summaryrefslogtreecommitdiffstats
path: root/web/html/login.php
AgeCommit message (Collapse)AuthorFilesLines
2020-02-02Add support for backup email addressesLukas Fleischer1-1/+1
Support secondary email addresses that can be used to recover an account in case access to the primary email address is lost. Reset keys for an account are always sent to both the primary and the backup email address. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-11-05login.php: Escape quotes in the referer fieldLukas Fleischer1-1/+1
Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-27Call check_sid() from a central locationLukas Fleischer1-2/+0
Instead of calling check_sid() from every single PHP script representing a web page, add the call to aur.inc.php which is sourced by all of them. Also, remove set_lang() calls from the scripts since these are also already included in aur.inc.php. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-30Shorten maxlength of email input fields to 254 charactersMarcel Korpel1-1/+1
After 24734d0 (Shorten Email column to 254 characters, 2015-11-12) the maximum length of the input fields should be shortened, too. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-25Support long email addressesLukas Fleischer1-1/+1
According to RFC 3696 (and the associated errata), an email address can be up to 256 characters long. Change the database field and the length limit on all input fields accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Allow for logging in via email addressLukas Fleischer1-1/+1
Accept both user names and email addresses in the login prompt. Suggested-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-27Redirect at previous page after a successful loginGordian Edenhofer1-0/+5
After the user was authenticated a redirect to the site which linked the user to the login page is done. This fixes FS#32481. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-06-12Autofocus input fields at login and package-searchGordian Edenhofer1-1/+1
At the login and the package search page, the user is promted to provide some input. Until now it was neccessary to first click the field in which the input should be placed. This can be simplified with HTML5 using the autofocus attribute of the input element, though not included in XHTML 1.0, the attribute was at least given a value to comply with the standard. Signed-off-by: Gordian Edenhofer <gordian.edenhofer@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-02-04Rename the AUR software to aurwebLukas Fleischer1-1/+1
Rename the project to help differentiate between the software providing access to the Arch User Repository and the collection of source packages itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-13Avoid double slashes in notification email bodyLukas Fleischer1-1/+1
Refactor some of the URI generation code to avoid double slashes in absolute URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-24Use an INI-style configuration fileLukas Fleischer1-4/+5
Replace web/lib/config.inc.php with an INI-style configuration file. This allows us to get rid of several globals and makes it easier to use the same configuration file in external scripts. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-24login.php: Properly link to logout page when already logged incanyonknight1-1/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-04Avoid use of "$_SERVER['REQUEST_URI']"Lukas Fleischer1-2/+2
Use the routing library to build proper URIs instead of relying on the "REQUEST_URI" server variable which can be manipulated and might return bogus URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-11Remove character limit on password lengthcanyonknight1-1/+1
As all new passwords are hashed and therefore stored in the database at the same length, this limitation is no longer needed. Fixes FS#31855 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Use echo shortcut syntaxLukas Fleischer1-12/+12
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-2/+2
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Move login form to a separate pageLukas Fleischer1-0/+55
Do not show the login form on every page. Move it to a separate login page and add a link to the navigation bar. Also, add a logout link for logged-in users. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>