added: config option:
// the way we behave when no_session_cookie_treshold limit is exceeded
// 0 - if a client doesn't send a session cookie again then use a temporary session
// (other sessions from this IP address are not affected)
// 1 - add this IP address to ban list and create a temporary session
// (this will block other sessions from this IP address too)
// default: 0
int no_session_cookie_ban_mode;
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@996 e52654a7-88a9-db11-a3e9-0013d4bc506e
added: possibility to ban if a client tries to hijack the session cookie
added: possibility to ban if a client did not send a session cookie
renamed: ezc functions:
login_cannot_login -> ipban_is_login_allowed_from_this_ip (and the return value was changed)
login_when_available_login -> ipban_current_ip_expires_time
added: config options:
// after how many broken encoded cookie we should ban the current IP
// default: 2 (value in the range <0 - 65535>)
size_t broken_encoded_cookie_treshold;
// after how many incorrect session identifiers (or session indices) we should ban the current IP
// do not set this value too low, as people connecting from the same IP address (from behind a NAT)
// would be banned if they have an old session cookie remembered in the browser
// default: 128 (value in the range <0 - 65535>)
size_t session_hijacking_treshold;
// after how many times a client will be banned if it did not send a session cookie
// default: 1000 (value in the range <0 - 65535>)
size_t no_session_cookie_treshold;
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e
if false that means the user has not set a password yet
(this can be used by a plugins to create a new account without a password set)
in order to login the user first has to set a new password
(this can be done from a some kind of activation link send via email etc)
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@954 e52654a7-88a9-db11-a3e9-0013d4bc506e
bool Login::LoginUser(const std::wstring & login, const std::wstring & password, bool remember_me,
bool use_ses_log, bool check_abuse)
default 'false' -- it test the time between GET and POST and the rebus (if exists)
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@905 e52654a7-88a9-db11-a3e9-0013d4bc506e
now after some incorrent login attempts your IP can be banned or blocked
(see new config variables)
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@902 e52654a7-88a9-db11-a3e9-0013d4bc506e
// try to use SSL
// if in the config 'use_ssl' is true and 'use_ssl_only_for_logged_users' is true
// then ssl is used only for logged users but sometimes there is a need to use
// SSL even if noone is logged (for example for such functions like 'login' or 'adduser')
// default: false
// (this option is ignored if 'use_ssl' in the config is false)
bool need_ssl;
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@892 e52654a7-88a9-db11-a3e9-0013d4bc506e
a user will be logged in
set PluginInfo::res to false (it is by default) to prevent logging the user
directly after this message (if you do not return false)
a WINIX_USER_LOGGED is sent
in p1 you have a pointer to User struct
(if at least one plugin returns false then the user will not be logged)
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@820 e52654a7-88a9-db11-a3e9-0013d4bc506e
other unicode white characters
25 characters -- without a new line character (10)
added: config option: account_need_email_verification
if true then when creating an account a user has to provide
his email address and a message with an activation link will be sent
back to him
added: 'pw' winix function (not finished yet)
at the moment only one parameter 'activate'
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@810 e52654a7-88a9-db11-a3e9-0013d4bc506e
it's nearly finished
now we are using three levels from Space (ConfParser)
- group set
- group
- values
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@773 e52654a7-88a9-db11-a3e9-0013d4bc506e
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
we have there two pointers:
Request * request;
Session * session;
these are the current request and the current session
the session GC was moved to SessionManager (was in SessionContainer)
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@708 e52654a7-88a9-db11-a3e9-0013d4bc506e
now we have app object and singletons are only: log logn plugin and app
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@628 e52654a7-88a9-db11-a3e9-0013d4bc506e