Commit Graph

171 Commits

Author SHA1 Message Date
Ingo Schommer
1260790685 BUGFIX Don't show FailedLoginCount field unless Member::$lock_out_after_incorrect_logins is enabled (from r99031)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102822 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 03:51:34 +00:00
Ingo Schommer
3a1868e8cf BUGFIX: fixed member labels not appearing in cms popup. #5025 (from r98030)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102567 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 01:49:24 +00:00
Ingo Schommer
feb30e194f API CHANGE Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar. (from r97818)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102535 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 23:40:58 +00:00
Ingo Schommer
426190bc9e API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin' (from r97478)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102493 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:16:26 +00:00
Ingo Schommer
c604341a1d API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100705 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-03-09 04:10:38 +00:00
Ingo Schommer
f4e284a3c1 BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100704 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-03-09 04:08:52 +00:00
Ingo Schommer
09de9f7834 ENHANCEMENT Only show 'HTML Editor Config' dropdown in Group->getCMSFields() if more than one option exists
BUGFIX Fixed bogus HTMLEditorConfig instance when get() is called without a valid identifier (due to NULL database columns)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99599 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-22 09:38:15 +00:00
Ingo Schommer
11ad275522 FEATURE Showing (readonly) permissions for a Member record in admin/security popup
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99586 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-22 04:37:36 +00:00
Ingo Schommer
aea2f94a5e FEATURE View and select groups for a specific member via the member popup in admin/security (requires EDIT_PERMISSIONS)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@98880 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-12 04:01:42 +00:00
Andrew Short
5e9b78b798 FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@98267 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-05 00:36:25 +00:00
Andrew Short
bbd9f2a2b5 ENHANCEMENT: Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields().
From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@97401 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-01-21 22:59:19 +00:00
Sean Harvey
35628832d6 BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
MINOR Added additional tests to MemberTest (from r94358)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95601 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:39:39 +00:00
Will Rossiter
2ff4631c1f API CHANGE: removed listOfFields() function. Use custom code instead.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@93647 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-26 21:24:38 +00:00
Ingo Schommer
1b138d6916 MINOR Removed layout_helpers.js dependency
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92516 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:30:42 +00:00
Ingo Schommer
a11db29672 MINOR Changed paths to moved thirdparty dependencies (mostly from /jsparty to /sapphire/thirdparty, /cms/javascript and /sapphire/javascript)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92502 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:29:59 +00:00
Ingo Schommer
48c0418840 BUGFIX More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member (from r92129)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92458 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 01:43:16 +00:00
Ingo Schommer
e675381cd4 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00
Tom Rix
8216448da3 MINOR run checks before running hasMethod, as an extension does not neccessairily have that method.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90691 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:33:53 +00:00
Tom Rix
3dfa7a2103 MINOR fixed ambiguous column
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90481 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-30 00:23:02 +00:00
Sam Minnee
994e93f790 API CHANGE: replaced Database::USE_ANSI_SQL with DB::USE_ANSI_SQL
API CHANGE: replaced Database::alteration_message() with DB::alteration_message()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90097 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 22:03:29 +00:00
Andrew Short
79773042be API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
MINOR: Replaced usage of renamed classes with the new namespaced name.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 03:06:31 +00:00
Sean Harvey
8bd78f77d8 MINOR Supress session warnings in session_regenerate_id() for a win32 environment (from r81984)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89712 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-21 02:21:05 +00:00
Sam Minnee
9642c7171c ENHANCEMENT: Added Member::set_login_marker_cookie(), to let developers bypass static caching for logged-in users (from r73803)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88635 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-12 03:27:41 +00:00
Sean Harvey
8b6772fff0 Merged in Member::sendInfo() bug fixes from branches/2.3 - r85779
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86679 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-18 03:07:15 +00:00
Ingo Schommer
2700d73e97 ENHANCEMENT Limiting "alc_enc" cookie (remember login token) to httpOnly to reduce risk of information exposure through XSS
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86027 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:23:31 +00:00
Ingo Schommer
ed5475bbae ENHANCEMENT Added Member->FailedLoginCount property to allow Member->registerFailedLogin() to persist across sessions by writing them to the database, and be less vulnerable to brute force attacks. This means failed logins will persist longer than before, but are still reset after a valid login.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86017 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 02:42:26 +00:00
Sam Minnee
cd3db788a9 BUGFIX: Performance improvement to Member::currentUserID()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84167 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-11 09:16:34 +00:00
Andrew O'Neil
66543e6002 NOTFORMERGE: Merged 84085 from 2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84089 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-10 04:32:39 +00:00
Ingo Schommer
dfa44c055c API CHANGE Changing DataObject::$changed to private visiblity. Please use getChangedFields() and isChanged()
ENHANCEMENT Added DataObject->isChanged() to detect if a field has been changed in this object instance
MINOR Changing call to CompositeDBField->compositeDatabaseFields() in DataObject->hasOwnDatabaseField()
BUGFIX Unsettig "Version" property in DataObject->getChangedField() to allow versioned to write a new version after a call to forceChange()
BUGFIX Introduced $markChanged in Money class
BUGFIX Casting Money->__toString() return value as string
MINOR Changing Member class to use new DataObject->isChanged() API
BUGFIX Using new $markChanged API for CompositeDBFields in DBField::create()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77893 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-05-27 00:09:23 +00:00
Sean Harvey
230a70b0b7 API CHANGE Removed @deprecated 2.3 function isInGroup() from Member
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-05-20 04:54:00 +00:00
Sean Harvey
a5e82ddff1 Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75590 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 01:20:24 +00:00
Sean Harvey
13b358a8dd Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Normann Lou
9a5928438a ENHANCEMENT: Member::getTitle() return more flexible title in case of Surname or/and FirstName missing.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@74665 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-17 06:00:32 +00:00
Geoff Munn
d8f8184986 API CHANGE: autologinhash index removed due to conflicts with nulls in MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73816 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-30 03:04:37 +00:00
Ingo Schommer
b078ad825c BUGFIX Existence check for Member autologin token
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73253 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-17 22:25:22 +00:00
Geoff Munn
aaaf9cdfcd API CHANGE: queries fixed for MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72929 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-11 23:03:28 +00:00
Geoff Munn
807736490f API CHANGE: NOW() replaced with DB-specific version
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72922 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-11 21:50:03 +00:00
Andrew O'Neil
635e2c3df6 Merged from 2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72453 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-04 03:44:11 +00:00
Ingo Schommer
bd2b9efede API CHANGE Member->canView() checks for ADMIN or CMS_ACCESS_SecurityAdmin access if not viewing the currently logged-in member. If permissions are enforced in custom interfaces (e.g. social networking frontends), this will impact the output. To loosen permissions, override or decorate Member->canView()
ENHANCEMENT Added Group->canDelete() AND Member->canView()
ENHANCEMENT Making Member->can*() and Group->can*() methods decoratable

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-03 23:33:28 +00:00
Andrew O'Neil
60f75c5ca4 Merged changes from 2.3 branch
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-01 23:49:53 +00:00
Ingo Schommer
085346f0e0 MINOR Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@69704 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-01-05 06:19:48 +00:00
Geoff Munn
fe0a640c39 API CHANGE: fulltext and unique indexes are now arrays
API CHANGE: db/build now no longer notifies you of changes which haven't actually happened.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@69303 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-17 00:40:24 +00:00
Ingo Schommer
d26f08b481 MINOR merged branches/2.3 into trunk
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@67465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-04 22:38:32 +00:00
Ingo Schommer
b65f74a37f ENHANCEMENT Allowing to pass $member parameter into Member->canEdit()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66680 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 22:34:57 +00:00
Sam Minnee
96c5be8252 Updating queries to be more DB agnostic
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Sam Minnee
93438e0be2 API CHANGE: Adding double quotes to all table and field references (a work in progress)
API CHANGE: DataObject::get()'s GROUP BY clause is only generated for MySQL as it needs to be improved for other databases to accept it.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-23 23:28:16 +00:00
Sam Minnee
a3d3fb65a9 Updated SQL queries to be ansi compatable
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66401 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-23 00:31:06 +00:00
Sam Minnee
2984355f43 Merged branches/2.3 into trunk
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66395 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-22 03:33:00 +00:00
Sam Minnee
3d9532db83 Merged branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66108 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-18 01:48:37 +00:00
Sam Minnee
b39d3811ff Refactored tabstrip.js to use livequery for loading
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65717 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-12 22:28:07 +00:00