1. 27 Feb, 2017 2 commits
  2. 24 Feb, 2017 1 commit
    • Lukas Fleischer's avatar
      Use bcrypt to hash passwords · 29a48708
      Lukas Fleischer authored
      
      
      Replace the default hash function used for storing passwords by
      password_hash() which internally uses bcrypt. Legacy MD5 hashes are
      still supported and are immediately converted to the new format when a
      user logs in.
      
      Since big parts of the authentication system needed to be rewritten in
      this context, this patch also includes some simplification and
      refactoring of all code related to password checking and resetting.
      
      Fixes FS#52297.
      
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      29a48708
  3. 25 Jan, 2017 1 commit
  4. 20 Jan, 2017 2 commits
  5. 10 Nov, 2016 1 commit
  6. 08 Jun, 2016 1 commit
  7. 13 Mar, 2016 1 commit
    • Lukas Fleischer's avatar
      Store last login address as plain text · 32c8d0c3
      Lukas Fleischer authored
      
      
      Directly store the information contained in $_SERVER['REMOTE_ADDR']
      instead of using ip2long() which does not support IPv6 addresses. Note
      that the LastLoginIPAddress field is designed to be used by the
      administrator on rare occasions only (e.g. to fight spam) and is not
      displayed anywhere.
      
      Fixes FS#48557.
      
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      32c8d0c3
  8. 21 Feb, 2016 1 commit
  9. 07 Feb, 2016 3 commits
  10. 13 Dec, 2015 1 commit
  11. 14 Nov, 2015 1 commit
  12. 20 Sep, 2015 1 commit
  13. 11 Sep, 2015 2 commits
  14. 08 Aug, 2015 3 commits
  15. 29 Jun, 2015 1 commit
  16. 27 Jun, 2015 3 commits
  17. 31 May, 2015 1 commit
  18. 27 Dec, 2014 1 commit
  19. 13 Dec, 2014 1 commit
  20. 21 Nov, 2014 1 commit
  21. 24 Oct, 2014 1 commit
  22. 10 Oct, 2014 1 commit
  23. 05 Aug, 2014 1 commit
    • Lukas Fleischer's avatar
      Add PCRE_DOLLAR_ENDONLY to preg_match() · 237a4570
      Lukas Fleischer authored
      
      
      When using preg_match() to check for a match that starts at the
      beginning of the string and ends at the last character of the string, we
      do not want to allow an additional newline character to sneak in.
      Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
      modifier prevents users from registering with user names that end with a
      newline character.
      
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      237a4570
  24. 02 Aug, 2014 1 commit
  25. 29 Jul, 2014 1 commit
  26. 25 Jul, 2014 2 commits
  27. 15 Jul, 2014 3 commits
  28. 05 Jun, 2014 1 commit