1. 21 Sep, 2008 1 commit
  2. 17 Sep, 2008 1 commit
  3. 11 Sep, 2008 1 commit
    • Nigel McNie's avatar
      The 'forgot password' feature can now tell you your username. · 844d71ef
      Nigel McNie authored
      You can now enter your username and be sent a password reminder too.
      
      Several users of MyPortfolio have reported issues when they thought they knew their username but they didn't. Hopefully the email now telling you your username will help this.
      
      Several language strings had to be changed. This is a bit suck, going on 1.0_STABLE.
      844d71ef
  4. 26 Aug, 2008 2 commits
  5. 19 Aug, 2008 1 commit
  6. 27 Jul, 2008 1 commit
    • Nigel McNie's avatar
      Added a logout hook for authentication, which authentication methods can override. · 2a7b0ba6
      Nigel McNie authored
      This is called when there is an explicit logout request with no more processing on the page to be performed - i.e. the user clicks logout or their session times out.
      
      In the case of an MNET user whose session has timed out, if they have a parent authentication method (i.e. they can use the login form as well), then we continue to remember that they originally signed in using an XMLRPC authinstance, so that when they click logout later, they're correctly taken back to their remote application.
      2a7b0ba6
  7. 26 Jul, 2008 1 commit
    • Nigel McNie's avatar
      Implement proper single singout. Fixes #684. E_RAGEQUIT! · c3b73409
      Nigel McNie authored
      When an MNET user in Mahara clicks a logout link, they are logged out of Mahara, a kill_parent request is sent to the remote application, and they are sent back to their remote application. The overall affect is a much nicer user experience, as they're taken back somewhere that they can log in.
      c3b73409
  8. 17 Jul, 2008 1 commit
  9. 17 Jun, 2008 1 commit
  10. 09 Jun, 2008 1 commit
  11. 06 Jun, 2008 1 commit
    • Nigel McNie's avatar
      Implement a cron job to delete old session files. Fixes #570. · 299c850a
      Nigel McNie authored
      We haven't been clearing out session files since I first chose to make us hash the session directory back in 2006. Talk about a timebomb...
      
      The cron job uses `find' and `xargs' to do the removing. These tools are required on debian (as part of findutils), and are installed in /usr/bin. I haven't bothered with a configuration directive for specifying a path to them for now, but that might be necessary later.
      (cherry picked from commit 335d66a7)
      299c850a
  12. 03 Apr, 2008 1 commit
  13. 17 Feb, 2008 2 commits
    • Nigel McNie's avatar
      If a logged out person hits a public page which has thrown an... · 13a09d7e
      Nigel McNie authored
      If a logged out person hits a public page which has thrown an AccessDeniedException, redirect them to the login page.
      
      Real users are only going to try logging in anyway, and non users aren't going to be able to log in, so it's just a usability improvement.
      
      It might be worth adding a message to say what's happened later.
      13a09d7e
    • Nigel McNie's avatar
      If your session times out and you've just hit a public page, make the URL to... · 02855726
      Nigel McNie authored
      If your session times out and you've just hit a public page, make the URL to trigger the transient login page remember any GET parameters.
      
      This makes it so that if you hit a public view (view.php?id=8 for example) and your session has just timed out, after you submit the login form you will continue to view.php?id=8 rather than just view.php. The latter is very annoying because it's not what you were after and will cause the script to bail anyway.
      02855726
  14. 16 Feb, 2008 2 commits
  15. 15 Feb, 2008 4 commits
  16. 13 Feb, 2008 1 commit
  17. 06 Feb, 2008 2 commits
  18. 31 Jan, 2008 1 commit
  19. 27 Jan, 2008 1 commit
  20. 25 Jan, 2008 2 commits
    • Nigel McNie's avatar
      Don't session_destroy before creating a new liveuser, I don't have any... · 87f0a31a
      Nigel McNie authored
      Don't session_destroy before creating a new liveuser, I don't have any evidence that it does anything useful now.
      87f0a31a
    • Nigel McNie's avatar
      Lets authentication plugins trigger the creation of users if the plugin can authenticate them. · f782dbf9
      Nigel McNie authored
      If an authentication plugin thinks that a user should be able to log in, and furthermore thinks that it is able/allowed to automatically create user accounts, then it is now able to do just that. The authentication API now has a new method - can_auto_create_users() - to define whether each authentication instance feels it can/should be able to do this.
      
      If the instance thinks it can, it needs to export some information through the get_user_info method in order to populate the user account. Although this may change shortly to be optional, with the users instead being forced to enter any information that is required that they haven't otherwise filled out.
      f782dbf9
  21. 21 Jan, 2008 1 commit
  22. 14 Jan, 2008 1 commit
  23. 07 Jan, 2008 1 commit
  24. 26 Dec, 2007 1 commit
  25. 14 Dec, 2007 1 commit
  26. 04 Dec, 2007 1 commit
  27. 03 Dec, 2007 1 commit
  28. 29 Nov, 2007 1 commit
  29. 28 Nov, 2007 4 commits