summaryrefslogtreecommitdiff
path: root/modules/user/controllers
AgeCommit message (Collapse)Author
2013-01-21Update copyright to 2013. Fixes #1953.Bharat Mediratta
2012-10-25Fixed event sent from User_Controller::_get_change_email_formMichael A Mayer
incorrect event: user_change_password_form corrected event: user_change_email_form
2012-04-01Restrict valid urls to having a http:// or https:// prefix. Fixes #1830.Bharat Mediratta
2012-02-27Update copyright to 2012. #1822Bharat Mediratta
2011-05-24Allow password reset even when we're in maintenance or private galleryBharat Mediratta
mode, otherwise you can't reset your password if you forgot it when the Gallery is locked down. #1735.
2011-04-26Stop using Pagination() and instead use $theme->pager() in views.Bharat Mediratta
Move the pager() function up to Gallery_View and replace themes/admin_wind/views/pager.html.php (Pagination based) with a modified version from the wind theme in themes/admin_wind/views/paginator.html.php. Fixes #1718.
2011-04-23Fix ticket #1694. Correct Spelling of mininum_password_length to ↵Tim Almdal
minimum_password_length
2011-01-21Update copyright to 2011.Bharat Mediratta
2011-01-15Style fixes.Bharat Mediratta
2011-01-15Tweake Joe's change to admin_users to revert the code that joins against the ↵Bharat Mediratta
items table; it's not clear that this is going to be efficient for large data sets.
2011-01-11Making good use of Pagination class to reduce code (removed MY_Controller ↵Joe7
which duplicated some functionality available in Pagination as well)
2011-01-11coding styleJoe7
2011-01-09Paginator for user manager admin viewJoe7
Closes ticket #1557 Note: also optimizes the way item count is retrieved for users, saving <user_count>-1 queries when displaying this page
2010-12-15Consolidate all the random code into a random helper that offers:Bharat Mediratta
random::hash() random::string() random::percent() random::int() So that we don't have lots of different ways to get random values all over the code. Follow-on to #1527.
2010-09-22Remove the 4 character minimum for group name length. Fixes ticket #1396.Bharat Mediratta
2010-09-08Show the number of photos/albums the user owns in the Admin > UsersBharat Mediratta
page, and improve the message to explain what's going to happen to the deleted user's items. Partial fix for #1344, which I can't reproduce now.
2010-08-15We use UTF-8 everywhere. Fixes ticket #1285.Bharat Mediratta
2010-08-08Whitespace fixBharat Mediratta
2010-08-08Convert tabs to spaces to fix File_Structure_Test.Bharat Mediratta
2010-08-01Fix the i18n error message for missing/incorrect password. Fixes ticket #1265.Bharat Mediratta
2010-08-01Merge branch 'dialog' of github.com:gallery/gallery3 into dialogTim Almdal
2010-08-01Merge branch 'master' into dialogTim Almdal
2010-08-01Add a localized error message for missing usernames. Fixes ticket #1266.Bharat Mediratta
2010-07-31Full pass over all the JSON encoding and JS dialog code. We now abideBharat Mediratta
by the following rules: 1) An initial dialog or panel load can take either HTML or JSON, but the mime type must accurately reflect its payload. 2) dialog form submits can handle a pure HTML response, but the mime type must also be correct. This properly resolves the problem where the reauth code gets a JSON response first from the reauth code, and then an HTML response when you reauth and continue on to a given form -- try it out with Admin > Settings > Advanced. 3) All JSON replies must set the mime type correctly. The json::reply convenience function does this for us. 4) By default, any HTML content sent back in the JSON response should be in the "html" field, no longer the "form" field. The combination of these allows us to stop doing boilerplate code like this in our controllers: // Print our view, JSON encoded json::reply(array("form" => (string) $view)); instead, controllers can just return HTML, eg: // Print our view print $view; That's much more intuitive for developers.
2010-07-31More patches as part of #1225. Change the 'core' modules to use the json::replyTim Almdal
method to set the content type header and encode the response as a json object
2010-07-31Partial fix for #1225 addresses the issues with the user edit forms.Tim Almdal
2010-07-23More patches as part of #1225. Change the 'core' modules to use the json::replyTim Almdal
method to set the content type header and encode the response as a json object
2010-07-23Partial fix for #1225 addresses the issues with the user edit forms.Tim Almdal
2010-07-20Show the old group name in the error message when we fail to modify a group. ↵Bharat Mediratta
Fixes ticket #1233.
2010-07-20Fix a bunch of missing or invalid error messages. Fixes ticket #1232.Bharat Mediratta
2010-07-20Add internationalized error messages for adding and editing groups.Bharat Mediratta
2010-07-06Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the ↵Tim Almdal
dialog. Convert all the controllers that create the data to go into a dialog to return the html as part of a json object.
2010-04-30Add page_title to admin views. Closes #1038.ckieffer
2010-04-17Change the key for invalid passwords from "invalid" toBharat Mediratta
"invalid_password" to remove ambiguity.
2010-03-03Update the copyright to 2010. It's only 3 months into the year :-)Bharat Mediratta
2010-02-27Fix for ticket #1037: Only show language drop-down when there's actually a ↵Andy Staudacher
choice.
2010-02-27Add more randomness to reset password mechanism.Andy Staudacher
2010-02-11Get rid of unnecessary view file.Andy Staudacher
2010-02-11Include user name in logging message for failed password reset. As Bharat ↵Andy Staudacher
points out, t() ensures that parameters are escaped for XSS.
2010-02-11Fix for ticket 1010: Don't leak valid user names in "forgot password" form.Andy Staudacher
Includes fixes for user forms as well (edit user / email / password).
2010-02-09Fix password reset confirmationAndy Staudacher
2010-02-07Last partial fix for ticket 585: Compartmentalize the admin area and require ↵Andy Staudacher
active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
2010-02-07Rename user_authenticate_xxx events to user_auth_xxx for brevity.Bharat Mediratta
2010-02-07Create the concept of a "failed authentication" as semanticallyBharat Mediratta
separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts
2010-02-06Partial fix for ticket 585: Require current password when changing an ↵Andy Staudacher
account's email address. Still leaving the user/group admin page wide open though.
2010-02-06Fix up Admin_Users_Controller() form handling now that user_form.htmlBharat Mediratta
is gone. Fixes ticket #1005.
2010-02-02Protect password changes against brute force attacks.Bharat Mediratta
2010-02-02Require the current password to change your password.Bharat Mediratta
Fixes ticket #585. Separate out the password change form from the regular edit user form. Require the old password to enter a new one. While I'm at it, roll the password strength javascript into a Form_Script element so that we can get rid of the old view (which incidentally fixes a bug where the password strength meter would go away on form errors).
2010-02-01Localize validation errors.Bharat Mediratta
2010-01-31Fix lots of warnings that pop up when we're in E_STRICT mode. They'reBharat Mediratta
mostly issues around uninitialized variables, calling non-static functions in a static context, calling Session functions directly instead of on its singleton, passing non-variables by reference, and subclasses not using the same interface as the parent class.
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 09:07:58 +0000