* reset key has a 1-hour life
* reset key is automatically deleted once used
* reset key is stored as a hash
Thank you effigies for code suggestions
git-svn-id: http://piwigo.org/svn/trunk@29111 68402e56-0260-453c-a942-63ccdbb3a9ee
This class performs salt and multiple iterations. Already used in Wordpress,
Drupal, phpBB and many other web applications.
$conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify']
git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)
Original report by Stefan Schurtz via Secunia SVCRP
git-svn-id: http://piwigo.org/svn/trunk@17984 68402e56-0260-453c-a942-63ccdbb3a9ee
use only $page['infos'] and $page['errors'] vars and and necessary template to all main pages
git-svn-id: http://piwigo.org/svn/trunk@12764 68402e56-0260-453c-a942-63ccdbb3a9ee
The algorithm is highly inspired from WordPress :
1) in a single field, you give a username or an email
2) Piwigo sends an email with the activation key
3) the user clicks on the link in the email (with the activation key) and is able to set a new password
The "lost password" feature is no longer limited to "classic" users:
administrators and webmasters can use it too (no need to tell webmasters
that they can only change their password in the database)
git-svn-id: http://piwigo.org/svn/trunk@11992 68402e56-0260-453c-a942-63ccdbb3a9ee
Change "Piwigo - a PHP based picture gallery" into "Piwigo - a PHP based photo gallery"
git-svn-id: http://piwigo.org/svn/trunk@8728 68402e56-0260-453c-a942-63ccdbb3a9ee
Use php-gettext (developpement version rev43, because of php5.3) as fallback
Use native language (english) instead of key for translation
Keep directory en_UK for english customization
Need some refactoring for plurals
Todo : managing plugins in the same way
git-svn-id: http://piwigo.org/svn/trunk@5021 68402e56-0260-453c-a942-63ccdbb3a9ee
Replace all mysql functions in core code by ones independant of database engine
Fix small php code synxtax : hash must be accessed with [ ] and not { }.
git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
First commit, others will be follow.
Not hesitate to change my translations.
Add upload configuration tabsheet (move and add configuration)
Change and add define for access level
Can show upload link every time
Can restrict access upload.class.php
Can choice category on upload page
Add upload class not use for the moment
Review quickly and temporary style of upload.tpl
git-svn-id: http://piwigo.org/svn/trunk@2325 68402e56-0260-453c-a942-63ccdbb3a9ee
bugged (r2297 was repeating new and old header).
By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.
git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
Administrator can ask a new password
Add message about users witch can change their password
git-svn-id: http://piwigo.org/svn/trunk@1947 68402e56-0260-453c-a942-63ccdbb3a9ee
o Good idea of this new way for way conf['guest_access'], but I kept last implementation for access methods (Could be useful on future development)
git-svn-id: http://piwigo.org/svn/trunk@1851 68402e56-0260-453c-a942-63ccdbb3a9ee
Sent multi-part message in MIME format. (With only one part for the moment).
Improvement pwg_mail function.
git-svn-id: http://piwigo.org/svn/trunk@1809 68402e56-0260-453c-a942-63ccdbb3a9ee
o format of email
o max_execution_time equal to 0
o -f with only adress mail
o use of standard function get_webmaster_mail_address
2 news $conf parameters.
Merge branch-1_6 r1529:1530 into BSF
git-svn-id: http://piwigo.org/svn/trunk@1531 68402e56-0260-453c-a942-63ccdbb3a9ee
you now have category.php?/search/123/start-42. Functions make_index_url and
make_picture_url build these new URLs. Functions duplicate_picture_url and
duplicate_index_url provide shortcuts to URL creation. The current main page
page is still category.php but this can be modified easily in make_index_url
function. In this first version, no backward compatibility. Calendar
definition in URL must be discussed with rvelices.
improvement: picture.php redesigned. First actions like "set as
representative" or "delete a comment" which all lead to a redirection. Then
the page (the big mess) and includes of new sub pages to manage specific
parts of the page (metadata, user comments, rates).
new: with the cleaner URL comes a new terminology. $page['cat'] doesn't
exist anymore. $page['section'] is among 'categories', 'tags' (TODO),
'list', 'most_seen'... And sub parameters are set : $page['category'] if
$page['section'] is "categories". See URL analyse in
include/section_init.inc.php for details.
git-svn-id: http://piwigo.org/svn/trunk@1082 68402e56-0260-453c-a942-63ccdbb3a9ee
o Change status of table #_user_infos
o Don't send password to webmaster, guest, generic
Next Step:
o Functions Check of status
o Restricted Access for user generic
git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
- use only cookies to store session id on client side
- use default php session system with database handler to store sessions on server side
git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
