1. 06 Jun, 2008 2 commits
    • Nigel McNie's avatar
      Implement a cron job to delete old session files. Fixes #570. · 299c850a
      Nigel McNie authored
      We haven't been clearing out session files since I first chose to make us hash the session directory back in 2006. Talk about a timebomb...
      The cron job uses `find' and `xargs' to do the removing. These tools are required on debian (as part of findutils), and are installed in /usr/bin. I haven't bothered with a configuration directive for specifying a path to them for now, but that might be necessary later.
      (cherry picked from commit 335d66a7)
    • Nigel McNie's avatar
      Make usernames unique over their lowercase values, and put validation in... · 7c7ed40b
      Nigel McNie authored
      Make usernames unique over their lowercase values, and put validation in everywhere so two users can't do this again.
      Usernames _are_ meant to be case insensitive in the system. But at no point where users could be created (except for XMLRPC users), was this actually being enforced. So eventually someone actually did this, which caused login for both users to break.
      Now, all entry points for new users are checked to make sure users can't claim names whose lowercase value is the same as another user. And on postgres, we now have a unique index over LOWER(username). This isn't possible in MySQL, so MySQL users miss out (yet again).
  2. 03 Jun, 2008 1 commit
  3. 29 May, 2008 2 commits
  4. 07 May, 2008 1 commit
  5. 06 May, 2008 8 commits
  6. 04 May, 2008 5 commits
  7. 01 May, 2008 1 commit
  8. 29 Apr, 2008 7 commits
  9. 28 Apr, 2008 4 commits
  10. 24 Apr, 2008 1 commit
    • Nigel McNie's avatar
      Improved handling of parent/child authentication so duplicate users are not created. · ed2b4ac8
      Nigel McNie authored
      This comes from a report on the forums: http://www.mahara.org/node/155
      The problem stemmed from an apparent misunderstanding in the code about the purpose of the 'authinstance' column in the usr table. It is for the authentication instance the user uses to log in, and is normally the parent if they are using a child/parent authentication method. However, if the authentication method doesn't have a parent, it will be the child.
      This means we need to change checks in a couple of places to look for the parent _or_ child, rather than just one of them. Otherwise, some parts of the code believe that users don't exist when in fact they do, etc.
  11. 22 Apr, 2008 7 commits
  12. 21 Apr, 2008 1 commit