Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This function asserts that the requester is logged in and that the file exists before either fpassthru()-ing the contents
or returning early.
|
|
Grab the request and decide how to process it based on the directory the resource resides in
|
|
This script is a proxy for downloading file from the public web file tree which Scrott want to enforce access-control over.
|
|
Fix git control files to hold open assets/img/heads directory
|
|
Added function to form class to move tmp uploaded files to permanent storage
|
|
Form::field_file()
Set $form->[name] for each file field type setup on the form.
|
|
Add the Form::field_file() function to allow form handlers to specify they expect to receive file from the end-user.
This adds data about the file field to the form, but does not yet handle it in the populate function
|
|
|
|
|
|
This handler is requires admin status and allows you to create a new application user
|
|
Also, added relevant initialization code to common model
|
|
Added function to retrive all users in system presorted first by admin status (Admins first), then by username in alpha order
|
|
Usernames, aliai, and email addresses are capped at 50 chars in the backend
|
|
I dont need to give these elements IDs, so I'm not going to
|
|
Set a default value for field 'settSSL'. If this value is locked in the system-level configuration, then the disabled radio buttons don't assume a value
during POST submission to the page and the field appears to the $form object as being unset. I use the currently set value for this option as the default.
|
|
|
|
|
|
|
|
Changed how Form() objects model true and false for boolean fields. Was "true" and "false", is now "1" and "0", respectivly.
This is to address how Mysql handles these values as they are pushed to the db.
|
|
|
|
Added logic to set initial state of fields on the setting modal's admin tab
|
|
|
|
Farious fixes for this form submission handler
* missspelled variable names (*Password => *Passwd)
* Added a notice message for password change success
|
|
This helper func to all implementing MVC controllers is used to check for submission of any web-form defined
within a common MVC view file. If detected, the appropriate handler function is called.
|
|
This is a webform handler for the setting modal, user setting tab.
|
|
Validates the users supposed email key. If correct, sets the users emailConf flag.
|
|
This function handles internal vars while updating a user's email address.
|
|
This user function will update the salt and key for a user object to change its password.
|
|
This commit adds the basic structure to the Setting modal in Common MVC.
The meat of this commit is the content for the webform for the modal's form for user account settings. The next commit should implement form submission handling.
|
|
This prevents sending un-necessary HTML to the client on login/signup pages and allows code on the setting modal to assume that getCurrentUser() will always return an object.
|
|
This modal dialog will be used to change app and object settings from any page in the app. The link to open it is added to the user button menu.
|
|
The navbar now has a different view when logged in. I added the 'user button' which shows alert info and has a menu. Currently, the only menu item is 'Log out'.
|
|
This helps render data for the common topp view (navbar). This function will return the glyphicon to use next to the current user's name.
|
|
If a user has an alias set, it should be displayed throughout the app instead of the username.
|
|
These two MVC trees are now accessable from the app. Also, the root controller is finally in a clean state :).
|
|
|
|
|
|
|
|
|
|
If, by some means, the GUID for a logged in user is not valid, that session should be terminated ("$this->setCurrentUser();")
This might happen if the database gets flushed, or if an account gets removed while it is in use...
|
|
Model added in previous commit.
|
|
Deauth is the MVC used to de-authenticate a session -- logout. This MVC will have no views.
|
|
|
|
This assertion will be used app-wide. This asserts that the IP address a client uses to conenct to the app is constant throughout
the the session's lifetime. This is to detect any session hijacking. If a session suddenly appears to be comming from a different
IP address, the session will be killed.
|
|
Now, on deletion of objects, all refs to it are purged from the xref tables, obj_member and msg_read
|
|
Now ignoring the scrott.conf.php file if it is present in the repository
|
|
This applies the rules for requiring or forbiding the use of SSL/HTTPS and reorganizes the rest of root's handle() function (that is, the check for displaying sysconf, auth, or a placeholder message).
|
|
This patch encapsulates all app operations in a try block, and handles any exception by passing it into the new 'Except' MVC to be displayed
|
|
|