Benjamin Southall
7aae5ed3e9
Handle mcrypt_create_iv deprectation by using randombytes in newer PHP versions
5 years ago
Kitty Cat
f978c1b83e
Use random_bytes() to generate IV where available (PHP 7.x)
7 years ago
8chan
7911c374e8
Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.
===================================
Also: backports 351375185e5 (early 404)
9 years ago
czaks
cd01191072
those parts are extraneous
8 years ago
8chan
3eb755ee7e
Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
10 years ago
8chan Admin
93f748e6a8
Security: capitalization of mods username is significant
10 years ago
czaks
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
8 years ago
czaks
caaf741691
[SECURITY] keep up with modern password hashing standards
8 years ago
Chen-Pang He
7933abd271
Fix vichan #65
Conflicts:
inc/mod/auth.php
inc/mod/pages.php
10 years ago
czaks
23d6e82038
$_SERVER[HTTPS] isn`t being always set; fixes #65
10 years ago
Chen-Pang He
6716a24b68
Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site
10 years ago
Michael Foster
7f0de93608
Cleaner check to make sure inc/ files aren't accessed directly.
11 years ago
ctrlcctrlv
9773416553
Better setting name
11 years ago
ctrlcctrlv
47dec49465
Optionally access mod cookie in JavaScript
11 years ago
ctrlcctrlv
2eb68ac398
Better setting name
11 years ago
ctrlcctrlv
52fe0c8989
Optionally access mod cookie in JavaScript
11 years ago
Michael Foster
a052a791b5
Add optional database table prefix (issue #118 ; see issue comments for details)
11 years ago
Michael Foster
328484bee7
SQL cleanup
11 years ago
Michael Foster
31f657e550
Long overdue: Salted password hashes
11 years ago
Macil Tech
3bcc87caf2
Fix PM count caching.
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
11 years ago
Michael Save
2051018ba1
...
12 years ago
Michael Save
5661e32b1c
Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form
12 years ago
Michael Save
774e27caf5
Use === operator in authentication.
12 years ago
Michael Save
7a68fc9525
Copyright and license update for 2013.
12 years ago
Michael Save
913010cff5
minor consistency cleanup
12 years ago
Michael Save
eb146d9201
properly tie auth cookies to private salt
12 years ago
Michael Save
6229b82a43
CSRF protection
12 years ago
Michael Save
0f04117037
Cache unread PM notices
12 years ago
Michael Save
e49ece459e
new PM
12 years ago
Michael Save
9649550463
start on mod interface rewrite
12 years ago