stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 11:29:24 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,812 Commits 4 Branches 0 Tags
a8bb0462097bd83cd87bf9048b8be879cff3cd6c
Commit Graph

186 Commits

Author SHA1 Message Date
Bharat Mediratta
af8bb05d5d Show the old group name in the error message when we fail to modify a group. Fixes ticket #1233. 2010-07-20 15:33:48 -07:00
Bharat Mediratta
e5b1a4fc23 Fix a bunch of missing or invalid error messages. Fixes ticket #1232. 2010-07-20 15:21:44 -07:00
Bharat Mediratta
112582daeb Add internationalized error messages for adding and editing groups. 2010-07-20 12:18:03 -07:00
Tim Almdal
dbf3199e46 Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the dialog. Convert all the controllers 
that create the data to go into a dialog to return the html as part of a json object.
 2010-07-06 14:12:01 -07:00
ckieffer
f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta
6d81feacae Change the key for invalid passwords from "invalid" to 
"invalid_password" to remove ambiguity.
 2010-04-17 12:28:46 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
74113f869a Fix for ticket #1037: Only show language drop-down when there's actually a choice. 2010-02-27 20:21:22 -08:00
Andy Staudacher
a18ddd2fe9 Add more randomness to reset password mechanism. 2010-02-27 15:39:36 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Andy Staudacher
163391ee39 Partial fix for ticket 585: Require current password when changing an account's email address. 
Still leaving the user/group admin page wide open though.
 2010-02-06 17:43:33 -08:00
Bharat Mediratta
f631c2a0e5 Fix up Admin_Users_Controller() form handling now that user_form.html 
is gone.  Fixes ticket #1005.
 2010-02-06 09:30:45 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12 Require the current password to change your password. 
Fixes ticket #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
 2010-02-02 21:36:01 -08:00
Bharat Mediratta
22ea03847a Localize validation errors. 2010-02-01 21:27:15 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
f0ae2c8165 Localize edit form error messages. 2010-01-28 20:55:38 -08:00
Bharat Mediratta
e56318d07f Don't try to access ORM::$changed externally; it's protected. 2010-01-22 01:48:03 -08:00
Bharat Mediratta
f0780486ee Fix typo: edit_user -> add_user. 2010-01-20 22:53:51 -08:00
Bharat Mediratta
b23f62259d Stop using MY_ORM::original(). 2010-01-20 22:52:11 -08:00
Bharat Mediratta
9488684220 Move model rules down into their validate() function for consistency. 
Change "in_use" error to "conflict" for consistency.
 2010-01-17 12:30:24 -08:00
Bharat Mediratta
5c49c041e7 Use "(string) $form" instead of "$form->__toString()" 2010-01-16 22:42:02 -08:00
Bharat Mediratta
4a2d5bc9e2 Convert Users_Controller to model based validation. 2010-01-16 21:24:18 -08:00
Bharat Mediratta
6a4dda9bde Convert Admin_Users_Controller, User_Model and Group_Model to use 
model based validation.
 2010-01-16 21:15:12 -08:00
Bharat Mediratta
a691dcc63c Convert Admin_Users::add_user() to use model based validation. Get 
the rules and business logic out of the form and user::create(), and
move it into User_Model::save().
 2010-01-16 19:58:55 -08:00
Bharat Mediratta
ff728b3ccd Whitespace. 2010-01-16 17:51:57 -08:00
Bharat Mediratta
057e8d09af Convert a bunch of leftover kohana::show_404 calls to throw 
Kohana_404_Exception instead.  These are the ones where we used a
lower-case 'k' so my previous filter didn't catch it.
 2009-12-23 20:51:33 -08:00
Bharat Mediratta
0121bfd585 ORM::orderby -> ORM::order_by 2009-11-25 19:26:52 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Tim Almdal
6bdb8c3d55 Correct inconsistent captialization. Fixes #906 2009-11-21 09:36:19 -08:00
Bharat Mediratta
1067e68292 Redesign the way that we consider page types to create buckets of page 
types, and a subtype for specifics.  Currently the top level bucket

   collection, item, other

Here are the core subtypes so far:

   collection: album, search, tag
   item: movie, photo
   other: login, reset, comment-fragment, comment

It's legal to create new page_subtypes whenever you want.  Use the
appropriate page_type to get the coarse grain behavior that you want.
 2009-11-17 14:04:45 -08:00
Chad Kieffer
dbe6476255 Remove width class from add group form, it sizes the form's elements, not the form itself. 2009-11-06 20:26:09 -07:00
Tim Almdal
1c428df9e0 Revert "Use an event 'check_user_name_exists' to validate the input name is already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag." 
This reverts commit 04bf50bfb4.
 2009-10-31 16:16:47 -07:00
Tim Almdal
ddf8734a41 Caught a few more incorrect capitalizations. 2009-10-30 08:33:31 -07:00
Tim Almdal
04bf50bfb4 Use an event 'check_user_name_exists' to validate the input name is already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag. 2009-10-29 17:09:01 -07:00
Tim Almdal
3b4a64c698 Check the minimum length when adding or modifying users via the admin screen. 2009-10-27 14:21:59 -07:00
Tim Almdal
1347a30050 Add a password strength meter. 2009-10-27 12:23:48 -07:00
Tim Almdal
156a99beef Set the minimum password length to 5. The gallery owner can change this in the advance settings. 2009-10-27 10:13:52 -07:00
Tim Almdal
2dcd8f8a25 When we are changing the password using the change password from as part of the password reset, the input value is in the post[hash] variable as opposed to the get(key) value. This should fix ticket #850. 2009-10-27 07:35:28 -07:00
Tim Almdal
0a6b540092 Merge branch 'master' into talmdal_dev 
Conflicts:
	modules/server_add/helpers/server_add_theme.php
 2009-10-24 07:28:22 -07:00
Chad Kieffer
3814186592 Created user.css. Moved user-related form css to the new sheet. 2009-10-23 22:25:36 -06:00
Tim Almdal
2e998664d5 move controllers and views to the user module to make the Identity Provider refactor smaller 2009-10-23 09:23:02 -07:00
Tim Almdal
3c936d661a Change the name of identity library from Identity to IdentityProvider. Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class 2009-10-22 13:11:03 -07:00