19
| | | | | | Ignore-this: 804d0837b9a04e4f82e6b54765f453cf darcs-hash:20091215095430-e4919-19c61854c27fdade90caeed035445ee3396b0095.gz
* correctly check auth capabilities on update profile FS#1329Andy Webber2009-11-28
| | | | | | Ignore-this: fb853b40911201a41c237d69d91f7d24 darcs-hash:20091128111547-6ad63-0432d3b190946b2b8f7c292119e034cdcdae3a00.gz
* Check whether $auth is setAdrian Lang2009-11-24
| | | | darcs-hash:20091124152419-e4919-b4d55158c15d637a453b082eae6a80a828818934.gz
* Added isCaseSensitive() to auth backends FS#1657Andreas Gohr2009-11-15
| | | | | | Ignore-this: 3591e5a36126c72bd9b931e4aa832da8 darcs-hash:20091115141725-7ad00-7c2fc662d1999731660673d05299c4f357b797b3.gz
* more work on user and group cleaningAndreas Gohr2009-11-14
| | | | | | Ignore-this: b824c2941d3631bdf83350e325606d3e darcs-hash:20091114123517-7ad00-d32833a88cb5f654a8874542d4d59f1f401d4453.gz
* Added group and user sanitationAndreas Gohr2009-11-13
| | | | | | Ignore-this: 26392125523d2c822580346074330ebe darcs-hash:20091113102249-7ad00-4cede040a940d739bd34d548e12956e8d8609cfa.gz
* Emit less E_NOTICEs and E_STRICTsAdrian Lang2009-11-04
| | | | | | | | | | | | | Changes of behaviour are: * Allow the user name, title & description \e2\80\9c0\e2\80\9d * Default to Port 443 if using HTTPS * Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is logged in * Do not pass empty fragment field in the event data for event ACTION_SHOW_REDIRECT * Handle chunked encoding in HTTPClient darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz
* Remove (unset) action param from AUTH_LOGIN_CHECK data, init $ACL before ↵Adrian Lang2009-10-23
| | | | | | firing the event darcs-hash:20091023085601-e4919-5c800a07bcf70c34720a39e7bca9a1250b973b32.gz
* Coding Standard CleanupAndreas Gohr2009-10-20
| | | | | | Ignore-this: 259cb5773c3144c6c706d87298dcf674 darcs-hash:20091020212338-7ad00-6bf1c5c403491f136a1c02af5ecd9f84d7227107.gz
* Support for kmd5 passcrypt methodAndreas Gohr2009-10-15
| | | | | | | | | Ignore-this: c809bd207504f78e84685612b0a668a7 This is a MD5 based hashing method used in the Unclassified NewsBoard forum software (which is used for DokuWiki's supprt forum) darcs-hash:20091015184330-7ad00-38680848952bdb46052dcf3597fa5e91f892ca51.gz
* encode parts in cookie seperatly. might fix FS#1437Andreas Gohr2009-10-04
| | | | | | Ignore-this: c9b92b33e2a3a3418fd0730bf4971b7e darcs-hash:20091004135409-7ad00-51c902a832fef7486a9afca9e9481b172a6894e1.gz
* auth_(quick)aclcheck needs resolved and cleaned idmichael2009-10-04
| | | | | | | | | Ignore-this: 3e0ad635a6f8536ed05871704a29e1e2 This patch adds a small notice to the comment that the id given to auth_(quick)aclcheck needs to be resolved and cleaned. darcs-hash:20091004093316-074e0-a4095962c52c16918d617d2ffecc783ba8fd0202.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-06 22:38:35 +0000