Mischa POSLAWSKY [Thu, 14 Jun 2018 15:00:15 +0000 (17:00 +0200)]
login/pass: encrypt user input in profile data
Left cleartext for debugging, but prefer at least blowfish hashing.
Assume PHP v5.5 to generate salts.
Mischa POSLAWSKY [Thu, 14 Jun 2018 10:08:57 +0000 (12:08 +0200)]
login/members: user overview for admins
Like login/visits but ordered by name, and with create link.
Mischa POSLAWSKY [Thu, 14 Jun 2018 09:59:07 +0000 (11:59 +0200)]
login/visits: indicate admin users
Mischa POSLAWSKY [Thu, 14 Jun 2018 09:24:18 +0000 (11:24 +0200)]
login/edit: create missing user profiles
Mischa POSLAWSKY [Thu, 14 Jun 2018 09:13:42 +0000 (11:13 +0200)]
page: silence php warning of undefined user
Broken since commit
v2.6-18-g297195ea7c (2018-06-09)
[page: set placeholder after page script].
Mischa POSLAWSKY [Sat, 9 Jun 2018 07:18:58 +0000 (09:18 +0200)]
login/pass: require new password value to be confirmed
Mischa POSLAWSKY [Sat, 9 Jun 2018 06:41:34 +0000 (08:41 +0200)]
login/edit: optional fields to change password
Inline login/pass page.
Mischa POSLAWSKY [Sat, 9 Jun 2018 06:35:51 +0000 (08:35 +0200)]
login/pass: separate include to parse user input
Allow reuse with different form input.
Mischa POSLAWSKY [Sat, 9 Jun 2018 03:09:06 +0000 (05:09 +0200)]
login/edit: labeled fields with login and full name
Mischa POSLAWSKY [Thu, 14 Jun 2018 08:59:49 +0000 (10:59 +0200)]
login/edit: target user data distinct from login
Prepare for admin control.
Mischa POSLAWSKY [Sat, 9 Jun 2018 00:48:01 +0000 (02:48 +0200)]
login/edit: admins can access other users
Mischa POSLAWSKY [Sat, 9 Jun 2018 02:15:01 +0000 (04:15 +0200)]
login/edit: generic column configuration
Support other fields besides email.
Mischa POSLAWSKY [Sat, 9 Jun 2018 01:06:14 +0000 (03:06 +0200)]
login/edit: initial code cleanup to prepare for other columns
Mischa POSLAWSKY [Sat, 9 Jun 2018 03:08:15 +0000 (05:08 +0200)]
login/edit: rename setmail include for generic profile editor
Mischa POSLAWSKY [Sat, 9 Jun 2018 00:07:48 +0000 (02:07 +0200)]
login/visits: read and prefer configured user names
Mischa POSLAWSKY [Fri, 8 Jun 2018 23:59:19 +0000 (01:59 +0200)]
login/visits: store user data in extensible hash
Prepare for other user details.
Mischa POSLAWSKY [Sat, 9 Jun 2018 00:17:17 +0000 (02:17 +0200)]
login/visits: list users without log entry
Show unseen users as well.
Mischa POSLAWSKY [Fri, 8 Jun 2018 22:50:33 +0000 (00:50 +0200)]
page: set placeholder after page script
User may be set or changed by login.
Mischa POSLAWSKY [Fri, 8 Jun 2018 22:05:43 +0000 (00:05 +0200)]
nieuws: archive pages by year only
Mischa POSLAWSKY [Wed, 2 May 2018 15:05:18 +0000 (17:05 +0200)]
nieuws: placeholder script to show articles
Can replace homepage controller to inline latest news.
Mischa POSLAWSKY [Sat, 5 May 2018 16:24:04 +0000 (18:24 +0200)]
login: replace page controllers by placeholders
Mischa POSLAWSKY [Wed, 2 May 2018 15:23:19 +0000 (17:23 +0200)]
page: placeholder options
Target name can be followed by whitespace for additional configuration.
Syntax "name=value" will be applied to global GET (overriding user input).
Otherwise a /subpath will be appended to local page Args.
Mischa POSLAWSKY [Wed, 2 May 2018 12:52:16 +0000 (14:52 +0200)]
page: include scripts from placeholders
Mischa POSLAWSKY [Fri, 8 Jun 2018 16:47:55 +0000 (18:47 +0200)]
page: apply placeholder replacement to all page output
Mischa POSLAWSKY [Fri, 8 Jun 2018 15:59:51 +0000 (17:59 +0200)]
page: include controllers from index.php
Replace page code by directory handlers. Essentially the same,
preparing for upcoming placeholder includes.
Mischa POSLAWSKY [Fri, 20 Apr 2018 06:46:09 +0000 (08:46 +0200)]
nieuws: treat years before 2000 as single page
Mischa POSLAWSKY [Fri, 20 Apr 2018 06:30:47 +0000 (08:30 +0200)]
nieuws: support zero month for unknown dates
Mischa POSLAWSKY [Thu, 19 Apr 2018 16:03:33 +0000 (18:03 +0200)]
nieuws: parse date using single regexp
Equivalent but easier to maintain.
Mischa POSLAWSKY [Thu, 19 Apr 2018 16:03:33 +0000 (18:03 +0200)]
nieuws: drop prompt for article (back)date
Much easier to use. In rare cases where custom dates are wanted,
pages can still be created manually.
Requested-by: Arie van Marion
Mischa POSLAWSKY [Thu, 19 Apr 2018 16:03:33 +0000 (18:03 +0200)]
nieuws: port excelsior toc and year filtering
Mischa POSLAWSKY [Wed, 4 Oct 2017 23:04:11 +0000 (01:04 +0200)]
nieuws: dynamic article system
Copied from lijtweg site
v2.4-25-g7cfaa2f8d4 (2017-10-05).
Simple js to create pages in /nieuws/year/month/day-title.html
and overview to concatenate them chronologically.
Mischa POSLAWSKY [Fri, 8 Jun 2018 16:18:06 +0000 (18:18 +0200)]
login/visits: user details moved to /profile
Broken since commit
v2.5-5-g6236e7cb8d (2018-04-25)
[login: store user data in /profile directory].
Mischa POSLAWSKY [Wed, 2 May 2018 12:39:52 +0000 (14:39 +0200)]
page: replace missing placeholders by warning
Mischa POSLAWSKY [Thu, 26 Apr 2018 21:05:19 +0000 (23:05 +0200)]
page: replace placeholders dynamically
Instead of substituting known variables, search contents for placeholders
for identical results but allowing for additional options.
Mischa POSLAWSKY [Wed, 25 Apr 2018 12:02:25 +0000 (14:02 +0200)]
page: provide abort function from edit
Move to allow reuse on other pages.
Mischa POSLAWSKY [Wed, 25 Apr 2018 12:03:06 +0000 (14:03 +0200)]
login: match posted input in user name value
Cookie value could still be shown after post, due to partial fix in commit
v2.5-1-g4c8b6c0ab0 (2018-04-20) [exclude cookie data from user name default].
Mischa POSLAWSKY [Tue, 24 Apr 2018 23:01:21 +0000 (01:01 +0200)]
page: prefer named template in parent directory
Temporary hack to support local override of login page
outside of common symlink.
Mischa POSLAWSKY [Sat, 21 Apr 2018 13:09:21 +0000 (15:09 +0200)]
login: link to form to send password reset mail
Mischa POSLAWSKY [Tue, 24 Apr 2018 22:07:18 +0000 (00:07 +0200)]
login/pass: allow token instead of login
Only on this page a code can be used instead of valid user
in case password was forgotten.
Mischa POSLAWSKY [Tue, 24 Apr 2018 22:27:40 +0000 (00:27 +0200)]
login: move admin pages into /login
Permissions should be checked per page, and can make more distinctions than
boolean admin. Also one dir less to symlink.
Mischa POSLAWSKY [Tue, 24 Apr 2018 22:21:59 +0000 (00:21 +0200)]
login: store user data in /profile directory
Dedicate /login to related pages, avoiding conflicts with user names.
Mischa POSLAWSKY [Sat, 21 Apr 2018 12:45:35 +0000 (14:45 +0200)]
login: elongate logout message
Mischa POSLAWSKY [Sat, 21 Apr 2018 12:37:27 +0000 (14:37 +0200)]
login: templating support for warning message
Mischa POSLAWSKY [Fri, 20 Apr 2018 13:59:43 +0000 (15:59 +0200)]
admin/commits: test for popen availability
System calls can be disabled in PHP ini.
Mischa POSLAWSKY [Fri, 20 Apr 2018 13:44:50 +0000 (15:44 +0200)]
login: exclude cookie data from user name default
Apparently included in $_REQUEST in Xenat's PHP environment.
Mischa POSLAWSKY [Tue, 12 Dec 2017 21:49:42 +0000 (22:49 +0100)]
admin/visits: list entries of last logins
Mischa POSLAWSKY [Fri, 22 Dec 2017 23:57:49 +0000 (00:57 +0100)]
login: include form to set email address
Mischa POSLAWSKY [Fri, 22 Dec 2017 23:16:11 +0000 (00:16 +0100)]
login: prevent admin contents on profile subpages
Mischa POSLAWSKY [Fri, 22 Dec 2017 23:02:32 +0000 (00:02 +0100)]
login: move logged in message to static contents
Allow site customisation.
Mischa POSLAWSKY [Fri, 22 Dec 2017 22:49:13 +0000 (23:49 +0100)]
admin/pass: form to change current password
Mischa POSLAWSKY [Fri, 22 Dec 2017 22:37:30 +0000 (23:37 +0100)]
auth: reusable functions for password verification
Page to change passwords will need to run the same code.
Mischa POSLAWSKY [Tue, 12 Dec 2017 22:06:58 +0000 (23:06 +0100)]
admin: disallow access to unauthorised visitors
Regardless of login include, this page can now be retrieved separately
so needs its own user check.
Mischa POSLAWSKY [Tue, 12 Dec 2017 22:03:30 +0000 (23:03 +0100)]
login: move admin contents to separate page
Separates text from code and makes it more manageable.
Mischa POSLAWSKY [Tue, 12 Dec 2017 21:35:52 +0000 (22:35 +0100)]
login: introduction for admin users
Mischa POSLAWSKY [Tue, 12 Dec 2017 20:56:28 +0000 (21:56 +0100)]
admin/commits: smaller page size on login
Option ?pagesize to customise. Prefer later page number on change.
Mischa POSLAWSKY [Tue, 12 Dec 2017 20:53:55 +0000 (21:53 +0100)]
admin/commits: link dedicated page if included elsewhere
First page only at login overview.
Mischa POSLAWSKY [Tue, 12 Dec 2017 21:02:12 +0000 (22:02 +0100)]
login: include commits page for admins
Mischa POSLAWSKY [Tue, 12 Dec 2017 20:40:56 +0000 (21:40 +0100)]
admin/commits: order navigation links chronologically
Start with reoccurring link back to keep consistent placement.
Mischa POSLAWSKY [Tue, 12 Dec 2017 20:09:11 +0000 (21:09 +0100)]
admin/commits: page indication and navigation
Mischa POSLAWSKY [Tue, 12 Dec 2017 19:36:59 +0000 (20:36 +0100)]
admin/commits: page to list last git log messages
Mischa POSLAWSKY [Mon, 27 Nov 2017 23:38:16 +0000 (00:38 +0100)]
auth: support unhashed passwords
String comparison for anything not starting with dollar (which identifies
all modern crypts) to keep originals for later resend (deliberate user
friendliness over security).
Mischa POSLAWSKY [Sat, 21 Oct 2017 00:05:26 +0000 (02:05 +0200)]
page: show edit link for new pages
Only existing files can be writable. Otherwise parent directory should be
checked (recursively), but just assume unrestricted permissions for now.
Mischa POSLAWSKY [Sat, 21 Oct 2017 00:05:49 +0000 (02:05 +0200)]
edit: recursively create missing directories
Mischa POSLAWSKY [Fri, 6 Oct 2017 11:48:53 +0000 (13:48 +0200)]
login: preserve input value after failure
Mischa POSLAWSKY [Wed, 4 Oct 2017 22:58:16 +0000 (00:58 +0200)]
consistently use empty() to check user existence
Succinct without causing PHP notices even for array access.
Mischa POSLAWSKY [Wed, 4 Oct 2017 22:43:30 +0000 (00:43 +0200)]
login: save user access details to last.log
Mainly to check time of last successful login, with ip address and browser
to help debugging client issues (matching earlier data in forum columns
users.lastontime, users.lastip, users.useragent).
Mischa POSLAWSKY [Wed, 4 Oct 2017 22:34:11 +0000 (00:34 +0200)]
login: derive user permissions from .admin file
Replaces site-specific name exceptions.
Mischa POSLAWSKY [Tue, 3 Oct 2017 01:41:10 +0000 (03:41 +0200)]
edit: save changes as git commit
Assume direct access to repository if .git is writable, which is preferable
to daily crons to save authors and reedits.
Mischa POSLAWSKY [Wed, 4 Oct 2017 22:24:38 +0000 (00:24 +0200)]
login: log authenticated user in apache note
Allows user names to be logged instead of %u using LogFormat "%{user}n".
Mischa POSLAWSKY [Mon, 2 Oct 2017 20:45:09 +0000 (22:45 +0200)]
page: link user name in header bar to login page
Feature logout option.
Mischa POSLAWSKY [Mon, 2 Oct 2017 20:38:19 +0000 (22:38 +0200)]
login: separate include for unauthorised form
Static page for user contents to match edit.
Mischa POSLAWSKY [Mon, 2 Oct 2017 20:24:53 +0000 (22:24 +0200)]
login: store passwords in separate user files
Instead of unneeded .htpasswd compatibility, move password hashes into
simple login/$username/.passwd files.
Mischa POSLAWSKY [Sun, 17 Sep 2017 00:46:13 +0000 (02:46 +0200)]
login: show user after login; explicit option for logout
Mischa POSLAWSKY [Mon, 2 Oct 2017 19:59:12 +0000 (21:59 +0200)]
login: move title to static page
Allows custom introduction.
Mischa POSLAWSKY [Mon, 2 Oct 2017 00:12:00 +0000 (02:12 +0200)]
page: override request by given script path
Support direct requests of page.php/path for internal redirects.
Mischa POSLAWSKY [Fri, 29 Sep 2017 12:11:11 +0000 (14:11 +0200)]
edit: enable image uploads in ckeditor
Mischa POSLAWSKY [Fri, 29 Sep 2017 12:08:26 +0000 (14:08 +0200)]
edit: store file uploads to data/$year/
Mischa POSLAWSKY [Fri, 29 Sep 2017 12:02:14 +0000 (14:02 +0200)]
edit: extend abort() to output success messages
Mischa POSLAWSKY [Fri, 29 Sep 2017 11:11:10 +0000 (13:11 +0200)]
edit: replace double linebreaks by paragraphs
Works within lists, so currently the only workaround in CKEditor to create
multiple paragraphs for a list item.
Mischa POSLAWSKY [Fri, 29 Sep 2017 11:06:04 +0000 (13:06 +0200)]
edit: paste limited html, enforce filter on all events
Recent feature for more advanced restrictions, allowing rich text without
unwanted styling attributes. Unfortunately, the filter is not applied for
"internal" sources which apparently includes Word in Linux, so manually
execute for any contaminated contents.
Mischa POSLAWSKY [Thu, 28 Sep 2017 01:40:05 +0000 (03:40 +0200)]
edit: replace save confirmation by page close protection
Warn about exceptional unsaved changes (save pending or forgotten),
not about common save results.
Mischa POSLAWSKY [Thu, 28 Sep 2017 02:01:34 +0000 (04:01 +0200)]
edit: drop underline/strike from ckeditor toolbar
Should be used to mark insertions and deletions, but probably too technical
to warrant an accessible spot.
Mischa POSLAWSKY [Thu, 28 Sep 2017 01:16:07 +0000 (03:16 +0200)]
edit: drop rare options from ckeditor toolbar
- ShowBlocks not really interesting for simple structures; would be useful
for floating sections but these aren't supported.
- Anchor once used for article links, replaced by proper pages.
- RemoveFormat now done automatically on paste.
- Sourcedialog reordered at end since it's a last resort.
Mischa POSLAWSKY [Thu, 28 Sep 2017 00:47:51 +0000 (02:47 +0200)]
edit: copy page stylesheet for ckeditor contents
Replace hardcoded link specific to Excelsior by a generic solution.
Mischa POSLAWSKY [Tue, 19 Sep 2017 00:49:16 +0000 (02:49 +0200)]
page: omit edit link if unwritable
Mischa POSLAWSKY [Wed, 27 Sep 2017 22:59:28 +0000 (00:59 +0200)]
page: redirect to login on access denial
Mischa POSLAWSKY [Tue, 19 Sep 2017 00:43:19 +0000 (02:43 +0200)]
login: optionally redirect to ?goto
Upcoming feature to continue from forbidden requests.
Mischa POSLAWSKY [Mon, 18 Sep 2017 23:41:36 +0000 (01:41 +0200)]
edit: static edit link
Replace existing html instead of delayed append.
Mischa POSLAWSKY [Mon, 18 Sep 2017 23:33:35 +0000 (01:33 +0200)]
page: replace login placeholder by precomposed paragraph
Prepare for more elaborate user details.
Mischa POSLAWSKY [Sat, 16 Sep 2017 16:08:39 +0000 (18:08 +0200)]
page: save granted access for admin options
Page code will want to show encountered restrictions.
Mischa POSLAWSKY [Sat, 16 Sep 2017 15:41:40 +0000 (17:41 +0200)]
page: restore error display in page includes
Successful executions should not be silenced.
Mischa POSLAWSKY [Sat, 16 Sep 2017 15:11:46 +0000 (17:11 +0200)]
page: save document root for includes during shutdown
Current directory is unavailable in fatal error handler.
Mischa POSLAWSKY [Sat, 16 Sep 2017 15:11:03 +0000 (17:11 +0200)]
page: catch triggered php errors
Mischa POSLAWSKY [Sat, 16 Sep 2017 14:14:41 +0000 (16:14 +0200)]
page: silence php reporting of handled fatal errors
Prevent duplicate output.
Mischa POSLAWSKY [Sat, 16 Sep 2017 14:06:36 +0000 (16:06 +0200)]
page: .private to restrict access to subdirectories
Mischa POSLAWSKY [Sat, 16 Sep 2017 13:57:10 +0000 (15:57 +0200)]
page: unconditional declaration of getoutput()
Move up front to allow usage in fail() error handler.
Mischa POSLAWSKY [Fri, 15 Sep 2017 19:59:53 +0000 (21:59 +0200)]
edit: ignore html elements in sentence wrapping
Assume whitespace is safe to be wrapped anywhere. Exceptions could still
occur inside of tags, but deemed very unlikely. Rather have large code
blobs be counted as separate characters.
Mischa POSLAWSKY [Fri, 15 Sep 2017 18:54:24 +0000 (20:54 +0200)]
page: write edit includes from common script
Enforce on all sites, appending (editable) footer.html instead for
site-specific contents.
Mischa POSLAWSKY [Fri, 15 Sep 2017 17:33:50 +0000 (19:33 +0200)]
page: strip nested placeholder indicators
Allow replacements within replacements.
Mischa POSLAWSKY [Fri, 15 Sep 2017 17:32:23 +0000 (19:32 +0200)]
page: prefer page template from script root
Allow different defaults for prepending scripts.