summaryrefslogtreecommitdiffstats
path: root/app/class (follow)
AgeCommit message (Collapse)AuthorFilesLines
2016-03-27Add function User::setEmail()Malf Furious1-2/+11
This function handles internal vars while updating a user's email address.
2016-03-27Add function User::setPassword()Malf Furious1-2/+10
This user function will update the salt and key for a user object to change its password.
2016-03-27Add function getDisplayName() to User classMalf Furious1-0/+11
If a user has an alias set, it should be displayed throughout the app instead of the username.
2016-03-26Fix bug in Framework::getCurrentUser() functionMalf Furious1-1/+8
If, by some means, the GUID for a logged in user is not valid, that session should be terminated ("$this->setCurrentUser();") This might happen if the database gets flushed, or if an account gets removed while it is in use...
2016-03-05Add verify_ip security assertionMalf Furious1-0/+15
This assertion will be used app-wide. This asserts that the IP address a client uses to conenct to the app is constant throughout the the session's lifetime. This is to detect any session hijacking. If a session suddenly appears to be comming from a different IP address, the session will be killed.
2016-03-01Add garbage collection logic to Object::delObj()Malf Furious1-0/+8
Now, on deletion of objects, all refs to it are purged from the xref tables, obj_member and msg_read
2016-02-07Add in-app administrative setting: settSSLMalf Furious1-0/+18
This is the in-app version of $_SCROTT['settSSL'] system-level setting. Setting::settSSL() overrides $_SCROTT['settSSL'] only if the latter is set to 'neither'. If both are set to 'neither', the app will run on either HTTP or HTTPS depending on how the page was requested.
2016-02-07Add fields to Issue objectMalf Furious1-1/+3
This adds attributes to an issue: due date (optional datetime) tags (space separated string of words to help categorize issues (again, optional))
2016-02-02Add admin setting 'allowPublicSignup'Malf Furious1-0/+13
This setting will be used to decide if the app should allow unauthenticated users to create their own user accounts or if an admin must create them.
2016-02-02Add helper function to Setting classMalf Furious1-0/+17
Added a static helper function to replacing (or inserting) an option value in the database, longhand.
2016-02-01Implement authentication helper functions in User classMalf Furious1-0/+24
Added function to initialize a User object by username wrather than GUID. Added function to validate a user-supplied plain-text password for a given user
2016-01-31Implement PHP session semantics in Framework classMalf Furious1-0/+41
Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address used to login (to compare with furure requests on the same session to combat session hijacking).
2016-01-30Add functionality to create new User objectsMalf Furious1-0/+54
User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database. This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt. This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects
2016-01-30Update app source of entropy for creating random blobsMalf Furious1-2/+9
Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy. Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
2016-01-30Handle object timestamps automatically in Object::saveObj()Malf Furious1-0/+14
The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own. A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time
2016-01-28Add admin field to user tableMalf Furious1-0/+1
User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically.
2016-01-26+ Added function to User class to fetch all users from DBMalf Furious1-0/+16
* Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account
2016-01-01+ Added class file for setting tableMalf Furious2-1/+29
2016-01-01+ Added class file for message tableMalf Furious1-0/+26
2016-01-01+ Added class file for issue tableMalf Furious1-0/+28
2015-12-31+ Added class file for stage tableMalf Furious1-0/+25
2015-12-31+ Added class file for Pad tableMalf Furious1-0/+26
2015-12-30+ Added class file for group tableMalf Furious1-0/+20
2015-12-30+ Created class file for extern-user tableMalf Furious1-0/+26
2015-12-30+ Created db table child class for User tableMalf Furious1-0/+30
2015-12-18+ Added DBObject class -- A non-abstract version of Object classMalf Furious1-0/+15
2015-12-18* now using rand() instead of random_bytes for numbersMalf Furious1-1/+1
2015-12-18+ Implemented Object::getNewGUID function for Object classMalf Furious1-0/+15
2015-12-18+ Added function "isGUID" to object class for checking whether GUIDs existMalf Furious1-0/+17
2015-12-18* Defined some default values for function parameters for object class -- ↵Malf Furious1-2/+2
planning to make a class "RawObject" so that objects may be created in a polymorphic way
2015-12-18+ Added delObj function to object classMalf Furious1-0/+17
2015-12-18+ Added saveObj function to Object classMalf Furious1-1/+93
2015-12-17+ Added abstract base class for Scrott database objects (implemented ↵Malf Furious1-0/+71
constructor and loadObj functions)
2015-12-17* Bug fix in Mysql support class -- misuse of Mysql result object and its ↵Malf Furious1-2/+2
member function fetch_assoc
2015-12-17+ Added function to framework class for getting (or creating) the app's ↵Malf Furious1-0/+32
singleton db connection object. If no connection is established, logic uses system-level configuration to decide how to connect before returning
2015-12-17+ Added generic database interface to use throughout the app since I'm ↵Malf Furious2-0/+76
planning on supporting multiple database engines + Defined interface for Mysql DBMS for Scrott
2015-12-08+ Added controller security assertions: require_https and forbid_httpsM1-0/+20
2015-12-08+ Added bool field type to Form classM1-0/+8
2015-12-06* Bug fix in framework class - redirectTo function -- http_redirect function ↵M1-1/+1
I was using is part of an extension for PHP and therefore, non-standard
2015-12-06+ Added function to model class to log all error messages from a Form ↵M1-0/+8
objects populate call
2015-12-06* Bug fix in Form class - populate function -- If a field was set in $input, ↵M1-3/+3
but equal to "", the isset check would not behave as expected
2015-12-05+ Added framework function for getting current app pathM1-0/+8
* Changed sysconf view to use new function ($mod->ar()/sysconf -> $mod->ap)
2015-12-05* Form class fields now have the ability to set a default value. Default ↵M1-13/+25
value is applied if the supplied $input array has no key matching the field name.
2015-12-05+ Implemented populate function in Form classM1-3/+97
+ Added helper function in Form class, logError ! Finished Form class for now
2015-12-05+ Added numeric and enum types to Form classM1-0/+37
2015-12-03+ Started Form class definitionM1-0/+35
2015-11-22* Derp, default is a reserved word, calling the function 'deflt' insteadM1-2/+0
* Removed explicit call to parent constructor in model class, since that function is not explicitly defined
2015-11-22* Implemented framework ar (app root) functionM1-1/+1
2015-11-21+ Added abstract model definitionM1-0/+71
2015-11-21+ Defined function to check if scrott.conf.php file existsM1-0/+9