summaryrefslogtreecommitdiffstats
path: root/application/models/muser.php
AgeCommit message (Collapse)AuthorFilesLines
2016-07-13muser: Improve invalid action key error messageFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Support rehashing of passwords not conforming to configFlorian Pritz1-0/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01muser: Add set_passwordFlorian Pritz1-0/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Support changing password hashing settingsFlorian Pritz1-1/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Catch potential password hashing errorsFlorian Pritz1-1/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Use PHP's password_hash functionFlorian Pritz1-5/+1
This drops a third party library, but bumps our required php version to 5.5 which is currently old stable. Earlier versions are no longer supported by php upstream nor by us. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-18Fix redirect URI when using multiple tabsFlorian Pritz1-12/+0
If we store only the last called URI in the session we can't support multiple browser tabs that all need to log in again. Fix this by storing the URI in the URL. Also change a trim() to ltrim() so that the URI string we store keeps it's trailing slash. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-03-19Make user/get_action/invalid-action exception publicFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03Use exceptions instead of show_errorFlorian Pritz1-3/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03use function instead of variableFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03generalize authentication handlingFlorian Pritz1-12/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-09-19Fix user/register mistaken query handlingRafael Bodill1-1/+1
2014-09-18Integrating query builder in modelsRafael Bodill1-23/+18
2014-02-21Implement multiple access levels for api keysFlorian Pritz1-7/+12
This allows to use an api key to write a completly standalone client. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-15Add default get_email to Duser_DriverFlorian Pritz1-4/+0
This fixes a possible endless loop when the function is not implemented in the driver, but the array says it is. It also allows us to simply call it without checking if it's implemented. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Replace is_cli_client() with stateful_client where applicableFlorian Pritz1-2/+1
Stateless clients (cli client and clients using api keys) can't reclaim IDs (no cookie) so they should be required to log in asap and they will always get an error if they didn't log in. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Set login session data in one goFlorian Pritz1-4/+6
This reduces the amount of db queries and cookies we create since each update triggers an db update and (which is a bug) sets a new cookie. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Only renew uri flashdata when needed.Florian Pritz1-1/+1
This saves us 2 to 4 (useless) db queries per page. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02muser: always verify api credentials; improve error messagesFlorian Pritz1-17/+18
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Remove api keys dependency on usernameFlorian Pritz1-5/+2
We don't need it and getting the user name from the user drivers is way more complicated. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-11Add API key supportFlorian Pritz1-9/+58
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15Rework auto login for cli clientsFlorian Pritz1-32/+41
Only login when necessary. This also makes test_login() work properly (before the automatic login would have intercepted the failure and in case of a good login test_login() would test the credentials a second time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-15user/test_login: Allow clients to test login credentialsFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-14get_upload_id_limits(): return proper default valuesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13Add profile page to allow changing the upload id limitsFlorian Pritz1-0/+59
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-07-13duser: add get_email()Florian Pritz1-0/+9
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-14Move cli client login code to muser constructorFlorian Pritz1-0/+21
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-02-13Change license to AGPLFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-30Remove userid from session upon logoutFlorian Pritz1-0/+1
No necessary, but better safe than sorry. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-30Modularize authentication systemFlorian Pritz1-37/+3
This allows to easily add LDAP and other support. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-25Refactor querying action tableFlorian Pritz1-0/+16
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-24m/user/username_exists: fix bug on empty/false argumentFlorian Pritz1-0/+4
username_exists(false) returned true because the condition matches any existing user. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-09Fix some indentation issuesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-01-09Fix copyright informationFlorian Pritz1-0/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-08-28Only create new sessions when the are really neededFlorian Pritz1-3/+38
Most sessions are just people viewing a paste. Those don't need a session until they want to log in so we don't have to pollute the database and waste resources. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Explicitly select fields in db queriesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Store userid in sessionFlorian Pritz1-6/+2
We don't really have to hit the db here every time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Display nice error message if username exists alreadyFlorian Pritz1-0/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Make sure we keep the uri flashdataFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Allow to keep and reclaim uploads without being logged inFlorian Pritz1-1/+11
If a user keeps the browser open until his session expires and then tries to upload something we now add it to the database, add the ID to the new session and when someone logs in with that session the ID is assigned. Until then even if you guess it correctly, you won't be able to download it. If the user still manages to let the 2nd session expire because he can't find his password, the upload will be lost. Shit happens. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Use phpass for password hashingFlorian Pritz1-2/+5
The current implementation sometimes failed to generate valid hashes (had something to do with the random salt). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Fix password verificationFlorian Pritz1-1/+9
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09muser: decrease cost parameter for cryptFlorian Pritz1-1/+1
09 should take long enough and not waste too much time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Move is_cli_client() and random_id() to helperFlorian Pritz1-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09muser: fix handling of cli clients without accountFlorian Pritz1-2/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Improve handling of cli clients without accountFlorian Pritz1-2/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09more user changesFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09start working on usersFlorian Pritz1-0/+70
Signed-off-by: Florian Pritz <bluewind@xinu.at>