http://pear.php.net/
pear-webmaster@lists.php.netpear-webmaster@lists.php.neten-usPEAR: Latest releases for krausbnThe latest releases for the PEAR developer krausbn (Björn Kraus)LiveUser 0.16.14
http://pear.php.net/package/LiveUser/download/0.16.14/
QA release<br />
Bug #9517 Config Parameter permContainer=>storage=>PDO=>prefix doesn't work dufuz<br />
Bug #13014 PHP Warning on setcookie() dufuz<br />
Bug #13154 Example 4:schema validation error dufuz<br />
Bug #13391 example 5 - MDB2_Schema Error in demodata.xml dufuz<br />
Bug #13650 Examples (demodata script) problem dufuz<br />
Doc Bug #14954 mention ACL in the description/documention kguest<br />
Bug #15126 Assigning the return value of new by reference is deprecated doconnor<br />
Bug #15127 Parse error: syntax error, unexpected T_RETURN in ./LiveUser/Perm/Storage/Cache doconnor<br />
Bug #17723 Patch: Avoid ereg in favor of preg_match olleolleolle
2010-10-15T14:32:00-05:00doconnorLiveUser 0.16.13
http://pear.php.net/package/LiveUser/download/0.16.13/
- #9418: Initialization for example 5 wrong<br />
- #9575: Example trips over MySQL boolean/int<br />
- #9581: Add support for session.cookie_httponly
2008-01-28T03:29:59-05:00arnaudLiveUser 0.16.12
http://pear.php.net/package/LiveUser/download/0.16.12/
- wrong use of pdo fetch method, when no result could be fetched it returns<br />
false with no error. Swith to using fetchAll and check for an empty array<br />
- we cannot decrypt most of the encryption method used by the hash extension so<br />
we default to returning the unmodified string<br />
- the wrong variable was used to report the type of permission container when an<br />
error occured<br />
- push an error on the stack when the encryption method cannot be found<br />
- make sequence columns primary key<br />
- properly disconnect the pdo object<br />
- make it possible to set the status message mapping<br />
- register options for create (Bug #7704)<br />
- use the hash extension if it is present for the password encryption<br />
- refactored decryptPW() and encryptPW() into static methods in the LiveUser class<br />
- force null instead of false for PDO fetch() calls that return empty sets<br />
- fixed logging into example1<br />
- debug => false in conf doesn't work (Bug #7564; thx to Matthias)<br />
- added support for user defined handle fields<br />
in DB, MDB, MDB2 and PDO containers you can set a list of fields in your auth<br />
container storage config, default is 'handle', example:<br />
'handles' => array('handle', 'auth_user_id', 'email')<br />
these fields are now used to find the right user on login (Request #7781)<br />
- fixed LiveUser::decryptPW(): added missing third parameter 'secret'<br />
- check if safe_mode is enabled in fileExists() to determine what algo to use (Bug #8296)
2006-08-22T13:34:20-05:00lsmithLiveUser 0.16.11
http://pear.php.net/package/LiveUser/download/0.16.11/
- parse error typo fix in PEARAuth container (bug #6968)<br />
- minor improvements to the phpdoc comments in PEARAuth container<br />
- use ugly fopen() hack in fileExists()<br />
http://marc.theaimsgroup.com/?l=pear-dev&m=114148949106207&w=2<br />
- changed API for readuserData(), auth_user_id parameter now contains the<br />
auth_user_id to use<br />
- login() now supports passing in an auth_user_id instead of the handle/password<br />
- made stack property public<br />
- typo fix in PDO container readImplyingRights() method (bug #7195)<br />
- expanded error handling in Log instance creation<br />
- handle if no proper credentials where passed to readUserData() (bug #7262)<br />
- replace isset() with array_key_exists() where applicable<br />
- disable __autoload() in class_exists() calls (bug #7304)<br />
- brought property names in line s/rights/right_ids *BC break*<br />
- MDB2_Schema 0.5 and MDB2 2.0.1 handles nulls in schema files properly so<br />
there is no need to disable MDB2_PORTABILITY_EMPTY_TO_NULL in the installer
2006-04-19T04:44:56-05:00lsmithLiveUser 0.16.10
http://pear.php.net/package/LiveUser/download/0.16.10/
- Do not include Cache.php since its only a concept and not implemented yet<br />
- fixed serious issue with right reading in the Medium and Complex container<br />
- right_level may not be null in schema (use default if not explicitly set)<br />
- phpdoc improvements<br />
- bumped dependency for MDB2 to first stable release<br />
- added missing optional dependency on mcrypt<br />
- made admin user a superadmin in example4<br />
- bumped copyright to 2006
2006-02-27T13:17:51-05:00lsmithLiveUser 0.16.9
http://pear.php.net/package/LiveUser/download/0.16.9/
This releases fixes a minor security issue that is limited to the optional<br />
remember me feature. This issue was report to us by GulfTech Security Research.<br />
<br />
The issue would allow an attacker to determine the existance of files inside the<br />
file system, as well as being able to delete files:<br />
- if the relativ path is shorter than 32 characters (including a null<br />
byte)<br />
- if null bytes are handled inside the "_COOKIE" superglobal, for example<br />
through usage of magic_quotes_gpc, the issue becomes essentially limited to<br />
files ending with ".lu".<br />
<br />
All installations using the remember me feature are strongly urged to update.<br />
This release also changes some other aspects including a BC break so developers<br />
can optionally patch their current installations from the changes in the<br />
following commit:<br />
http://cvs.php.net/viewcvs.cgi/pear/LiveUser/LiveUser.php?r1=1.148&r2=1.149&diff_format=u<br />
<br />
- fixed major bug in PEARAuth container: auth_user_id is not an optional property<br />
- added passwordEncryptionMode and secret to phpdoc comment<br />
- made cryptRC4() method public to match usage in auth common in the client and admin api<br />
- fixed handling of the secret user defineable property (bug #6551)<br />
- added support for user_group_ids (bug #6517)<br />
- allow grouprights and groupusers table to join eachother<br />
- updateProperty doesn't update the session (bug #6612)<br />
- renamed "connection" config option to "dbc" *BC BREAK*<br />
- cleaned up and unified init() in the storage classes<br />
- added example for dumping SQL to a file to installer<br />
- add support for force_seq to installer<br />
- removed allowDuplicateHandles and allowEmptyPasswords options, they are now<br />
handled through the table definition in the given Globals.php (overwriteable<br />
via the config array) *BC BREAK*<br />
- initial untested support for PDO in the installer<br />
- added examples for setting length and defaults to installer<br />
- use overwrite when unlink is enabled in the installer<br />
- reworked handling of merging user with group rights *BC BREAK*<br />
When using the Medium or Complex container a user may gain rights through direct<br />
assignment or through membership in a group that has rights assigned. The user<br />
and group rights are merged with the following logic:<br />
* if the right is only assigned to a member group but not the user the right is<br />
available to the user at the level at which the group has the right<br />
* if the right is only assigned to the user at a level greater than zero but not<br />
to a member group the right is available to the user at the level at which<br />
user has the right<br />
* if the right is only assigned to the user at a level equal to zero but not<br />
to a member group the right is available to the user at the level at which<br />
user has the right<br />
* if the right is only assigned to the user at a level lower than zero but not<br />
to a member group then the right is unavailable to the user<br />
* if the is assigned to a member group and the user and the level at which the<br />
user has the right is greater than zero, then the right is available to the<br />
user at higher level of the two<br />
* if the is assigned to a member group and the user and the level at which the<br />
user has the right is equal to zero, then the right is unavailable to the user<br />
* if the is assigned to a member group and the user and the level at which the<br />
user has the right is lower than zero, then the right is available to the<br />
user at the minimum of the group assigned level and the addition of the<br />
negativ user level and the maximum level<br />
Example:<br />
The user as the following right_id => level pairs<br />
array<br />
1 => 3<br />
2 => -2<br />
3 => 0<br />
5 => -1<br />
<br />
The groups he is a member of have the following right_id => level pairs<br />
array<br />
1 => 1<br />
2 => 3<br />
3 => 3<br />
4 => 2<br />
<br />
The final right_id => level pairs are as follows<br />
array<br />
1 => 3 // user has a higher level (3) than the group level (1)<br />
2 => 1 // 3 - 2 means a maximum possible level of 1<br />
4 => 2 // only group has the right at level 2<br />
5 => 2 // only user has the right at level 3 - 1 = 2
2006-02-21T14:38:18-05:00lsmithLiveUser 0.16.8
http://pear.php.net/package/LiveUser/download/0.16.8/
- clearer status and error messages<br />
- fix a bug with the passed Log object being discarded<br />
- extra debug info when the auth container is instantiated<br />
- more helpful error message when the class cannot be loaded<br />
- make the PEAR::Auth wrapper use the passed handle and password<br />
- fixed phpdoc typo in singleton method (bug #5668)<br />
- fixed ability to call singleton() with only the conf parameter set, even if<br />
singleton was never called before (bug #5669)<br />
- fixed issue in factoryStorage() that would lead to modifying the config array (bug #5526)<br />
- added ability to disable executing the sql commands on installSchema()<br />
- set status after logging out not before<br />
- tweaked error messages for failed factory method calls<br />
- fix for calling singleton without a signature string (bug #5905)<br />
- attempt at checking if it is safe to start the session, add an error to the stack if not and return<br />
- minor performance tweak in login()<br />
- reordered code inside login() to make onFailedMapping events more powerful<br />
- improved handling of INACTIVE status<br />
- stop using backendArrayIndex infavor of containerName property in the auth instance<br />
- removed loginTimeout feature (disable lastlogin if you are concerned about<br />
the cost of updating the lastlogin time)<br />
- handle option user data properties in readUserData() in the PEAR::Auth wrapper<br />
- added a few return true's for method that returned void so far<br />
- tons of phpdoc and whitespace fixes and additions<br />
- add missing css file in example5<br />
- only read remember me cookie in login() if remember was passed as true (bug #6215)<br />
- handle and password are passed to reeadUserData in the PEARAuth container<br />
- reworked file loading in loadClass() to work around issues in safe_mode with<br />
LiveUser::fileExists() (bug #6226)<br />
- moved all explict handling of logout() and login() out of the init() method *BC BREAK*<br />
- made setRememberCookie(), readRememberCookie() and deleteRememberCookie public<br />
- setRememberCookie() no longer accepts a remember parameter<br />
- added PDO backend and optional pdo based config for example5
2005-12-21T06:27:16-05:00lsmithLiveUser 0.16.7
http://pear.php.net/package/LiveUser/download/0.16.7/
- typo fix getMessage => getMessage() (bug #5283)<br />
- added parameter to unlink backup file to force new creation in installSchema()<br />
- fixed join points in implied_rights table in the perm Globals.php<br />
- removed unnecessary join in readUserRights() of the database containers<br />
- removed autoInit (all init() manually instead) *BC BREAK*<br />
- reworked log/debug handling (there is a new 'debug' conf option which can<br />
either be a bool or a log instance)<br />
- made the log property public which made it possible to remove addErrorLog()<br />
- renamed loadPEARLog() to PEARLogFactory and reworked it to return a Log<br />
instance as a static method<br />
- added an optional signature parameter to singleton() instead of using the<br />
handle/password/confName parameters (which no longer exist) *BC BREAK*<br />
- made login() and logout() public<br />
- made freeze() private<br />
- prefixed all private properties/methods with an underscore
2005-10-10T06:53:15-05:00lsmithLiveUser 0.16.6
http://pear.php.net/package/LiveUser/download/0.16.6/
- various fixes to the Session auth container<br />
- various fixes to the PEARAuth auth container<br />
- added error handler and more comments to the install.php<br />
- removed updateLastLogin option<br />
- delete remember me cookie in all error cases while reading the remember me cookie<br />
- cosmetic fixes to the examples in demodata.php<br />
- (re-)added example5 (more or less the same as example4)
2005-09-02T08:43:24-05:00lsmithLiveUser 0.16.5
http://pear.php.net/package/LiveUser/download/0.16.5/
- fixed bugs related to is_active handling (resulting in users being able to<br />
login that are set to in active!) *SECURITY ISSUE*<br />
- fixed bug in getProperty() that would make it impossible to fetch the values<br />
of internal config properties (bug #5110)<br />
- pass the storage config array by ref after all
2005-08-17T08:26:53-05:00lsmith