The way this now works is, if csrf is enabled:
* Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
* Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
This will allow admins to hide the actual username/author from their newsposts.
Useful if you don't wish to give your admin account away or in case you
have no admin-only account.
This will fix an issue with templates of other users being applied to
different users logged in. Basically the first cached page would be
displayed for all users.
Created a new cache key for smarty to allow the user ID to be reference
in the cache key. Hence each user has their own cached file which will
be used.
Improved caching by creating subdirectories for cached files. This way
we won't run into a file limit per directory with a lot of cached files.
This fixes#430 and the mentioned issue in that report.
This will allow pages to skip loading data from backends like the
database or the wallet RPC server. If a cached page is detected and
valid, all dynamic content generation will be skipped completely.
Other pages that have not been adjusted in this commit will still fetch
backend data all the time. This will ensure clients always see the most
recent data, like worker information or account changes.
This should fix#309 completely but needs some testing.
* Login to mobile version to enable sidebar
* Swipe right to display your old dashboard
* Modified `home.inc.php` to default to news at all times again
* Modified sidebar implementation to change via config setting
* Modified mobile navigation bar and header
* Added `sidebar_prop.tpl` file for both themes
Some breaking changes might be introduced here if you are running your
own template implementation. Please ensure that `home/default.tpl` will
display the news posts. `sidebar.tpl` is now `sidebar_prop.tpl`.
If the files are missing you will get a PHP error. Check your logs what
file is missing and create them from my original samples.
Fixes#283
* Do not show dashboard if user is not logged in
* Show news on Mobile and Desktop by default
* Show Dasboard on mobile once logged in
* Make News Navbar item default for unauthed users on mobile
* Add Dash Navbar item for authed users on mobile
* Adding mobile detection to home page
* Allow home page to default to news for desktops
* Use payout specific sidebar for mobile homescreen
* Added News navigation option to mobile
Fixes#278Fixes#279
