1. 20 Feb, 2021 3 commits
  2. 13 Feb, 2020 1 commit
    • Eli Schwartz's avatar
      Fix more PHP 7.4 warnings · 050b0808
      Eli Schwartz authored and Lukas Fleischer's avatar Lukas Fleischer committed
      
      
      The try_login() function documents it returns an array containing an
      'error' key, and our only caller *only* consults the 'error' key. Then
      the function returns null instead of an array, if the login succeeded!
      
      I question why we bother returning the new SID if we never use it,
      surely we could either return the error or return default null. But, for
      now, I'm just going to fix it to return what it's actually supposed to,
      without changing the API.
      Signed-off-by: Eli Schwartz's avatarEli Schwartz <eschwartz@archlinux.org>
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      050b0808
  3. 02 Feb, 2020 2 commits
  4. 30 Jan, 2020 4 commits
  5. 05 Oct, 2019 2 commits
  6. 06 Aug, 2018 1 commit
  7. 03 Dec, 2017 1 commit
  8. 05 Nov, 2017 1 commit
  9. 01 Aug, 2017 1 commit
  10. 30 Apr, 2017 1 commit
  11. 18 Apr, 2017 1 commit
  12. 27 Feb, 2017 4 commits
  13. 24 Feb, 2017 1 commit
    • Lukas Fleischer's avatar
      Use bcrypt to hash passwords · 29a48708
      Lukas Fleischer authored
      
      
      Replace the default hash function used for storing passwords by
      password_hash() which internally uses bcrypt. Legacy MD5 hashes are
      still supported and are immediately converted to the new format when a
      user logs in.
      
      Since big parts of the authentication system needed to be rewritten in
      this context, this patch also includes some simplification and
      refactoring of all code related to password checking and resetting.
      
      Fixes FS#52297.
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      29a48708
  14. 25 Jan, 2017 1 commit
  15. 20 Jan, 2017 2 commits
  16. 10 Nov, 2016 1 commit
  17. 08 Jun, 2016 1 commit
  18. 13 Mar, 2016 1 commit
    • Lukas Fleischer's avatar
      Store last login address as plain text · 32c8d0c3
      Lukas Fleischer authored
      
      
      Directly store the information contained in $_SERVER['REMOTE_ADDR']
      instead of using ip2long() which does not support IPv6 addresses. Note
      that the LastLoginIPAddress field is designed to be used by the
      administrator on rare occasions only (e.g. to fight spam) and is not
      displayed anywhere.
      
      Fixes FS#48557.
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      32c8d0c3
  19. 21 Feb, 2016 1 commit
  20. 07 Feb, 2016 3 commits
  21. 13 Dec, 2015 1 commit
  22. 14 Nov, 2015 1 commit
  23. 20 Sep, 2015 1 commit
  24. 11 Sep, 2015 2 commits
  25. 08 Aug, 2015 2 commits