1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-25 13:54:51 +01:00
Commit Graph

42 Commits

Author SHA1 Message Date
Lorenzo Yario
58f7302936
minor bugfix relating to auth when changing your own username 2024-10-20 12:03:15 -07:00
Zankaria
e6133ef00f auth.php: passthrough the context 2024-10-01 22:16:54 +02:00
Zankaria
d700aa0522 Rework secure_login_only configuration option to allow secure default and header checking 2024-05-11 16:02:15 +02:00
Zankaria
4c731ba241 auth.php: check if cookie exists 2024-05-11 00:51:02 +02:00
Zankaria
b90d6f5680 Fix broken login 2024-05-11 00:04:20 +02:00
Zankaria
1b6d6f38f1 auth.php: add typing 2024-04-30 19:47:31 +02:00
Zankaria
da4842eb7b auth.php: disallow unencrypted logins by default 2024-04-30 19:45:15 +02:00
Zankaria
0c51d46cdf auth.php: check if the cookie is set before deletion 2024-04-30 19:45:15 +02:00
Zankaria
9db8444c3c auth.php: use secured names and directives for mod cookies 2024-04-30 19:44:11 +02:00
Zankaria
abdf82e1c8 auth.php: remove obsolete code 2024-04-30 19:44:11 +02:00
Zankaria
39ce0e7dfc auth.php: trim 2024-04-30 11:36:11 +02:00
Fredrick Brennan
ac971f36d5 Fix capcodes in PHP7.2. Close #299 2018-07-27 20:08:03 +08:00
RalphORama
c8765dede4 Update PHP version check
Removed trailing zero
2017-10-24 17:36:14 -04:00
RalphORama
2097562596 PHP version check for mcrypt_create_iv
Use `mcrypt_create_iv()` if PHP version is less than 7.1.0, otherwise use `random_bytes()` (introduced in PHP 7.1 to replace `mcrypt_create_iv()`)
2017-10-24 16:27:00 -04:00
RalphORama
67b1565ef8 Replace mcrypt_create_iv with random_bytes
`mcrypt_create_iv()` was deprecated in PHP 7.1.0.
2017-10-24 16:16:25 -04:00
8chan
7911c374e8 Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e (early 404)
2016-05-06 15:44:26 +02:00
czaks
cd01191072 those parts are extraneous 2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8 Security: capitalization of mods username is significant 2016-05-05 11:39:12 +02:00
czaks
7c3126866c ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system) 2016-05-05 06:43:22 +02:00
czaks
caaf741691 [SECURITY] keep up with modern password hashing standards 2016-04-22 05:35:43 +02:00
Chen-Pang He
7933abd271 Fix vichan #65
Conflicts:
	inc/mod/auth.php
	inc/mod/pages.php
2014-06-12 03:12:27 +02:00
czaks
23d6e82038 $_SERVER[HTTPS] isn`t being always set; fixes #65 2014-06-11 02:04:59 +02:00
Chen-Pang He
6716a24b68 Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site 2014-06-10 17:42:18 +02:00
Michael Foster
7f0de93608 Cleaner check to make sure inc/ files aren't accessed directly. 2013-09-06 20:12:04 +10:00
ctrlcctrlv
9773416553 Better setting name 2013-08-19 03:01:30 +10:00
ctrlcctrlv
47dec49465 Optionally access mod cookie in JavaScript 2013-08-19 03:01:15 +10:00
Michael Foster
a052a791b5 Add optional database table prefix (issue #118; see issue comments for details) 2013-07-31 22:14:26 -04:00
Michael Foster
328484bee7 SQL cleanup 2013-07-31 20:51:43 -04:00
Michael Foster
31f657e550 Long overdue: Salted password hashes 2013-07-24 11:15:55 -04:00
Michael
0ac9dd5f25 Merge pull request #115 from Macil/miscfixes
Miscellaneous fixes
2013-06-18 10:45:13 -07:00
Macil Tech
3bcc87caf2 Fix PM count caching.
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
2013-06-18 11:02:45 -05:00
Michael Save
2051018ba1 ... 2013-01-30 05:07:09 +11:00
Michael Save
5661e32b1c Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form 2013-01-30 04:45:38 +11:00
Michael Save
774e27caf5 Use === operator in authentication. 2013-01-29 22:13:35 +11:00
Michael Save
7a68fc9525 Copyright and license update for 2013. 2013-01-20 21:23:46 +11:00
Michael Save
913010cff5 minor consistency cleanup 2012-08-27 21:50:15 +10:00
Michael Save
eb146d9201 properly tie auth cookies to private salt 2012-08-27 21:45:05 +10:00
Michael Save
6229b82a43 CSRF protection 2012-08-27 15:19:05 +10:00
Michael Save
0f04117037 Cache unread PM notices 2012-05-20 19:06:27 +10:00
Michael Save
e49ece459e new PM 2012-04-13 22:00:40 +10:00
Michael Save
9649550463 start on mod interface rewrite 2012-04-13 02:11:41 +10:00