ttrss

Commit Graph

Author	SHA1	Message	Date
powerivq	96595ca4c5	Set user related sessions for single user mode	2022-08-31 14:52:42 -07:00
powerivq	f0f44c6ea5	Add last_login to single user mode	2022-08-31 00:41:57 -07:00
Andrew Dolgov	c2f7044485	userhelper: fix optional parameter being declared before a required one	2022-06-13 08:37:39 +03:00
Andrew Dolgov	d4be821825	UserHelper, CLI: add a method to check user password	2022-06-10 22:16:48 +03:00
Andrew Dolgov	cf1eaeedf3	* add UserHelper methods to manipulate user database (add, modify, delete) * expose said methods via CLI (update.php) * fix several invocations of deprecated functions * set stricter type hints on several method arguments	2022-06-10 13:39:00 +03:00
Andrew Dolgov	4250386ba5	set last_login_update session variable immediately when logging in	2022-03-29 13:52:22 +03:00
wn_	8943604aad	Change the param type for UserHelper::hash_password() $algo to appease PHPStan. PHPStan was complaining in 'plugins/auth_internal/init.php' due to UserHelper::hash_password() being passed a string, rather than a UserHelper::HASH_ALGO_* constant. Just switching the param to string for now.	2021-11-14 22:44:48 +00:00
Andrew Dolgov	1b5c61ac85	userhelper: add a phpdoc variable class hint	2021-11-14 18:02:20 +03:00
wn_	2e3a9098b9	Address PHPStan warnings in 'classes/userhelper.php'.	2021-11-11 20:25:13 +00:00
Andrew Dolgov	9e8d69739f	add two helper account access levels: - read only - can't subscribe to more feeds, feed updates are skipped - disabled - can't login define used access levels as UserHelper constants and refactor code to use them instead of hardcoded numbers	2021-11-10 20:44:51 +03:00
Jacek Tomasiak	0c38dc8456	Improve missing token check Avoid "E_NOTICE (8) (classes/userhelper.php:78) Undefined index: csrf_token" in logs.	2021-05-11 10:32:59 +02:00
Andrew Dolgov	0acd33abe3	OTP: generate longer secrets, also make them easier to read/copy	2021-03-29 19:26:04 +03:00
Andrew Dolgov	2cd159e2ce	use separate database column for OTP secrets (migrate previous format if needed)	2021-03-05 17:40:17 +03:00
Andrew Dolgov	fe06416f17	sessions: stop validating against hash of user agent because chromium is sending different agent headers for whatever reason, example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36 seems to be related, at least, to App.postOpenWindow() hack.	2021-03-05 12:27:23 +03:00
Andrew Dolgov	d6629ed188	move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class	2021-03-02 15:03:01 +03:00
Andrew Dolgov	031ee47a3e	don't try to pass string literal NOW() to ORM as a timestamp	2021-03-01 23:07:20 +03:00
Andrew Dolgov	8b1a2406e6	userhelper: use orm for a few more user-related things	2021-03-01 19:32:27 +03:00
Andrew Dolgov	127a868e40	userhelper: use orm for some things	2021-03-01 19:03:21 +03:00
Andrew Dolgov	6359259dbb	simplify internal authentication code and bump default algo to SSHA-512	2021-03-01 15:24:18 +03:00
Andrew Dolgov	ebf16a36a1	remove a bunch of return type hints that didn't quite fit	2021-02-26 19:27:40 +03:00
Andrew Dolgov	3fd7856543	* switch to composer for qrcode and otp dependencies * move most OTP-related stuff into userhelper * remove old phpqrcode and otphp libraries	2021-02-26 19:16:17 +03:00
Andrew Dolgov	89ad25405e	userhelper: only notify failed login for actual logins	2021-02-25 18:26:37 +03:00
Andrew Dolgov	8915bd1b21	fix crash caused by non-numeric non-null _SESSION[uid] passed to sql logger	2021-02-25 18:21:48 +03:00
Andrew Dolgov	dcf0135285	logger: shorter syntax	2021-02-25 15:49:30 +03:00
Andrew Dolgov	59c14e9c00	api: remove base64 encoded passwords (wtf), log all authentication failures in userhelper	2021-02-25 15:39:46 +03:00
Andrew Dolgov	efd196839a	stop caching schema version entirely, fix some session_start() related warnings	2021-02-25 15:28:27 +03:00
Andrew Dolgov	c96172fa04	use constants in get_pref()/set_pref()	2021-02-25 14:49:58 +03:00
Andrew Dolgov	bd2314170d	implement prefs UI based on new prefs class and a few more things	2021-02-25 12:46:13 +03:00
Andrew Dolgov	988eb3ac91	initial (wip) for new prefs	2021-02-25 09:33:36 +03:00
Andrew Dolgov	e4107ac952	wip: initial for config object	2021-02-22 21:47:48 +03:00
Andrew Dolgov	fc0ebf0891	move bookmarklet-related methods out of public.php into the plugin	2021-02-19 20:21:36 +03:00
Andrew Dolgov	9d7ba773ec	move session-related functions to their own namespace	2021-02-16 17:13:16 +03:00
Andrew Dolgov	39604bedef	move reset_password to UserHelper	2021-02-15 16:59:54 +03:00
Andrew Dolgov	8e79f1717d	prefs: unify naming	2021-02-15 16:07:22 +03:00
Andrew Dolgov	a8cc43a0ff	move logout_user() to UserHelper	2021-02-14 15:31:03 +03:00
Andrew Dolgov	71dfc83466	force _ENABLED_PLUGINS to string when passed to pluginhost	2021-02-12 17:20:37 +03:00
Andrew Dolgov	09e9f34bb4	add UserHelper::find_user_by_login() and rewrite some user checks to invoke it instead of going through PDO	2021-02-11 10:22:27 +03:00
Andrew Dolgov	51d2deeea9	fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost	2021-02-08 19:11:31 +03:00
Andrew Dolgov	6e774a58fe	more php8 fixes mostly related to login	2021-02-06 00:12:15 +03:00
Andrew Dolgov	403dca154c	initial WIP for php8; bump php version requirement to 7.0	2021-02-05 23:41:32 +03:00
Andrew Dolgov	40f38fc87f	pluginhost: load plugin data automatically (also marks load_data method as private)	2021-01-15 08:32:06 +03:00
Andrew Dolgov	4e3ef7a4dd	get_user_ip: remove REMOTEADDR for the time being	2021-01-05 10:25:43 +03:00
Andrew Dolgov	a8302fb253	use X-Real-IP headers if possible while authenticating	2021-01-05 10:17:24 +03:00
Andrew Dolgov	6811d0bde2	use self:: in some places to invoke static methods from the same class	2020-09-22 14:54:15 +03:00
Andrew Dolgov	74568df4ff	remove a lot of stuff from global context (functions.php), add a few helper classes instead	2020-09-22 09:04:33 +03:00

45 Commits