Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Changed how Form() objects model true and false for boolean fields. Was "true" and "false", is now "1" and "0", respectivly.
This is to address how Mysql handles these values as they are pushed to the db.
|
|
Validates the users supposed email key. If correct, sets the users emailConf flag.
|
|
This function handles internal vars while updating a user's email address.
|
|
This user function will update the salt and key for a user object to change its password.
|
|
If a user has an alias set, it should be displayed throughout the app instead of the username.
|
|
If, by some means, the GUID for a logged in user is not valid, that session should be terminated ("$this->setCurrentUser();")
This might happen if the database gets flushed, or if an account gets removed while it is in use...
|
|
This assertion will be used app-wide. This asserts that the IP address a client uses to conenct to the app is constant throughout
the the session's lifetime. This is to detect any session hijacking. If a session suddenly appears to be comming from a different
IP address, the session will be killed.
|
|
Now, on deletion of objects, all refs to it are purged from the xref tables, obj_member and msg_read
|
|
This is the in-app version of $_SCROTT['settSSL'] system-level setting.
Setting::settSSL() overrides $_SCROTT['settSSL'] only if the latter is set to 'neither'.
If both are set to 'neither', the app will run on either HTTP or HTTPS depending on how the page was requested.
|
|
This adds attributes to an issue:
due date (optional datetime)
tags (space separated string of words to help categorize issues (again, optional))
|
|
This setting will be used to decide if the app should allow unauthenticated users to create their own user accounts or if an admin must create them.
|
|
Added a static helper function to replacing (or inserting) an option value in the database, longhand.
|
|
Added function to initialize a User object by username wrather than GUID.
Added function to validate a user-supplied plain-text password for a given user
|
|
Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address
used to login (to compare with furure requests on the same session to combat session hijacking).
|
|
User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database.
This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt.
This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects
|
|
Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy.
Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
|
|
The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own.
A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time
|
|
User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically.
|
|
* Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
planning to make a class "RawObject" so that objects may be created in a polymorphic way
|
|
|
|
|
|
constructor and loadObj functions)
|
|
member function fetch_assoc
|
|
singleton db connection object. If no connection is established, logic uses system-level configuration to decide how to connect before returning
|
|
planning on supporting multiple database engines
+ Defined interface for Mysql DBMS for Scrott
|
|
|
|
|
|
I was using is part of an extension for PHP and therefore, non-standard
|
|
objects populate call
|
|
but equal to "", the isset check would not behave as expected
|
|
* Changed sysconf view to use new function ($mod->ar()/sysconf -> $mod->ap)
|
|
value is applied if the supplied $input array has no key matching the field name.
|
|
+ Added helper function in Form class, logError
! Finished Form class for now
|
|
|
|
|
|
* Removed explicit call to parent constructor in model class, since that function is not explicitly defined
|