aboutsummaryrefslogtreecommitdiffstats
path: root/password.php (unfollow)
Commit message (Collapse)AuthorFilesLines
2014-07-28bug 3050: increase security on reset password algorithm.plegall1-53/+83
* reset key has a 1-hour life * reset key is automatically deleted once used * reset key is stored as a hash Thank you effigies for code suggestions git-svn-id: http://piwigo.org/svn/trunk@29111 68402e56-0260-453c-a942-63ccdbb3a9ee
2014-06-02feature 3010 : replace trigger_action/event by trigger_notify/changemistic1001-3/+3
git-svn-id: http://piwigo.org/svn/trunk@28587 68402e56-0260-453c-a942-63ccdbb3a9ee
2014-01-05Update headers to 2014. Happy new year!!mistic1001-1/+1
git-svn-id: http://piwigo.org/svn/trunk@26461 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-10-19remove all array_push (50% slower than []) + some changes missing for ↵mistic1001-20/+17
feature:2978 git-svn-id: http://piwigo.org/svn/trunk@25018 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-10-19feature 2978: remove useless sprintf in the coremistic1001-4/+4
git-svn-id: http://piwigo.org/svn/trunk@25005 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-02-07replaced page_messages.php with a function to callrvelices1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@20609 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-01-01 update Piwigo headers to 2013 (the end of the world didn't occur as ↵plegall1-1/+1
expected on r12922) git-svn-id: http://piwigo.org/svn/trunk@19703 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-11-02feature 2727: improve password security with the use of PasswordHash class.plegall1-1/+1
This class performs salt and multiple iterations. Already used in Wordpress, Drupal, phpBB and many other web applications. $conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify'] git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-10-19merge r18699 from branch 2.4 to trunkplegall1-1/+1
bug 2774 fixed: better sanitize on username_or_email user input git-svn-id: http://piwigo.org/svn/trunk@18700 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-09-20feature 2747: Add triggers on all main pages mistic1001-0/+3
git-svn-id: http://piwigo.org/svn/trunk@18063 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-09-18merge r17983 from branch 2.4 to trunkplegall1-1/+1
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both username and email don't allow HTML tags...) Original report by Stefan Schurtz via Secunia SVCRP git-svn-id: http://piwigo.org/svn/trunk@17984 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-06-06feature:2538 little rework of messages system, now can be used on ↵mistic1001-0/+1
'loc_end_index' and 'loc_end_picture' git-svn-id: http://piwigo.org/svn/trunk@15578 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-01-17update Piwigo headers to 2012, last change before the expected (or not) ↵mistic1001-1/+1
apocalypse git-svn-id: http://piwigo.org/svn/trunk@12922 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-12-18feature:2538 Make a unified messages managementmistic1001-10/+0
use only $page['infos'] and $page['errors'] vars and and necessary template to all main pages git-svn-id: http://piwigo.org/svn/trunk@12764 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-11-29language cleanup (exact duplicates or almost same duplicate)rvelices1-2/+2
git-svn-id: http://piwigo.org/svn/trunk@12672 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-08-24feature 2027 implemented: the "lost password" feature was rewritten.plegall1-87/+287
The algorithm is highly inspired from WordPress : 1) in a single field, you give a username or an email 2) Piwigo sends an email with the activation key 3) the user clicks on the link in the email (with the activation key) and is able to set a new password The "lost password" feature is no longer limited to "classic" users: administrators and webmasters can use it too (no need to tell webmasters that they can only change their password in the database) git-svn-id: http://piwigo.org/svn/trunk@11992 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-05-09restore HOME links, change parameter name for remove menu on certain pagemistic1001-1/+1
git-svn-id: http://piwigo.org/svn/trunk@10824 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-05-07merge spread_menus to the coremistic1001-0/+7
git-svn-id: http://piwigo.org/svn/trunk@10812 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-02-11feature 2187 added: new trigger to enhance/modify lost password email.plegall1-0/+2
git-svn-id: http://piwigo.org/svn/trunk@9169 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-01-18Happy new year 2011plegall1-2/+2
Change "Piwigo - a PHP based picture gallery" into "Piwigo - a PHP based photo gallery" git-svn-id: http://piwigo.org/svn/trunk@8728 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-12-14feature 2060: Remove adviser from db structure.patdenice1-6/+2
Remove adviser from user_list page and some db queries. git-svn-id: http://piwigo.org/svn/trunk@8131 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-19increase copyright year to 2010plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-02Feature 1451 : localization with gettextnikrou1-2/+2
Use php-gettext (developpement version rev43, because of php5.3) as fallback Use native language (english) instead of key for translation Keep directory en_UK for english customization Need some refactoring for plurals Todo : managing plugins in the same way git-svn-id: http://piwigo.org/svn/trunk@5021 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-20Feature 1244 resolvednikrou1-3/+3
Replace all mysql functions in core code by ones independant of database engine Fix small php code synxtax : hash must be accessed with [ ] and not { }. git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-18Escape all login and username characters in databaseEric1-1/+1
Display correctly usernames (I hope not to have made mistakes) git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-15Feature 1241 resolved. replace mysql_fetch_array by mysql_fetch_assoc for ↵nikrou1-1/+1
small php code improvements git-svn-id: http://piwigo.org/svn/trunk@4265 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-01-04Administration: happy new year 2009, all PHP headers updated. plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-10-15- change mysql_escape_string function (deprecated) by mysql_real_escape_string.patdenice1-1/+1
- Correction on install.tpl (link color). git-svn-id: http://piwigo.org/svn/trunk@2752 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-05-02Resolved issue 0000823: Enhance upload functionalitiesrub1-1/+1
First commit, others will be follow. Not hesitate to change my translations. Add upload configuration tabsheet (move and add configuration) Change and add define for access level Can show upload link every time Can restrict access upload.class.php Can choice category on upload page Add upload class not use for the moment Review quickly and temporary style of upload.tpl git-svn-id: http://piwigo.org/svn/trunk@2325 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-05Bug fixed: as rvelices notified me by email, my header replacement script wasplegall1-24/+0
bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-04Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall1-0/+21
git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-02-28- migrate many templates to smartyrvelices1-39/+8
git-svn-id: http://piwigo.org/svn/trunk@2223 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-04-10Issue 674:rub1-3/+5
Allow administrator and webmaster ADVISER to ask a new password git-svn-id: http://piwigo.org/svn/trunk@1951 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-04-07Issue 674:rub1-1/+2
Administrator can ask a new password Add message about users witch can change their password git-svn-id: http://piwigo.org/svn/trunk@1947 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-03-13Updates:vdigital1-2/+2
- Copyrights 2003-2007 - help - Some HTML comform requests git-svn-id: http://piwigo.org/svn/trunk@1903 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-22 o Proposition: improved display of 'x images in y sub-categories' or 'x ↵rub1-0/+5
images in this category' for cases when categories contain both images and sub-categories o Good idea of this new way for way conf['guest_access'], but I kept last implementation for access methods (Could be useful on future development) git-svn-id: http://piwigo.org/svn/trunk@1851 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-12When not template are selected for mail, PWG uses default template..rub1-1/+2
Sent multi-part message in MIME format. (With only one part for the moment). Improvement pwg_mail function. git-svn-id: http://piwigo.org/svn/trunk@1809 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-08-09Resolved Issue ID 0000507:rub1-10/+2
o format of email o max_execution_time equal to 0 o -f with only adress mail o use of standard function get_webmaster_mail_address 2 news $conf parameters. Merge branch-1_6 r1529:1530 into BSF git-svn-id: http://piwigo.org/svn/trunk@1531 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-15new: cleaner URL. Instead of category.php?cat=search&search=123&start=42,plegall1-1/+1
you now have category.php?/search/123/start-42. Functions make_index_url and make_picture_url build these new URLs. Functions duplicate_picture_url and duplicate_index_url provide shortcuts to URL creation. The current main page page is still category.php but this can be modified easily in make_index_url function. In this first version, no backward compatibility. Calendar definition in URL must be discussed with rvelices. improvement: picture.php redesigned. First actions like "set as representative" or "delete a comment" which all lead to a redirection. Then the page (the big mess) and includes of new sub pages to manage specific parts of the page (metadata, user comments, rates). new: with the cleaner URL comes a new terminology. $page['cat'] doesn't exist anymore. $page['section'] is among 'categories', 'tags' (TODO), 'list', 'most_seen'... And sub parameters are set : $page['category'] if $page['section'] is "categories". See URL analyse in include/section_init.inc.php for details. git-svn-id: http://piwigo.org/svn/trunk@1082 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-08Step 1 improvement issue 0000301:rub1-2/+6
o Change status of table #_user_infos o Don't send password to webmaster, guest, generic Next Step: o Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-31[NBM] Step 1: Create new include files with current notification/mail ↵rub1-33/+3
fonctions (with improvement) git-svn-id: http://piwigo.org/svn/trunk@1018 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-15Improve security of sessions: nikrou1-1/+1
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-10-18- bug 159 and 166 fixed: parameter "options" for mail() function disabled byplegall1-2/+9
default. git-svn-id: http://piwigo.org/svn/trunk@901 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-09-18- new: automatic new password sent by mail when requested by userplegall1-0/+217
git-svn-id: http://piwigo.org/svn/trunk@866 68402e56-0260-453c-a942-63ccdbb3a9ee