From 032607b6ca13b7c0a7088a6b52c5fd4492df4bde Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 19:04:05 -0500 Subject: Bump version number Signed-off-by: Malf Furious --- app/class/globals.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/class/globals.php b/app/class/globals.php index 8a6efd7..e71ebc6 100644 --- a/app/class/globals.php +++ b/app/class/globals.php @@ -19,7 +19,7 @@ require_once "class/obj.class.php"; * These are utility functions and constants for the Scrott application. */ -define("__VERSION__", "v0.2"); +define("__VERSION__", "v0.3"); /* * These global variables are arrays of strings logged by Scrott business -- cgit v1.2.3 From 2263cf0953872c09fe1a1158ebb841f74fb9e3ea Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 19:10:01 -0500 Subject: Define stricter username policy Previously, you could log into an account named "MyAccount" by entering either "myaccount" or "MYACCOUNT" (or any other case conbination). This patch requires logins to succeed with case-sensitive usernames. I have also decided, that I wish to disallow duplicate usernames if the only difference between them is case. There can only be _ONE_ "myaccount" (of any case combination), even if he's known canonically as "MyAccount". This particular functionality is not changed by this patch. I'm just noting it as a deliberate decision not to change, by policy. Note that _passwords_ always have been, and still are, case-sensitive. They are salted and hashed before they even hit the database. Signed-off-by: Malf Furious --- app/class/user.class.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/app/class/user.class.php b/app/class/user.class.php index 231111d..7d67257 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -46,11 +46,12 @@ class user extends agent * the username is not in use. Therefore, this function can be * used to test the existence of a user with the given username. */ - public static function getGuidByUname(string $uname) : ?string + public static function getGuidByUname(string $uname, bool $caseInsens = false) : ?string { $uname = database::esc($uname); - $query = "SELECT guid FROM objects WHERE objtype = 'user' AND name = '" . $uname . "'"; + $query = "SELECT guid FROM objects WHERE objtype = 'user' AND " . + ($caseInsens ? "" : "BINARY ") . "name = '" . $uname . "'"; $res = database::query($query); if (count($res) == 0) @@ -64,9 +65,9 @@ class user extends agent * is not in use. This function can be used to test the existence * of a user with the given username. */ - public static function getByUname(string $uname) : ?user + public static function getByUname(string $uname, bool $caseInsens = false) : ?user { - if (($guid = self::getGuidByUname($uname))) + if (($guid = self::getGuidByUname($uname, $caseInsens))) return new user($guid); return NULL; @@ -190,7 +191,9 @@ class user extends agent */ public static function initNew(string $uname, string $passwd) : ?user { - if (self::getByUname($uname)) + /* search is case-insensitive, to make sure no duplicates exist + * which differ _only_ by case */ + if (self::getByUname($uname, true)) return NULL; $user = new user(); -- cgit v1.2.3 From c7601e5305295a635c6ddac61816aac77caa7bb7 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 19:42:33 -0500 Subject: Automatically signoff assignee when closing issue For the Scrott alpha, there is no way for assignees to signoff their work. As a workaround, I am now just always signing off somebody when they close an issue. This will slightly improve the user experience for now, but I'm leaving the real fix for the beta. Signed-off-by: Malf Furious --- app/model/issue.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/model/issue.php b/app/model/issue.php index 7159015..b78e93a 100644 --- a/app/model/issue.php +++ b/app/model/issue.php @@ -68,6 +68,7 @@ if (isAction("iss-mesg-add")) } else { + $issue->signoffAssignee($user); $log = mesg::initNewLog("%s closed issue", $user, $issue); } } @@ -97,6 +98,7 @@ if (isAction("iss-mesg-add")) return; } + $issue->signoffAssignee($user); $issue->close($user); logError(NOTICE, "Issue #" . $issue->numb . " closed"); $log = mesg::initNewLog("%s closed issue", $user, $issue); -- cgit v1.2.3 From bbb93fb3059af61514699da3fd5fad2fffc05cfa Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 20:40:39 -0500 Subject: Add tooltips to navbar buttons Since there is little text labeling things in the navbar, I have added popup tooltips to each button (link) and dropdown menu. Signed-off-by: Malf Furious --- app/view/stdpage.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/app/view/stdpage.php b/app/view/stdpage.php index 99cbb25..c57a156 100644 --- a/app/view/stdpage.php +++ b/app/view/stdpage.php @@ -195,7 +195,7 @@ require_once "view/settings.php"; - + Scrott @@ -205,12 +205,12 @@ require_once "view/settings.php";

Not Logged In