aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
Commit message (Collapse)AuthorAgeFilesLines
* guest token xchan_network = "token" and remove permission checks since the ↵Mario2021-12-181-1/+1
| | | | guest tokens are now added to the abook automatically
* access token refactorMario2021-12-171-5/+23
|
* remove more legacy zot quirksMario2021-05-261-2/+1
|
* air: revert min_livetime of the form security token - it has had its issues ↵Mario2021-03-181-2/+1
| | | | and air can be configured for delayed registration verification
* air: deal with timezones when displaying open/close time - this should ↵Mario2021-03-181-5/+5
| | | | finally fix issue #1544
* get devHilmar R2021-03-011-122/+121
|
* melt diff prod fork 4.6.2 air onto 5.2.1 to 5.2.2 DB 1241Hilmar R2021-01-231-0/+103
|
* Revert "more prefer zot6"Mario2020-08-241-7/+3
| | | This reverts commit e9a264cb43e4c782160db645329d59db9835e388
* more prefer zot6Mario Vavti2020-08-241-3/+7
|
* Add minimum form displaying time before loginMax Kostikov2020-07-211-1/+3
|
* typoszotlabs2019-03-121-8/+8
|
* security updates for multiple xchanszotlabs2019-03-111-59/+189
|
* testing init_groups_visitor changes - also add virtual groups for both zot ↵zotlabs2019-03-101-13/+11
| | | | identities
* init_groups_visitor: include xchans from all zot-like networkszotlabs2019-03-101-3/+21
|
* Update security.phpMax Kostikov2018-09-281-1/+1
|
* Update security.phpMax Kostikov2018-09-271-1/+1
|
* Zot/Finger: ignore deleted hublocszotlabs2018-08-211-1/+1
|
* we must now provide the full path to the profile image for the cavatar ↵Mario Vavti2018-05-151-4/+4
| | | | plugin to work
* Active channels information is a bit imprecise. Provide a higher accuracy ↵zotlabs2018-04-161-0/+9
| | | | method. This will require a transition period
* make most recent cloud_tiles setting for local channels persistent across loginszotlabs2017-11-071-0/+1
|
* don't translate 'guest:' since it is part of a urlzotlabs2017-10-161-1/+1
|
* ensure guests hve a unique (non-existent) url so that network discovery on ↵zotlabs2017-10-161-1/+1
| | | | remote servers doesn't come up mis-attributing the token. Future work should probably provide an actual page at this location describing it as a guest account of 'xyz'.
* stream_perms_xchans wasn't working which has effects in mod_display and ↵zotlabs2017-08-211-1/+2
| | | | there are also issues with the oembed provider for mod_display. This is a first cut for the second but hasn't yet been tested
* provide ability to search webpages (either public or which contain the ↵zotlabs2017-05-301-1/+0
| | | | observer in the acl) in addition to conversations
* ugly postgres fixeszotlabs2017-04-301-22/+34
|
* Create virtual privacy groups for private profile member listszotlabs2017-02-121-1/+15
|
* provide lowlevel xchan storage function to ensure that all non-null rows are ↵zotlabs2017-01-281-13/+10
| | | | initialised
* [TASK] Update Doxyfile and fix Doxygen errors.Klaus Weidenbach2016-10-131-38/+46
| | | | | | Updated Doxyfile to include new folders. Add a list for @hooks tags. Fixed some parsing problems for Doxygen.
* more backquotes - this should take care of most except for the array import ↵zotlabs2016-10-091-1/+1
| | | | queries
* finish the channel_reddress() conversionredmatrix2016-09-211-1/+1
|
* This checkin should make all permission modes work correctly with atokens ↵redmatrix2016-08-011-1/+73
| | | | (they should be able to post content if allowed to). It also removes the strict linkage between permissions and connections so any individual permission can be set for any xchan; even those for which you have no connections.
* make guest access tokens work with PERMS_NETWORK, PERMS_SITE, PERMS_PENDING, ↵redmatrix2016-07-311-0/+28
| | | | and PERMS_CONTACTS; or everything but PERMS_SPECIFIC. PERMS_SITE could be contentious, but we're currently denying them as they are a guest and don't actually have a channel on this site. We can't easily make PERMS_SPECIFIC work without providing an abook entry for the guest since we would need to set specific permissions for the guest login, but unfortunately this could be the most desirable setting to use in many cases. There is also an update of hmessages.po in this commit.
* Merge branch 'dev' into permsredmatrix2016-07-201-14/+15
|\
| * sort out some of the authentication mess - with luck this may fix the DAV ↵redmatrix2016-07-201-14/+15
| | | | | | | | auth issue which I simply could not duplicate or find a reason for.
* | Merge branch 'dev' into permsredmatrix2016-07-171-0/+38
|\|
| * make the xchan_hash for the access token location independentredmatrix2016-07-141-12/+15
| |
| * more ZAT workredmatrix2016-07-141-0/+2
| |
| * first cut at zot access tokensredmatrix2016-07-141-0/+33
| |
* | more work on permsredmatrix2016-07-121-15/+26
|/
* use the get_hostname function rather than parse the urlredmatrix2016-07-111-1/+1
|
* create change_channel hookredmatrix2016-07-111-0/+4
|
* create miniApp to convert existing settings files to the static App classredmatrix2016-03-311-11/+4
|
* static Appredmatrix2016-03-311-16/+16
|
* deprecate $a->get_baseurl()redmatrix2016-03-301-3/+3
|
* some minor cleanupsredmatrix2016-03-101-1/+1
|
* issue #216 - calendar sharingredmatrix2016-02-241-7/+11
|
* add oembed provider for photosredmatrix2016-01-311-1/+1
|
* various issues from the forumsredmatrix2016-01-171-10/+13
|
* some minor cleanup - change the default of the discover tab (public stream ↵redmatrix2015-12-101-10/+8
| | | | access)
* add one more level of parentheses to ensure operator precedence is correctly ↵redmatrix2015-09-281-2/+2
| | | | evaluated