| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This function handles internal vars while updating a user's email address.
|
|
This user function will update the salt and key for a user object to change its password.
|
|
This commit adds the basic structure to the Setting modal in Common MVC.
The meat of this commit is the content for the webform for the modal's form for user account settings. The next commit should implement form submission handling.
|
|
This prevents sending un-necessary HTML to the client on login/signup pages and allows code on the setting modal to assume that getCurrentUser() will always return an object.
|
|
This modal dialog will be used to change app and object settings from any page in the app. The link to open it is added to the user button menu.
|
|
The navbar now has a different view when logged in. I added the 'user button' which shows alert info and has a menu. Currently, the only menu item is 'Log out'.
|
|
This helps render data for the common topp view (navbar). This function will return the glyphicon to use next to the current user's name.
|
|
If a user has an alias set, it should be displayed throughout the app instead of the username.
|
|
These two MVC trees are now accessable from the app. Also, the root controller is finally in a clean state :).
|
|
|
|
|
|
|
|
If, by some means, the GUID for a logged in user is not valid, that session should be terminated ("$this->setCurrentUser();")
This might happen if the database gets flushed, or if an account gets removed while it is in use...
|
|
Model added in previous commit.
|
|
Deauth is the MVC used to de-authenticate a session -- logout. This MVC will have no views.
|
|
|
|
This assertion will be used app-wide. This asserts that the IP address a client uses to conenct to the app is constant throughout
the the session's lifetime. This is to detect any session hijacking. If a session suddenly appears to be comming from a different
IP address, the session will be killed.
|
|
Now, on deletion of objects, all refs to it are purged from the xref tables, obj_member and msg_read
|
|
This applies the rules for requiring or forbiding the use of SSL/HTTPS and reorganizes the rest of root's handle() function (that is, the check for displaying sysconf, auth, or a placeholder message).
|
|
This patch encapsulates all app operations in a try block, and handles any exception by passing it into the new 'Except' MVC to be displayed
|
|
|
|
|
|
This MVC should be triggered by the root controller if normal routines throw an exception and should pass the exception message to the Except controller.
|
|
This is the in-app version of $_SCROTT['settSSL'] system-level setting.
Setting::settSSL() overrides $_SCROTT['settSSL'] only if the latter is set to 'neither'.
If both are set to 'neither', the app will run on either HTTP or HTTPS depending on how the page was requested.
|
|
This adds attributes to an issue:
due date (optional datetime)
tags (space separated string of words to help categorize issues (again, optional))
|
|
This MVC will not be used to handle deauth (logout) anymore. To improve app flow, a separate one will be created for this purpose
|
|
|
|
|
|
For design reasons and to simplify flow of control throughout the app login/signup sequence, these two views are being merged together.
This will autimately make the auth MVC less stateful, which I think is good.
NOTE: This breaks the Auth MVC, the model and controller will need updated to support this new, single default view
|
|
This setting will be used to decide if the app should allow unauthenticated users to create their own user accounts or if an admin must create them.
|
|
Added a static helper function to replacing (or inserting) an option value in the database, longhand.
|
|
Finished initial functionality for Auth MVC by implementing the login feature
|
|
Added function to initialize a User object by username wrather than GUID.
Added function to validate a user-supplied plain-text password for a given user
|
|
Now, on a successful submission of the signup view form (Auth MVC), the app automatically logs in the newly-created user and redirects to Framework::ap() . "/".
Placeholder code has been added to the root controller to simply var_dump() the current logged in user if one exists, otherwise the login view (Auth MVC) is shown
|
|
Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address
used to login (to compare with furure requests on the same session to combat session hijacking).
|
|
There was a mistake that caused the page notice about no accounts existing to sometimes not showup in error. This merge resolves that issue as well as tidys up the code a bit.
|
|
Submissions to the Auth signup page are now fully handled by either creating a new account (User object in the system) or posting an error message to the page (Auth model)
|
|
User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database.
This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt.
This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects
|
|
Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy.
Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
|
|
The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own.
A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time
|
|
If no accounts exist no login page will be shown. Instead, the app presents the signup page to allow
the administrator to create his account. This is the only case where a new account should be an admin by default.
|
|
User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically.
|
|
|
|
* Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account
|
|
|
|
|
|
redirecting to the app root on success (needed to add a trailing shash character)
|
|
* Digested some example code
|
|
|
|
|
