1. 13 Feb, 2020 1 commit
    • Eli Schwartz's avatar
      Fix more PHP 7.4 warnings · 050b0808
      Eli Schwartz authored and Lukas Fleischer's avatar Lukas Fleischer committed
      
      
      The try_login() function documents it returns an array containing an
      'error' key, and our only caller *only* consults the 'error' key. Then
      the function returns null instead of an array, if the login succeeded!
      
      I question why we bother returning the new SID if we never use it,
      surely we could either return the error or return default null. But, for
      now, I'm just going to fix it to return what it's actually supposed to,
      without changing the API.
      
      Signed-off-by: Eli Schwartz's avatarEli Schwartz <eschwartz@archlinux.org>
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      050b0808
  2. 02 Feb, 2020 2 commits
  3. 30 Jan, 2020 4 commits
  4. 05 Oct, 2019 2 commits
  5. 06 Aug, 2018 1 commit
  6. 03 Dec, 2017 1 commit
  7. 05 Nov, 2017 1 commit
  8. 01 Aug, 2017 1 commit
  9. 30 Apr, 2017 1 commit
  10. 18 Apr, 2017 1 commit
  11. 27 Feb, 2017 4 commits
  12. 24 Feb, 2017 1 commit
    • Lukas Fleischer's avatar
      Use bcrypt to hash passwords · 29a48708
      Lukas Fleischer authored
      
      
      Replace the default hash function used for storing passwords by
      password_hash() which internally uses bcrypt. Legacy MD5 hashes are
      still supported and are immediately converted to the new format when a
      user logs in.
      
      Since big parts of the authentication system needed to be rewritten in
      this context, this patch also includes some simplification and
      refactoring of all code related to password checking and resetting.
      
      Fixes FS#52297.
      
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      29a48708
  13. 25 Jan, 2017 1 commit
  14. 20 Jan, 2017 2 commits
  15. 10 Nov, 2016 1 commit
  16. 08 Jun, 2016 1 commit
  17. 13 Mar, 2016 1 commit
    • Lukas Fleischer's avatar
      Store last login address as plain text · 32c8d0c3
      Lukas Fleischer authored
      
      
      Directly store the information contained in $_SERVER['REMOTE_ADDR']
      instead of using ip2long() which does not support IPv6 addresses. Note
      that the LastLoginIPAddress field is designed to be used by the
      administrator on rare occasions only (e.g. to fight spam) and is not
      displayed anywhere.
      
      Fixes FS#48557.
      
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      32c8d0c3
  18. 21 Feb, 2016 1 commit
  19. 07 Feb, 2016 3 commits
  20. 13 Dec, 2015 1 commit
  21. 14 Nov, 2015 1 commit
  22. 20 Sep, 2015 1 commit
  23. 11 Sep, 2015 2 commits
  24. 08 Aug, 2015 3 commits
  25. 29 Jun, 2015 1 commit
  26. 27 Jun, 2015 1 commit