w0zard/sync
1
0
Fork 0
mirror of https://github.com/Spengreb/sync.git synced 2026-05-14 11:42:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
822 commits 13 branches 9 tags 14 MiB
Commit graph

12 commits

Author SHA1 Message Date
calzoneman
08a46f5e00 Fixes 2013-08-18 14:21:42 -05:00
Calvin Montgomery
03e27a7720 Various fixes to the API 2013-08-11 23:36:42 -04:00
Calvin Montgomery
4aa0e7a4ef Start updating to new API 2013-08-11 23:10:55 -04:00
calzoneman
b9e465b714 Fix URI encoding on register/login, also fix database escape bug 2013-07-27 10:11:31 -04:00
calzoneman
e030a2bfa6 Fix theme preference on login frame 2013-06-27 16:09:36 -04:00
calzoneman
52b88c0e40 Finish up 2013-05-30 14:34:54 -04:00
calzoneman
886834e822 Fix broken URLs from last commit 2013-05-17 18:56:11 -04:00
calzoneman
25a2c053e9 Fix login page to load user theme 2013-05-14 18:07:55 -04:00
calzoneman
62e80cec63 Add password change (#88) 2013-05-04 13:01:04 -05:00
calzoneman
84fb4214d7 Fix cross-domain issues 2013-04-25 23:57:46 -05:00
calzoneman
087f612b37 Bugfixes for last commit 
- Fix race condition for login frame
- Fix guest logins
 2013-04-25 23:04:51 -05:00
calzoneman
3a7acd0526 Implement new session system 
I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:

ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
 2013-04-25 22:50:12 -05:00