summaryrefslogtreecommitdiff
path: root/inc/auth.php
Commit message (Collapse)AuthorAge
* Support for kmd5 passcrypt methodAndreas Gohr2009-10-15
| | | | | | | | | Ignore-this: c809bd207504f78e84685612b0a668a7 This is a MD5 based hashing method used in the Unclassified NewsBoard forum software (which is used for DokuWiki's supprt forum) darcs-hash:20091015184330-7ad00-38680848952bdb46052dcf3597fa5e91f892ca51.gz
* encode parts in cookie seperatly. might fix FS#1437Andreas Gohr2009-10-04
| | | | | | Ignore-this: c9b92b33e2a3a3418fd0730bf4971b7e darcs-hash:20091004135409-7ad00-51c902a832fef7486a9afca9e9481b172a6894e1.gz
* auth_(quick)aclcheck needs resolved and cleaned idmichael2009-10-04
| | | | | | | | | Ignore-this: 3e0ad635a6f8536ed05871704a29e1e2 This patch adds a small notice to the comment that the id given to auth_(quick)aclcheck needs to be resolved and cleaned. darcs-hash:20091004093316-074e0-a4095962c52c16918d617d2ffecc783ba8fd0202.gz
* Change expensive uses of split to the much faster explode.Tom N Harris2009-05-28
| | | | darcs-hash:20090528215438-6942e-bf1b875e689ade6bd1a17e3d812ce16bf35c84a6.gz
* Make more use of clientIP() FS#1668Andreas Gohr2009-04-10
| | | | | | Ignore-this: 13616da575fbe56064b2aa3d1d803bf5 darcs-hash:20090410181613-7ad00-b74c82c1f9296a2cb0d00b03316141b19821bda1.gz
* pass correct event data in AUTH_LOGIN_CHECKAndreas Gohr2009-04-07
| | | | | | Ignore-this: ad04520c987ab71b4dcec5e5b38fae8a darcs-hash:20090407172723-7ad00-81d06920a678c7aab73778e2ce4f8f1f44faf314.gz
* Action Event wrappers around HTTP requests and authentication checksRobin Gareus2009-03-12
| | | | | | Ignore-this: 9ffd0327c318a633e33a60e0a8ecf7f5 darcs-hash:20090312224454-b7b7f-12b7fa78c0b638c1795f6d5e1b1c1aa2cbab64d4.gz
* do not close session in auth_logoff FS#1519Andreas Gohr2009-02-10
| | | | | | | | | | | | | | | Ignore-this: b30b94c67baa8a8916dd216424e9473c As auth_logoff is called very early for all not-logged in users it prevented writing the breadcrumbs and might have broken some other things relying on a open session at beginning of the script. auth_logoff now makes sure the session is open but will not close it. Additionally the session is now explicitly closed before a redirect. darcs-hash:20090210100257-7ad00-50470f18edb9fdbeb555fbf5d8a470a3b077915d.gz
* fixed logoff cookie problemAndreas Gohr2009-01-30
| | | | | | Ignore-this: 53d4440e4bffdcf66330ffc6b2b3372a darcs-hash:20090130090624-7ad00-a6f6da5b1d42ac48cf4906e40addbd15e995125c.gz
* keep breadcrumbs for anonymous users FS#1519Andreas Gohr2009-01-16
| | | | darcs-hash:20090116145345-7ad00-153c9e6e0a83d937c48967ed5bc90578a5f49a15.gz
* fixed corrupt if statement introduced by earlier patchAndreas Gohr2009-01-14
| | | | darcs-hash:20090114175244-7ad00-22fe37641598c13f13266bf0b50c3b93fe912344.gz
* make HTTP SSO possible for IIS or rewritingAndreas Gohr2009-01-14
| | | | | | | | | | | | | | | DokuWiki silently attemps to resuse received HTTP auth credentials for user logins. Unfortunately these are only passed to PHP when using mod_php. IIS provides a HTTP_AUTHORIZATION header which now will be decoded and used as well. This header can also be faked via mod_rewrite: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E darcs-hash:20090114153601-7ad00-6c75e8568eda6753834981642eed638b9eb01694.gz
* ACL user wildcard changed to %USER% FS#1504 :!:Andreas Gohr2008-12-16
| | | | | | | | | | | | | | | | | | DokuWiki supports a wildcard which gets replaced with the currently loggedin user in its ACL configuration file. This patch changes the wildcard from @USER@ to %USER% (case sensitive) and also makes sure the ACL Manager does not replace the wildcard when displaying the currently set rules. The change was needed for better compatibility with the User Manager without complicating the code. The old @USER@ wildcard is still supported, but changing an ACL rule using it, through the ACL manager will fail. It is recommended to update ACL rules using the @USER@ wildchar to use the new %USER% one instead. darcs-hash:20081216171126-7ad00-94ce0c2afa411abc936f13572efd0e31941901ee.gz
* removed some illogical path setupsAndreas Gohr2008-12-13
| | | | darcs-hash:20081213090400-7ad00-4e21cd75978bb07513f32f5d750658e8d777c59e.gz
* show update profile dialog only when logged inMichael Klier2008-11-17
| | | | darcs-hash:20081117154409-23886-d0ad833c6bcf96bcc54f6998397de90ff07b7686.gz
* fixed missing global scope in auth_setCookie() FS#1530Oliver Geisen2008-11-08
| | | | darcs-hash:20081108225035-6837b-a662b0728205e64f5eaf7bd0003748a5be8a6b2f.gz
* Ensure 'smd5' password hashing method is only triggered when availableChris Smith2008-10-13
| | | | darcs-hash:20081013123417-f07c6-eaa5586edad17a971f4daf38afac77c6946539f0.gz
* remove unused/redundant isvalidemail() functionChris Smith2008-10-13
| | | | darcs-hash:20081013123311-f07c6-8dc34c8fb9a170fae412a6c37928e601c1728a18.gz
* Fix for FS#1050Chris Smith2008-10-13
| | | | | | Update cookie and session with new details after an "update profile" action darcs-hash:20081013122958-f07c6-244b949b074ac73711c61833f1fa663e55da19c7.gz
* FS#564 FS#1270 new option to disable the rememberme checkboxMichael Klier2008-10-12
| | | | darcs-hash:20081012144253-23886-c904f82c559c3ad5477bf921e93cb439a212134d.gz
* Fail silently if trying to login through supplied HTTP credentials (FS#1228)Gina Haeussge2008-10-12
| | | | darcs-hash:20081012131042-2b4f5-029f4f0ffa6c89e23653584c8bb41db78834cc73.gz
* Empty breadcrumbs on logout (see FS#979)Guy Brand2008-10-11
| | | | darcs-hash:20081011161458-19e2d-97001154886654be84d70b1b140743b124a1c763.gz
* reopen the session in auth_logoff FS#1484Andreas Gohr2008-10-11
| | | | | | | To clean data from the session correctly on logout, the session needs to be reopened. darcs-hash:20081011092157-7ad00-e5cc905b6e04b13fe667690c0e6aad68524254f1.gz
* more cookie security FS#1490Andreas Gohr2008-09-13
| | | | | | | | | | | | This patch adds the httponly option to the PHP session cookies and DokuWiki's auth cookie when supported by the PHP version. It also adds a new config option 'securecookie' which is enabled by default. It makes sure the browser will not sent a cookie set via HTTPS over a non-secured connection. This option has to be disabled for wikis that only protect the login with SSL but not the whole wiki. darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz
* Wrap user modifications in eventsGabriel Birke2008-08-17
| | | | | | | | Adds a wrapper function in the basic auth class which is used by the core code to modify the user database. The wrapper function signals events and delegates the action to the auth backend. darcs-hash:20080817141121-79ce3-3300a4342b62a7a18ebcc9a765d87b30a0264621.gz
* Enhancements for password hashing (maybe fixes FS#1440)Andreas Gohr2008-07-28
| | | | | | | | | This patch adds support for Apache style salted MD5 hashs (apr1). It also fixes smd5 for systems where crypt() does not support MD5 hashs. Unit tests were added. darcs-hash:20080728181616-7ad00-d0980557111cb05662ea1bcf4a78aa2b74ac90d0.gz
* check ACLs correctly if only groups but no user is given FS#1415Andreas Gohr2008-06-08
| | | | | | | | | | | When only an array of groups but no username where passed to auth_aclcheck() it defaulted to use the @ALL group only. This is not critical because this does not happen anywhere in the code. Only exception is when building the plain english explanation of an ACL rule in the ACL manager. darcs-hash:20080608101051-7ad00-0abd42f84c04473ad4fca149893a1b4d931ece48.gz
* reopen the session for storing the auth tokenAndreas Gohr2008-06-03
| | | | darcs-hash:20080603203138-7ad00-cce00e99b64c53b6ffa11748262a3a8c2cd1e37e.gz
* authentication via session tokensAndreas Gohr2008-06-03
| | | | | | | | | | | | | | | | | | | | | This patch adds a way to create a token for an authenticated user which is stored in the session. When a subsequent request resends this token, the request will be authenticated automatically without the need for any cookies or credential rechecking. The auth token expires with the session. Requesting a new token will invalidate the old one. Sending a wrong token will result in a 401 and any existing token will be revoked. This is currently not used anywhere in the code but can be used for browser intitiated client software (flash, applets, ...). Note this is unreleated to the anti CSRF sectoken implementation. Users who want to make use of this mechanism will probably need to pass the session id and a valid sectoken in addtion to the authtoken darcs-hash:20080603193450-7ad00-2f35ddde16a31c4f2699e0e6050b3c4277b2bc64.gz
* Fix for password updates FS#1352Andreas Gohr2008-03-15
| | | | darcs-hash:20080315105202-7ad00-455d343db7d52a5af92361719bee1d60b6c8107d.gz
* Superuser and manager now can be comma separated listsGuy Brand2008-02-27
| | | | | | | | | This patch allows $conf['superuser'] and $conf['manager'] to be lists of values instead of only a single value. So one can put: $conf['superuser'] darcs-hash:20080227142515-19e2d-c160914589f71531583e7ddaab1fc6a81996efa1.gz
* fix usage of is_admin in auth_aclcheckAndreas Gohr2008-02-26
| | | | | | | There were a few problems with name encoding for groups and users introduced in the recent aclcheck change darcs-hash:20080226172257-7ad00-d591f0d2f2219a2b23f93060c65b8fb5f46bd1d7.gz
* Use auth backend to verify password on profile update FS#1328Andreas Gohr2008-02-15
| | | | darcs-hash:20080215154316-7ad00-d052e2eed8e47e62ff639cd66d7debb4bfd293fc.gz
* Make session reference file check overridable for auth backendsAndreas Gohr2008-02-15
| | | | darcs-hash:20080215121716-7ad00-35d275212e0e3c41626ed64d9096aad10f4ad2db.gz
* invalidate all user session cache when userdatabase is changed FS#1085Andreas Gohr2008-02-15
| | | | | | | | | | A reference file is now stored in data/cache/sessionpurge and is used to check if user sessions are still valid. To accomondate for slow auth backends DokuWiki caches user info for a certain time in the user session. darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz
* make sure not supported profile fields are not accepted FS#1329Andreas Gohr2008-02-13
| | | | darcs-hash:20080213214505-7ad00-8ff1974ccbab38168f95072faaeb53134f95b926.gz
* Have aclcheck use auth_isadminGuy Brand2008-02-12
| | | | darcs-hash:20080212213222-19e2d-d8a2261fa83d6482afe213ffb41611ae723811de.gz
* fix problems if $USERINFO['grps'] is not setAndreas Gohr2007-11-02
| | | | darcs-hash:20071102181850-7ad00-9c2c9b0ef953274b8abdadd95c53e8f4e1982810.gz
* don't use realpath() anymore (FS#1261 and others)Andreas Gohr2007-09-30
| | | | | | | | | | | The use of realpath() to clean up relative file names caused some trouble in certain setups relying on symlinks or having restricitve file structure setups. This patch replaces all realpath() calls with a PHP only replacement which should solve those problems. darcs-hash:20070930184250-7ad00-512ff04c95f57fc9eaf104f80372237a3c94286f.gz
* Part 2 of the SecurityToken patch to avaoid CSRF attacksAndreas Gohr2007-08-30
| | | | | | | | This patch adds a security token to all forms generated through the new form class. However it is only checked for possible dangerous actions like editing or profile changes. darcs-hash:20070830191429-7ad00-445efea47a09a4823dfe9e3434ba5b355a80daf6.gz
* quote fix in auth_nameencodeAndreas Gohr2007-08-19
| | | | darcs-hash:20070819211829-7ad00-7f2dbd3d7ad6b4568b8f34209fbcffda6e110f4c.gz
* Protect auth_ismanager() from auth modules that don't always provide group ↵Chris Smith2007-08-05
| | | | | | data in array (FS#1196) darcs-hash:20070805203312-d26fc-cab8dbfff8a2d5f7299fa4462771bafc00135728.gz
* fix for recent auth changeAndreas Gohr2007-06-25
| | | | darcs-hash:20070625210929-7ad00-034c5839bbca3e697d360f72dffcf9d927fea755.gz
* degrade to unauthed user when auth backen unavailable FS#1168Andreas Gohr2007-06-25
| | | | | | | Instead of disabling the whole ACL feature when the auth backend is unavailable just degrade the user to an anonymous user. darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz
* never use full URL in cookie paths FS#1146Andreas Gohr2007-06-03
| | | | | | | Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless of the used canonical setting. darcs-hash:20070603191451-7ad00-a5227a3632b3337f5da90551d3166d9b5db56638.gz
* Partial Fix FS#1085Chris Smith2007-05-28
| | | | | | | | | | | | | | | | | | | This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication information is rechecked. The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned about security should set this value to 0. DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session. Normally these values are compared on each page visit. If the comparison passes the user is accepted. The same data will be used over and over until either the cookie or the session expires. FS#1085 is concerned with updates to the original authentication data not being able to affect this comparison. The new 'auth_security_timeout' setting will force expiration of the saved data after the specified period has elapsed. Re-authentication may affect page response, especially on systems which use remote authentication systems. This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class to allow those mechanisms which are able to control when DW should revoke authentication. darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz
* Fix broken if in previous patchGuy Brand2007-03-02
| | | | darcs-hash:20070302100506-19e2d-342a0477340aa6b2c5fb7e08c520053b7dc33608.gz
* Allow @USER@ variable in ACLsGuy Brand2007-03-02
| | | | | | | | | This saves a lot of ACL lines for users namespaces for example: users:* @ALL 1 users:@USER@ @USER@ 8 darcs-hash:20070301230309-19e2d-90a00b70a2af546fd5194ade614c130e9f7864eb.gz
* make sure cachekey is a string in auth_nameencode FS#1000Andreas Gohr2007-01-06
| | | | darcs-hash:20070106122851-7ad00-9b3b2923e2f917107b29c4dacfc1047b2845a5db.gz
* Check cookie auth data silentlyAndreas Gohr2007-01-09
| | | | darcs-hash:20070109213155-7ad00-9594bbf5c0730221b46f31bb40f31997a09ab4b4.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-06 22:39:47 +0000