summaryrefslogtreecommitdiff
path: root/inc/auth.php
Commit message (Collapse)AuthorAge
...
* Wrap user modifications in eventsGabriel Birke2008-08-17
| | | | | | | | Adds a wrapper function in the basic auth class which is used by the core code to modify the user database. The wrapper function signals events and delegates the action to the auth backend. darcs-hash:20080817141121-79ce3-3300a4342b62a7a18ebcc9a765d87b30a0264621.gz
* Enhancements for password hashing (maybe fixes FS#1440)Andreas Gohr2008-07-28
| | | | | | | | | This patch adds support for Apache style salted MD5 hashs (apr1). It also fixes smd5 for systems where crypt() does not support MD5 hashs. Unit tests were added. darcs-hash:20080728181616-7ad00-d0980557111cb05662ea1bcf4a78aa2b74ac90d0.gz
* check ACLs correctly if only groups but no user is given FS#1415Andreas Gohr2008-06-08
| | | | | | | | | | | When only an array of groups but no username where passed to auth_aclcheck() it defaulted to use the @ALL group only. This is not critical because this does not happen anywhere in the code. Only exception is when building the plain english explanation of an ACL rule in the ACL manager. darcs-hash:20080608101051-7ad00-0abd42f84c04473ad4fca149893a1b4d931ece48.gz
* reopen the session for storing the auth tokenAndreas Gohr2008-06-03
| | | | darcs-hash:20080603203138-7ad00-cce00e99b64c53b6ffa11748262a3a8c2cd1e37e.gz
* authentication via session tokensAndreas Gohr2008-06-03
| | | | | | | | | | | | | | | | | | | | | This patch adds a way to create a token for an authenticated user which is stored in the session. When a subsequent request resends this token, the request will be authenticated automatically without the need for any cookies or credential rechecking. The auth token expires with the session. Requesting a new token will invalidate the old one. Sending a wrong token will result in a 401 and any existing token will be revoked. This is currently not used anywhere in the code but can be used for browser intitiated client software (flash, applets, ...). Note this is unreleated to the anti CSRF sectoken implementation. Users who want to make use of this mechanism will probably need to pass the session id and a valid sectoken in addtion to the authtoken darcs-hash:20080603193450-7ad00-2f35ddde16a31c4f2699e0e6050b3c4277b2bc64.gz
* Fix for password updates FS#1352Andreas Gohr2008-03-15
| | | | darcs-hash:20080315105202-7ad00-455d343db7d52a5af92361719bee1d60b6c8107d.gz
* Superuser and manager now can be comma separated listsGuy Brand2008-02-27
| | | | | | | | | This patch allows $conf['superuser'] and $conf['manager'] to be lists of values instead of only a single value. So one can put: $conf['superuser'] darcs-hash:20080227142515-19e2d-c160914589f71531583e7ddaab1fc6a81996efa1.gz
* fix usage of is_admin in auth_aclcheckAndreas Gohr2008-02-26
| | | | | | | There were a few problems with name encoding for groups and users introduced in the recent aclcheck change darcs-hash:20080226172257-7ad00-d591f0d2f2219a2b23f93060c65b8fb5f46bd1d7.gz
* Use auth backend to verify password on profile update FS#1328Andreas Gohr2008-02-15
| | | | darcs-hash:20080215154316-7ad00-d052e2eed8e47e62ff639cd66d7debb4bfd293fc.gz
* Make session reference file check overridable for auth backendsAndreas Gohr2008-02-15
| | | | darcs-hash:20080215121716-7ad00-35d275212e0e3c41626ed64d9096aad10f4ad2db.gz
* invalidate all user session cache when userdatabase is changed FS#1085Andreas Gohr2008-02-15
| | | | | | | | | | A reference file is now stored in data/cache/sessionpurge and is used to check if user sessions are still valid. To accomondate for slow auth backends DokuWiki caches user info for a certain time in the user session. darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz
* make sure not supported profile fields are not accepted FS#1329Andreas Gohr2008-02-13
| | | | darcs-hash:20080213214505-7ad00-8ff1974ccbab38168f95072faaeb53134f95b926.gz
* Have aclcheck use auth_isadminGuy Brand2008-02-12
| | | | darcs-hash:20080212213222-19e2d-d8a2261fa83d6482afe213ffb41611ae723811de.gz
* fix problems if $USERINFO['grps'] is not setAndreas Gohr2007-11-02
| | | | darcs-hash:20071102181850-7ad00-9c2c9b0ef953274b8abdadd95c53e8f4e1982810.gz
* don't use realpath() anymore (FS#1261 and others)Andreas Gohr2007-09-30
| | | | | | | | | | | The use of realpath() to clean up relative file names caused some trouble in certain setups relying on symlinks or having restricitve file structure setups. This patch replaces all realpath() calls with a PHP only replacement which should solve those problems. darcs-hash:20070930184250-7ad00-512ff04c95f57fc9eaf104f80372237a3c94286f.gz
* Part 2 of the SecurityToken patch to avaoid CSRF attacksAndreas Gohr2007-08-30
| | | | | | | | This patch adds a security token to all forms generated through the new form class. However it is only checked for possible dangerous actions like editing or profile changes. darcs-hash:20070830191429-7ad00-445efea47a09a4823dfe9e3434ba5b355a80daf6.gz
* quote fix in auth_nameencodeAndreas Gohr2007-08-19
| | | | darcs-hash:20070819211829-7ad00-7f2dbd3d7ad6b4568b8f34209fbcffda6e110f4c.gz
* Protect auth_ismanager() from auth modules that don't always provide group ↵Chris Smith2007-08-05
| | | | | | data in array (FS#1196) darcs-hash:20070805203312-d26fc-cab8dbfff8a2d5f7299fa4462771bafc00135728.gz
* fix for recent auth changeAndreas Gohr2007-06-25
| | | | darcs-hash:20070625210929-7ad00-034c5839bbca3e697d360f72dffcf9d927fea755.gz
* degrade to unauthed user when auth backen unavailable FS#1168Andreas Gohr2007-06-25
| | | | | | | Instead of disabling the whole ACL feature when the auth backend is unavailable just degrade the user to an anonymous user. darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz
* never use full URL in cookie paths FS#1146Andreas Gohr2007-06-03
| | | | | | | Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless of the used canonical setting. darcs-hash:20070603191451-7ad00-a5227a3632b3337f5da90551d3166d9b5db56638.gz
* Partial Fix FS#1085Chris Smith2007-05-28
| | | | | | | | | | | | | | | | | | | This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication information is rechecked. The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned about security should set this value to 0. DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session. Normally these values are compared on each page visit. If the comparison passes the user is accepted. The same data will be used over and over until either the cookie or the session expires. FS#1085 is concerned with updates to the original authentication data not being able to affect this comparison. The new 'auth_security_timeout' setting will force expiration of the saved data after the specified period has elapsed. Re-authentication may affect page response, especially on systems which use remote authentication systems. This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class to allow those mechanisms which are able to control when DW should revoke authentication. darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz
* Fix broken if in previous patchGuy Brand2007-03-02
| | | | darcs-hash:20070302100506-19e2d-342a0477340aa6b2c5fb7e08c520053b7dc33608.gz
* Allow @USER@ variable in ACLsGuy Brand2007-03-02
| | | | | | | | | This saves a lot of ACL lines for users namespaces for example: users:* @ALL 1 users:@USER@ @USER@ 8 darcs-hash:20070301230309-19e2d-90a00b70a2af546fd5194ade614c130e9f7864eb.gz
* make sure cachekey is a string in auth_nameencode FS#1000Andreas Gohr2007-01-06
| | | | darcs-hash:20070106122851-7ad00-9b3b2923e2f917107b29c4dacfc1047b2845a5db.gz
* Check cookie auth data silentlyAndreas Gohr2007-01-09
| | | | darcs-hash:20070109213155-7ad00-9594bbf5c0730221b46f31bb40f31997a09ab4b4.gz
* manager user/groupAndreas Gohr2006-12-03
| | | | | | | This patch adds support for a manager option as suggested in http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325c7e77255e1eee32d0f6b.gz
* HTML_EDITFORM_INJECTION event addedAndreas Gohr2006-11-14
| | | | | | | A simple event to inject additional HTML into the editform. This probably needs to be improved. darcs-hash:20061114220825-7ad00-ce868b8d8a25f5120c49dc018b8fd1024aff6e12.gz
* add standard username cleaning to resend password (fixes bug#961)chris2006-11-04
| | | | darcs-hash:20061104174349-9b6ab-74e7c5a3e7a14d12253d36a9d09a35866125a7ec.gz
* don't allow commas in full name registration FS#960Andreas Gohr2006-11-03
| | | | darcs-hash:20061103160700-7ad00-01c7039c591ebdffcbe283984b23b2bb4ed4bc74.gz
* use DOKU_URL as key for sessions and auth cookie #896 #581 #884Andreas Gohr2006-10-03
| | | | | | | | | | This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define. DOKU_COOKIE is now used as session key as well, making sessions no longer dependend on the title option. This should fix problems with multiple wikis on the same host (using the same title) and wikis accessed through different URLs. darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz
* minor bugfix and boring error removalchris2006-09-23
| | | | darcs-hash:20060923203609-9b6ab-ecca679faa254a29772868508050fcf3206b0814.gz
* add authname memory cachechris2006-09-23
| | | | | | | | actions which concern multiple pages (e.g. search, backlinks, recents) end up repeatedly encoding the current user's name and groups. This change caches the results of the encoding allowing them to be reused. darcs-hash:20060923161206-9b6ab-a3ec8f1c2ec284d84b9ff85cba1e56165b2967a7.gz
* move AUTH defines higher upAndreas Gohr2006-09-06
| | | | | | | | | This moves the defines for the different AUTH levels higher up in inc/auth.php to set them before including any auth modules. This fixes a problem with the phpBB auth module posted at http://wiki.splitbrain.org/wiki:tips:integrate_with_phpbb#another_phpbb.class.php darcs-hash:20060906184814-7ad00-679bd636730e21dca45b9baaf721fb3b34a8695a.gz
* bug #876, additional data for new user notification emailchris2006-08-22
| | | | | | | This patch updates only the english version of the localised "registermail.txt" file. Other versions need to be updated also. darcs-hash:20060822072444-9b6ab-ff6cb5bc78277c383e82c3986eeb16168e86c27b.gz
* more unit test fixeschris2006-08-09
| | | | | | - move parser.test.php darcs-hash:20060809192115-9b6ab-973fea51fbfdcf5f44a2ac66000f2ccb5fdd43b4.gz
* fixed auth problem introduced in last unittest fixAndreas Gohr2006-08-05
| | | | darcs-hash:20060805163147-7ad00-77e7d9cd88f012cd2ecc6275a574abde30f4a9be.gz
* more unittest updateschris2006-08-05
| | | | darcs-hash:20060805082442-9b6ab-8447755da8c66c5cfc3ee0df0f8bb97375a2a1ff.gz
* unittest fixeschris2006-08-04
| | | | darcs-hash:20060804142243-9b6ab-d208f7f1a67a9958fda05c519c8407ad5e733cea.gz
* two-stage password resetAndreas Gohr2006-07-14
| | | | | | | | | | This patch changes the password reset function to a two-stage process. After requesting a new password a confirmation email is sent first, only if the link contained in this mail is used the password is changed for real. This makes sure malicious people can't reset passwords for other users. darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz
* disableactions supportAndreas Gohr2006-07-02
| | | | | | | | | | | | This patch adds a config option to disable certain internal action commands of DokuWiki's main dispatcher. The options resendpasswd and openregister were removed because they can now set through this new option. The config plugin needs to be adjusted. darcs-hash:20060702121622-7ad00-1e80e77bcfb0ae561fe7abd79cfbe1bb158be720.gz
* register notify #826Sebastian Harl2006-06-15
| | | | | | | A small patch for dokuwiki which enables dokuwiki to notify the administrator about new user registrations darcs-hash:20060615194419-022eb-51630aff3c6d93abc656742fc0bc723b93f97734.gz
* XSS bugfix #820Andreas Gohr2006-05-31
| | | | darcs-hash:20060531191114-7ad00-ee7498f6a9e047fc9eda5f8754f85d9b8a3317d5.gz
* optionally use HTTP credentials to log inAndreas Gohr2006-05-07
| | | | | | | | | | If no credentials where given (either by form or former cookie) it is checked if credentials from a former HTTP based authentication are available. Those will be tried for login then. This only works with PHP running as Apache module. darcs-hash:20060507161224-7ad00-7ba0a6e871cf5319038e83672a2ff05ef23c124b.gz
* use nameencoding on superuser check in inc/auth.phpAndreas Gohr2006-03-07
| | | | darcs-hash:20060307192928-7ad00-1ec5393d63d536992810fe8f611525d2af4834a2.gz
* nicer error messages for fatal errorsAndreas Gohr2006-03-03
| | | | darcs-hash:20060303180548-7ad00-db294c2c5c10c8df69ebae7596e64e1af4d9bc35.gz
* Allow non-ID names in ACLsAndreas Gohr2006-03-02
| | | | | | | | | Some auth backends allow special chars like whitespaces in user and group names. This made problems with the existing ACL checks and ACL manager. This patch makes the ACL system work with these cases by (url)encoding all special chars below 128. darcs-hash:20060302101850-6e07b-14bda9dbdb3528904325419b35bb9eddb0d1dde3.gz
* do not try to init auth object if useaclAndreas Gohr2006-02-17
| | | | darcs-hash:20060217221221-7ad00-56a0595780eaf495cd67567d00e07ef6d90ab38c.gz
* fixed password mailAndreas Gohr2006-02-17
| | | | | | | There was an error which caused the mail aent on registration to contain the crypted password instead of the cleartext one. darcs-hash:20060217180715-7ad00-88b2e8f74ddbad41300ca53bbf79df3d8d8beebc.gz
* updated auth_punbbAndreas Gohr2006-02-11
| | | | darcs-hash:20060211180240-7ad00-c7c589aa6e5e67f2d7ad54f7e41837f116a91c9c.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 15:00:05 +0000