| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This patch also removes legacy support for @USER@. Only %USER% is valid
now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements what Adrian's patch "Hide logout button if auth
backend cannot logout" intended to do.
The 'logoff' capability was used to decide if a special method called
$auth->logOff() should be called when the user logs out, not if the
backend supports logouts at all. This was a superflous capability since
an empty logOff() method is implemented in the base class anyway - it
doesn't hurt to always call the method.
The 'logoff' capability is now deprecated. Backends who want to do
actions on logout simply need to overwrite logOff().
A new capability 'logout' was added which defaults to true. Backends
that can't logoff the user (eg. because they use some automatic
login/logoff mechanism) can set this to false.
Probably makes sense to add a 'login' capability as well...
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Classes are loaded throug PHP5's class autoloader, all other
includes are just loaded by default. This skips a lot of
require_once calls.
Parser and Plugin stuff isn't handled by the class loader yet.
|
| |
|
|
|
|
| |
Ignore-this: 804d0837b9a04e4f82e6b54765f453cf
darcs-hash:20091215095430-e4919-19c61854c27fdade90caeed035445ee3396b0095.gz
|
| |
|
|
|
|
| |
Ignore-this: fb853b40911201a41c237d69d91f7d24
darcs-hash:20091128111547-6ad63-0432d3b190946b2b8f7c292119e034cdcdae3a00.gz
|
| |
|
|
| |
darcs-hash:20091124152419-e4919-b4d55158c15d637a453b082eae6a80a828818934.gz
|
| |
|
|
|
|
| |
Ignore-this: 3591e5a36126c72bd9b931e4aa832da8
darcs-hash:20091115141725-7ad00-7c2fc662d1999731660673d05299c4f357b797b3.gz
|
| |
|
|
|
|
| |
Ignore-this: b824c2941d3631bdf83350e325606d3e
darcs-hash:20091114123517-7ad00-d32833a88cb5f654a8874542d4d59f1f401d4453.gz
|
| |
|
|
|
|
| |
Ignore-this: 26392125523d2c822580346074330ebe
darcs-hash:20091113102249-7ad00-4cede040a940d739bd34d548e12956e8d8609cfa.gz
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changes of behaviour are:
* Allow the user name, title & description \e2\80\9c0\e2\80\9d
* Default to Port 443 if using HTTPS
* Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is
logged in
* Do not pass empty fragment field in the event data for event
ACTION_SHOW_REDIRECT
* Handle chunked encoding in HTTPClient
darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz
|
| |
|
|
|
|
| |
firing the event
darcs-hash:20091023085601-e4919-5c800a07bcf70c34720a39e7bca9a1250b973b32.gz
|
| |
|
|
|
|
| |
Ignore-this: 259cb5773c3144c6c706d87298dcf674
darcs-hash:20091020212338-7ad00-6bf1c5c403491f136a1c02af5ecd9f84d7227107.gz
|
| |
|
|
|
|
|
|
|
| |
Ignore-this: c809bd207504f78e84685612b0a668a7
This is a MD5 based hashing method used in the Unclassified NewsBoard forum
software (which is used for DokuWiki's supprt forum)
darcs-hash:20091015184330-7ad00-38680848952bdb46052dcf3597fa5e91f892ca51.gz
|
| |
|
|
|
|
| |
Ignore-this: c9b92b33e2a3a3418fd0730bf4971b7e
darcs-hash:20091004135409-7ad00-51c902a832fef7486a9afca9e9481b172a6894e1.gz
|
| |
|
|
|
|
|
|
|
| |
Ignore-this: 3e0ad635a6f8536ed05871704a29e1e2
This patch adds a small notice to the comment that the id given to
auth_(quick)aclcheck needs to be resolved and cleaned.
darcs-hash:20091004093316-074e0-a4095962c52c16918d617d2ffecc783ba8fd0202.gz
|
| |
|
|
| |
darcs-hash:20090528215438-6942e-bf1b875e689ade6bd1a17e3d812ce16bf35c84a6.gz
|
| |
|
|
|
|
| |
Ignore-this: 13616da575fbe56064b2aa3d1d803bf5
darcs-hash:20090410181613-7ad00-b74c82c1f9296a2cb0d00b03316141b19821bda1.gz
|
| |
|
|
|
|
| |
Ignore-this: ad04520c987ab71b4dcec5e5b38fae8a
darcs-hash:20090407172723-7ad00-81d06920a678c7aab73778e2ce4f8f1f44faf314.gz
|
| |
|
|
|
|
| |
Ignore-this: 9ffd0327c318a633e33a60e0a8ecf7f5
darcs-hash:20090312224454-b7b7f-12b7fa78c0b638c1795f6d5e1b1c1aa2cbab64d4.gz
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore-this: b30b94c67baa8a8916dd216424e9473c
As auth_logoff is called very early for all not-logged in users it
prevented writing the breadcrumbs and might have broken some other
things relying on a open session at beginning of the script.
auth_logoff now makes sure the session is open but will not close
it.
Additionally the session is now explicitly closed before a redirect.
darcs-hash:20090210100257-7ad00-50470f18edb9fdbeb555fbf5d8a470a3b077915d.gz
|
| |
|
|
|
|
| |
Ignore-this: 53d4440e4bffdcf66330ffc6b2b3372a
darcs-hash:20090130090624-7ad00-a6f6da5b1d42ac48cf4906e40addbd15e995125c.gz
|
| |
|
|
| |
darcs-hash:20090116145345-7ad00-153c9e6e0a83d937c48967ed5bc90578a5f49a15.gz
|
| |
|
|
| |
darcs-hash:20090114175244-7ad00-22fe37641598c13f13266bf0b50c3b93fe912344.gz
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DokuWiki silently attemps to resuse received HTTP auth credentials for
user logins. Unfortunately these are only passed to PHP when using
mod_php. IIS provides a HTTP_AUTHORIZATION header which now will
be decoded and used as well.
This header can also be faked via mod_rewrite:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E
darcs-hash:20090114153601-7ad00-6c75e8568eda6753834981642eed638b9eb01694.gz
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DokuWiki supports a wildcard which gets replaced with the currently loggedin
user in its ACL configuration file.
This patch changes the wildcard from @USER@ to %USER% (case sensitive) and
also makes sure the ACL Manager does not replace the wildcard when displaying
the currently set rules.
The change was needed for better compatibility with the User Manager without
complicating the code. The old @USER@ wildcard is still supported, but
changing an ACL rule using it, through the ACL manager will fail.
It is recommended to update ACL rules using the @USER@ wildchar to use the
new %USER% one instead.
darcs-hash:20081216171126-7ad00-94ce0c2afa411abc936f13572efd0e31941901ee.gz
|
| |
|
|
| |
darcs-hash:20081213090400-7ad00-4e21cd75978bb07513f32f5d750658e8d777c59e.gz
|
| |
|
|
| |
darcs-hash:20081117154409-23886-d0ad833c6bcf96bcc54f6998397de90ff07b7686.gz
|
| |
|
|
| |
darcs-hash:20081108225035-6837b-a662b0728205e64f5eaf7bd0003748a5be8a6b2f.gz
|
| |
|
|
| |
darcs-hash:20081013123417-f07c6-eaa5586edad17a971f4daf38afac77c6946539f0.gz
|
| |
|
|
| |
darcs-hash:20081013123311-f07c6-8dc34c8fb9a170fae412a6c37928e601c1728a18.gz
|
| |
|
|
|
|
| |
Update cookie and session with new details after an "update profile" action
darcs-hash:20081013122958-f07c6-244b949b074ac73711c61833f1fa663e55da19c7.gz
|
| |
|
|
| |
darcs-hash:20081012144253-23886-c904f82c559c3ad5477bf921e93cb439a212134d.gz
|
| |
|
|
| |
darcs-hash:20081012131042-2b4f5-029f4f0ffa6c89e23653584c8bb41db78834cc73.gz
|
| |
|
|
| |
darcs-hash:20081011161458-19e2d-97001154886654be84d70b1b140743b124a1c763.gz
|
| |
|
|
|
|
|
| |
To clean data from the session correctly on logout, the session needs
to be reopened.
darcs-hash:20081011092157-7ad00-e5cc905b6e04b13fe667690c0e6aad68524254f1.gz
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the httponly option to the PHP session cookies and DokuWiki's
auth cookie when supported by the PHP version.
It also adds a new config option 'securecookie' which is enabled by default.
It makes sure the browser will not sent a cookie set via HTTPS over a
non-secured connection. This option has to be disabled for wikis that only
protect the login with SSL but not the whole wiki.
darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz
|
| |
|
|
|
|
|
|
| |
Adds a wrapper function in the basic auth class which is used by the core code
to modify the user database. The wrapper function signals events and delegates
the action to the auth backend.
darcs-hash:20080817141121-79ce3-3300a4342b62a7a18ebcc9a765d87b30a0264621.gz
|
| |
|
|
|
|
|
|
|
| |
This patch adds support for Apache style salted MD5 hashs (apr1). It also fixes
smd5 for systems where crypt() does not support MD5 hashs.
Unit tests were added.
darcs-hash:20080728181616-7ad00-d0980557111cb05662ea1bcf4a78aa2b74ac90d0.gz
|
| |
|
|
|
|
|
|
|
|
|
| |
When only an array of groups but no username where passed to auth_aclcheck()
it defaulted to use the @ALL group only. This is not critical because this
does not happen anywhere in the code.
Only exception is when building the plain english explanation of an ACL rule
in the ACL manager.
darcs-hash:20080608101051-7ad00-0abd42f84c04473ad4fca149893a1b4d931ece48.gz
|
| |
|
|
| |
darcs-hash:20080603203138-7ad00-cce00e99b64c53b6ffa11748262a3a8c2cd1e37e.gz
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a way to create a token for an authenticated user which is stored
in the session. When a subsequent request resends this token, the request will be
authenticated automatically without the need for any cookies or credential
rechecking.
The auth token expires with the session. Requesting a new token will invalidate
the old one. Sending a wrong token will result in a 401 and any existing token
will be revoked.
This is currently not used anywhere in the code but can be used for browser
intitiated client software (flash, applets, ...).
Note this is unreleated to the anti CSRF sectoken implementation.
Users who want to make use of this mechanism will probably need to pass the
session id and a valid sectoken in addtion to the authtoken
darcs-hash:20080603193450-7ad00-2f35ddde16a31c4f2699e0e6050b3c4277b2bc64.gz
|
| |
|
|
| |
darcs-hash:20080315105202-7ad00-455d343db7d52a5af92361719bee1d60b6c8107d.gz
|
| |
|
|
|
|
|
|
|
| |
This patch allows $conf['superuser'] and $conf['manager'] to be lists
of values instead of only a single value. So one can put:
$conf['superuser']
darcs-hash:20080227142515-19e2d-c160914589f71531583e7ddaab1fc6a81996efa1.gz
|
