| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Added a variety of functions to the Object base class for testing a
user's access level to another object. Also added functions to test
whether a given user or group is an owner or member of another object.
|
|
Added object function to get the owner of an object. This base-class
function returns a User object, however a user might not always be the
kind of owner (eg: a group can own a pad). In these situations, Object
sub-classes should override this function and return the appropriate
type of object.
|
|
Added object function to get an array of all its members. These will
always be user objects, so this is always a safe function to call.
|
|
This function will initialize a new group object and write it to the
database, with a given group name and owner user.
|
|
|
|
|
|
Function to count the number of admin accounts that exist. This is used
to make sure that while deleteing accounts, the number of administrators
never drops to zero.
|
|
Function to delete the user image file for the given user object.
|
|
Only log an error if we get an upload error besides err code 4 (No file
uploaded)
|
|
This function will return the path to the head image (user image) for the user object.
This path should be something like: <APP_ROOT>/file.php?d=img/heads&f=<GUID>
|
|
This is a rework of how the framework handles performing file uploads.
Rather than attaching new fields to a form (of type file) and handling
them during populate() then saving later, users can call what is
essentially a static function and save files in isolation. Since each
webform I can conceive using in Scrott at this time won't be uploading
more than one file at a time, this model should work nicely moving
forward; however can be easily adjusted if need be.
|
|
This reverts commit 8ad6e8f9223bd3ee214478b3e1247f9c7d8e91ec.
See parent commit message
|
|
Form::field_file()"
This reverts commit 1f8b53e426b8c0a1546e9d5c21573be9003cb556.
See parent commit message.
|
|
This reverts commit 3d493fc75dc6e3593001c2d9dfef26f4c1d79c2c.
The way I was wanting to handle file uploads isn't going to fly with a
semantic of PHP and POST var mgmt. -.- Rolling back relevant changes to
write up something else.
|
|
Added function to form class to move tmp uploaded files to permanent storage
|
|
Form::field_file()
Set $form->[name] for each file field type setup on the form.
|
|
Add the Form::field_file() function to allow form handlers to specify they expect to receive file from the end-user.
This adds data about the file field to the form, but does not yet handle it in the populate function
|
|
Added function to retrive all users in system presorted first by admin status (Admins first), then by username in alpha order
|
|
|
|
Changed how Form() objects model true and false for boolean fields. Was "true" and "false", is now "1" and "0", respectivly.
This is to address how Mysql handles these values as they are pushed to the db.
|
|
Validates the users supposed email key. If correct, sets the users emailConf flag.
|
|
This function handles internal vars while updating a user's email address.
|
|
This user function will update the salt and key for a user object to change its password.
|
|
If a user has an alias set, it should be displayed throughout the app instead of the username.
|
|
If, by some means, the GUID for a logged in user is not valid, that session should be terminated ("$this->setCurrentUser();")
This might happen if the database gets flushed, or if an account gets removed while it is in use...
|
|
This assertion will be used app-wide. This asserts that the IP address a client uses to conenct to the app is constant throughout
the the session's lifetime. This is to detect any session hijacking. If a session suddenly appears to be comming from a different
IP address, the session will be killed.
|
|
Now, on deletion of objects, all refs to it are purged from the xref tables, obj_member and msg_read
|
|
This is the in-app version of $_SCROTT['settSSL'] system-level setting.
Setting::settSSL() overrides $_SCROTT['settSSL'] only if the latter is set to 'neither'.
If both are set to 'neither', the app will run on either HTTP or HTTPS depending on how the page was requested.
|
|
This adds attributes to an issue:
due date (optional datetime)
tags (space separated string of words to help categorize issues (again, optional))
|
|
This setting will be used to decide if the app should allow unauthenticated users to create their own user accounts or if an admin must create them.
|
|
Added a static helper function to replacing (or inserting) an option value in the database, longhand.
|
|
Added function to initialize a User object by username wrather than GUID.
Added function to validate a user-supplied plain-text password for a given user
|
|
Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address
used to login (to compare with furure requests on the same session to combat session hijacking).
|
|
User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database.
This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt.
This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects
|
|
Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy.
Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
|
|
The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own.
A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time
|
|
User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically.
|
|
* Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
