RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,544 Commits 4 Branches 11 Tags 14 MiB
6398e5dfec
Commit Graph

13 Commits

Author SHA1 Message Date
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
4b04df5d8a [FIX] Allow TAB to focus on email login 2014-01-23 10:11:37 +01:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
 2014-01-20 04:41:13 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
rog1121
77a0287c7f Update default.tpl 2014-01-19 12:37:54 -07:00
Metice
e665552c05 Update default.tpl 
Remove username of placeholder
 2014-01-19 15:01:11 +01:00
Sebastian Grewe
2829f6a746 [IMPROVED] Dropped username from login 2014-01-16 14:40:51 +01:00
Sebastian Grewe
b9d36bcfc9 [IMPROVED] Added re-Captcha to Login Page 
* Enable re-captcha to use it
* Disables the mini-login box in header
* Requires re-Captcha to be setup in Admin Panel

Fixes #1400 once merged.
 2014-01-16 14:13:50 +01:00
xisi
2d0938b35b [ADDED] Simple CSRF protection tokens 
* Adds config options for disabling, timeout lead time, and forms
 * Adds another salt in config that's used in the token
 * Adds protection for login form by default
 2014-01-16 05:55:57 -05:00
Sebastian Grewe
f98d08df83 [SECURITY] Fixing XSS in PHP_SELF 
Fixes #1364 once merged.
 2014-01-11 19:01:14 +01:00
Sebastian Grewe
68958fb7bf [UPDATE] Increase login input cap 2013-12-13 08:52:43 +01:00
Sebastian Grewe
02c9be54ed [MAJOR] Changing project name to MPOS 
* Adjusted mmcfe-ng occurences in code
* Adjusted Database strucutre to only supply the full structure
* Adjusted default template to MPOS

Addresses #643
 2013-10-07 10:10:49 +02:00