| Rev |
Age |
Author |
Path |
Log message |
Diff |
| 1050 |
2022-12-21 01:13:04 |
daniel-marschall |
/trunk/ |
Huge change in internal code structure!
All OIDplus classes are now in the class namespace "ViaThinkSoft\OIDplus".
!!! WARNING:
!!! All plugins MUST put their classes in a namespace and the constant "INSIDE_OIDPLUS" must not be used anymore.
!!! If you have a third-party plugin installed which is NOT bundled with OIDplus, you MUST update it.
!!! Recommendation: Remove the plugin first, then update OIDplus, then ask the author to change the plugin.
!!! If you have not installed any third-party plugins, then it is safe to update now. |
|
| 847 |
2022-05-27 20:36:06 |
daniel-marschall |
/trunk/includes/ |
BUGFIX: No login sessions could be created using PHP 7.0 (Bug introduced in SVN Rev 711) |
|
| 826 |
2022-04-09 12:03:36 |
daniel-marschall |
/trunk/includes/classes/ |
Fixed wrong hash_pbkdf2 length (has problems with OpenSSL supplement) |
|
| 801 |
2022-03-24 16:15:23 |
daniel-marschall |
/trunk/ |
Changed OIDplus::webpath() method to include canonical paths |
|
| 730 |
2022-01-23 22:10:52 |
daniel-marschall |
/trunk/ |
"ImplementsFeature" is now available for all PHP classes of OIDplus, not just Plugin classes.
Therefore, OID-WHOIS can now also receive WHOIS attributes from Objects (not just the Object Plugin) or the OIDplusRA class. |
|
| 716 |
2021-12-27 17:31:12 |
daniel-marschall |
/trunk/ |
Fixed update failure of version 698 => 699
Revision log (software update check) is now compressed using GZip |
|
| 711 |
2021-12-26 18:33:19 |
daniel-marschall |
/trunk/ |
Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!
ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure) |
|
| 592 |
2021-05-23 22:53:31 |
daniel-marschall |
/trunk/ |
(Nearly) reached PHPStan level 5 |
|
| 585 |
2021-05-23 17:36:08 |
daniel-marschall |
/trunk/ |
Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway) |
|
| 571 |
2021-05-15 21:17:51 |
daniel-marschall |
/trunk/ |
OIDplusConfigInterface renamed to OIDplusGetterSetterInterface
Improved OIDplus class autoloader (supports namespaces) |
|
| 569 |
2021-05-15 16:00:35 |
daniel-marschall |
/trunk/ |
OOP |
|
| 566 |
2021-05-14 16:07:03 |
daniel-marschall |
/trunk/ |
Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible |
|
| 563 |
2021-05-09 20:32:36 |
daniel-marschall |
/trunk/ |
OAuth plugins display warning if SameSite policy is "Strict". A different approach follows later. (BUG#0000213) |
|
| 557 |
2021-04-25 22:06:14 |
daniel-marschall |
/trunk/ |
Cookie SAMESITE policy can now be configured in the base configuration file.
New clas "OIDplusCookieUtils".
In shebang, using "env php" instead of "/usr/bin/php". |
|
| 555 |
2021-04-23 17:28:56 |
daniel-marschall |
/trunk/ |
Cookie handling is now in function op_setcookie() instead setcookie().
Now using SameSite=Strict (experimental) |
|
| 511 |
2021-01-18 01:13:07 |
daniel-marschall |
/trunk/ |
Security: Added "INSIDE_OIDPLUS" constant to include files to avoid generating error messages when an include file is accessed directly
Updated copyright notices to 2021 |
|
| 496 |
2020-12-12 20:29:51 |
daniel-marschall |
/trunk/ |
Large refactoring of path functions.
DEPRECATED: OIDplus::basePath() becomes OIDplus::localpath()
DEPRECATED: OIDplus::getSystemUrl(X) becomes OIDplus::webpath(null, X)
OIDplus::webpath(X) becomes OIDplus::webpath(X, true) |
|
| 465 |
2020-11-13 13:43:58 |
daniel-marschall |
/trunk/ |
OIDplus can now also run without OpenSSL installed |
|
| 435 |
2020-10-17 19:47:26 |
daniel-marschall |
/trunk/includes/classes/ |
Resolve endless recursion when an IP address changed during an active session |
|
| 426 |
2020-10-03 18:19:34 |
daniel-marschall |
/trunk/ |
|
|