Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-08 18:48:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,347 Commits 36 Branches 190 Tags
b8c88a214449d5129fd4c479249cfa7c2373d10d
Commit Graph

1506 Commits

Author SHA1 Message Date
Regis Houssin
1420692e53 Add: view last user and last entity in login page if cookie is enabled 2009-05-23 15:35:02 +00:00
Regis Houssin
23ce17b308 Add: entity cookie just used for the login page 2009-05-22 15:38:09 +00:00
Regis Houssin
6f163a94a8 Add: entity cookie just used for the login page 2009-05-22 15:24:32 +00:00
Laurent Destailleur
8e167d3f80 Qual: Now creation of session is done before the loading of conf. This make code much easier to understand. 2009-05-22 00:20:45 +00:00
Laurent Destailleur
fb0e668fc0 Qual: Now creation of session is done before the loading of conf. This make code much easier to understand. 2009-05-21 22:28:05 +00:00
Laurent Destailleur
e4090f63b1 Session name DOLSESSID_databasename is replace with DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used to name session because, to make code simpler, we will need to create session before the conf is loaded. This is also most secure because it is possible to use 2 dolibarr instances even if database names are same on two different mysql server. 
Add also comments on code to remember to simplify things.
 2009-05-21 21:37:45 +00:00
Laurent Destailleur
9d57b9ec71 Add message to avoid to search 2009-05-21 17:45:13 +00:00
Laurent Destailleur
9a38002c46 Session name DOLSESSID_databasename is replace with DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used to name session because, to make code simpler, we will need to create session before the conf is loaded. This is also most secure because it is possible to use 2 dolibarr instances even if database names are same on two different mysql server. 
Add also comments on code to remember to simplify things.
 2009-05-21 13:37:18 +00:00
Regis Houssin
ee350b7352 Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage aléatoire pour 
encryption du cookie
 2009-05-20 18:23:02 +00:00
Regis Houssin
3786711822 Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage aléatoire pour 
encryption du cookie
 2009-05-20 18:18:25 +00:00
Regis Houssin
1437913f39 Fix: remplace rand par mt_rand plus performant 2009-05-19 21:51:08 +00:00
Regis Houssin
572a89e1d3 Fix: protection faille CSRF 2009-05-19 21:08:17 +00:00
Regis Houssin
63cbd5a24e Fix: protection faille CSRF 2009-05-19 20:59:20 +00:00
Regis Houssin
91624baceb Add: a color picker 
Add: define a background color/image in mailing
 2009-05-19 13:27:44 +00:00
Regis Houssin
53d214fbea Fix: just use exit 2009-05-18 14:41:32 +00:00
Laurent Destailleur
0c74892580 New: Better link to help wiki 2009-05-18 11:40:33 +00:00
Laurent Destailleur
7125e40f8e Another try to make the CSRF test before the master.inc.php 2009-05-17 22:40:24 +00:00
Regis Houssin
e5d222b6cc Fix: régression sur l'utilisation des niveau du jeton, on test sur les 2 niveaux car 
comportement aléatoire avec certaines fonctions
 2009-05-17 08:01:54 +00:00
Regis Houssin
9f86fcc443 Fix: niveau aléatoire du jeton sur le confirm_form, on le sécurise que si il contient 
des données POST
 2009-05-16 16:51:09 +00:00
Regis Houssin
36c58c62fc Fix: ajout de log sur le refus du jeton 2009-05-16 16:12:09 +00:00
Regis Houssin
1d719e2317 Fix: ajout debug 2009-05-16 16:00:44 +00:00
Regis Houssin
c1c1f8a4d2 Fix: ajout d'un niveau supplémentaire du cache du jeton 2009-05-16 15:45:26 +00:00
Regis Houssin
7285270f1c Fix: DOL_MAIN_URL_ROOT est défini dans master.inc.php 2009-05-16 12:31:17 +00:00
Regis Houssin
2306a4c305 Fix: obsolete 2009-05-16 07:24:20 +00:00
Regis Houssin
3723bb350a Fix: on supprime le GET ET POST si la requete ne vient pas du serveur 2009-05-16 07:16:12 +00:00
Laurent Destailleur
3c49c6e5b7 Sec: Make CSRF test at the beginning. No functionnal code must be done if there is a security risk, so use just a return. Add test on a constant to remove test for some pages because this break a lot of features. 2009-05-16 06:31:59 +00:00
Regis Houssin
d3621e4593 Fix: ajout d'un jeton aléatoire dans les requetes POST 2009-05-15 13:59:49 +00:00
Regis Houssin
1ea80f4f57 Fix: protection faille CSRF !!! 2009-05-15 12:59:39 +00:00
Regis Houssin
d73aac6e4e Fix: creation et verification d'un jeton aléatoire afin de valider une requete POST, voici la ligne à ajouter dans une requete POST 
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 2009-05-15 12:48:13 +00:00
Regis Houssin
df37827eb7 Todo: faille CSRF -- creation d'un jeton aléatoire pour valider les requetes POST 2009-05-15 12:13:23 +00:00
Laurent Destailleur
5615a164fd Use a more specific picto for documentation help 2009-05-10 05:44:35 +00:00
Regis Houssin
f43d69faef Todo: utiliser $user->datelastlogin pour un cryptage aléatoire 2009-05-08 21:17:02 +00:00
Regis Houssin
149e232bd3 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Regis Houssin
865f6198e8 Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key 
configured in conf.php with $dolibarr_main_cookie_cryptkey
 2009-05-08 19:46:07 +00:00
Laurent Destailleur
b38fb205f6 Fix: Ajax popup now works on IE. 2009-05-08 19:27:39 +00:00
Laurent Destailleur
e007bc6079 Fix: Do no load language file with user choice if lang code is forced on URL 2009-05-08 15:40:33 +00:00
Laurent Destailleur
326cd8b227 All data from conf file are stored into conf->file->xxx 
Multicompany should be ok to logon with no breaking sessions when disabled
 2009-05-08 01:23:33 +00:00
Regis Houssin
81a5393e70 Todo: il faut qu'on trouve une autre solution, il n'y a que comme ca que la multicompany a un fonctionnement correct... 2009-05-07 16:11:57 +00:00
Regis Houssin
f1a5c6fae3 Fix: seul le superadmin peut changer la config de syslog 2009-05-07 09:06:57 +00:00
Laurent Destailleur
1e37d24bf4 Can make a link between a member and a user 2009-05-06 23:30:49 +00:00
Laurent Destailleur
672f75a4d7 Can disable prototype and scriptaculous 2009-04-27 19:50:39 +00:00
Regis Houssin
b33020c86a Fix: entity cookie connection 2009-04-23 15:48:58 +00:00
Regis Houssin
908e408750 Fix: create session and cookie for multi-company 2009-04-23 13:39:39 +00:00
Regis Houssin
260f762e97 Fix: create session and cookie for multi-company 2009-04-23 13:19:28 +00:00
Laurent Destailleur
47f255ea15 Fix: Correct broken install 2009-04-17 18:26:21 +00:00
Regis Houssin
c52636bd38 New: early development of multi-company module 2009-04-17 07:45:00 +00:00
Regis Houssin
94a5df6a2d New: early development of multi-company module 2009-04-15 20:09:43 +00:00
Laurent Destailleur
cd78a8db7b Minor changes 2009-03-13 13:12:43 +00:00
Laurent Destailleur
0cd67ded54 New: Some pages can link to wiki help pages 2009-03-09 11:54:06 +00:00
Laurent Destailleur
2da5a733eb New: Some pages can link to wiki help pages 2009-03-09 11:28:15 +00:00