If $config['openid']['enabled'] is set to false, OpenID is removed from
the navigation and direct accesses to OpenID login pages redirect to the
login page.
If OpenID is enabled, $config['site']['openidonly'] is ignored, i.e.
OpenID is required to go OpenID-only.
After fixing the redirect code output, there are a lot of weirdnesses
with e.g. form handling. Try to add explicit redirect codes where
needed -- principly when handling a POST.
"Rememberme" logins aren't allowed to make changes to an account
(since cookie-stealing is too easy). Users have to re-authenticate.
Previously, it was impossible to do so without having a username and
password; this change lets you do it with OpenID, too.
I did a massive search-and-replace to get all the action subclasses to
use the new output function (common_element() -> $this->element(), etc.)
There's still a lot to do, but it's a first step
Another gigantor PEAR coding standards patch. Here, I've moved the
opening curly bracket on a class statement to the following line.
darcs-hash:20081223194923-84dde-77a93de314caadbcb5b70bf346a4648be77a864e.gz
Another huge change, for PEAR code standards compliance. Function
headers have to be in K&R style (opening brace on its own line),
instead of having the opening brace on the same line as the function
and parameters. So, a little perl magic found all the function
definitions and move the opening brace to the next line (properly
indented... usually).
darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
Another global search-and-replace update. Here, I've replaced the PHP
keyword 'NULL' with its lowercase version. This is another PEAR code
standards change.
darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz
The PEAR coding standards decree: no tabs, but indent by four spaces.
I've done a global search-and-replace on all tabs, replacing them by
four spaces. This is a huge change, but it will go a long way to
getting us towards phpcs-compliance. And that means better code
readability, and that means more participation.
darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.
However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.
darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
Weirdly, I got in an argument with Tim Berners-Lee in #swig about the
tag URIs I was using in FOAF documents. Eventually, I was convinced
that it's a better thing to use HTTP URLs instead. So, now we have
HTTP URLs.
The tricky thing was for users. Since they can change their names, we
can't use their profile URL, since it includes the name. Instead, I
made up a new action, which simply redirects from a user ID to their
current profile URL. This should be sufficiently long-term.
darcs-hash:20080620071700-84dde-c6145243dc45dd2dff621aff421375d05796057e.gz
Added some code to make finishing the OpenID login work.
Changed the OID storage so that there's a "canonical" URL and a
display URL. This is because of i-names, which is annoying.
If the login succeeds, we try to find a local user associated with the
canonical URL. If they don't exist, we let the user either create a
new account, or login to an existing account and connect to it.
A totally unrelated change is that the DB engine now uses InnoDB.
darcs-hash:20080618052638-84dde-909e51dbd5b9eadadf18cd010868baa18ea2349a.gz