php-mpos

Author	SHA1	Message	Date
xisi	568445845a	changes DEBUG SALT and SALTY from defines to variables switched that in all places used (class loads mostly) moved all includes at the beginning of index into bootstrap moves *_PATH defines from config to bootstrap config now uses defaults first, then user config	2014-01-29 07:34:50 -05:00
xisi	b728b680ca	blah blah	2014-01-28 07:26:08 -05:00
xisi	3006cb544f	Reworked csrf tokens, now enabled globally The way this now works is, if csrf is enabled: * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid	2014-01-24 13:00:24 -05:00
xisi	a3314fa81e	Cleaned up login page logic a bit more Fixed up CSRF tokens so rollover minutes/hours are now checked and valid	2014-01-23 11:01:30 -05:00
xisi	76a67cb71a	Changed the config options for CSRF/disabling forms * Now an array to disable with granularity * Fixed all CSRF tokens back to 1 min * Added CSRF protection for unlock account * Unified error message for all csrf tokens * Fixed a few issues with last commit	2014-01-20 04:41:13 -05:00
xisi	163e5de1f0	cleaned up & updated config options	2014-01-20 04:40:38 -05:00
xisi	9ccb5e15bc	refactored old token usage in account edit page	2014-01-20 04:27:58 -05:00
xisi	d83542e03e	Added method to get description image of csrf token with name moved sitewide into options portion of the config option csrf protection for contact form under sitewide config option changed register to 1 hour token	2014-01-20 04:27:58 -05:00
xisi	6da5510035	clean up pages that use csrftokens	2014-01-20 04:26:04 -05:00
xisi	42d93f5beb	specific timing for csrf tokens	2014-01-20 04:26:04 -05:00
xisi	a56140ca84	Moved csrftoken stuff into a class added getCurrentIP method to user class added config option for sitewide csrf protection	2014-01-20 04:26:04 -05:00

11 Commits