stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-23 01:39:53 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,365 Commits 4 Branches 0 Tags
33df7de391eebdab2cb09ca97207cb81f4274cd1
Commit Graph

251 Commits

Author SHA1 Message Date
Bharat Mediratta
8ebd941c81 Properly call user::login when we automatically login the admin user 
immediately after install.  Fixes ticket #323.
 2009-05-31 21:48:43 -07:00
Bharat Mediratta
9322f51e23 Localize a string 2009-05-31 19:31:55 -07:00
jhilden
277c96c2f6 user admin facelift 
* added drag & drop help message for empty groups
* fixed overflow issue with more than ~10 members in one group
* CSS improvements
 2009-05-31 18:25:43 -04:00
Bharat Mediratta
712fdb5545 Clean up view variables 2009-05-31 01:03:24 -07:00
Bharat Mediratta
9369ccab7f Run all variables that come from user-entered data through p::clean() 2009-05-31 01:02:51 -07:00
Bharat Mediratta
cc6cd7e1f3 Regenerate the session id every time through login::_auth() to avoid session trapping. 2009-05-27 01:58:46 -07:00
Bharat Mediratta
0a66ddd2b4 Use a random value for the password reset hash to reduce the chances 
that it can be guessed by an attacker.
 2009-05-27 00:50:24 -07:00
Bharat Mediratta
7aed923908 Restructure the module lifecycle. 
Install: <module>_installer::install() is called, any necessary tables
are created.

Activate: <module>_installer::activate() is called.  Module
controllers are routable, helpers are accessible, etc.  The module is
in use.

Deactivate: <module>_installer::deactivate() is called.  Module code
is not accessible or routable.  Module is *not* in use, but its tables
are still around.

Uninstall: <module>_installer::uninstall() is called.  Module is
completely removed from the database.

Admin > Modules will install and activate modules, but will only
deactivate (will NOT uninstall modules).
 2009-05-26 05:28:59 +00:00
Chad Kieffer
2966289b14 Quick fix for ticket #144. Reapply event handler for delete link gDialog when group is refreshed. 2009-05-26 05:05:04 +00:00
Chad Kieffer
94e36344b2 Link to gallery.panel.js from the head, not body. 2009-05-26 05:00:19 +00:00
Chad Kieffer
88e1f02c1a Split out re-used JavaScript for common functions (messages, valign), panel toggle, and forms to external files. 2009-05-26 03:59:35 +00:00
Chad Kieffer
916405bc4b White space fixes 2009-05-26 01:53:18 +00:00
Chad Kieffer
30592cabd2 Changed name to username in user admin form labels 2009-05-25 20:46:19 +00:00
Bharat Mediratta
3756c849c4 Use phpass as our hashing mechanism, and check for it first (instead 
of checking G1/G2 techniquew first).
 2009-05-24 06:11:20 +00:00
Chad Kieffer
cc329526c0 Changed Name label to Username, closes ticket #93 2009-05-21 04:48:53 +00:00
Bharat Mediratta
f24c8f66ea Move the first-admin-login steps out of the user module and into an event listener in core 2009-05-20 16:49:06 +00:00
Bharat Mediratta
5f853b9a1b Get rid of trailing whitespace in security preamble 2009-05-18 04:13:09 +00:00
Bharat Mediratta
39bfe5ee74 Add security preamble 2009-05-18 03:51:15 +00:00
Bharat Mediratta
993742feb3 Move 3rd party PasswordHash library into the "lib" dir for 
consistency.  No 3rd party libs in "libraries", at least for now.
 2009-05-18 03:39:42 +00:00
Bharat Mediratta
5495037a3d Gee it's May already. Update copyright to 2009. 2009-05-13 20:04:58 +00:00
Bharat Mediratta
dcdc6f1e77 Don't allow admins to delete the guest user. Fixes ticket #213 2009-05-13 04:01:38 +00:00
Bharat Mediratta
7abe611a62 Make the 'this user cannot be deleted' link actually not clickable. 2009-05-13 03:59:42 +00:00
Bharat Mediratta
9c24b5d94d Variety of changes to the way we do user editing: 
1) Allow admins to edit the admin bit of other admins
2) Don't allow admins to delete themselves (partial fix for ticket #213)
3) Inline user::update().  Don't do form processing in helper methods!
4) Inline user::_get_edit_form() so that we can treat edit forms differently.
   Trying to hard to make common functions makes for weird edge cases.
 2009-05-13 03:56:50 +00:00
Bharat Mediratta
b9aeec634d Colorize admin user rows to make them stand out 2009-05-13 03:44:55 +00:00
Bharat Mediratta
1344bd7009 Use the name field if the full_name field is empty. 2009-05-13 03:36:06 +00:00
Bharat Mediratta
4093315390 Log password reset attempts. Fixes ticket #251. 2009-05-13 00:47:20 +00:00
Bharat Mediratta
71defb7d40 Add group::lookup_by_name() 2009-05-12 22:34:36 +00:00
Bharat Mediratta
823077f342 Fix a comment. 2009-05-12 22:31:54 +00:00
Bharat Mediratta
afa4a8acca After ajax login, just reload the current page. 2009-05-10 19:57:58 +00:00
Bharat Mediratta
cda6e54aa4 add_group() was not getting $form before using it. 2009-04-24 00:33:27 +00:00
Bharat Mediratta
6b89e7fa2a Add user::lookup_by_name() 2009-04-18 23:06:38 +00:00
Andy Staudacher
6fae077b52 Fix i18n for "Logged in as" string 2009-04-17 02:04:25 +00:00
Bharat Mediratta
8c1d1a9d0d Provate a way to set the hashed password directly 2009-04-15 07:18:19 +00:00
Andy Staudacher
d558a88015 Fix for ticket 181: don't ignore the locale option when adding users 2009-04-09 02:41:29 +00:00
Bharat Mediratta
ff732d9c7e Fix the spelling of "appearance_menu" and update user_menu so that the 
user/groups admin menu option appears again.
 2009-04-09 02:25:27 +00:00
Bharat Mediratta
c936eebcf7 Don't do graphics detection in core_installer::install() because that 
gets run at scaffolding::package() time, not on the target machine.
Instead, create a core module variable to trigger running
graphics::choose_default_toolkit() on the first admin login after install.

Fixes ticket #206.
 2009-04-05 20:43:05 +00:00
Tim Almdal
f1eec57221 Add a weight column to the items model. Change the album ordering to 
use this as the default instead of id.  This prepares the way for
manual reordering in the organize functionality.
 2009-04-05 16:57:51 +00:00
Tim Almdal
9ed0dd51bf Fix for ticket #201. 
1) create common update function so processing consistent between the
user edit and admin edit.
2) created common private helper function to build the user edit form
the same way.
So a user can now change their user name if the new one doesn't exist.
 2009-04-03 17:33:07 +00:00
Bharat Mediratta
921f3a2eee Put csrf token into Admin_View and Theme_View by default, then use it 
directly wherever possible instead of access::csrf_token().
 2009-03-27 03:43:21 +00:00
Tim Almdal
3cb2c42e49 Fix for ticket #181. Valiant take note of the change to 
admin_users.php.  I had to remove the check for the locale as it
hasn't been added to the form.
 2009-03-25 16:21:36 +00:00
Andy Staudacher
a04fe5246c Fix the locale field in the change user settings form 2009-03-17 17:19:45 +00:00
Andy Staudacher
ee2f09c968 Fix edit user form handler 2009-03-17 15:49:02 +00:00
Bharat Mediratta
8458eba279 Switch the locale::$locales data structure to be an array instead of a 
stdClass because we're not allowed to asort() stdClass objects in PHP
5.2.6.
 2009-03-16 09:08:12 +00:00
Bharat Mediratta
6aadb0bc77 Fix indentation 2009-03-16 09:01:50 +00:00
Bharat Mediratta
c15e4c61a3 Proxy the url through _auth() to user::get_login_form() 2009-03-16 08:05:44 +00:00
Bharat Mediratta
54e07d0769 Get rid of the extra robust code we had in here to make the 
scaffolding work when the Gallery wasn't installed yet.  Now we force
users through the installer.
 2009-03-16 08:05:07 +00:00
Chad Kieffer
542ab6db1f Combined "Logged in as..." and "Modify Profile" to by just "Logged in as FullName" 2009-03-16 04:54:00 +00:00
Bharat Mediratta
83912bce20 Missed this in the last commit 2009-03-16 04:42:39 +00:00
Bharat Mediratta
736d74d05f Clean up the login, maintenance login and required-top-level-login code. 
We now have two clear and separate login approaches:
  login/ajax
  login/html

Choose the one that's appropriate.  Totally simplified the maintenance
page to be separate from the theme and dead simple, and use login/html
approach there.  Totally simplified the top level login
(login_page.html.php) to just be a login page, not the rest of the
chrome on the page and use the login/ajax approach there.

Don't use access::required in albums and then catch the exception,
instead use access::can and check the return code.

Improve the text for maintenance mode.
 2009-03-16 04:33:45 +00:00
Bharat Mediratta
cbc7c870fa Stop loading jeditable-- we don't use it anymore 2009-03-16 04:30:17 +00:00