Andy Miller
325764a304
improved login/session handling
...
Signed-off-by: Andy Miller <rhuk@mac.com >
2025-09-15 12:02:55 -06:00
Andy Miller
841ec861bd
PHP 8.4 fixes - Implicitly nullable parameter declarations deprecated
2024-10-25 20:12:25 +01:00
Andy Miller
8cc7fb4393
use login’s site_host functionality
2024-05-06 12:38:46 +01:00
Andy Miller
d5eea54aca
Revert "require new email status style"
...
This reverts commit 4d87a391ad
2024-04-05 11:49:13 -06:00
Andy Miller
4d87a391ad
require new email status style
2024-04-05 11:46:39 -06:00
Andy Miller
540482a487
update copyright date
2024-01-05 11:50:46 +00:00
Andy Miller
f32b6ff439
copyright dates
2023-01-02 11:17:40 -07:00
Andy Miller
97ab52df81
no longer reference SwiftException (deprecated)
2022-10-05 08:07:09 -06:00
Matias Griese
396e32b76e
Made path handling unicode-safe, use new Utils::basename() and Utils::pathinfo() everywhere
2022-01-26 14:11:10 +02:00
Matias Griese
e84e785978
Fixed passing null to $twoFa->verifyCode() and $twoFa->verifyYubikeyOTP()
...
`
2022-01-12 10:55:41 +02:00
Andy Miller
0f05d065b0
Support for YubiKey OTP 2 factor authenticator
2022-01-11 12:00:10 -07:00
Andy Miller
0ca2d22f86
updated some copyright years
2022-01-03 09:33:16 -07:00
Matias Griese
6463135bf0
Fixed unescaped messages in JSON responses
2021-11-03 12:42:27 +02:00
Matias Griese
2546cd35e0
Make sure that login data is an array in taskLogin()
2021-08-18 13:41:04 +03:00
Matias Griese
c097eee87f
Fixed error reporting for AJAX tasks if user has no permissions
2021-04-15 10:11:04 +03:00
Matias Griese
1acb94e857
Fixed error message when user clicks logout link after his session has been expired
2021-04-13 10:16:17 +03:00
Matias Griese
9108a4a85f
Fixed broken 2FA login when site is not configured to use Flex Users [ #2109 ]
2021-04-08 10:56:18 +03:00
Matias Griese
9fca08ab43
Regression: Fixed broken 2FA form [ #2109 ]
2021-04-07 14:14:04 +03:00
Matias Griese
58e2c6cc55
Change nonce expiration message
2021-03-31 11:48:15 +03:00
Matias Griese
aa4f80eec1
Greatly improve login related actions for Admin
...
* Better isolate admin to prevent session related vulnerabilities
* Removed support for custom login redirects for improved security
* Shorten forgot password link lifetime from 7 days to 1 hour
* Fixed login related pages being accessible from admin when user has logged in
* Fixed admin user creation and password reset allowing unsafe passwords
* Fixed missing validation when registering the first admin user
* Fixed reset password email not to have session specific token in it
2021-03-26 14:39:37 +02:00
Matias Griese
de3a557b80
Display controller exceptions in debugger
2021-01-18 12:05:24 +02:00
Matias Griese
87f3fd83ff
Pass phpstan level 1 tests
2020-02-04 11:22:27 +02:00
Matias Griese
5dad360946
Fix compatibility regression
2019-08-26 10:51:10 +03:00
Matias Griese
902447a50c
WIP: Added new controller for admin
2019-06-18 12:15:58 +03:00
