| Rev |
Age |
Author |
Path |
Log message |
Diff |
| 1283 |
2023-05-18 21:50:11 |
daniel-marschall |
/trunk/ |
makeAuthKey and validateAuthKey can now be used to make temporary keys with limited lifetime.
makeAuthKey and makeSecret now accept array inputs |
|
| 1282 |
2023-05-18 00:23:38 |
daniel-marschall |
/trunk/ |
Plugins can no longer access the SERVER_SECRET base configuration settings through OIDplusBaseConfig. Instead, makeAuthKey and makeSecret must be used. The bundled plugins are already updated. |
|
| 1130 |
2023-03-26 00:38:14 |
daniel-marschall |
/trunk/ |
Another large bunch of type-safety changes |
|
| 1117 |
2023-03-24 01:13:28 |
daniel-marschall |
/trunk/ |
|
|
| 1116 |
2023-03-23 23:09:25 |
daniel-marschall |
/trunk/ |
BIG CHANGE: All methods have received a PHPdoc comment and a lot of parameter and return types have been added (as far as PHP 7.0 allows)
!!! PLEASE NOTE THAT THE NEW VERSION OF OIDPLUS IS NOT COMPATIBLE WITH OLD THIRD PARTY PLUGINS (EXCEPT THE ONES THAT ARE BUNDLED WITH OIDPLUS)
!!! IF YOU HAVE THIRD PARTY PLUGINS INSTALLED (OR WRITTEN YOURSELF), THEN YOU *WILL* RECEIVE ERROR MESSAGES AFTER THE UPDATE
!!! AND NEED TO CHANGE THE METHOD SIGNATURES IN THESE PLUGINS TO MAKE THEM WORK AGAIN. (We can help you with this task if you need help!)
Please note that due to the amount of changes, there could have been a few bugs introduced; please send all bug reports via GitHub or email
and if you have the possibility, it is recommended to test the version of a test system before applying the update on a productive system.
Thank you very much! |
|
| 1086 |
2023-02-26 01:12:29 |
daniel-marschall |
/trunk/ |
Avoid calling *.class.php files directly to avoid PHP errors (Github Issue #4) |
|
| 1050 |
2022-12-21 01:13:04 |
daniel-marschall |
/trunk/ |
Huge change in internal code structure!
All OIDplus classes are now in the class namespace "ViaThinkSoft\OIDplus".
!!! WARNING:
!!! All plugins MUST put their classes in a namespace and the constant "INSIDE_OIDPLUS" must not be used anymore.
!!! If you have a third-party plugin installed which is NOT bundled with OIDplus, you MUST update it.
!!! Recommendation: Remove the plugin first, then update OIDplus, then ask the author to change the plugin.
!!! If you have not installed any third-party plugins, then it is safe to update now. |
|
| 847 |
2022-05-27 20:36:06 |
daniel-marschall |
/trunk/includes/ |
BUGFIX: No login sessions could be created using PHP 7.0 (Bug introduced in SVN Rev 711) |
|
| 826 |
2022-04-09 12:03:36 |
daniel-marschall |
/trunk/includes/classes/ |
Fixed wrong hash_pbkdf2 length (has problems with OpenSSL supplement) |
|
| 801 |
2022-03-24 16:15:23 |
daniel-marschall |
/trunk/ |
Changed OIDplus::webpath() method to include canonical paths |
|
| 730 |
2022-01-23 22:10:52 |
daniel-marschall |
/trunk/ |
"ImplementsFeature" is now available for all PHP classes of OIDplus, not just Plugin classes.
Therefore, OID-WHOIS can now also receive WHOIS attributes from Objects (not just the Object Plugin) or the OIDplusRA class. |
|
| 716 |
2021-12-27 17:31:12 |
daniel-marschall |
/trunk/ |
Fixed update failure of version 698 => 699
Revision log (software update check) is now compressed using GZip |
|
| 711 |
2021-12-26 18:33:19 |
daniel-marschall |
/trunk/ |
Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!
ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure) |
|
| 592 |
2021-05-23 22:53:31 |
daniel-marschall |
/trunk/ |
(Nearly) reached PHPStan level 5 |
|
| 585 |
2021-05-23 17:36:08 |
daniel-marschall |
/trunk/ |
Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway) |
|
| 571 |
2021-05-15 21:17:51 |
daniel-marschall |
/trunk/ |
OIDplusConfigInterface renamed to OIDplusGetterSetterInterface
Improved OIDplus class autoloader (supports namespaces) |
|
| 569 |
2021-05-15 16:00:35 |
daniel-marschall |
/trunk/ |
OOP |
|
| 566 |
2021-05-14 16:07:03 |
daniel-marschall |
/trunk/ |
Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible |
|
| 563 |
2021-05-09 20:32:36 |
daniel-marschall |
/trunk/ |
OAuth plugins display warning if SameSite policy is "Strict". A different approach follows later. (BUG#0000213) |
|
| 557 |
2021-04-25 22:06:14 |
daniel-marschall |
/trunk/ |
Cookie SAMESITE policy can now be configured in the base configuration file.
New clas "OIDplusCookieUtils".
In shebang, using "env php" instead of "/usr/bin/php". |
|
| 555 |
2021-04-23 17:28:56 |
daniel-marschall |
/trunk/ |
Cookie handling is now in function op_setcookie() instead setcookie().
Now using SameSite=Strict (experimental) |
|
| 511 |
2021-01-18 01:13:07 |
daniel-marschall |
/trunk/ |
Security: Added "INSIDE_OIDPLUS" constant to include files to avoid generating error messages when an include file is accessed directly
Updated copyright notices to 2021 |
|
| 496 |
2020-12-12 20:29:51 |
daniel-marschall |
/trunk/ |
Large refactoring of path functions.
DEPRECATED: OIDplus::basePath() becomes OIDplus::localpath()
DEPRECATED: OIDplus::getSystemUrl(X) becomes OIDplus::webpath(null, X)
OIDplus::webpath(X) becomes OIDplus::webpath(X, true) |
|
| 465 |
2020-11-13 13:43:58 |
daniel-marschall |
/trunk/ |
OIDplus can now also run without OpenSSL installed |
|
| 435 |
2020-10-17 19:47:26 |
daniel-marschall |
/trunk/includes/classes/ |
Resolve endless recursion when an IP address changed during an active session |
|
| 426 |
2020-10-03 18:19:34 |
daniel-marschall |
/trunk/ |
|
|
| 424 |
2020-10-02 22:22:14 |
daniel-marschall |
/trunk/ |
New security feature: CSRF Tokens.
ATTENTION TO PLUGIN DEVELOPERS: You need to add "csrf_token:csrf_token" to your JavaScript's AJAX request fields! |
|
| 360 |
2020-08-23 00:28:31 |
daniel-marschall |
/trunk/ |
LARGE UPDATE: Made everything multilingual; Translation to German! |
|
| 277 |
2020-04-25 02:27:11 |
daniel-marschall |
/trunk/ |
Introducing new plugin architecture (manifest.ini) |
|
| 263 |
2020-04-19 14:19:13 |
daniel-marschall |
/trunk/ |
Refactoring: Moved business logic out of the OIDplusConfig class. Validation functionalities of config keys are now implemented as callback to the prepareConfigKey function |
|
| 261 |
2020-04-18 16:38:21 |
daniel-marschall |
/trunk/ |
Large refactoring: "config.inc.php" is now in format 2.1; the configuration settings are now stored in a class OIDplusBaseConfis and can therefore be altered in automated test environments.
Characters "###" inside a query now get replaced by the table prefix. |
|
| 250 |
2020-04-14 22:46:54 |
daniel-marschall |
/trunk/ |
Further improved object oriented design; added class diagram and database connectivity diagram for easier understanding |
|
| 230 |
2020-03-23 01:35:25 |
daniel-marschall |
/trunk/ |
OOP |
|
| 227 |
2020-03-20 22:27:50 |
daniel-marschall |
/trunk/ |
Various fixes and OOP changes |
|
| 179 |
2019-08-22 16:32:41 |
daniel-marschall |
/trunk/ |
Small fixes |
|
| 112 |
2019-05-17 21:27:53 |
daniel-marschall |
/trunk/ |
|
|
| 87 |
2019-04-12 21:13:52 |
daniel-marschall |
/trunk/includes/classes/ |
|
|
| 86 |
2019-04-11 15:34:00 |
daniel-marschall |
/trunk/includes/classes/ |
Session now protectede against hijacking (IP change) |
|
| 85 |
2019-04-09 14:00:29 |
daniel-marschall |
/trunk/ |
Session Cookies are now only sent if the user actually log ins. |
|
| 83 |
2019-04-07 20:22:06 |
daniel-marschall |
/trunk/ |
Non-OIDs are now transmitted via XML, too |
|