| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-02-27 | Fix for ticket #1037: Only show language drop-down when there's actually a ↵ | Andy Staudacher | |
| choice. | |||
| 2010-02-27 | Add more randomness to reset password mechanism. | Andy Staudacher | |
| 2010-02-20 | Add link to edit user group names. Closes ticket #1028. | Chad Kieffer | |
| 2010-02-18 | Revert "Fix for ticket #491: Make user and group names translatable." | Bharat Mediratta | |
| This reverts commit 409121942590e12692eaf4e6e9e8b71bfe5ed60c. | |||
| 2010-02-18 | Revert "Never assign a SafeString instance to a Model member (or hell will ↵ | Bharat Mediratta | |
| break loose)." This reverts commit dcddc68f58dac2f0fe71f5a00ea4af32618efa13. | |||
| 2010-02-15 | Never assign a SafeString instance to a Model member (or hell will break loose). | Andy Staudacher | |
| 2010-02-14 | Fix for ticket #491: Make user and group names translatable. | Andy Staudacher | |
| Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller). | |||
| 2010-02-11 | Get rid of unnecessary view file. | Andy Staudacher | |
| 2010-02-11 | Include user name in logging message for failed password reset. As Bharat ↵ | Andy Staudacher | |
| points out, t() ensures that parameters are escaped for XSS. | |||
| 2010-02-11 | Fix for ticket 1010: Don't leak valid user names in "forgot password" form. | Andy Staudacher | |
| Includes fixes for user forms as well (edit user / email / password). | |||
| 2010-02-09 | Fix password reset confirmation | Andy Staudacher | |
| 2010-02-07 | Last partial fix for ticket 585: Compartmentalize the admin area and require ↵ | Andy Staudacher | |
| active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. | |||
| 2010-02-07 | Rename user_authenticate_xxx events to user_auth_xxx for brevity. | Bharat Mediratta | |
| 2010-02-07 | Create the concept of a "failed authentication" as semantically | Bharat Mediratta | |
| separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts | |||
| 2010-02-06 | Partial fix for ticket 585: Require current password when changing an ↵ | Andy Staudacher | |
| account's email address. Still leaving the user/group admin page wide open though. | |||
| 2010-02-06 | Fix for ticket 1004: Replace all uses of split with explode (none actually ↵ | Andy Staudacher | |
| required regular expressions). Thanks to Brian Hartsock for providing a patch! | |||
| 2010-02-06 | Fix up Admin_Users_Controller() form handling now that user_form.html | Bharat Mediratta | |
| is gone. Fixes ticket #1005. | |||
| 2010-02-02 | Protect password changes against brute force attacks. | Bharat Mediratta | |
| 2010-02-02 | Require the current password to change your password. | Bharat Mediratta | |
| Fixes ticket #585. Separate out the password change form from the regular edit user form. Require the old password to enter a new one. While I'm at it, roll the password strength javascript into a Form_Script element so that we can get rid of the old view (which incidentally fixes a bug where the password strength meter would go away on form errors). | |||
| 2010-02-02 | Fix a bug in valid_password() where an empty password was considered valid. | Bharat Mediratta | |
| 2010-02-01 | Localize validation errors. | Bharat Mediratta | |
| 2010-02-01 | Fix a bug in valid_name where it wasn't checking for name collisions on new ↵ | Bharat Mediratta | |
| users. | |||
| 2010-01-31 | Force all non-guest users to have an email address since that's | Bharat Mediratta | |
| required in model validation. Without this, any save on a user without email will fail which means that you can't log in. Bump user module to version 3. | |||
| 2010-01-31 | Fix lots of warnings that pop up when we're in E_STRICT mode. They're | Bharat Mediratta | |
| mostly issues around uninitialized variables, calling non-static functions in a static context, calling Session functions directly instead of on its singleton, passing non-variables by reference, and subclasses not using the same interface as the parent class. | |||
| 2010-01-30 | Don't override the password in the database if it's empty in the form. | Bharat Mediratta | |
| Fixes ticket #995. | |||
| 2010-01-30 | Fix the valid_admin code -- it was considering all non-admins invalid. | Bharat Mediratta | |
| Fixes ticket #997 (highest prime under 1000!) | |||
| 2010-01-29 | Strongly type the argument list to the model::validate method. | Tim Almdal | |
| 2010-01-28 | Localize edit form error messages. | Bharat Mediratta | |
| 2010-01-27 | Convert back to using ORM::factory(..., $id) instead of calling where(). | Bharat Mediratta | |
| 2010-01-25 | Use ORM to create the users since now our validation can handle doing | Bharat Mediratta | |
| it the right way. Set a default email address for admins. | |||
| 2010-01-25 | Make some exceptions for guests: | Bharat Mediratta | |
| 1) They don't require email 2) Guest users aren't in the everybody group. | |||
| 2010-01-23 | Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev | Bharat Mediratta | |
| Conflicts: modules/gallery/tests/xss_data.txt | |||
| 2010-01-22 | Remove the g-right class on groups element on the manage user/groups page. ↵ | Tim Almdal | |
| fixes ticket #911 | |||
| 2010-01-22 | Change the check_environment method in the module helper and the module ↵ | Tim Almdal | |
| installers to can_activate to reflect that it is doing more than just checking the environment. | |||
| 2010-01-22 | Refactor the identity provider installation in to a common helper method ↵ | Tim Almdal | |
| (change_provider) with an initialization callback. | |||
| 2010-01-22 | Treat identity providers just like other modules and use the admin_module to | Tim Almdal | |
| install and switch to a different identity provider. | |||
| 2010-01-22 | Don't try to access ORM::$changed externally; it's protected. | Bharat Mediratta | |
| 2010-01-21 | Simplify the test using the test helper. | Bharat Mediratta | |
| 2010-01-20 | Stop using MY_ORM::original() | Bharat Mediratta | |
| 2010-01-20 | Fix typo: edit_user -> add_user. | Bharat Mediratta | |
| 2010-01-20 | Stop using MY_ORM::original(). | Bharat Mediratta | |
| 2010-01-19 | Extend Gallery_Unit_Test_Case instead of Unit_Test_Case. | Bharat Mediratta | |
| 2010-01-17 | Change IdentityProvider::create_user() to take $email as well, since that's ↵ | Bharat Mediratta | |
| a required parameter for the Gallery driver. | |||
| 2010-01-17 | Switch to model based validation approach. | Bharat Mediratta | |
| 2010-01-17 | Use an empty password for the guest user. | Bharat Mediratta | |
| 2010-01-17 | Adjust installers to work with model based validation. | Bharat Mediratta | |
| 2010-01-17 | Move model rules down into their validate() function for consistency. | Bharat Mediratta | |
| Change "in_use" error to "conflict" for consistency. | |||
| 2010-01-16 | Use "(string) $form" instead of "$form->__toString()" | Bharat Mediratta | |
| 2010-01-16 | Convert Users_Controller to model based validation. | Bharat Mediratta | |
| 2010-01-16 | Convert Admin_Users_Controller, User_Model and Group_Model to use | Bharat Mediratta | |
| model based validation. | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |