Commit graph

15 commits

Author SHA1 Message Date
calzoneman 74203ad223 Continue work on account management and password reset 2013-05-29 14:19:43 -04:00
calzoneman 39be5a8427 Finish database refactoring 2013-05-25 21:01:32 -04:00
calzoneman a6fff1c849 Fixes 2013-05-12 21:37:03 -04:00
calzoneman 62e80cec63 Add password change (#88) 2013-05-04 13:01:04 -05:00
calzoneman 3a7acd0526 Implement new session system
I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:

ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
2013-04-25 22:50:12 -05:00
Calvin Montgomery bb019deeb7 Implement ACL for channel owners (Issue #42) 2013-04-22 22:28:40 +04:00
calzoneman 8a8838a58d Registered users now have rank 1, guests' names are grey
Any new registrations will set global_rank=1 in the database
If you wish to upgrade, run "UPDATE `registrations` SET `global_rank`=1 WHERE `global_rank`=0" on your MySQL database
2013-04-17 13:29:52 -05:00
calzoneman 448d774b0d Wrap bcrypt in a try-catch 2013-03-27 15:02:43 -05:00
calzoneman 124ec0080f Improve logging 2013-03-27 14:28:51 -05:00
calzoneman 34f20f423f Transition to using bcrypt for password hashing/storage 2013-03-26 14:12:02 -05:00
calzoneman 5f5049db12 Change quotes to be consistent
Fixes Issue#11
2013-03-24 12:23:48 -05:00
calzoneman 0b56909e20 Change license to MIT 2013-03-23 21:28:20 -05:00
calzoneman 728f23a05b Change behavior for MySQL fail 2013-02-16 11:23:51 -06:00
calzoneman e902a8074a Update README; add LICENSE 2013-02-16 11:19:59 -06:00
calzoneman 68fc74edd5 Push to github 2013-02-15 23:02:42 -06:00