RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,075 Commits 4 Branches 11 Tags 14 MiB
963b76ed80
Commit Graph

12 Commits

Author SHA1 Message Date
rog1121
93981f6044 Various Fixes 2014-03-01 17:57:43 -07:00
rog1121
7e3623d659 Various Fixes 2014-03-01 17:56:23 -07:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
xisi
1fd0adf038 Removed unused config setting 2014-01-23 11:01:30 -05:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
 2014-01-20 04:41:13 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
Sebastian Grewe
f98d08df83 [SECURITY] Fixing XSS in PHP_SELF 
Fixes #1364 once merged.
 2014-01-11 19:01:14 +01:00
Hüseyin Uslu
b69991e129 Increased password-reset form username size to 100 
Increased the accepted max-length to 100 as requested:  https://github.com/TheSerapher/php-mpos/pull/1279#issuecomment-31732351
 2014-01-07 14:11:26 +02:00
Hüseyin Uslu
748e4796c1 Updated max lenght of username field in password-reset form 
As the password reset form can also accept emails, increased the max-length size to 50 - so that we can accept long emails too.
 2014-01-07 14:04:21 +02:00
Sebastian Grewe
ceadf30a85 [SECURITY] Fixing potential XSS issues 
Will resolve #926 once merged.
 2013-12-09 08:02:41 +01:00
Sebastian Grewe
a06d64e1fb [IMPROVED] Added case-insensitive login 
* [IMPROVED] Added Username/Email password reset

Fixes #709
 2013-10-10 17:06:01 +02:00
Sebastian Grewe
02c9be54ed [MAJOR] Changing project name to MPOS 
* Adjusted mmcfe-ng occurences in code
* Adjusted Database strucutre to only supply the full structure
* Adjusted default template to MPOS

Addresses #643
 2013-10-07 10:10:49 +02:00