summaryrefslogtreecommitdiffstats
path: root/application/controllers/user.php
AgeCommit message (Collapse)AuthorFilesLines
2016-07-29Return 403 instead of 401 for missing authenticationFlorian Pritz1-1/+1
According to the RFC this is only useful for services that use HTTP's built in authentication schemes. We don't so we can't use this code. References: https://tools.ietf.org/html/rfc7235 Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-14muser: Add add_user functionFlorian Pritz1-14/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-14controller/user: Use our function for email verifcationFlorian Pritz1-2/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-14Move username/email validation functions to muserFlorian Pritz1-29/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-14Fix incorrect username validation0.9.17Florian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-13Throw public exception when accessing CLI only functionsFlorian Pritz1-2/+2
We actually don't need to hide this from the user. The error should be shown rather than a blank page being returned. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-13controllers/user: Deduplicate email verificationFlorian Pritz1-5/+14
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-13controllers/user: Deduplicate username verificationFlorian Pritz1-2/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-05Fix redirect on login after registering new accountFlorian Pritz1-0/+2
Previously the login box in the navigation would redirect to the current page, but this page will throw an error in the case of the registration page since that's the page with the invition key and that key is no longer valid. Fix this by redirecting to the $redirect_uri and ensure that this value is set for all requests. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01muser: Add set_passwordFlorian Pritz1-4/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-28Fix login redirect with multipate URLFlorian Pritz1-1/+1
The - from m-ID was missing in the regex. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-18Fix redirect URI when using multiple tabsFlorian Pritz1-7/+12
If we store only the last called URI in the session we can't support multiple browser tabs that all need to log in again. Fix this by storing the URI in the URL. Also change a trim() to ltrim() so that the URI string we store keeps it's trailing slash. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-05Keep email reset keys after useFlorian Pritz1-2/+0
The user might click the wrong link or might change their mind and it is really not necessary to clean them up early. Let the cron job take care of that. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-05Allow users to change their emailFlorian Pritz1-2/+132
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-04-18Added config option max_invitation_keysAlexander Finkhäuser1-1/+1
2015-02-14Use assoc array for service/user/apikeysFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03Use exceptions instead of show_errorFlorian Pritz1-5/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03Remove unstable json apiFlorian Pritz1-9/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-01-16add initial user apiFlorian Pritz1-39/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-10-29Simplify creation of initial userFlorian Pritz1-0/+67
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-10-29Make email sender configurableFlorian Pritz1-8/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-10-19Clean up the postgres changesFlorian Pritz1-7/+6
Style cleanup and some regression fixes Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-09-19where_in for in array queries a proper count usageRafael Bodill1-3/+3
2014-09-19Fix timestamp adjusting for a list of arraysRafael Bodill1-2/+6
2014-09-18User controller queries built dynamicallyRafael Bodill1-74/+72
2014-09-18Query builder in user login and controllerRafael Bodill1-5/+7
2014-07-23Move migration code to CLI callable functionFlorian Pritz1-0/+5
This is necessary to prevent migrations from running multiple times in parallel. A git hook can be used to run this after checkout so impact should be fairly low. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-04-12Add foreign keys to databaseFlorian Pritz1-1/+1
Changing the referrer value for the root admin from 0 to NULL to make the foreign key check work. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-02-23user/create_apikey: Use empty comment if unsetFlorian Pritz1-0/+1
False gets converted to "0" when being stored in the DB which we don't want. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-02-21Implement multiple access levels for api keysFlorian Pritz1-4/+13
This allows to use an api key to write a completly standalone client. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-10-22Remove unnecessary TODOFlorian Pritz1-1/+0
It's fine if users can invite an unlimited amount of people. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-22Move user_logged_in check to controller constructorFlorian Pritz1-2/+0
TL;DR: Allows us to show a proper error page if encryption_key is missing from the config. muser->logged_in() can load the session class which will die if encryption_key is not set in the config causing an error to be displayed. Because the header is also loaded when we display an error loading the class will be tried again. CI maintains an array with information which classes have been tried to be loaded and will simply return true without loading again. muser->logged_in() will then try to access $this->session which doesn't exist. Since all of this happens when we are already in the header the error message appears in the navigation being hard to read. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-08user/create_apikey: Add JSON supportFlorian Pritz1-0/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Remove left over var_dump()Florian Pritz1-2/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Remove unneeded "as" in sql queryFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Generalize request_type() to static_storage()Florian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Provide json output for api functionsFlorian Pritz1-0/+8
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Display domain of email address when resetting passwordFlorian Pritz1-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Deduplicate initialisation code in controllersFlorian Pritz1-15/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-12apikeys: allow any chars in commentFlorian Pritz1-3/+2
No real point in restricting those, just leads to people wanting to use special chars that don't work. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Allow more chars in apikey commentFlorian Pritz1-2/+2
"fb-client user@host" will be used by fb-client so this should work... Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Add API key supportFlorian Pritz1-0/+65
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15user/test_login: Allow clients to test login credentialsFlorian Pritz1-0/+12
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-14Add sucess alert when saving profileFlorian Pritz1-2/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13Switch to bootstrap div form code instead of tablesFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13Add profile page to allow changing the upload id limitsFlorian Pritz1-0/+59
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-13Change license to AGPLFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-30Modularize authentication systemFlorian Pritz1-0/+4
This allows to easily add LDAP and other support. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-25Refactor querying action tableFlorian Pritz1-21/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-24Add password reset function/pages/linksFlorian Pritz1-0/+131
Signed-off-by: Florian Pritz <bluewind@xinu.at>