| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.
Fixes #1032 #587
|
| |\
| |
| | |
Do not check the IP address with session protection disabled
|
| | |
| |
| |
| |
| |
| | |
This allows the user to stay logged in if his IP changes.
Fixes #1106
|
| | |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |/
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
