Miraty
e96d61703b
ns/sync.php: instant sync when adding new sync
2023-10-08 00:50:48 +02:00
Miraty
bb937526a7
check.php: use null coalescing operator ("??") more
2023-08-14 18:20:47 +02:00
Miraty
40e67b0c0c
declare(strict_types=1);
2023-07-17 21:15:18 +02:00
Miraty
1d856e1e2e
ns/sync: translations and bugfixes
2023-06-26 04:13:52 +02:00
Miraty
858d6e8d02
Add ns/sync and jobs/ns-syncs
2023-06-24 16:54:36 +02:00
Miraty
ccd17b7ffa
Clear entries in ssh-keys when deleting account
2023-06-21 22:08:57 +02:00
Miraty
973a129079
Add type in functions signatures
2023-06-20 00:36:58 +02:00
Miraty
7f7bcadb58
Fix important vulnerability in reg/ds.php + exescape
...
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.
This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
2023-06-19 02:15:43 +02:00
Miraty
e4ae765486
init.php + jobs + job to delete old testing accounts
2023-06-08 17:36:44 +02:00
Miraty
864f868890
Split accounts capabilities; Info about rate limit
2023-05-02 19:30:53 +02:00
Miraty
ad98060f9e
Fix deprecation notices
2023-02-07 22:25:16 +01:00
Miraty
3b97b3cc2f
Describe config.ini in DOCS/configuration.md
2023-01-26 16:22:03 +01:00
Miraty
6b1b3547c3
OpenSSL > libsodium, authenticate username, PHP 8.2+
2023-01-18 16:00:17 +01:00
Miraty
4f84025baf
Encrypt display username, with key in cookie
2023-01-07 23:11:44 +01:00
Miraty
73c137aaba
Split pages/ between pg-act/ and pg-view/
2022-12-20 21:17:03 +01:00
Miraty
ffd7e283a1
Simplify PDO use
2022-12-13 17:38:54 +01:00
Miraty
7a018e5a88
Trusted > approved, add approval.php, DB_PATH > DB
2022-12-10 18:19:37 +01:00
Miraty
9173336714
Check that account still exists when doing something
2022-11-30 23:38:02 +01:00
Miraty
f15681999b
Internal ID, Argon2 for usernames, username changes
2022-11-30 23:12:42 +01:00
Miraty
922f649a08
Use a hash as internal username
2022-11-26 21:45:48 +01:00
Miraty
567034b8fe
Fix regDeleteDomain security flaw + D regex modifier
...
regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain
2022-11-20 18:17:03 +01:00
Miraty
18d976217b
Use single quotes instead of double quotes
2022-11-20 15:11:54 +01:00
Miraty
14506ab9e2
Lower time_cost Argon2 param
2022-11-01 00:28:50 +01:00
Miraty
54c4f8ab68
Minor changes
2022-10-09 23:36:35 +02:00
Miraty
77f6dfaada
Token bucket rate limiting
2022-09-17 00:49:07 +02:00
Miraty
763762f08b
fn success/userError/serverError > output($code)
2022-09-15 19:18:48 +02:00
Miraty
17f6f486fc
Allow any unicode letter and number in user's values
2022-06-25 16:43:58 +02:00
Miraty
6dbc63a36a
Add form to delete account
...
Move service-specific deletion code to functions
2022-06-18 04:22:05 +02:00
Miraty
265097aa85
Use the query() function more
2022-06-12 01:31:16 +02:00
Miraty
d9440231ac
del-http-onion.php + query()
2022-06-11 23:42:48 +02:00
Miraty
6b602eb43f
Update auth forms
2022-06-10 21:14:47 +02:00
Miraty
fac61531dd
Create fn/ directory
2022-05-31 19:12:14 +02:00