7e5453b3aa
fix: lower-case remote usernames before validation
...
Fixes a bug where users are saved lowercase but compared mixed-case. Only applies to upstreams that send non-lowercase usernames. No obvious security impact; it results in a unique key violation and not a successful login.
2022-07-08 16:31:15 +03:00
53061d1508
* add HOOK_POST_LOGOUT
...
* auth_remote: add config option AUTH_REMOTE_POST_LOGOUT_URL
2021-12-06 13:20:18 +03:00
f537502fce
deal with (most of) phpstan warnings in auth_internal and auth_remote
2021-11-14 21:09:53 +03:00
0a2dcacbcf
normalize some mismatching hook function definitions to match base Plugin class
2021-11-14 11:11:49 +03:00
87a30d88d3
plugin cleanup re: phpstan 1.0 warnings
2021-11-10 20:58:40 +03:00
20a844085f
hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null)
2021-03-01 12:11:42 +03:00
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
2021-03-01 10:20:21 +03:00
bd2314170d
implement prefs UI based on new prefs class and a few more things
2021-02-25 12:46:13 +03:00
2ae0b7059f
cleanup some defined-stuff
2021-02-23 09:01:27 +03:00
7af8744c85
authentication: make logins case-insensitive (force lowercase)
2021-02-11 09:57:57 +03:00
7874f6ac58
remove PHPMD.UnusedFormalParameter
2021-02-08 19:42:10 +03:00
51d2deeea9
fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost
2021-02-08 19:11:31 +03:00
0868ff9d64
auth_remote: use empty() instead of isset() while checking headers
2021-01-07 11:18:02 +03:00
dc40f69511
fix auth_remote broken by previous commit
2021-01-05 18:55:05 +03:00
8a34084df1
auth_remote: rewrite header checking to be more readable
2021-01-05 10:37:30 +03:00
564a24fd78
Add support for HTTP_REMOTE_USER variable for user authentication
2020-12-21 16:56:39 +00:00
b431d52520
auth_remote: use PDO
2017-12-03 09:21:08 +03:00
21ce7d9ec0
update phpmd ruleset to use (subset) of cleancode
...
fix various minor issues reported by static analysis
remove redundant php closing tag from several more files
2017-04-26 20:57:36 +03:00
0eed023e7d
auth_remote: check for PHP_AUTH_USER too
2017-04-09 14:15:46 +03:00
6f7798b643
Fixing bugs found by static analysis
2013-05-07 00:35:10 -07:00
106a3de91c
plugins: bump API version
2013-04-19 17:31:56 +04:00
a42c55f02b
fix blank character after opening bracket in function calls
2013-04-17 18:34:18 +04:00
a0ed0d38d4
auth_remote: fix typo
2013-04-17 18:27:41 +04:00
d632b28cef
fix some missing constructor parameters
2013-04-17 18:21:32 +04:00
6322ac79a0
remove $link
2013-04-17 16:48:41 +04:00
3972bf5981
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
2013-03-22 09:14:55 +04:00
23923ca726
auth_remote: add REDIRECT_ version of REMOTE_USER for php-cgi configured through mod_actions ( closes #597 )
2013-03-19 13:39:26 +04:00
e938b1de11
rename plugin main class files
2012-12-30 13:36:40 +04:00
0f28f81f89
move authentication modules to plugins/
2012-12-27 15:14:44 +04:00
disconn3ct
Andrew Dolgov
Tony
Rasmus Lerdorf
Andrew Dolgov
Andrew Dolgov