8chan
7911c374e8
Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.
===================================
Also: backports 351375185e5 (early 404)
9 年之前
czaks
cd01191072
those parts are extraneous
8 年之前
8chan
3eb755ee7e
Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
9 年之前
8chan Admin
93f748e6a8
Security: capitalization of mods username is significant
10 年之前
czaks
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
8 年之前
czaks
caaf741691
[SECURITY] keep up with modern password hashing standards
8 年之前
Chen-Pang He
7933abd271
Fix vichan #65
Conflicts:
inc/mod/auth.php
inc/mod/pages.php
10 年之前
czaks
23d6e82038
$_SERVER[HTTPS] isn`t being always set; fixes #65
10 年之前
Chen-Pang He
6716a24b68
Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site
10 年之前
Michael Foster
7f0de93608
Cleaner check to make sure inc/ files aren't accessed directly.
10 年之前
ctrlcctrlv
9773416553
Better setting name
10 年之前
ctrlcctrlv
47dec49465
Optionally access mod cookie in JavaScript
10 年之前
ctrlcctrlv
2eb68ac398
Better setting name
10 年之前
ctrlcctrlv
52fe0c8989
Optionally access mod cookie in JavaScript
10 年之前
Michael Foster
a052a791b5
Add optional database table prefix (issue #118; see issue comments for details)
10 年之前
Michael Foster
328484bee7
SQL cleanup
10 年之前
Michael Foster
31f657e550
Long overdue: Salted password hashes
11 年之前
Macil Tech
3bcc87caf2
Fix PM count caching.
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
11 年之前
Michael Save
2051018ba1
...
11 年之前
Michael Save
5661e32b1c
Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form
11 年之前
Michael Save
774e27caf5
Use === operator in authentication.
11 年之前
Michael Save
7a68fc9525
Copyright and license update for 2013.
11 年之前
Michael Save
913010cff5
minor consistency cleanup
11 年之前
Michael Save
eb146d9201
properly tie auth cookies to private salt
11 年之前
Michael Save
6229b82a43
CSRF protection
11 年之前
Michael Save
0f04117037
Cache unread PM notices
12 年之前
Michael Save
e49ece459e
new PM
12 年之前
Michael Save
9649550463
start on mod interface rewrite
12 年之前