After fixing the redirect code output, there are a lot of weirdnesses
with e.g. form handling. Try to add explicit redirect codes where
needed -- principly when handling a POST.
"Rememberme" logins aren't allowed to make changes to an account
(since cookie-stealing is too easy). Users have to re-authenticate.
Previously, it was impossible to do so without having a username and
password; this change lets you do it with OpenID, too.
Another gigantor PEAR coding standards patch. Here, I've moved the
opening curly bracket on a class statement to the following line.
darcs-hash:20081223194923-84dde-77a93de314caadbcb5b70bf346a4648be77a864e.gz
Another huge change, for PEAR code standards compliance. Function
headers have to be in K&R style (opening brace on its own line),
instead of having the opening brace on the same line as the function
and parameters. So, a little perl magic found all the function
definitions and move the opening brace to the next line (properly
indented... usually).
darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
Another global search-and-replace update. Here, I've replaced the PHP
keyword 'NULL' with its lowercase version. This is another PEAR code
standards change.
darcs-hash:20081223192129-84dde-4a0182e0ec16a01ad88745ad3e08f7cb501aee0b.gz
The PEAR coding standards decree: no tabs, but indent by four spaces.
I've done a global search-and-replace on all tabs, replacing them by
four spaces. This is a huge change, but it will go a long way to
getting us towards phpcs-compliance. And that means better code
readability, and that means more participation.
darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.
However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.
darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
Ran everything through php -l, found out that it didn't compile.
So: fixed the am-I-running-in-Laconica check at the top of each file.
Some syntax fixes in shownotice, showstream, common.
darcs-hash:20080517154701-84dde-8d38da89c5b9cb3b40704adb04a4de880c204181.gz
code to upload and change avatars.
combined some code in the settings area, too.
darcs-hash:20080517122045-84dde-8e13994e627805f29679c9533c2f62db81dc0925.gz