Lukas Reschke
6f2e8788ca
Make enhanced auth time configurable
2012-10-16 01:02:03 +02:00
Lukas Reschke
f4142bd2a8
Move isUserVerified to OC_Util
2012-10-16 00:47:38 +02:00
Lukas Reschke
77e18b01ba
Move the ( to the right position
2012-10-16 00:47:38 +02:00
Lukas Reschke
c404148f9a
Password check for admins
2012-10-16 00:47:38 +02:00
Lukas Reschke
91d4b23efe
Fix PHP notice
2012-10-16 00:47:38 +02:00
Lukas Reschke
1a187d1ca5
Fix PHP notice
2012-10-16 00:47:38 +02:00
Lukas Reschke
097f429816
Add isUserVerified()
2012-10-16 00:47:38 +02:00
Lukas Reschke
c83a2a5517
Correct check for admin
2012-10-16 00:47:38 +02:00
Victor Dubiniuk
ddcd738357
Merge branch 'extended_log'
...
PHP errors logging into the owncloud log
2012-10-16 01:30:45 +03:00
Lukas Reschke
e6c9f5d9f4
Verify passwords for admins
2012-10-16 00:01:48 +02:00
Lukas Reschke
7e2d4e2a8e
Remove verify user from personal.php
2012-10-15 23:51:22 +02:00
Lukas Reschke
e3054b6201
Revert "Verify user login before changing the password reset mail"
...
This reverts commit 9aa9110fd9
.
2012-10-15 23:50:12 +02:00
Lukas Reschke
f475ed5cc1
Revert "Remove old password check from changepassword and use verifyUser instead"
...
This reverts commit e6b8153865
.
2012-10-15 23:49:49 +02:00
Lukas Reschke
c9ac1364d1
"deny from all" instead directory
2012-10-15 23:35:27 +02:00
Lukas Reschke
3eb43c1fbe
Show a warning in the installer if .htaccess is not working
2012-10-15 23:25:15 +02:00
Lukas Reschke
9458a6c10e
Merge pull request #35 from visit1985/logonpage
...
avoid undefined index warning on login page
2012-10-15 11:44:42 -07:00
Michael Göhler
d7a4547482
avoid undefined index warning on login page
2012-10-15 20:37:52 +02:00
Michael Göhler
8be9c04a3a
128byte is not 128bit - now we realy use 256bit (same as PHPSESSID)
2012-10-15 20:04:22 +02:00
Lukas Reschke
fa71e51e67
Use /dev/urandom instead of /dev/random
...
The usage of /dev/urandom is enough secure
2012-10-15 19:21:37 +02:00
Arthur Schiwon
24ad6b5a62
LDAP: fix retrieval of Quota and Email
2012-10-15 18:47:28 +02:00
Arthur Schiwon
5708488b3e
make files_versions use OC_User::getHome, fixes 'PHP Warning: Missing argument 1 for OC_FilesystemView::getAbsolutePath' with custom user home dirs
2012-10-15 18:16:27 +02:00
Lukas Reschke
9aa9110fd9
Verify user login before changing the password reset mail
2012-10-15 17:44:44 +02:00
Lukas Reschke
e6b8153865
Remove old password check from changepassword and use verifyUser instead
2012-10-15 17:44:44 +02:00
Lukas Reschke
6b39b80648
Change auth checks
2012-10-15 17:44:44 +02:00
Lukas Reschke
6e045b9ea1
Check if $_Post
2012-10-15 17:42:38 +02:00
Lukas Reschke
1c865f702c
Change verifyUser so that external json files can call it
2012-10-15 17:42:38 +02:00
Lukas Reschke
842d6dad47
Remove space
2012-10-15 17:42:38 +02:00
Lukas Reschke
4d7b0e9bb3
verifyUser() for the json part
2012-10-15 17:42:38 +02:00
Lukas Reschke
d33bec09fe
Verify password page for users
2012-10-15 17:42:38 +02:00
Arthur Schiwon
800fd5fd79
LDAP: check if index is set, fix Notices
2012-10-15 17:17:37 +02:00
Lukas Reschke
0b42d70259
Unneeded double check
2012-10-15 16:08:39 +03:00
Lukas Reschke
f08ff3b6e6
Correct formatting
2012-10-15 15:25:40 +03:00
Lukas Reschke
c930ac9f88
Merge pull request #30 from visit1985/logonpage
...
extend logon page to display multiple error messages
2012-10-15 03:52:11 -07:00
Jenkins for ownCloud
cf7df2db7a
[tx-robot] updated from transifex
2012-10-15 02:09:11 +02:00
Michael Göhler
22fa23b4da
extend configkey column to hold 128bit values
2012-10-14 22:37:05 +02:00
Michael Göhler
ae1f33db54
implement fixed php session timeout and session id regeneration
2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa
removed username and password from token generation
2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48
fixed typo and redundant method call
2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40
added a warning message to the log when a cookie is rejected
2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c
fixed wrong variable usage
2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea
call unsetMagicInCookie if token is invalid
2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3
forgot a class name
2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd
delete all tokens on password change
2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120
further improvements on multiple login token support
...
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f
improve token security
...
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982
Make the lifetime of the remember login cookie
2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566
Cleanup login tokens on login success
2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3
Add support for multiple login cookie tokens
2012-10-14 22:36:25 +02:00
Bart Visscher
4af5b016cc
Whitespace cleanup
2012-10-14 21:04:08 +02:00
Michael Göhler
7095b3a083
extend logon page to display multiple error messages
2012-10-14 19:57:24 +02:00