switched that in all places used (class loads mostly)
moved all includes at the beginning of index into bootstrap
moves *_PATH defines from config to bootstrap
config now uses defaults first, then user config
fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
The way this now works is, if csrf is enabled:
* Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
* Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
* [FEATURE] Allow in-class checking for user permissions
* [FEATURE] Allow in-class creation of the JSON data for coherence
* [FEATURE} Added API version in JSON data for client side checks
* [IMPROVEMENT] Adjusted all API calls to use the new JSON layout
**NOTE**: This is breaking backwads compatibility with the old API!
Please adjust your client application to support this new version.
The data array should not change much more other than added features.
* [IMRPOVEMENT] Do not include smarty globals, they are not needed on the API
* [IMPROVEMENT] Display correct runtimeinformation of entire script, not
just the SQL queries
This will fix an issue with templates of other users being applied to
different users logged in. Basically the first cached page would be
displayed for all users.
Created a new cache key for smarty to allow the user ID to be reference
in the cache key. Hence each user has their own cached file which will
be used.
Improved caching by creating subdirectories for cached files. This way
we won't run into a file limit per directory with a lot of cached files.
This fixes#430 and the mentioned issue in that report.
* Added mobile device detection PHP library
* Call PHP library to decide which theme to use
* Added theme as a configuration option into global config
* Selectable Desktop theme (default: mmcFE)
* Selectable Mobile theme (default: mobile)
* Disable mobile theme support entirely
**NOTE**: This requires updates to the `global.inc.php` so please check
the dist file and update your config before filing a new issue!
Addresses #25
Warn a user with an error that there have been failed login attempts
for their account. Login errors can be cleared by clicking on the URL in
the message itself.
Fixes#240
