Bharat Mediratta
d45a737779
Update copyright to 2013. Fixes #1953 .
2013-01-21 01:22:01 -05:00
Bharat Mediratta
bf2bb3e1ea
Update copyright to 2012. #1822
2012-02-27 09:48:23 -08:00
Bharat Mediratta
423daa52d5
Update copyright to 2011.
2011-01-21 23:01:06 -08:00
Bharat Mediratta
eb010554ff
Replace self::func() with <helper_name>::func() for all public APIs
...
and constants to make overloading easier. Fixes #1510 .
2010-11-28 11:27:25 -08:00
Bharat Mediratta
dceecabbf1
Make login/logout continuation url code consistent. Where necessary,
...
we specify the continue_url in the session, but we store it in the
login form so that we can propagate it across the session creation
that happens at login time.
2010-06-12 15:16:47 -07:00
Bharat Mediratta
c3c2b45280
Update the copyright to 2010. It's only 3 months into the year :-)
2010-03-03 10:15:34 -08:00
Andy Staudacher
d53f6d0e05
Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors.
2010-02-12 16:40:44 -08:00
Andy Staudacher
6353a7c2de
Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009.
...
Side effect: Renaming auth::required_login() to login_page().
2010-02-11 14:28:32 -08:00
Tim Almdal
8ef08d2088
Refactor the code to display the login page if the user does not have view
...
permission into the common auth::require_login() method.
2010-02-10 08:53:39 -08:00
Andy Staudacher
f93528ffab
Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area.
...
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
2010-02-07 15:37:32 -08:00
Bharat Mediratta
aff5d1cef4
Create the concept of a "failed authentication" as semantically
...
separate from a successful or failed login.
1) Rename user_login_failed event to user_authenticate_failed
2) Rename failed_logins table to failed_auth (bump Gallery module to
v27 to rename the table)
3) auth::too_many_failed_logins -> auth::too_many_failures
4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
auth::clear_failed_auth_attempts -> auth::clear_failed_attempts
2010-02-07 08:45:10 -08:00
Tim Almdal
1f51d663a0
Correct missing function name.
2010-02-03 08:18:53 -08:00
Bharat Mediratta
99a7f470b9
Protect password changes against brute force attacks.
2010-02-02 21:48:01 -08:00
Bharat Mediratta
d92ee7954e
Refactory auth::too_many_failed_logins() out of
...
auth::validate_too_many_failed_logins() to conceptually separate the
two.
2010-01-30 23:15:18 -08:00
Andy Staudacher
1470b99d1f
Protect REST login controller from brute force attacks too.
...
And make the REST auth token less predictable by using a better source for randomness.
2010-01-30 21:42:57 -08:00
Bharat Mediratta
2bfcec9620
Prevent brute force login attacks by reducing login attempts to 1 per
...
minute after there have been 5 consecutive failed login attempts.
Fix for ticket #589 .
2010-01-30 19:48:57 -08:00
Bharat Mediratta
70b235e13d
In auth::login() make the user active before trying to save it, else
...
the validation code fails because it expects there to be an active
user.
2010-01-28 21:33:01 -08:00
Tim Almdal
11fbcfeb25
Found another broken link for what should have been the user profile
2010-01-28 09:55:41 -08:00
Bharat Mediratta
2e420522ec
Preliminary work to cut over to Kohana 2.4
...
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
2009-11-25 13:22:24 -08:00
Tim Almdal
59b5a05496
Rename the login helper to auth. Create a login and logout helper function to allow for programmically login in and out.
2009-10-30 09:32:18 -07:00
