Zankaria
d700aa0522
Rework secure_login_only configuration option to allow secure default and header checking
2024-05-11 16:02:15 +02:00
Zankaria
4c731ba241
auth.php: check if cookie exists
2024-05-11 00:51:02 +02:00
Zankaria
b90d6f5680
Fix broken login
2024-05-11 00:04:20 +02:00
Zankaria
1b6d6f38f1
auth.php: add typing
2024-04-30 19:47:31 +02:00
Zankaria
da4842eb7b
auth.php: disallow unencrypted logins by default
2024-04-30 19:45:15 +02:00
Zankaria
0c51d46cdf
auth.php: check if the cookie is set before deletion
2024-04-30 19:45:15 +02:00
Zankaria
9db8444c3c
auth.php: use secured names and directives for mod cookies
2024-04-30 19:44:11 +02:00
Zankaria
abdf82e1c8
auth.php: remove obsolete code
2024-04-30 19:44:11 +02:00
Zankaria
39ce0e7dfc
auth.php: trim
2024-04-30 11:36:11 +02:00
Fredrick Brennan
ac971f36d5
Fix capcodes in PHP7.2. Close #299
2018-07-27 20:08:03 +08:00
RalphORama
c8765dede4
Update PHP version check
...
Removed trailing zero
2017-10-24 17:36:14 -04:00
RalphORama
2097562596
PHP version check for mcrypt_create_iv
...
Use `mcrypt_create_iv()` if PHP version is less than 7.1.0, otherwise use `random_bytes()` (introduced in PHP 7.1 to replace `mcrypt_create_iv()`)
2017-10-24 16:27:00 -04:00
RalphORama
67b1565ef8
Replace mcrypt_create_iv with random_bytes
...
`mcrypt_create_iv()` was deprecated in PHP 7.1.0.
2017-10-24 16:16:25 -04:00
8chan
7911c374e8
Public action logs commit (log.php)
...
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.
===================================
Also: backports 351375185e
(early 404)
2016-05-06 15:44:26 +02:00
czaks
cd01191072
those parts are extraneous
2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e
Move login check in inc/mod/auth.php to a function
...
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8
Security: capitalization of mods username is significant
2016-05-05 11:39:12 +02:00
czaks
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
2016-05-05 06:43:22 +02:00
czaks
caaf741691
[SECURITY] keep up with modern password hashing standards
2016-04-22 05:35:43 +02:00
Chen-Pang He
7933abd271
Fix vichan #65
...
Conflicts:
inc/mod/auth.php
inc/mod/pages.php
2014-06-12 03:12:27 +02:00
czaks
23d6e82038
$_SERVER[HTTPS] isn`t being always set; fixes #65
2014-06-11 02:04:59 +02:00
Chen-Pang He
6716a24b68
Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site
2014-06-10 17:42:18 +02:00
Michael Foster
7f0de93608
Cleaner check to make sure inc/ files aren't accessed directly.
2013-09-06 20:12:04 +10:00
ctrlcctrlv
9773416553
Better setting name
2013-08-19 03:01:30 +10:00
ctrlcctrlv
47dec49465
Optionally access mod cookie in JavaScript
2013-08-19 03:01:15 +10:00
Michael Foster
a052a791b5
Add optional database table prefix (issue #118 ; see issue comments for details)
2013-07-31 22:14:26 -04:00
Michael Foster
328484bee7
SQL cleanup
2013-07-31 20:51:43 -04:00
Michael Foster
31f657e550
Long overdue: Salted password hashes
2013-07-24 11:15:55 -04:00
Michael
0ac9dd5f25
Merge pull request #115 from Macil/miscfixes
...
Miscellaneous fixes
2013-06-18 10:45:13 -07:00
Macil Tech
3bcc87caf2
Fix PM count caching.
...
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
2013-06-18 11:02:45 -05:00
Michael Save
2051018ba1
...
2013-01-30 05:07:09 +11:00
Michael Save
5661e32b1c
Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form
2013-01-30 04:45:38 +11:00
Michael Save
774e27caf5
Use === operator in authentication.
2013-01-29 22:13:35 +11:00
Michael Save
7a68fc9525
Copyright and license update for 2013.
2013-01-20 21:23:46 +11:00
Michael Save
913010cff5
minor consistency cleanup
2012-08-27 21:50:15 +10:00
Michael Save
eb146d9201
properly tie auth cookies to private salt
2012-08-27 21:45:05 +10:00
Michael Save
6229b82a43
CSRF protection
2012-08-27 15:19:05 +10:00
Michael Save
0f04117037
Cache unread PM notices
2012-05-20 19:06:27 +10:00
Michael Save
e49ece459e
new PM
2012-04-13 22:00:40 +10:00
Michael Save
9649550463
start on mod interface rewrite
2012-04-13 02:11:41 +10:00