| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously, you could log into an account named "MyAccount" by entering
either "myaccount" or "MYACCOUNT" (or any other case conbination). This
patch requires logins to succeed with case-sensitive usernames.
I have also decided, that I wish to disallow duplicate usernames if the
only difference between them is case. There can only be _ONE_
"myaccount" (of any case combination), even if he's known canonically as
"MyAccount". This particular functionality is not changed by this
patch. I'm just noting it as a deliberate decision not to change, by
policy.
Note that _passwords_ always have been, and still are, case-sensitive.
They are salted and hashed before they even hit the database.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
This function helps further abstract agents. We want to get all users
belonging to a pad that is owned by a group, or more specifically - an
agent. If this agent is a user, that user is our only user to collect.
If this agent is a group, we want to capture _it's_ owner along with all
of it's members.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
|
|
Previously, these functions would always call session_start() before
doing most of their work. However, I've found that calling that
function two or more times within the lifetime of a program results in
NOTICE messages output from the PHP interpreter. Therefore, I am now
only calling session_start() if the session is not already active.
|
|
If the session is set to an invalid (eg: deleted) user GUID, an
exception is (correctly) thrown. This commit catches that and enables
getCurrent() to close the bad session and return NULL.
|
|
Now setting the name for email FROM field using system config
'smtpFrom'.
|
|
|
|
Added calls to function saveObj() where $this is mutated.
|
|
Lookup all groups a user owns or is a member of.
|
|
Added the function to verify and update the user's password. Added the
function to confirm and update the user's email address.
|
|
|
|
protected function exceptType added for use by subclasses to assert that
the database object loaded is the correct type and to protect against
cases like EG: passing the GUID for a group to new user(...); If a
problem is detected, throw an exception.
|
|
|
|
While forcing a logout, we need to also redirect to the app root.
|
|
|
|
Setup to perform an iteration of development focused on a simpler
implementation and eliminating redundancy in design.
|
|
|
|
Increase the scope of this function so it may be used by groups.
|
|
This function returns all groups the user either owns or is a member of.
This is not necessarily the same as all groups the user has access
permission to. The *not-yet-implemented* object explorer feature should
be used to browse those.
|
|
|
|
Function to count the number of admin accounts that exist. This is used
to make sure that while deleteing accounts, the number of administrators
never drops to zero.
|
|
Function to delete the user image file for the given user object.
|
|
This function will return the path to the head image (user image) for the user object.
This path should be something like: <APP_ROOT>/file.php?d=img/heads&f=<GUID>
|
|
Added function to retrive all users in system presorted first by admin status (Admins first), then by username in alpha order
|
|
|
|
Validates the users supposed email key. If correct, sets the users emailConf flag.
|
|
This function handles internal vars while updating a user's email address.
|
|
This user function will update the salt and key for a user object to change its password.
|
|
If a user has an alias set, it should be displayed throughout the app instead of the username.
|
|
Added function to initialize a User object by username wrather than GUID.
Added function to validate a user-supplied plain-text password for a given user
|
|
User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database.
This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt.
This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects
|
|
User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically.
|
|
* Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account
|
|
|
