Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This MVC should be triggered by the root controller if normal routines throw an exception and should pass the exception message to the Except controller.
|
|
This is the in-app version of $_SCROTT['settSSL'] system-level setting.
Setting::settSSL() overrides $_SCROTT['settSSL'] only if the latter is set to 'neither'.
If both are set to 'neither', the app will run on either HTTP or HTTPS depending on how the page was requested.
|
|
|
|
This adds attributes to an issue:
due date (optional datetime)
tags (space separated string of words to help categorize issues (again, optional))
|
|
Eliminate redunancy in the data model by using just one object type to denote 'log' instead of parent object specfic types (eg: log-user, log-group, log-pad, ....).
This is a redundancy because the type of the parent can be quired simply by following the log entry's parent ptr and assessing its type value.
|
|
|
|
This MVC will not be used to handle deauth (logout) anymore. To improve app flow, a separate one will be created for this purpose
|
|
|
|
|
|
For design reasons and to simplify flow of control throughout the app login/signup sequence, these two views are being merged together.
This will autimately make the auth MVC less stateful, which I think is good.
NOTE: This breaks the Auth MVC, the model and controller will need updated to support this new, single default view
|
|
This setting will be used to decide if the app should allow unauthenticated users to create their own user accounts or if an admin must create them.
|
|
Added a static helper function to replacing (or inserting) an option value in the database, longhand.
|
|
Finished initial functionality for Auth MVC by implementing the login feature
|
|
Added function to initialize a User object by username wrather than GUID.
Added function to validate a user-supplied plain-text password for a given user
|
|
Now, on a successful submission of the signup view form (Auth MVC), the app automatically logs in the newly-created user and redirects to Framework::ap() . "/".
Placeholder code has been added to the root controller to simply var_dump() the current logged in user if one exists, otherwise the login view (Auth MVC) is shown
|
|
Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address
used to login (to compare with furure requests on the same session to combat session hijacking).
|
|
There was a mistake that caused the page notice about no accounts existing to sometimes not showup in error. This merge resolves that issue as well as tidys up the code a bit.
|
|
Submissions to the Auth signup page are now fully handled by either creating a new account (User object in the system) or posting an error message to the page (Auth model)
|
|
User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database.
This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt.
This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects
|
|
Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy.
Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
|
|
The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own.
A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time
|
|
When user objects are initially created they need to hold a NULL owner value (since users are self-owning objects and prior to db insertion their own guid is not known).
Also, the timeUpdated field will no longer hold special meaning for user objects and is now going to be treated as consistent with the rest of the data model.
|
|
If no accounts exist no login page will be shown. Instead, the app presents the signup page to allow
the administrator to create his account. This is the only case where a new account should be an admin by default.
|
|
User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically.
|
|
|
|
* Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account
|
|
|
|
|
|
redirecting to the app root on success (needed to add a trailing shash character)
|
|
* Digested some example code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
page submission to succeed
|
|
|
|
completed..... whew
+ Added some TODO comments for later development
|