f978c1b83e
Use random_bytes() to generate IV where available (PHP 7.x)
2017-05-03 20:28:54 -04:00
8chan
7911c374e8
Public action logs commit (log.php)
...
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.
===================================
Also: backports 351375185e5 (early 404)
2016-05-06 15:44:26 +02:00
czaks
cd01191072
those parts are extraneous
2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e
Move login check in inc/mod/auth.php to a function
...
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8
Security: capitalization of mods username is significant
2016-05-05 11:39:12 +02:00
czaks
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
2016-05-05 06:43:22 +02:00
czaks
caaf741691
[SECURITY] keep up with modern password hashing standards
2016-04-22 05:35:43 +02:00
Chen-Pang He
7933abd271
Fix vichan #65
...
Conflicts:
inc/mod/auth.php
inc/mod/pages.php
2014-06-12 03:12:27 +02:00
czaks
23d6e82038
$_SERVER[HTTPS] isn`t being always set; fixes #65
2014-06-11 02:04:59 +02:00
Chen-Pang He
6716a24b68
Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site
2014-06-10 17:42:18 +02:00
Michael Foster
7f0de93608
Cleaner check to make sure inc/ files aren't accessed directly.
2013-09-06 20:12:04 +10:00
ctrlcctrlv
9773416553
Better setting name
2013-08-19 03:01:30 +10:00
ctrlcctrlv
47dec49465
Optionally access mod cookie in JavaScript
2013-08-19 03:01:15 +10:00
Michael Foster
a052a791b5
Add optional database table prefix (issue #118 ; see issue comments for details)
2013-07-31 22:14:26 -04:00
Michael Foster
328484bee7
SQL cleanup
2013-07-31 20:51:43 -04:00
Michael Foster
31f657e550
Long overdue: Salted password hashes
2013-07-24 11:15:55 -04:00
Michael
0ac9dd5f25
Merge pull request #115 from Macil/miscfixes
...
Miscellaneous fixes
2013-06-18 10:45:13 -07:00
Macil Tech
3bcc87caf2
Fix PM count caching.
...
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
2013-06-18 11:02:45 -05:00
Michael Save
2051018ba1
...
2013-01-30 05:07:09 +11:00
Michael Save
5661e32b1c
Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form
2013-01-30 04:45:38 +11:00
Michael Save
774e27caf5
Use === operator in authentication.
2013-01-29 22:13:35 +11:00
Michael Save
7a68fc9525
Copyright and license update for 2013.
2013-01-20 21:23:46 +11:00
Michael Save
913010cff5
minor consistency cleanup
2012-08-27 21:50:15 +10:00
Michael Save
eb146d9201
properly tie auth cookies to private salt
2012-08-27 21:45:05 +10:00
Michael Save
6229b82a43
CSRF protection
2012-08-27 15:19:05 +10:00
Michael Save
0f04117037
Cache unread PM notices
2012-05-20 19:06:27 +10:00
Michael Save
e49ece459e
new PM
2012-04-13 22:00:40 +10:00
Michael Save
9649550463
start on mod interface rewrite
2012-04-13 02:11:41 +10:00