aboutsummaryrefslogtreecommitdiffstats
path: root/admin/auth.php
AgeCommit message (Collapse)AuthorFilesLines
2021-09-27Fix incorrect parameter list for logout actionThomas Lange1-1/+1
2021-09-19Rename some session array keysThomas Lange1-1/+1
* Rename "auth" to "USER_ID" * Rename "token" to "CSRF_TOKEN"
2021-08-05Show error message if CSRF token does not matchesThomas Lange1-17/+17
Print an error message for various actions in the administration area if the security token is invalid, instead of silently preventing the user's desired action to perform if the token is invalid for some reason. This change applies for the delete actions on all entity types and also for the login action and the database command execution form; the forms for creating/modifying entities had already shown a CSRF error before.
2021-06-26Use const to define expressionless admin constantsThomas Lange1-1/+1
2021-06-22Implement new Repository and Entity classesThomas Lange1-5/+6
This commit adds new Repository and Entity classes which are better abstracted from the rest of the application. They dont know anymore about configuration options or how to parse to HTML because this is not the job for the ORM but for other parts of the application. The previous commits were a preparation for this big change. An entity now represents just a single record from a specific table of the database – nothing more. The repositories job is it to fetch or update records of the database and instantiate the entities. Another problem that was solved is the high amount of database queries that was needed before. For example, on the blogs home page first were all 10 latest post IDs fetched from the database and then another query was executed with "WHERE id = :id" for *each* single post?! ... This problem is solved with the new repository classes; they now use a single query to fetch and build the entities of the 10 latest posts. This change also solves the problem with database queries spread across the application and limits the exzessive use of try/catch blocks which were used before. The new classes make the whole code much cleaner. :)
2021-06-20Call password_verify directly in login scriptThomas Lange1-1/+2
2021-06-14Remove more redundant try/catch blocksThomas Lange1-23/+14
Remove all try/catch blocks where the exception handling did not differ from the exception handler already defined by "set_exception_handler".
2019-10-29Remove PHP closing tags and add LF to text filesThomas Lange1-1/+0
Remove the unnecessary PHP closing tags and ensure that *all* text files ending with a LF character.
2017-10-24Some comments have been updated, unnecessary whitespace at the end of some ↵Thomas Lange1-3/+2
files was removed and some missing PHP closing tags were added.
2017-09-02An unnecessary "else" block in admin/auth.php was removed and spelling ↵Thomas Lange1-21/+16
mistakes and inconsistencies in some comments were corrected.
2017-04-12Inconsistency in the admin template parameters fixed (this does not affect ↵Thomas Lange1-3/+1
any template parameters for the frontend templates).
2017-04-11The control structures "require_once" have been replaced by a simple ↵Thomas Lange1-1/+1
"require" (except within the 403.php and 404.php where it makes sense, because these files can be directly called or included).
2017-04-11Class "ExceptionHandler" has been removed and several files has been changed.Thomas Lange1-1/+1
2017-02-24Initial commit.v1.0Thomas Lange1-0/+86
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 12:38:55 +0000