- 02 Oct, 2015 2 commits
-
-
Manuel Gogl authored
behatnotneeded: dealing with deletign files from dataroot Change-Id: I0c6f2ef1b04b8ac4beef2daef2459b619db9a9ed Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit 4deca621)
-
Aaron Wells authored
Bug 1495200 & Bug 1496681 behatnotneeded: Well, we could test this, but it would require a 60-second wait for the session to timeout (since the least you can set the session timeout via the UI is 1 minute) Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad (cherry picked from commit aee374c0) (cherry picked from commit 784dbf9d)
-
- 20 Nov, 2014 1 commit
-
-
Robert Lyon authored
Scenario/testing: - Create an account, say User A and logout as admin. - In one browser login (this will be the hacker user) - In another browser reset pass via forgotten pass link What should happen: User in browser two should be able to reset pass then navigate about as when normally logged in. User in browser one should be forced to login again as their user sessionid is not valid anymore. Before patch: malicious user still has access until $USER->logout_time time expires After patch: malicious user foreced to re-login straight away on next page load Change-Id: I42ad907e5ffa7c128742a159116cf20dc6cd9b8a Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 30 Jul, 2014 1 commit
-
-
Robert Lyon authored
Seen as we already have an expiry column in the db we might as well use it. Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 10 Apr, 2014 1 commit
-
-
Robert Lyon authored
Rather than relying on id number we rely on the fact they are an admin. Change-Id: I17f87a7b0cb4e75b5392b196a84afb4105ab3668 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 09 Apr, 2014 1 commit
-
-
Robert Lyon authored
This is a regression that has crept in during v1.8 The installation doesn't update the admin's email address from the dummy one. Change-Id: If2b74121e6799c3f2c3745802c2aa0e856b2fd69 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 25 Mar, 2014 1 commit
-
-
Son Nguyen authored
If set, this option will overwrite the institution 'Confirm registration' setting Change-Id: I28cf952c3629005d86c31354e39581e74324a26f Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 18 Mar, 2014 1 commit
-
-
Son Nguyen authored
(Bug 1064780) also set default values for the user's account. Change-Id: I347cb39e3ae663b23a37f81af5a48325eaedfcea Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 12 Mar, 2014 1 commit
-
-
Aaron Wells authored
Bug 1252098 Change-Id: I9f2386fcb69510a23f66efc3bce32697fb8c8616
-
- 07 Mar, 2014 1 commit
-
-
Aaron Wells authored
Bug 1284869 Change-Id: Ic7c116dd09b501c35df61f735063f4c187016585
-
- 09 Feb, 2014 1 commit
-
-
Jono Mingard authored
Pieforms now adds a global error message if there are any validation errors in a form, in addition to the messages beside each element. This is modified from the existing jserrormessage Change-Id: I15b9f4238ec3e5b1e6cb7fcff0514855565f0364 Signed-off-by:
Jono Mingard <jonom@catalyst.net.nz>
-
- 24 Jan, 2014 1 commit
-
-
Robert Lyon authored
Changes include: - added an institution column to the site_content table - added an 'Edit site pages' page under Admin -> Institutions that is accessibe by institution admins - added an 'institution' option to the edit site pages form - this is a hidden field if user can edit only one institution. On upgrade it updates the site_content table to give current data the institution on 'mahara' (incl. local site pages) and for each institution it replicates the data already in the db for the default site (excl. local site pages) so that every site has their own versions, which can be adjusted as one sees fit. On creation of new institution it creates the rows in site_content table but with the default strings (like what you see when you first install a mahara) but sets the sitepages column in institution table to default (mahara). On deletion of institution it removes the rows in site_content. A user on login sees the institution site page based on what institution theme they see. On logout the 'lastinstitution' cookie is set allowing for them to see institution specific site pages. The 'No institution' (mahara) site pages can only be edited through Configure site -> Edit site pages. Also allow for an institution site page to be viewed if 'institution' variable is passed to it eg terms.php?institution=testing allowing for another way to access info when logged out. Change-Id: I2ed30b63c15bf676d83eb2231f48c4ca23ce8b53 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 21 Jan, 2014 1 commit
-
-
Aaron Wells authored
This reverts commit 1cdc0486. The JSDetector class has caused three regressions so far (Bug 1270846, Bug 1261610, and Bug 1268788). Since it's been buggy and it's not actively in use anywhere in the site, I think we should revert it. Change-Id: If32d5adf8733ce3f455aab09a5d138c7707ae95d
-
- 19 Dec, 2013 1 commit
-
-
Jono Mingard authored
Changed pieforms to set a tabindex of 0 by default (rather than starting at 1 and incrementing for each successive form) Removed other explicit tabindex attributes (in login forms) Change-Id: I40ccc95d4437764742391a27ae4d89485d9921b4 Signed-off-by:
Jono Mingard <reason.koan@gmail.com>
-
- 15 Dec, 2013 1 commit
-
-
Son Nguyen authored
1. Add the begining of PHP file, call JavascriptDetector::check_javascript(); 2. Call JavascriptDetector::is_javascript_activated() or $SESSION->get('javascriptenabled') to get the current status. 3. Call JavascriptDetector::reset() when users logout. Change-Id: Ia12e1678ae2f3f74f3b8e5fb2c0bfdd20d5ae906 Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 21 Nov, 2013 1 commit
-
-
Robert Lyon authored
As the string is hardcoded in lang file and does NOT take any variables it is ok to pass into form error as unescaped. Change-Id: Ibc0b9d7ed872abb7c4ba77d3d2bb5abcde110abc Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 17 Oct, 2013 1 commit
-
-
Robert Lyon authored
Currently if there is html in an error message used by pieforms it escapes the html so the link becomes not usable. I have made a change where you can tell pieforms not to escape the error message. So instead of using: $form->set_error($field, $message); you can use: $form->set_error($field, $message, false); Where false means do not escape the message. As the terms and conditions are displayed on the page already I've updated the link to jump to the terms section Change-Id: Ia8650a9f2284fb007cbe81a4a94223f127c4f6cd Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 14 Oct, 2013 1 commit
-
-
Robert Lyon authored
- have updated copyright for the pages that had existing copyright notices (except for the lib/pieforms/ section as i'm not too sure if that needs changing as it is a different Catalyst IT product) Change-Id: I11c65ad26cb9cd856cf16b1dccbd4223ba086645 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> Signed-off-by:
Aaron Wells <aaronw@catalyst.net.nz>
-
- 24 Sep, 2013 1 commit
-
-
Robert Lyon authored
I keep not finding it :) Change-Id: I0d3afb3b7681d455743f9ef10adf8c3df4b5e79f Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 02 Sep, 2013 1 commit
-
-
Aaron Wells authored
Bug 1160093: This adds a few new methods to the Auth class, which represents an auth instance: - is_parent_authority(): Indicates whether this auth instance is a parent authority or not - get_parent_authority(): Gets the ID of this auth instance's parent authority - needs_remote_username(): Indicates whether this auth instance needs the user to have a remote username setting (in auth_remote_user table) I've also updated the SAML and XMLRPC auth types, which are the only ones that use remote username. And I've updated create_user() to automatically populate auth_remote_user() for auth instances that use it. Note that an auth instance of ANY type will need a remote username if it's the parent to another authority (the parent feature allows a user to log in via the parent or the child auth instance; so it's quite possible for the user to have different usernames in the two of them. Currently only XMLRPC uses the parent auth feature.) Lastly, also updated the documentation of LiveUser->create_user() to indicate that it only uses the $remoteauth parameter as a boolean (which was true even before my code changes). Change-Id: I39b1b74e68cdbc9c2632b886655caaaece1bd312
-
- 15 Aug, 2013 1 commit
-
-
Aaron Wells authored
Change-Id: I874d0c10d68532944d5eec96669a8a46b0bedd9a
-
- 23 Jun, 2013 1 commit
-
-
Son Nguyen authored
(bug #1045563) When an user complete the required profile field, 1. Check if the email address has been taken 2. Send a validation email to this address 3. If an email has been sent, display the status message. When an user validate his/her email address 4. if it is the primary email, update the email field of the table 'usr' in DB Change-Id: Ie3f8268bee9890c7f568a399da4332bb5ab44447 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 17 Jan, 2013 1 commit
-
-
Ali Kaye authored
Added 'Default registration expiry lifetime' and relevant dropdown box to 'Account settings', plus adding how long the administrator has to approve registration to the email alert. Change-Id: Ic2df962730b10e6df4ccccaa539e415640f024b8 Signed-off-by:
Ali Kaye <alexandrakaye.student@wegc.school.nz>
-
- 16 Jan, 2013 1 commit
-
-
Ali Kaye authored
Modified mahara.php and lib.php so that when a user with a deleted account tries to log in they are told 'Sorry, your account has been deleted. You can contact the site adminstrator,' with a link to the 'Contact Us' page. Change-Id: I89b31cb458afa87a75acbb09293050c5c64e7da0 Signed-off-by:
Ali Kaye <alexandrakaye.student@wegc.school.nz>
-
- 15 Jan, 2013 1 commit
-
-
Ali Kaye authored
Modified mahara.php and lib.php so that when a user with an expired account tries to log in they are told 'Sorry, your account has expired. You can contact the site administrator to have the account reactivated,' with a link to the 'Contact Us' page. Change-Id: I6b461d40e37a88ac513649a1d4a6d83c5d3711a4 Signed-off-by:
Ali Kaye <alexandrakaye.student@wegc.school.nz>
-
- 19 Nov, 2012 1 commit
-
-
Son Nguyen authored
split() will be replaced by explode() if using a string as a delimiter and by preg_split() if using regular expression Change-Id: I93a84150197fb290f89a04f10d5f0fd1e380f0da Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 10 Sep, 2012 1 commit
-
-
Hugh Davenport authored
Change-Id: I2cd82b7dba9b759791fdbf9c57f7c9f095a807d6 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 06 Sep, 2012 1 commit
-
-
Son Nguyen authored
When all institutions in the site have only Internal auth method, values['authtype'] is not set. Change-Id: I247e6033f69b40b2016ebd4a2ccac04603e7c020 Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 03 Sep, 2012 1 commit
-
-
Hugh Davenport authored
Fixes a theming overlap issue Change-Id: Idd75c4a230f3976c62a4442a030ea16b99581712 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 29 Aug, 2012 1 commit
-
-
Son Nguyen authored
Display the 'registration reason' box if there is only one institution available to register and its approval is required Change-Id: Iad8d0b645943e68cdec17787c5c245554a8bf36b Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 31 Jul, 2012 1 commit
-
-
Richard Mansfield authored
Change-Id: Ia81053332cfa9e0f79268031795af8d34b45ff78 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
- 30 Jul, 2012 1 commit
-
-
Ruslan Kabalin authored
This patch moves form elements array to the separate function. Change-Id: I546017bc59d64716d2498a9263c44188fe1274ee Signed-off-by:
Ruslan Kabalin <ruslan.kabalin@luns.net.uk>
-
- 25 Jul, 2012 1 commit
-
-
Hugh Davenport authored
Bug #1028685 Also requires the following to be added to all the RewriteRule's &%{QUERY_STRING} Change-Id: Id4dd207a87efb72343b43805bb153c01bac3bf77 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 12 Jul, 2012 1 commit
-
-
Ruslan Kabalin authored
Change-Id: I36b2043fb1dd8c65f231157bdab87d5fad05f204 Signed-off-by:
Ruslan Kabalin <ruslan.kabalin@luns.net.uk>
-
- 23 May, 2012 2 commits
-
-
Hugh Davenport authored
Change-Id: I525f692dae8546c31f8789e21b9abace354f5a93 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
Hugh Davenport authored
Add a div around the general login form, and also around the SSO links. Change-Id: If26ebd58657ce020fa03fe44e1d18849d33a32d2 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 18 May, 2012 1 commit
-
-
Richard Mansfield authored
Three new hooks are added: local_init_user() - called after $USER is initialised. This is useful for changing the user's theme before $THEME is initialised. local_register_submit() - called when the registration form is successfully submitted, but before the submitted values are saved to usr_registration. This is useful for remembering the properties or preferences of the logged-out user when the form was submitted. local_post_register() - called after a user has successfully been created and logged in during registration. This is useful when properties of the user (which may have been saved to usr_registration by local_register_submit()) need to be transferred to the newly registered user. Change-Id: Ifcb19737bdcecb550185624f2fd78e541690a337 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
- 15 May, 2012 1 commit
-
-
Hugh Davenport authored
When a user clicks on "BrowserID Login", one of three things will happen 1- If they have an account, they will login 2- If they don't but there is one authinstance with browserid is present AND it has weautocreateusers enabled, then they will get an account in that institution, and login 3- If none of the above is true, they will get redirected to a register page, which follows same self registration pattern as the internal authentication with the "confirm email" step removed. Change-Id: Idde3166e0664bf2acdc1da32271125e91d43af9c Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 01 May, 2012 2 commits
-
-
Hugh Davenport authored
Change-Id: Ic491cff6936a0a6ef3c0e8c3da14d4777a5bbc95 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
Hugh Davenport authored
This allows us to alter the form definition directly before the pieform is created Change-Id: I3810d3dc4f30bc82dc567fad9338b76bc5296891 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-