| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
session_set_cookie_params does not return any value in PHP 7.1
|
| |
|
|
|
|
| |
Fixes #1122
|
|
|
|
|
|
|
|
| |
Parameters typing and using strict types overall increase the codebase
quality by enforcing the a given parameter will have the expected type.
It also removes the need to unnecessary unit tests checking methods
behavior with invalid input.
|
|
|
|
|
|
| |
Also display the filter for visitors.
Fixes #1529
|
|
|
|
| |
in order to keep index.php as minimal as possible
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Including:
- visibility
- links per page
- untagged only
|
| |
|
|
|
|
|
|
|
| |
On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version,
causing authentication issues.
See: https://stackoverflow.com/a/48238224/1484919
|
|
|
| |
Co-authored-by: ArthurHoaro <arthur@hoa.ro>
|
|
|
| |
Co-authored-by: ArthurHoaro <arthur@hoa.ro>
|
|
|
| |
Co-authored-by: ArthurHoaro <arthur@hoa.ro>
|
| |
|
| |
|
|
|
|
|
|
|
| |
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.
Fixes #1032 #587
|
|\
| |
| | |
Do not check the IP address with session protection disabled
|
| |
| |
| |
| |
| |
| | |
This allows the user to stay logged in if his IP changes.
Fixes #1106
|
|/
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|