Ralf Becker
deb482aca3
suppress warning if session already active (trace logs the password)
2020-02-26 13:51:58 +01:00
Ralf Becker
4a14e0d36b
ignore exception, as it blocks session creation, if database is not writable
2020-02-19 15:39:29 +01:00
Ralf Becker
1559b017d7
validate IP address in X-Forwarded-For header
2020-01-30 13:21:56 +01:00
Ralf Becker
7b30bb7b0d
* Admin: optional session-action column in access-log and sessions
...
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
2019-12-14 13:09:22 +02:00
Ralf Becker
2df0095579
fix typo
2019-12-05 08:57:26 +02:00
Ralf Becker
e305ba1d23
ignore logging of session dla only for max. of 15 min, so session status is displayed correct
2019-12-02 16:27:17 +02:00
Ralf Becker
7cd4169768
* all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy
2019-11-15 13:54:34 +01:00
Ralf Becker
302800b414
new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
...
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
Ralf Becker
8f6df975fe
also remove /api/thumbnail.php from access-log updates
2019-10-29 13:20:23 +01:00
Ralf Becker
cad1ec2aaf
fix regular expression to not update access-log for avatar
2019-10-22 09:58:18 +02:00
Ralf Becker
71d3e3a80c
ignore updates (session creation is written) of *dav and avatar, due to possible high volume of updates
2019-09-27 15:59:10 +02:00
Ralf Becker
3967d2a3b6
fix aborted WebAuthn not treated as failure of 2nd factor, if registered
2019-09-06 10:36:21 +02:00
Ralf Becker
681679382c
* Api: no longer loggin last-logintime of anonymous user
...
to not block website and also to better cope with high rate anon endpoints
might be called creating a bottleneck in the egw_accounts table.
2019-08-19 16:51:13 +02:00
Ralf Becker
2776d215e2
* Login: RememberMe token for either automatic login or as 2. factor for 2-Factor-Auth
2019-08-03 18:37:18 +02:00
Ralf Becker
ad3576903a
allow to disable or require 2-Factor-Auth
2019-06-07 20:28:49 +02:00
Ralf Becker
eb286c6144
missing changes in Session class for 2FA
2019-06-05 15:29:44 +02:00
Ralf Becker
bf2de7f653
* Admin: white-list IP addresses from blocking or set higher number of attempts
2019-04-26 17:11:54 +02:00
Ralf Becker
983bf15041
remove further private IPs from proxys (incl. space after comma)
2019-04-22 23:44:51 +02:00
Ralf Becker
4622c28bb2
remove further private IPs from proxys
2019-04-22 23:20:41 +02:00
nathangray
19ead4c1cc
Fix some more PHP 7.2 warnings
...
Remove some calls to deprecated each()
2018-12-18 09:49:29 -07:00
Ralf Becker
7b69f8cfa5
* Api/Filemanager/WebDAV: fix SQL error if login error or WebDAV path contains non-ascii chars
...
in that case we transliterate these to ascii for storage in egw_access_log table, which only allows ascii chars
2018-12-10 16:47:16 +01:00
Ralf Becker
7ba77356d5
new "session_created" hook
2018-06-18 09:07:14 +02:00
Ralf Becker
7c1a481d97
fix shutdown functions did not have $GLOBALS[egw] set, caused by session created by MServer
2018-04-11 15:04:48 +02:00
Ralf Becker
98376b5908
* PHP 7.2: fix several PHP Fatal errors and warnings stalling installation and usage
2018-04-09 16:02:00 +02:00
Ralf Becker
f800ab008b
if we can not store failed login attempts in database, store it in cache
2018-02-28 18:01:32 +01:00
Ralf Becker
f4927d7e0b
* Filemanager/Sharing: fix PHP 7.1 error causing auth request to popup
...
Session only stores app-names and $GLOBALS[egw_info][user][apps] gets restored from $GLOBALS[egw_info][apps] for the allowed app-names. Check if we need to restore from installed apps array was using is_array($GLOBALS[egw_info][user][apps][api]) instead or isset($GLOBALS[egw_info][user][apps][0]), as check if it is a real, non associative array
2018-02-14 09:03:14 +01:00
Ralf Becker
96413c1096
fix no translations loaded, by keeping just that pref in the session, as it is used before rest of prefs get restored
2017-04-05 10:02:41 +02:00
Ralf Becker
2adeddce8d
do NOT store user preferences and apps in session, we restore them from instance cache
2017-04-04 19:13:43 +02:00
Ralf Becker
acfcd24983
fix not updated logout time on new farm
2017-03-01 13:36:42 +01:00
Ralf Becker
d6590cbf64
fix PHP Fatal, if debug is enabled
2017-02-27 17:31:08 +01:00
Ralf Becker
afa17b8236
fix PHP Fatal Call to a member function update() on null
2016-08-24 13:06:06 +02:00
Ralf Becker
b6c5ad31db
log menuaction of eT2 requests, instead of eT2 itself, to do so move update of access-log to destructor of Session class
2016-08-18 13:05:51 +02:00
Ralf Becker
27468f0dac
fix PHP Warning: filemtime(): stat failed for phpgwapi/setup/setup.inc.php
2016-07-31 10:29:52 +02:00
Ralf Becker
e34fe9a4e7
using Acl::(ADD|READ|EDIT|DELETE|PRIVAT) constants instead old EGW_ACL_* defines and fix some namespace errors found by doc/check_namespace.php
2016-05-11 19:23:14 +00:00
Ralf Becker
e87cbc4832
use static Hooks methods
2016-05-11 18:58:10 +00:00
Ralf Becker
153c068271
fix diverse occurences of egw_db
2016-05-06 11:13:19 +00:00
Ralf Becker
f68dab4862
remove no longer required use egw_mailer, since Mailer is api now
2016-03-29 06:46:42 +00:00
Ralf Becker
67cb60b972
moving egw_digest_auth, vfs_webdav_server and egw_sharing to new api
2016-03-20 16:19:53 +00:00
Ralf Becker
85695f0d41
split html class to Api\Html, Api\Header\Content, Api\Header\UserAgent and translation
2016-03-13 11:22:44 +00:00
Ralf Becker
b95727bb6f
move auth classes to Api\Auth, only Sql is currently tested!
2016-03-06 20:47:10 +00:00
Ralf Becker
d407b9aae1
moved accounts classes to Api\Accounts
2016-03-06 15:54:07 +00:00
Ralf Becker
0f2131e29a
move egw_customfields class to Api\Customfields
2016-03-05 13:33:32 +00:00
Ralf Becker
aeb9c93b55
moved egw_session class to Api\Session and removed unused egw_session_(files|memcache) as listing sessions is done now via egw_sessions table in db and memcache has its own session handler
2016-03-05 13:14:54 +00:00