summaryrefslogtreecommitdiffstats
path: root/application/models/muser.php
AgeCommit message (Collapse)AuthorFilesLines
2013-09-04Replace is_cli_client() with stateful_client where applicableFlorian Pritz1-2/+1
Stateless clients (cli client and clients using api keys) can't reclaim IDs (no cookie) so they should be required to log in asap and they will always get an error if they didn't log in. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Set login session data in one goFlorian Pritz1-4/+6
This reduces the amount of db queries and cookies we create since each update triggers an db update and (which is a bug) sets a new cookie. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Only renew uri flashdata when needed.Florian Pritz1-1/+1
This saves us 2 to 4 (useless) db queries per page. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02muser: always verify api credentials; improve error messagesFlorian Pritz1-17/+18
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Remove api keys dependency on usernameFlorian Pritz1-5/+2
We don't need it and getting the user name from the user drivers is way more complicated. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Add API key supportFlorian Pritz1-9/+58
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15Rework auto login for cli clientsFlorian Pritz1-32/+41
Only login when necessary. This also makes test_login() work properly (before the automatic login would have intercepted the failure and in case of a good login test_login() would test the credentials a second time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15user/test_login: Allow clients to test login credentialsFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-14get_upload_id_limits(): return proper default valuesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13Add profile page to allow changing the upload id limitsFlorian Pritz1-0/+59
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13duser: add get_email()Florian Pritz1-0/+9
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-14Move cli client login code to muser constructorFlorian Pritz1-0/+21
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-13Change license to AGPLFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-30Remove userid from session upon logoutFlorian Pritz1-0/+1
No necessary, but better safe than sorry. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-30Modularize authentication systemFlorian Pritz1-37/+3
This allows to easily add LDAP and other support. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-25Refactor querying action tableFlorian Pritz1-0/+16
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-24m/user/username_exists: fix bug on empty/false argumentFlorian Pritz1-0/+4
username_exists(false) returned true because the condition matches any existing user. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-09Fix some indentation issuesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-09Fix copyright informationFlorian Pritz1-0/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-08-28Only create new sessions when the are really neededFlorian Pritz1-3/+38
Most sessions are just people viewing a paste. Those don't need a session until they want to log in so we don't have to pollute the database and waste resources. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Explicitly select fields in db queriesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Store userid in sessionFlorian Pritz1-6/+2
We don't really have to hit the db here every time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Display nice error message if username exists alreadyFlorian Pritz1-0/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Make sure we keep the uri flashdataFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Allow to keep and reclaim uploads without being logged inFlorian Pritz1-1/+11
If a user keeps the browser open until his session expires and then tries to upload something we now add it to the database, add the ID to the new session and when someone logs in with that session the ID is assigned. Until then even if you guess it correctly, you won't be able to download it. If the user still manages to let the 2nd session expire because he can't find his password, the upload will be lost. Shit happens. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Use phpass for password hashingFlorian Pritz1-2/+5
The current implementation sometimes failed to generate valid hashes (had something to do with the random salt). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Fix password verificationFlorian Pritz1-1/+9
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09muser: decrease cost parameter for cryptFlorian Pritz1-1/+1
09 should take long enough and not waste too much time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Move is_cli_client() and random_id() to helperFlorian Pritz1-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09muser: fix handling of cli clients without accountFlorian Pritz1-2/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Improve handling of cli clients without accountFlorian Pritz1-2/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09more user changesFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09start working on usersFlorian Pritz1-0/+70
Signed-off-by: Florian Pritz <bluewind@xinu.at>