| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-01-21 | Update copyright to 2013. Fixes #1953. | Bharat Mediratta | |
| 2012-02-27 | Update copyright to 2012. #1822 | Bharat Mediratta | |
| 2011-01-21 | Update copyright to 2011. | Bharat Mediratta | |
| 2010-11-28 | Replace self::func() with <helper_name>::func() for all public APIs | Bharat Mediratta | |
| and constants to make overloading easier. Fixes #1510. | |||
| 2010-06-12 | Make login/logout continuation url code consistent. Where necessary, | Bharat Mediratta | |
| we specify the continue_url in the session, but we store it in the login form so that we can propagate it across the session creation that happens at login time. | |||
| 2010-03-03 | Update the copyright to 2010. It's only 3 months into the year :-) | Bharat Mediratta | |
| 2010-02-12 | Fix for tickets 1009 and 603: Show a themed error page to guests / ↵ | Andy Staudacher | |
| registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. | |||
| 2010-02-11 | Security: Fix leaking of album / photo names. Reject previous fix for ticket ↵ | Andy Staudacher | |
| 1009. Side effect: Renaming auth::required_login() to login_page(). | |||
| 2010-02-10 | Refactor the code to display the login page if the user does not have view | Tim Almdal | |
| permission into the common auth::require_login() method. | |||
| 2010-02-07 | Last partial fix for ticket 585: Compartmentalize the admin area and require ↵ | Andy Staudacher | |
| active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. | |||
| 2010-02-07 | Create the concept of a "failed authentication" as semantically | Bharat Mediratta | |
| separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts | |||
| 2010-02-03 | Correct missing function name. | Tim Almdal | |
| 2010-02-02 | Protect password changes against brute force attacks. | Bharat Mediratta | |
| 2010-01-30 | Refactory auth::too_many_failed_logins() out of | Bharat Mediratta | |
| auth::validate_too_many_failed_logins() to conceptually separate the two. | |||
| 2010-01-30 | Protect REST login controller from brute force attacks too. | Andy Staudacher | |
| And make the REST auth token less predictable by using a better source for randomness. | |||
| 2010-01-30 | Prevent brute force login attacks by reducing login attempts to 1 per | Bharat Mediratta | |
| minute after there have been 5 consecutive failed login attempts. Fix for ticket #589. | |||
| 2010-01-28 | In auth::login() make the user active before trying to save it, else | Bharat Mediratta | |
| the validation code fails because it expects there to be an active user. | |||
| 2010-01-28 | Found another broken link for what should have been the user profile | Tim Almdal | |
| 2009-11-25 | Preliminary work to cut over to Kohana 2.4 | Bharat Mediratta | |
| - Kohana::log() -> Kohana_Log::add() - Kohana::config_XXX -> Kohana_Config::instance()->XXX - Implement View::set_global in MY_View - Updated Cache_Database_Driver to latest APIs - ORM::$loaded -> ORM::loaded() - Updated item::viewable() to use K2.4 parenthesization | |||
| 2009-10-30 | Rename the login helper to auth. Create a login and logout helper function ↵ | Tim Almdal | |
| to allow for programmically login in and out. | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |