summaryrefslogtreecommitdiff
path: root/modules/user/controllers
AgeCommit message (Collapse)Author
2010-07-20Show the old group name in the error message when we fail to modify a group. ↵Bharat Mediratta
Fixes ticket #1233.
2010-07-20Fix a bunch of missing or invalid error messages. Fixes ticket #1232.Bharat Mediratta
2010-07-20Add internationalized error messages for adding and editing groups.Bharat Mediratta
2010-07-06Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the ↵Tim Almdal
dialog. Convert all the controllers that create the data to go into a dialog to return the html as part of a json object.
2010-04-30Add page_title to admin views. Closes #1038.ckieffer
2010-04-17Change the key for invalid passwords from "invalid" toBharat Mediratta
"invalid_password" to remove ambiguity.
2010-03-03Update the copyright to 2010. It's only 3 months into the year :-)Bharat Mediratta
2010-02-27Fix for ticket #1037: Only show language drop-down when there's actually a ↵Andy Staudacher
choice.
2010-02-27Add more randomness to reset password mechanism.Andy Staudacher
2010-02-11Get rid of unnecessary view file.Andy Staudacher
2010-02-11Include user name in logging message for failed password reset. As Bharat ↵Andy Staudacher
points out, t() ensures that parameters are escaped for XSS.
2010-02-11Fix for ticket 1010: Don't leak valid user names in "forgot password" form.Andy Staudacher
Includes fixes for user forms as well (edit user / email / password).
2010-02-09Fix password reset confirmationAndy Staudacher
2010-02-07Last partial fix for ticket 585: Compartmentalize the admin area and require ↵Andy Staudacher
active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
2010-02-07Rename user_authenticate_xxx events to user_auth_xxx for brevity.Bharat Mediratta
2010-02-07Create the concept of a "failed authentication" as semanticallyBharat Mediratta
separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts
2010-02-06Partial fix for ticket 585: Require current password when changing an ↵Andy Staudacher
account's email address. Still leaving the user/group admin page wide open though.
2010-02-06Fix up Admin_Users_Controller() form handling now that user_form.htmlBharat Mediratta
is gone. Fixes ticket #1005.
2010-02-02Protect password changes against brute force attacks.Bharat Mediratta
2010-02-02Require the current password to change your password.Bharat Mediratta
Fixes ticket #585. Separate out the password change form from the regular edit user form. Require the old password to enter a new one. While I'm at it, roll the password strength javascript into a Form_Script element so that we can get rid of the old view (which incidentally fixes a bug where the password strength meter would go away on form errors).
2010-02-01Localize validation errors.Bharat Mediratta
2010-01-31Fix lots of warnings that pop up when we're in E_STRICT mode. They'reBharat Mediratta
mostly issues around uninitialized variables, calling non-static functions in a static context, calling Session functions directly instead of on its singleton, passing non-variables by reference, and subclasses not using the same interface as the parent class.
2010-01-30Don't override the password in the database if it's empty in the form.Bharat Mediratta
Fixes ticket #995.
2010-01-28Localize edit form error messages.Bharat Mediratta
2010-01-22Don't try to access ORM::$changed externally; it's protected.Bharat Mediratta
2010-01-20Fix typo: edit_user -> add_user.Bharat Mediratta
2010-01-20Stop using MY_ORM::original().Bharat Mediratta
2010-01-17Move model rules down into their validate() function for consistency.Bharat Mediratta
Change "in_use" error to "conflict" for consistency.
2010-01-16Use "(string) $form" instead of "$form->__toString()"Bharat Mediratta
2010-01-16Convert Users_Controller to model based validation.Bharat Mediratta
2010-01-16Convert Admin_Users_Controller, User_Model and Group_Model to useBharat Mediratta
model based validation.
2010-01-16Convert Admin_Users::add_user() to use model based validation. GetBharat Mediratta
the rules and business logic out of the form and user::create(), and move it into User_Model::save().
2010-01-16Whitespace.Bharat Mediratta
2009-12-23Convert a bunch of leftover kohana::show_404 calls to throwBharat Mediratta
Kohana_404_Exception instead. These are the ones where we used a lower-case 'k' so my previous filter didn't catch it.
2009-11-25ORM::orderby -> ORM::order_byBharat Mediratta
2009-11-25Preliminary work to cut over to Kohana 2.4Bharat Mediratta
- Kohana::log() -> Kohana_Log::add() - Kohana::config_XXX -> Kohana_Config::instance()->XXX - Implement View::set_global in MY_View - Updated Cache_Database_Driver to latest APIs - ORM::$loaded -> ORM::loaded() - Updated item::viewable() to use K2.4 parenthesization
2009-11-21Correct inconsistent captialization. Fixes #906Tim Almdal
2009-11-17Redesign the way that we consider page types to create buckets of pageBharat Mediratta
types, and a subtype for specifics. Currently the top level bucket collection, item, other Here are the core subtypes so far: collection: album, search, tag item: movie, photo other: login, reset, comment-fragment, comment It's legal to create new page_subtypes whenever you want. Use the appropriate page_type to get the coarse grain behavior that you want.
2009-11-06Remove width class from add group form, it sizes the form's elements, not ↵Chad Kieffer
the form itself.
2009-10-31Revert "Use an event 'check_user_name_exists' to validate the input name is ↵Tim Almdal
already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag." This reverts commit 04bf50bfb4241f7c814782c516732d927ff1f457.
2009-10-30Caught a few more incorrect capitalizations.Tim Almdal
2009-10-29Use an event 'check_user_name_exists' to validate the input name is already ↵Tim Almdal
in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag.
2009-10-27Check the minimum length when adding or modifying users via the admin screen.Tim Almdal
2009-10-27Add a password strength meter.Tim Almdal
2009-10-27Set the minimum password length to 5. The gallery owner can change this in ↵Tim Almdal
the advance settings.
2009-10-27When we are changing the password using the change password from as part of ↵Tim Almdal
the password reset, the input value is in the post[hash] variable as opposed to the get(key) value. This should fix ticket #850.
2009-10-24Merge branch 'master' into talmdal_devTim Almdal
Conflicts: modules/server_add/helpers/server_add_theme.php
2009-10-23Created user.css. Moved user-related form css to the new sheet.Chad Kieffer
2009-10-23move controllers and views to the user module to make the Identity Provider ↵Tim Almdal
refactor smaller
2009-10-22Change the name of identity library from Identity to IdentityProvider. ↵Tim Almdal
Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class
generated by cgit v1.2.3 (git 2.51.0) at 2025-12-16 15:06:26 +0000