Renato Botelho
340ce958d9
Add an extra protection to avoid having an empty group created
2014-11-13 09:10:44 -02:00
Ermal
c7f5b55a28
Actually require group name!
2014-11-11 21:36:57 +01:00
Ermal
baca968c29
Do not do operations for empty group members
2014-11-11 21:35:29 +01:00
Chris Buechler
41367b9c2a
remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.
2014-11-04 18:34:03 -06:00
Renato Botelho
dd030de935
Detect when protocol changes and invalidate session to get a new cookie with secure flag set according. It fixes #3714
2014-07-18 14:18:50 -03:00
Renato Botelho
16789caa90
Always set httponly attribute on cookies
2014-06-18 07:38:24 -03:00
Renato Botelho
526f5b114a
Add comment I forgot on last commit
2014-06-17 14:28:00 -03:00
Renato Botelho
8588095f85
Re-generate session ID on a successful login to avoid session fixation
2014-06-17 14:27:00 -03:00
Renato Botelho
6f3d20631d
Replace Header() calls by lowercase
2014-06-13 08:59:57 -03:00
Renato Botelho
7f7626ba44
Merge branch 'master-br' of https://github.com/ayvis/pfsense into ayvis-master-br
2014-03-17 11:17:29 -03:00
Chris Buechler
0734024c9e
standardize URLs
2014-03-14 19:28:10 -05:00
ayvis
8cd558b61b
xhtml Compliance
...
replaced <br>, <br/> and </br> with <br />
2014-03-14 21:24:03 +01:00
Ermal
aa205c3b69
Rmoeve register_long_arrays from php.ini and from php code the use of HTTP_*_VARS as its deprecated and luckily low use in pfSense to win memory and compativility
2013-12-20 22:08:34 +00:00
Renato Botelho
2b41df9c4d
Provide a more safe way to avoid pw userdel being interactive because of a crontab existance
2013-11-14 15:54:05 -02:00
Renato Botelho
0f84dee3eb
Revert "local_sync_accounts: provides empty STDIN to pw userdel command"
...
This reverts commit c6b156bfa5
.
2013-11-14 15:54:05 -02:00
Ky-Anh Huynh
c6b156bfa5
local_sync_accounts: provides empty STDIN to pw userdel command
...
The /usr/sbin/pw command may wait for user input. For example,
if there is a manual crontab settings for :foobar account, then
when this account is requested to be deleted, the command will
ask if user wants to delete crontab settings for the account.
Because the command waits for user input, the boot process will
hang at the "Synchronizing user settings..." step, unless user
presses any key.
To avoid this problem, we use the /bin/echo command to give
empty input for /usr/bin/pw command. This is an alternative of
typing "no" or "n".
This is a not the best way. Maybe closing STDIN is good. Or
force users to change account settings from webUI.
See also #852 (pull request). Renato Botelho points out that
"pw userdel" will call "crontab -u %user -r" that is interative.
"pw groupdel" will never be interative, though.
2013-11-13 06:29:53 +07:00
Renato Botelho
23b5b16ac6
Revert "Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294 "
...
This reverts commit b1e5a286bb
.
2013-11-02 08:48:05 -02:00
Renato Botelho
b1e5a286bb
Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294
2013-11-01 10:55:49 -02:00
jim-p
a5cd1c5a42
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227 . While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.
2013-07-17 10:13:08 -04:00
Ermal
23c652cd21
Ignore errors/warnings from these calls
2013-07-15 14:02:17 +00:00
jim-p
9f0bee025d
Include both dyndns and rfc2136 hosts in referer check
2013-07-02 16:58:08 -04:00
jim-p
fa08761224
Include RFC2136 hosts in DNS rebinding checks.
2013-07-02 16:58:07 -04:00
Andrew MacIsaac
3d3081ecbb
Set LDAP option to dereference aliases when searching
2013-04-02 11:36:23 -07:00
jim-p
3697adb236
Print the error message from LDAP in the log for a bind failure.
2013-03-06 08:37:27 -05:00
jim-p
bddd2be844
Add a knob in the GUI to set the RADIUS authentication timeout. Previous default was 3s, new is 5s. When using two-factor auth via external (e.g. phone), this needs to be set much higher, 60-120.
2013-02-13 15:55:55 -05:00
jim-p
b2a0a8e939
Something in the LDAP libraries has changed and it no longer likes spaces in the CA filename. Use the refid for the CA filename since it will always be unqiue, and it will never contain any spaces, unlike authname or the CA's descr.
2013-01-14 16:28:40 -05:00
Vinicius Coque
9656852187
Removing gettext from strins that should not be translated
2013-01-05 15:03:24 -02:00
Ermal
2004def595
Put these logs under debug since that's their purpose
2012-11-19 19:23:29 +00:00
Ermal
3ac8324f5b
Put these logs under debug since that's their purpose
2012-11-19 19:21:28 +00:00
PiBa-NL
9a98a89e79
authentication, don't log 'errors' on normal procedure
2012-11-18 14:10:19 +01:00
Ermal
eff0526e60
Not sure why this has been hidden so deep but putting that in the right place should help with error displayed related to HEADER already sent in PHP errors.log
2012-11-15 10:41:38 +00:00
Warren Baker
323dc2e792
Supress the error message if the ldap bind doesnt happen
2012-07-27 23:19:41 +02:00
jim-p
83e0d4c85c
Fix LDAP over IPv6 (works fine, just needed slight adjustment to URI)
2012-06-30 18:11:17 -04:00
Ermal
1492e02cb4
Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100
2012-06-05 19:37:45 +00:00
Ermal
88165371ef
Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326
2012-05-30 20:51:11 +00:00
jim-p
c886fed9ba
As suggested by wagonza, using SAMEORIGIN for X-Frame-Options is sufficient here, and does allow the traffic graphs to work. Fixes #2419
2012-05-15 11:44:38 -04:00
Scott Ullrich
babac37a3b
Add click jacking support. Ticket #2419
2012-05-10 11:51:09 -04:00
Warren Baker
49ddf9a10f
Handle HTTPOnly and Secure flags on cookies
2012-05-09 19:08:17 +02:00
Ermal
1cb94b24ef
Looking at pw code : chars are invalid in a comment fieldgit diff! Replace those to just space
2012-03-12 19:28:48 +00:00
Ermal
9252d093fa
Another try to eliminate the warning 'PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 47'
2012-02-08 07:59:09 +00:00
Erik Fonnesbeck
c28fae2fd1
Revert "Check if a session already exists to avoid errors issued by php on sesion_start being called on existing session"
...
This reverts commit 9b2de7e2a6
.
2012-02-07 22:32:41 -07:00
Ermal
9b2de7e2a6
Check if a session already exists to avoid errors issued by php on sesion_start being called on existing session
2012-02-07 20:35:51 +00:00
jim-p
6763033dd5
Include admin user in bootup account sync
2012-01-25 15:39:33 -05:00
jim-p
9fd145911d
Be more careful when creating and removing a user, to only alter a user if it really matches the passwd entry. Fixes #2066
...
pw usershow likes to ignore what you want even with -n and if the user is numeric and doesn't exist, it fetches by uid. Can cause major problems if you try to remove a numeric user.
2012-01-23 14:15:14 -05:00
smos
2ce660ad4d
Unbreak a number of explode() replacements which required preg_split()
2012-01-20 12:18:13 +01:00
smos
cfbfd9412b
The function split() is replaced by the function explode(). Starting with PHP 5.3 this is deprecated and with version 6 gone.
...
Replacing it surpresses all the warnings
2012-01-19 20:33:41 +01:00
jim-p
6ac18f9d11
mhash -> hash change from Ermal
2012-01-19 14:50:15 -05:00
Ermal
906daddcf5
Ticket #1052 . Merge patch referenced in ticket.
2011-11-14 13:42:32 +00:00
jim-p
9f27de6d2f
Do not pass the ldap port separately, but add it to the LDAP URL. PHP's ldap_connect() ignores the passed port parameter if the first parameter is a URL instead of a hostname.
2011-10-25 11:05:11 -04:00
jim-p
007e59d2bf
Include certs.inc before calling lookup_ca in auth.inc. Fixes #1927
2011-10-05 10:15:41 -04:00