Commit Graph

28 Commits

Author SHA1 Message Date
f978c1b83e Use random_bytes() to generate IV where available (PHP 7.x) 2017-05-03 20:28:54 -04:00
8chan
7911c374e8 Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e5 (early 404)
2016-05-06 15:44:26 +02:00
czaks
cd01191072 those parts are extraneous 2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8 Security: capitalization of mods username is significant 2016-05-05 11:39:12 +02:00
czaks
7c3126866c ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system) 2016-05-05 06:43:22 +02:00
czaks
caaf741691 [SECURITY] keep up with modern password hashing standards 2016-04-22 05:35:43 +02:00
Chen-Pang He
7933abd271 Fix vichan #65
Conflicts:
	inc/mod/auth.php
	inc/mod/pages.php
2014-06-12 03:12:27 +02:00
czaks
23d6e82038 $_SERVER[HTTPS] isn`t being always set; fixes #65 2014-06-11 02:04:59 +02:00
Chen-Pang He
6716a24b68 Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site 2014-06-10 17:42:18 +02:00
Michael Foster
7f0de93608 Cleaner check to make sure inc/ files aren't accessed directly. 2013-09-06 20:12:04 +10:00
ctrlcctrlv
9773416553 Better setting name 2013-08-19 03:01:30 +10:00
ctrlcctrlv
47dec49465 Optionally access mod cookie in JavaScript 2013-08-19 03:01:15 +10:00
Michael Foster
a052a791b5 Add optional database table prefix (issue #118; see issue comments for details) 2013-07-31 22:14:26 -04:00
Michael Foster
328484bee7 SQL cleanup 2013-07-31 20:51:43 -04:00
Michael Foster
31f657e550 Long overdue: Salted password hashes 2013-07-24 11:15:55 -04:00
Michael
0ac9dd5f25 Merge pull request #115 from Macil/miscfixes
Miscellaneous fixes
2013-06-18 10:45:13 -07:00
Macil Tech
3bcc87caf2 Fix PM count caching.
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
2013-06-18 11:02:45 -05:00
Michael Save
2051018ba1 ... 2013-01-30 05:07:09 +11:00
Michael Save
5661e32b1c Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form 2013-01-30 04:45:38 +11:00
Michael Save
774e27caf5 Use === operator in authentication. 2013-01-29 22:13:35 +11:00
Michael Save
7a68fc9525 Copyright and license update for 2013. 2013-01-20 21:23:46 +11:00
Michael Save
913010cff5 minor consistency cleanup 2012-08-27 21:50:15 +10:00
Michael Save
eb146d9201 properly tie auth cookies to private salt 2012-08-27 21:45:05 +10:00
Michael Save
6229b82a43 CSRF protection 2012-08-27 15:19:05 +10:00
Michael Save
0f04117037 Cache unread PM notices 2012-05-20 19:06:27 +10:00
Michael Save
e49ece459e new PM 2012-04-13 22:00:40 +10:00
Michael Save
9649550463 start on mod interface rewrite 2012-04-13 02:11:41 +10:00