| [ Index ] |
|
Code source de b2evolution 2.1.0-beta |
1 <?php 2 /** 3 * This file initializes everything BUT the blog! 4 * 5 * It is useful when you want to do very customized templates! 6 * It is also called by more complete initializers. 7 * 8 * This file is part of the evoCore framework - {@link http://evocore.net/} 9 * See also {@link http://sourceforge.net/projects/evocms/}. 10 * 11 * @copyright (c)2003-2007 by Francois PLANQUE - {@link http://fplanque.net/} 12 * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}. 13 * Parts of this file are copyright (c)2005-2006 by PROGIDISTRI - {@link http://progidistri.com/}. 14 * 15 * {@internal License choice 16 * - If you have received this file as part of a package, please find the license.txt file in 17 * the same folder or the closest folder above for complete license terms. 18 * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) 19 * then you must choose one of the following licenses before using the file: 20 * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php 21 * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php 22 * }} 23 * 24 * {@internal Open Source relicensing agreement: 25 * Daniel HAHLER grants Francois PLANQUE the right to license 26 * Daniel HAHLER's contributions to this file and the b2evolution project 27 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 28 * 29 * PROGIDISTRI S.A.S. grants Francois PLANQUE the right to license 30 * PROGIDISTRI S.A.S.'s contributions to this file and the b2evolution project 31 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 32 * 33 * Matt FOLLETT grants Francois PLANQUE the right to license 34 * Matt FOLLETT's contributions to this file and the b2evolution project 35 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 36 * }} 37 * 38 * @package evocore 39 * 40 * {@internal Below is a list of authors who have contributed to design/coding of this file: }} 41 * @author fplanque: Francois PLANQUE 42 * @author blueyed: Daniel HAHLER 43 * @author mfollett: Matt FOLLETT. 44 * @author mbruneau: Marc BRUNEAU / PROGIDISTRI 45 * 46 * {@internal Below is a list of former authors whose contributions to this file have been 47 * either removed or redesigned and rewritten anew: 48 * - t3dworld 49 * - tswicegood 50 * }} 51 * 52 * @version $Id: _main.inc.php,v 1.82 2007/07/01 18:47:11 fplanque Exp $ 53 */ 54 if( !defined('EVO_CONFIG_LOADED') ) die( 'Please, do not access this page directly.' ); 55 56 if( $maintenance_mode ) 57 { 58 header('HTTP/1.0 503 Service Unavailable'); 59 echo '<h1>503 Service Unavailable</h1>'; 60 die( 'The site is temporarily down for maintenance.' ); 61 } 62 63 64 /** 65 * Prevent double loading since require_once won't work in all situations 66 * on windows when some subfolders have caps :( 67 * (Check it out on static page generation) 68 */ 69 if( defined( 'EVO_MAIN_INIT' ) ) 70 { 71 return; 72 } 73 define( 'EVO_MAIN_INIT', true ); 74 75 76 /** 77 * Security check for older PHP versions 78 * Contributed by counterpoint / MAMBO team 79 */ 80 $protects = array( '_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION' ); 81 foreach( $protects as $protect ) 82 { 83 if( in_array( $protect, array_keys($_REQUEST) ) 84 || in_array( $protect, array_keys($_GET) ) 85 || in_array( $protect, array_keys($_POST) ) 86 || in_array( $protect, array_keys($_COOKIE) ) 87 || in_array( $protect, array_keys($_FILES) ) ) 88 { 89 bad_request_die( 'Unacceptable params.' ); 90 } 91 } 92 93 /* 94 * fp> We might want to kill all auto registered globals this way: 95 * TODO: testing 96 * 97 $superglobals = array($_SERVER, $_ENV, $_FILES, $_COOKIE, $_POST, $_GET); 98 if (isset( $_SESSION )) array_unshift ( $superglobals , $_SESSION ); 99 if (ini_get('register_globals') && !$this->mosConfig_register_globals) 100 { 101 foreach ( $superglobals as $superglobal ) 102 { 103 foreach ( $superglobal as $key => $value) 104 { 105 unset( $GLOBALS[$key]); 106 } 107 } 108 } 109 */ 110 111 112 /** 113 * class loader 114 */ 115 require_once $inc_path.'_core/_class4.funcs.php'; 116 117 /** 118 * Load logging class 119 */ 120 load_class('_core/model/_log.class.php'); 121 /** 122 * Debug message log for debugging only (initialized here). 123 * 124 * If {@link $debug} is off, it will be re-instantiated of class {@link Log_noop} after loading config 125 * and perform no operations. 126 * @global Log|Log_noop $Debuglog 127 */ 128 $Debuglog = & new Log( 'note' ); 129 130 /** 131 * Info & error message log for end user (initialized here) 132 * @global Log $Messages 133 */ 134 $Messages = & new Log( 'error' ); 135 136 137 /** 138 * Start timer: 139 */ 140 load_class('_core/model/_timer.class.php'); 141 $Timer = & new Timer('total'); 142 143 $Timer->start( '_main.inc' ); 144 145 146 /** 147 * Sets various arrays and vars, also $app_name! 148 * 149 * Needed before the error messages. 150 */ 151 require_once dirname(__FILE__).'/_vars.inc.php'; 152 153 154 if( !$config_is_done ) 155 { // base config is not done! 156 $error_message = 'Base configuration is not done! (see /conf/_basic_config.php)'; 157 } 158 elseif( !isset( $locales[$default_locale] ) ) 159 { 160 $error_message = 'The default locale '.var_export( $default_locale, true ).' does not exist! (see /conf/_locales.php)'; 161 } 162 if( isset( $error_message ) ) 163 { // error & exit 164 require dirname(__FILE__).'/../skins_adm/conf_error.main.php'; 165 } 166 167 if( !$debug ) 168 { 169 $Debuglog = & new Log_noop( 'note' ); 170 } 171 172 173 /** 174 * Miscellaneous functions 175 */ 176 load_funcs('_core/_misc.funcs.php'); 177 178 179 /** 180 * Connect to DB 181 */ 182 require_once dirname(__FILE__).'/_connect_db.inc.php'; 183 184 185 /** 186 * Load settings class 187 */ 188 load_class('settings/model/_generalsettings.class.php'); 189 load_class('users/model/_usersettings.class.php'); 190 /** 191 * Interface to general settings 192 * 193 * Keep this below the creation of the {@link $DB DB object}, because it checks for the 194 * correct db_version and catches "table does not exist" errors, providing a link to the 195 * install script. 196 * 197 * @global GeneralSettings $Settings 198 */ 199 $Settings = & new GeneralSettings(); 200 /** 201 * Interface to user settings 202 * 203 * @global UserSettings $UserSettings 204 */ 205 $UserSettings = & new UserSettings(); 206 207 208 /** 209 * Absolute Unix timestamp for server 210 * @global int $servertimenow 211 */ 212 $servertimenow = time(); 213 214 $time_difference = $Settings->get('time_difference'); 215 216 /** 217 * Corrected Unix timestamp to match server timezone 218 * @global int $localtimenow 219 */ 220 $localtimenow = $servertimenow + $time_difference; 221 222 223 /** 224 * The Hit class 225 */ 226 load_class('sessions/model/_hit.class.php'); 227 // fp> The following constructor requires this right now, but it should not! this should be loaded later. 228 load_class('_core/_param.funcs.php'); 229 /** 230 * @global Hit The Hit object 231 */ 232 $Hit = & new Hit(); 233 234 235 /** 236 * The Session class. 237 * It has to be instantiated before the "SessionLoaded" hook. 238 */ 239 load_class('sessions/model/_session.class.php'); 240 /** 241 * The Session object 242 * @global Session 243 * @todo dh> This needs the same "SET NAMES" MySQL-setup as with Session::dbsave() - see the "TODO" with unserialize() in Session::Session() 244 * @todo dh> makes no sense in CLI mode (no cookie); Add isset() checks to 245 * calls on the $Session object, e.g. below? 246 */ 247 $Session = & new Session(); 248 249 250 /** 251 * Plugins init. 252 * This is done quite early here to give an early hook ("SessionLoaded") to plugins (though it might also be moved just after $DB init when there is reason for a hook there). 253 * The {@link dnsbl_antispam_plugin} is an example that uses this to check the user's IP against a list of DNS blacklists. 254 */ 255 load_class('plugins/model/_plugins.class.php'); 256 /** 257 * @global Plugins The Plugin management object 258 */ 259 $Plugins = & new Plugins(); 260 261 262 // NOTE: it might be faster (though more bandwidth intensive) to spit cached pages (CachePageContent event) than to look into blocking the request (SessionLoaded event). 263 $Plugins->trigger_event( 'SessionLoaded' ); 264 265 266 // Trigger a page content caching plugin. This would either return the cached content here or start output buffering 267 if( empty($generating_static) ) 268 { 269 if( $Session->get( 'core.no_CachePageContent' ) ) 270 { // The event is disabled for this request: 271 $Session->delete('core.no_CachePageContent'); 272 $Debuglog->add( 'Skipping CachePageContent event, because of core.no_CachePageContent setting.', 'plugins' ); 273 } 274 elseif( ( $get_return = $Plugins->trigger_event_first_true( 'CachePageContent' ) ) // Plugin responded to the event 275 && ( isset($get_return['data']) ) ) // cached content returned 276 { 277 echo $get_return['data']; 278 // Note: we should not use debug_info() here, because the plugin has probably sent a Content-Length header. 279 exit; 280 } 281 } 282 283 284 // TODO: we need an event hook here for the transport_optimizer_plugin, which must get called, AFTER another plugin might have started an output buffer for caching already. 285 // Plugin priority is no option, because CachePageContent is a trigger_event_first_true event, for obvious reasons. 286 // Name? 287 // This must not be exactly here, but before any output. 288 289 290 /** 291 * Includes: 292 */ 293 $Timer->start('_main.inc:requires'); 294 load_class('_core/model/dataobjects/_dataobjectcache.class.php'); 295 load_class('generic/model/_genericelement.class.php'); 296 load_class('generic/model/_genericcache.class.php'); 297 load_class('collections/model/_blog.class.php'); 298 load_funcs('collections/model/_blog.funcs.php'); 299 load_funcs('collections/model/_category.funcs.php'); 300 load_funcs('items/model/_item.funcs.php'); 301 load_funcs('users/model/_user.funcs.php'); 302 load_class('_core/_template.funcs.php'); 303 load_class('files/model/_file.class.php'); 304 load_class('files/model/_filetype.class.php'); 305 load_class('files/model/_filetypecache.class.php'); 306 load_class('items/model/_itemtype.class.php'); 307 load_class('items/model/_link.class.php'); 308 load_funcs('comments/model/_comment.funcs.php'); 309 load_funcs('items/model/_item.funcs.php'); 310 load_class('comments/model/_commentlist.class.php'); 311 load_funcs('sessions/model/_hitlog.funcs.php'); // referer logging 312 load_funcs('_core/ui/forms/_form.funcs.php'); 313 load_funcs('_core/ui/forms/_form.class.php'); 314 load_class('items/model/_itemquery.class.php'); 315 load_funcs('_ext/_swfcharts.php'); 316 317 318 $Timer->pause( '_main.inc:requires' ); 319 320 321 /** 322 * Locale selection: 323 */ 324 $Debuglog->add( 'default_locale from conf: '.$default_locale, 'locale' ); 325 326 locale_overwritefromDB(); 327 $Debuglog->add( 'default_locale from DB: '.$default_locale, 'locale' ); 328 329 $default_locale = locale_from_httpaccept(); // set default locale by autodetect 330 $Debuglog->add( 'default_locale from HTTP_ACCEPT: '.$default_locale, 'locale' ); 331 332 if( ($locale_from_get = param( 'locale', 'string', NULL, true )) 333 && $locale_from_get != $default_locale 334 && isset( $locales[$locale_from_get] ) ) 335 { 336 $default_locale = $locale_from_get; 337 $Debuglog->add( 'Overriding locale from REQUEST: '.$default_locale, 'locale' ); 338 } 339 340 341 /** 342 * Activate default locale: 343 */ 344 locale_activate( $default_locale ); 345 346 347 /* 348 * Login procedure: {{{ 349 * TODO: dh> the meat of this login procedure should be moved to an extra file IMHO so that if a session exists (in most cases) it does not trigger parsing the meat of this code 350 * !!! fp> a session can and wil exist before a user is already logged in. 351 */ 352 if( !isset($login_required) ) 353 { 354 $login_required = false; 355 } 356 357 358 $login = NULL; 359 $pass = NULL; 360 $pass_md5 = NULL; 361 362 if( isset($_POST['login'] ) && isset($_POST['pwd'] ) ) 363 { // Trying to log in with a POST 364 $login = $_POST['login']; 365 $pass = $_POST['pwd']; 366 unset($_POST['pwd']); // password will be hashed below 367 } 368 elseif( isset($_GET['login'] ) ) 369 { // Trying to log in with a GET; we might only provide a user here. 370 $login = $_GET['login']; 371 $pass = isset($_GET['pwd']) ? $_GET['pwd'] : ''; 372 unset($_GET['pwd']); // password will be hashed below 373 } 374 375 $Debuglog->add( 'login: '.var_export($login, true), 'login' ); 376 $Debuglog->add( 'pass: '.( empty($pass) ? '' : 'not' ).' empty', 'login' ); 377 378 // either 'login' (normal) or 'redirect_to_backoffice' may be set here. This also helps to display the login form again, if either login or pass were empty. 379 $login_action = param_arrayindex( 'login_action' ); 380 381 $UserCache = & get_Cache( 'UserCache' ); 382 383 if( ! empty($login_action) || (! empty($login) && ! empty($pass)) ) 384 { // User is trying to login right now 385 $Debuglog->add( 'User is trying to log in.', 'login' ); 386 387 header_nocache(); 388 389 // Note: login and password cannot include '<' ! 390 $login = strtolower(strip_tags(remove_magic_quotes($login))); 391 $pass = strip_tags(remove_magic_quotes($pass)); 392 $pass_md5 = md5( $pass ); 393 394 395 /* 396 * Handle javascript-hashed password: 397 * If possible, the login form will hash the entered password with a salt that changes everytime. 398 */ 399 param('pwd_salt', 'string', ''); // just for comparison with the one from Session 400 $pwd_salt_sess = $Session->get('core.pwd_salt'); 401 402 // $Debuglog->add( 'salt: '.var_export($pwd_salt, true).', session salt: '.var_export($pwd_salt_sess, true) ); 403 404 $transmit_hashed_password = (bool)$Settings->get('js_passwd_hashing') && !(bool)$Plugins->trigger_event_first_true('LoginAttemptNeedsRawPassword'); 405 if( $transmit_hashed_password ) 406 { 407 param( 'pwd_hashed', 'string', '' ); 408 } 409 else 410 { // at least one plugin requests the password un-hashed: 411 $pwd_hashed = ''; 412 } 413 414 // $Debuglog->add( 'pwd_hashed: '.var_export($pwd_hashed, true).', pass: '.var_export($pass, true) ); 415 416 $pass_ok = false; 417 // Trigger Plugin event, which could create the user, according to another database: 418 if( $Plugins->trigger_event( 'LoginAttempt', array( 419 'login' => & $login, 420 'pass' => & $pass, 421 'pass_md5' => & $pass_md5, 422 'pass_salt' => & $pwd_salt_sess, 423 'pass_hashed' => & $pwd_hashed, 424 'pass_ok' => & $pass_ok ) ) ) 425 { // clear the UserCache, if a plugin has been called - it may have changed user(s) 426 $UserCache->clear(); 427 } 428 429 if( $Messages->count('login_error') ) 430 { // A plugin has thrown a login error.. 431 // Do nothing, the error will get displayed in the login form.. 432 433 // TODO: dh> make sure that the user gets logged out?! (a Plugin might have logged him in and another one thrown an error) 434 } 435 else 436 { // Check login and password 437 438 // Make sure that we can load the user: 439 $User = & $UserCache->get_by_login($login); 440 441 if( $User && ! $pass_ok ) 442 { // check the password, if no plugin has said "it's ok": 443 if( ! empty($pwd_hashed) ) 444 { // password hashed by JavaScript: 445 446 $Debuglog->add( 'Hashed password available.', 'login' ); 447 448 if( empty($pwd_salt_sess) ) 449 { // no salt stored in session: either cookie problem or the user had already tried logging in (from another window for example) 450 $Debuglog->add( 'Empty salt_sess!', 'login' ); 451 if( substr($pass, 0, 7) == 'hashed_' && substr($pass, 7) == $Session->ID ) 452 { // session ID matches, no cookie problem 453 $Messages->add( T_('The login window has expired. Please try again.'), 'login_error' ); 454 $Debuglog->add( 'Session ID matches.', 'login' ); 455 } 456 else 457 { // more general error: 458 $Messages->add( T_('Either you have not enabled cookies or this login window has expired.'), 'login_error' ); 459 $Debuglog->add( 'Session ID does not match.', 'login' ); 460 } 461 } 462 elseif( $pwd_salt != $pwd_salt_sess ) 463 { // submitted salt differs from the one stored in the session 464 $Messages->add( T_('The login window has expired. Please try again.'), 'login_error' ); 465 $Debuglog->add( 'Submitted salt and salt from Session do not match.', 'login' ); 466 } 467 else 468 { // compare the password, using the salt stored in the Session: 469 #pre_dump( sha1($User->pass.$pwd_salt), $pwd_hashed ); 470 $pass_ok = sha1($User->pass.$pwd_salt) == $pwd_hashed; 471 $Session->delete('core.pwd_salt'); 472 $Debuglog->add( 'Compared hashed passwords. Result: '.(int)$pass_ok, 'login' ); 473 } 474 } 475 else 476 { 477 $pass_ok = ( $User->pass == $pass_md5 ); 478 $Debuglog->add( 'Compared raw passwords. Result: '.(int)$pass_ok, 'login' ); 479 } 480 } 481 } 482 483 if( $pass_ok ) 484 { // Login succeeded, set cookies 485 $Debuglog->add( 'User successfully logged in with username and password...', 'login'); 486 // set the user from the login that succeeded 487 $current_User = & $UserCache->get_by_login($login); 488 // save the user for later hits 489 $Session->set_User( $current_User ); 490 } 491 elseif( ! $Messages->count('login_error') ) 492 { // if there's no login_error message yet, add the default one: 493 // This will cause the login screen to "popup" (again) 494 $Messages->add( T_('Wrong login/password.'), 'login_error' ); 495 } 496 497 } 498 elseif( $Session->has_User() /* logged in */ 499 && /* No login param given or the same as current user: */ 500 ( empty($login) || ( ( $tmp_User = & $UserCache->get_by_ID($Session->user_ID) ) && $login == $tmp_User->login ) ) ) 501 { /* if the session has a user assigned to it: 502 * User was not trying to log in, but he was already logged in: 503 */ 504 // get the user ID from the session and set up the user again 505 $current_User = & $UserCache->get_by_ID( $Session->user_ID ); 506 507 $Debuglog->add( 'Was already logged in... ['.$current_User->get('login').']', 'login' ); 508 } 509 else 510 { // The Session has no user or $login is given (and differs from current user), allow alternate authentication through Plugin: 511 if( ($event_return = $Plugins->trigger_event_first_true( 'AlternateAuthentication' )) 512 && $Session->has_User() # the plugin should have attached the user to $Session 513 ) 514 { 515 $Debuglog->add( 'User has been authenticated through plugin #'.$event_return['plugin_ID'].' (AlternateAuthentication)', 'login' ); 516 $current_User = & $UserCache->get_by_ID( $Session->user_ID ); 517 } 518 elseif( $login_required ) 519 { /* 520 * --------------------------------------------------------- 521 * User was not logged in at all, but login is required 522 * --------------------------------------------------------- 523 */ 524 // echo ' NOT logged in...'; 525 $Debuglog->add( 'NOT logged in... (did not try)', 'login' ); 526 527 $Messages->add( T_('You must log in!'), 'login_error' ); 528 } 529 } 530 unset($pass); 531 532 533 // Check if the user needs to be validated, but is not yet: 534 if( ! empty($current_User) 535 && ! $current_User->validated 536 && param('action', 'string', '') != 'logout' ) // fp> TODO: non validated users should be automatically logged out 537 { 538 if( $action != 'req_validatemail' && $action != 'validatemail' ) 539 { // we're not in that action already: 540 $action = 'req_validatemail'; // for login.php 541 $Messages->add( T_('You must validate your email address before you can log in.'), 'login_error' ); 542 } 543 } 544 else 545 { // Trigger plugin event that allows the plugins to re-act on the login event: 546 if( empty($current_User) ) 547 { 548 $Plugins->trigger_event( 'AfterLoginAnonymousUser', array() ); 549 } 550 else 551 { 552 $Plugins->trigger_event( 'AfterLoginRegisteredUser', array() ); 553 554 if( ! empty($login_action) ) 555 { // We're coming from the Login form and need to redirect to the requested page: 556 if( $login_action == 'redirect_to_backoffice' ) 557 { // user pressed the "Log into backoffice!" button 558 $redirect_to = $admin_url; 559 } 560 else 561 { 562 param( 'redirect_to', 'string', $baseurl ); 563 } 564 565 header_redirect( $redirect_to ); 566 exit(); 567 } 568 } 569 } 570 571 // If there are "login_error" messages, they trigger the login form at the end of this file. 572 573 /* Login procedure }}} */ 574 575 576 // Icon legend: 577 if( $UserSettings->get('display_icon_legend') ) 578 { 579 /** 580 * Icon Legend 581 */ 582 load_funcs( '_core/ui/_iconlegend.class.php' ); 583 $IconLegend = & new IconLegend(); 584 } 585 586 587 /** 588 * User locale selection: 589 */ 590 if( is_logged_in() && $current_User->get('locale') != $current_locale 591 && !$locale_from_get ) 592 { // change locale to users preference 593 /* 594 * User locale selection: 595 * TODO: this should get done before instantiating $current_User, because we already use T_() there... 596 */ 597 locale_activate( $current_User->get('locale') ); 598 if( $current_locale == $current_User->get('locale') ) 599 { 600 $default_locale = $current_locale; 601 $Debuglog->add( 'default_locale from user profile: '.$default_locale, 'locale' ); 602 } 603 else 604 { 605 $Debuglog->add( 'locale from user profile could not be activated: '.$current_User->get('locale'), 'locale' ); 606 } 607 } 608 609 610 // Init charset handling: 611 init_charsets( $current_charset ); 612 613 614 // Display login errors (and form). This uses $io_charset, so it's at the end. 615 616 if( $Messages->count( 'login_error' ) ) 617 { 618 require $htsrv_path.'login.php'; 619 exit(); 620 } 621 622 $Timer->pause( '_main.inc'); 623 624 625 /** 626 * Load hacks file if it exists 627 */ 628 if( file_exists($conf_path.'hacks.php') ) 629 { 630 $Timer->resume( 'hacks.php' ); 631 include_once $conf_path.'hacks.php'; 632 $Timer->pause( 'hacks.php' ); 633 } 634 635 636 /* 637 * $Log: _main.inc.php,v $ 638 * Revision 1.82 2007/07/01 18:47:11 fplanque 639 * fixes 640 * 641 * Revision 1.81 2007/06/26 02:40:53 fplanque 642 * security checks 643 * 644 * Revision 1.80 2007/06/25 10:58:51 fplanque 645 * MODULES (refactored MVC) 646 * 647 * Revision 1.79 2007/06/24 01:05:31 fplanque 648 * skin_include() now does all the template magic for skins 2.0. 649 * .disp.php templates still need to be cleaned up. 650 * 651 * Revision 1.78 2007/06/20 23:12:51 fplanque 652 * "Who's online" moved to a plugin 653 * 654 * Revision 1.77 2007/04/26 00:11:05 fplanque 655 * (c) 2007 656 * 657 * Revision 1.76 2007/03/18 01:39:54 fplanque 658 * renamed _main.php to main.page.php to comply with 2.0 naming scheme. 659 * (more to come) 660 * 661 * Revision 1.75 2007/02/03 18:46:30 fplanque 662 * doc 663 * 664 * Revision 1.74 2007/01/26 21:52:42 blueyed 665 * Improved LoginAttempt hook: all params get passed by reference and "pass_ok" has been added 666 * 667 * Revision 1.73 2007/01/26 04:49:17 fplanque 668 * cleanup 669 * 670 * Revision 1.72 2007/01/19 03:06:57 fplanque 671 * Changed many little thinsg in the login procedure. 672 * There may be new bugs, sorry. I tested this for several hours though. 673 * More refactoring to be done. 674 * 675 * Revision 1.71 2006/12/28 15:44:31 fplanque 676 * login refactoring / simplified 677 * 678 * Revision 1.70 2006/12/15 22:54:14 fplanque 679 * allow disabling of password hashing 680 * 681 * Revision 1.69 2006/12/09 01:55:35 fplanque 682 * feel free to fill in some missing notes 683 * hint: "login" does not need a note! :P 684 * 685 * Revision 1.68 2006/12/08 12:33:22 blueyed 686 * "login" debuglog category for "pwd_hashed" entry 687 * 688 * Revision 1.67 2006/12/06 23:32:35 fplanque 689 * Rollback to Daniel's most reliable password hashing design. (which is not the last one) 690 * This not only strengthens the login by providing less failure points, it also: 691 * - Fixes the login in IE7 692 * - Removes the double "do you want to memorize this password' in FF. 693 * 694 * Revision 1.66 2006/12/06 22:30:07 fplanque 695 * Fixed this use case: 696 * Users cannot register themselves. 697 * Admin creates users that are validated by default. (they don't have to validate) 698 * Admin can invalidate a user. (his email, address actually) 699 * 700 * Revision 1.65 2006/12/04 21:45:39 fplanque 701 * cleanup 702 * 703 * Revision 1.63 2006/12/04 00:18:52 fplanque 704 * keeping the login hashing 705 * 706 * Revision 1.61 2006/12/03 22:38:34 fplanque 707 * doc 708 * 709 * Revision 1.60 2006/12/03 18:26:27 fplanque 710 * doc 711 * 712 * Revision 1.59 2006/11/29 20:04:35 blueyed 713 * More cleanup for login-password hashing 714 * 715 * Revision 1.58 2006/11/29 03:25:53 blueyed 716 * Enhanced password hashing during login: get the password salt through async request + cleanup 717 * 718 * Revision 1.57 2006/11/24 18:27:22 blueyed 719 * Fixed link to b2evo CVS browsing interface in file docblocks 720 * 721 * Revision 1.56 2006/11/22 00:04:19 blueyed 722 * todo: $Session should not get instantiated if $is_cli 723 * 724 * Revision 1.55 2006/11/19 23:43:04 blueyed 725 * Optimized icon and $IconLegend handling 726 * 727 * Revision 1.54 2006/11/14 21:13:58 blueyed 728 * I've spent > 2 hours debugging this charset nightmare and all I've got are those lousy TODOs.. 729 * 730 * Revision 1.53 2006/10/23 22:19:02 blueyed 731 * Fixed/unified encoding of redirect_to param. Use just rawurlencode() and no funky & replacements 732 * 733 * Revision 1.52 2006/10/15 21:30:45 blueyed 734 * Use url_rel_to_same_host() for redirect_to params. 735 * 736 * Revision 1.51 2006/10/14 16:27:05 blueyed 737 * Client-side password hashing in the login form. 738 */ 739 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 23:58:50 2007 | par Balluche grâce à PHPXref 0.7 |
|
|