Commit Graph

85 Commits

Author SHA1 Message Date
Ralf Becker
aff27b4aaa removing deprecated PHP4 constructors filling logs with deprecation notices under PHP 7 2016-02-15 11:17:09 +00:00
Nathan Gray
d9b43423a7 Fix some incorrect responses for account list:
- owngroups included members
- groupmembers was empty
2015-12-09 18:55:57 +00:00
Ralf Becker
95553f514c * Login: catch all exceptions in session creation, to NOT log user passwords, in case of (eg. database-)errors 2015-08-19 10:41:06 +00:00
Ralf Becker
e165593ed2 add HTTP User-Agent to pseudo session id, to eg. distinguish sessions from different WebDAV clients in access-log 2015-08-04 14:49:01 +00:00
Ralf Becker
4e986e58b8 change "password about to expire in N days" warning into an once per login info-message (was a redirect to password change) 2015-07-01 17:51:56 +00:00
Ralf Becker
d39c2a71bf * Login/Password: handle forced password change on login page 2015-07-01 12:44:34 +00:00
Ralf Becker
9059132c34 fixed default SMTP account was not returned during setup and deprecated old send class in favor of using egw_mailer direct 2015-04-24 10:01:22 +00:00
Klaus Leithoff
3a3fea946b replacement for broken (and now deprecated) send->msg; 2015-04-21 12:50:41 +00:00
Ralf Becker
17f83d89c7 add modification time of files to thumbnail url to allow longer caching, also set_time_limit(0) for pdf thumbnails, as they might take > 90s 2015-02-13 08:27:08 +00:00
Ralf Becker
fafb923d5d fix for lost session whenever one switches apps in iOS installed as web-app 2014-12-02 12:57:06 +00:00
Ralf Becker
5eeac7093c use filemanager UI as UI for sharing directories 2014-11-18 12:55:32 +00:00
Ralf Becker
903f0e75a5 * eSync: limit creation of sessions to one per device and user (like already done for CalDAV) 2014-08-25 14:04:24 +00:00
Ralf Becker
e4a80cbfc6 exclude login failures from session list 2014-08-19 17:15:50 +00:00
Ralf Becker
5ba884f4a6 * Admin/API: remove old database based error-log 2014-07-05 08:54:36 +00:00
Ralf Becker
a7724dc6e5 remove Expires header from egw_session::cache_control(true), so have same behavior as session_cache_limiter("private_no_expire") 2014-01-28 15:06:47 +00:00
Ralf Becker
496c34614d switch on private (browser only) caching for read mail bodys, plus fix to switch it on after session was started 2014-01-18 14:52:47 +00:00
Ralf Becker
ffc506561a * API: fixed not working session encryption, by switch back to previous MCrypt algorithm and mode 2013-10-07 07:22:50 +00:00
Ralf Becker
855c04cb2c use secure and httponly cookies by default, secure cookies can be switched off in Admin >> site configuration, if required for sitemgr 2013-09-11 13:06:00 +00:00
Ralf Becker
f7a9c20e1d fixed typo in cache-control header, causing pages not getting cached, if clients used it in favor of Expires header 2013-04-05 10:23:58 +00:00
Ralf Becker
ef1756438e * Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working 2013-02-21 09:43:38 +00:00
Ralf Becker
9b88b849f6 * SiteMgr: sitewide config to allow proxys and CDNs caching of anonymous requests (Expires and Cache-Control header)
apps can now enable public caching by either setting $GLOBALS[egw_info][flags][nocachecontrol] to "public" (default php.ini session.cache_expire) or a numeric value in seconds, or call egw_session::cache_control()
2013-02-19 15:34:19 +00:00
Ralf Becker
d44e448976 include unsuccessfull session creation and reason in debug logging 2013-02-15 16:15:52 +00:00
Klaus Leithoff
6378d289ca use better defaults for some egw_info server values (num_unsuccessful_id, num_unsuccessful_ip, block_time) 2012-11-29 11:13:58 +00:00
Ralf Becker
234a8a8154 check if we use cookies for the session, but no cookie set: happens eg. in sitemgr (when redirecting to a different domain) or with new java notification app 2012-11-12 09:48:31 +00:00
Ralf Becker
7a981eba15 using pseudo-sessionid for ownCloud remote.php url too, as we otherwise generate lots of new sessions 2012-10-25 12:51:28 +00:00
Ralf Becker
4c5b764347 allow to use HTTP_HOST (without optional port) or SERVER_NAME to find matching instance 2012-10-12 15:11:42 +00:00
Ralf Becker
6fa4cc864e not storing $GLOBALS[egw_info][user] twice in session (was also stored as $GLOBALS[egw]->session->user), also removing not used $GLOBALS[egw_info][user][acl], but re-reading preferences in session::verify() so long running sessions get preferences set by an other session, removing nowhere used creditspoint class from api (calls not public available creditspoint app) 2012-08-07 08:55:41 +00:00
Ralf Becker
fb00481043 * eSync/API: update access-log action for eSync, run maintenance only on logout and other changes to speed up access/update to huge access-logs, thought indexes on session_php, (account_id,ip,li), (account_id,loginid,li) will help alot 2012-06-12 06:37:58 +00:00
Ralf Becker
0c6d80d778 * API/Admin: add user-agent to accesslog and sessions, add sessionid to history to better identify what was causing changes in history 2012-06-01 13:13:06 +00:00
Ralf Becker
a1f6f70330 * Admin: remove session timeout from EGroupware config and read it via ini_get("session.gc_maxlifetime") as config fails for many reasons, if different from php.ini setting 2012-05-29 14:43:33 +00:00
Ralf Becker
d9142cca30 allow to specify a custom filter for egw_session::session_(list|count)() 2012-05-19 18:19:43 +00:00
Ralf Becker
bcb9b2f5c9 fixing the fix: api version is not yet read, therefore use modifiction time of phpgwapi/inc/setup.inc.php instead 2012-04-10 07:53:08 +00:00
Ralf Becker
7e2fd95d9e * CalDAV/CardDAV: add API version to pseudo session-id used to invalidate all sessions from the previous version (which eg. give database errors, because using old schema) 2012-04-07 06:53:38 +00:00
Ralf Becker
9d704a7c0d ignore exception while sending notification to admin (eg. SMTP error), to block the account and give a correct error-message to user 2012-02-16 14:35:42 +00:00
Ralf Becker
f6fe40f2d9 fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs 2011-11-15 19:16:09 +00:00
Ralf Becker
8ab9b0d2f2 allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts 2011-11-15 12:43:59 +00:00
Klaus Leithoff
45468c801a patch to fix problem with ->not able to see mail<- egw_instant_load.html not found. provided by Vladimir Kolobkov; Thanks a lot 2011-07-25 15:52:22 +00:00
Ralf Becker
a7aef6a4da fixed egroupware.org bug #3002: PHP Warning: mb_strpos() in class.egw_session.inc.php on line 1081 2011-07-03 06:54:32 +00:00
Nathan Gray
f736c89bbf Prevent doubling webserver url when building a link 2011-06-29 16:35:24 +00:00
Ralf Becker
574911d077 * Setup/API: new option to enforce ssl (without specifying a domain in Webserver-URL) 2011-05-31 13:33:26 +00:00
Ralf Becker
ce619a8711 do NOT query sessionid_access_log for anonymous sessions, as they get not loged anyway 2011-05-05 15:50:22 +00:00
Nathan Gray
056f61ef72 Fix typo 2011-04-13 17:09:18 +00:00
Ralf Becker
5495491e78 * Admin: session-list is generated now from egw_access_log table independent of readablity of sessions files in filesystem
- session_(dla|action) is stored in egw_access_log table
- notifications refresh via ajax set notification_heartbeat timestamp in egw_access_log
- if notification_heartbeat is set (happens only for browser sessions with popup notification) sessions get removed from session list one minute after browser is closed
- new static method egw_session::notifications_active($account_id) to check if given user has an open browser with notifications popup checking, to ensure popup notifications can fall back to email
--> REQUIRES DATABASE UPDATE / SETUP
2011-04-13 14:11:09 +00:00
Ralf Becker
8df8817318 only try sending cookies, if headers are not send, otherwise it gives just a warning 2010-11-26 20:09:50 +00:00
Ralf Becker
73beff54fe an other fix for NTLM and SiteMgr 2010-09-25 08:19:22 +00:00
Ralf Becker
1caead5ea9 "make sure to not double encode &" 2010-05-09 13:58:57 +00:00
Ralf Becker
930f1052d5 supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 09:19:37 +00:00
Klaus Leithoff
f69c071685 fix for: calling setup, sets some config values to default, all the time 2010-04-06 15:30:36 +00:00
Ralf Becker
07d7b66735 some fixes for session of basic auth clients as sogo connector:
- added user IP to hash used as session id (so changed IP, different devices force a different session)
- returning false in verify, if domain is changed
- fixed "Wrong IP" message
2010-01-12 03:55:42 +00:00
Ralf Becker
c743665438 "switching logging off again" 2009-12-03 07:56:34 +00:00