http://pear.php.net/
pear-webmaster@lists.php.netpear-webmaster@lists.php.neten-usPEAR: Latest releases for mahonoThe latest releases for the PEAR developer mahono (Matthias Nothhaft)LiveUser 0.16.14
http://pear.php.net/package/LiveUser/download/0.16.14/
QA release<br />
Bug #9517 Config Parameter permContainer=>storage=>PDO=>prefix doesn't work dufuz<br />
Bug #13014 PHP Warning on setcookie() dufuz<br />
Bug #13154 Example 4:schema validation error dufuz<br />
Bug #13391 example 5 - MDB2_Schema Error in demodata.xml dufuz<br />
Bug #13650 Examples (demodata script) problem dufuz<br />
Doc Bug #14954 mention ACL in the description/documention kguest<br />
Bug #15126 Assigning the return value of new by reference is deprecated doconnor<br />
Bug #15127 Parse error: syntax error, unexpected T_RETURN in ./LiveUser/Perm/Storage/Cache doconnor<br />
Bug #17723 Patch: Avoid ereg in favor of preg_match olleolleolle
2010-10-15T14:32:00-05:00doconnorLiveUser_Admin 0.4.0
http://pear.php.net/package/LiveUser_Admin/download/0.4.0/
QA release<br />
Bug #13233 Example1 error when importing data in DB<br />
Bug #11051 Seems class variable is not declared<br />
Bug #8424 incorrect handling of single column joins
2010-10-05T16:24:42-05:00doconnorLiveUser 0.16.13
http://pear.php.net/package/LiveUser/download/0.16.13/
- #9418: Initialization for example 5 wrong<br />
- #9575: Example trips over MySQL boolean/int<br />
- #9581: Add support for session.cookie_httponly
2008-01-28T03:29:59-05:00arnaudLiveUser_Admin 0.3.9
http://pear.php.net/package/LiveUser_Admin/download/0.3.9/
- pass debug parameter by ref to the constructor since it can be an object instance<br />
- updated API calls of getBeforeId() and getAfterId() in the storage classes<br />
- refactored decryptPW() and encryptPW() into static methods in the LiveUser class<br />
- force null instead of false for PDO fetch() calls that return empty sets<br />
- added static error push when a non array is passed to setSelectDefaultParams() (Request #7779)<br />
- use empty() instead of array_key_exists() in setSelectDefaultParams()<br />
- update of auth_user_id not possible via LiveUser_Admin::updateUser() (Bug #7975; thx to Matthias)<br />
- fixed incorrect handling of single column joins (Bug #8424)<br />
- better handling of '*' inside the field list together with explicit fields (Bug #7955)
2006-08-22T13:35:40-05:00lsmithLiveUser 0.16.12
http://pear.php.net/package/LiveUser/download/0.16.12/
- wrong use of pdo fetch method, when no result could be fetched it returns<br />
false with no error. Swith to using fetchAll and check for an empty array<br />
- we cannot decrypt most of the encryption method used by the hash extension so<br />
we default to returning the unmodified string<br />
- the wrong variable was used to report the type of permission container when an<br />
error occured<br />
- push an error on the stack when the encryption method cannot be found<br />
- make sequence columns primary key<br />
- properly disconnect the pdo object<br />
- make it possible to set the status message mapping<br />
- register options for create (Bug #7704)<br />
- use the hash extension if it is present for the password encryption<br />
- refactored decryptPW() and encryptPW() into static methods in the LiveUser class<br />
- force null instead of false for PDO fetch() calls that return empty sets<br />
- fixed logging into example1<br />
- debug => false in conf doesn't work (Bug #7564; thx to Matthias)<br />
- added support for user defined handle fields<br />
in DB, MDB, MDB2 and PDO containers you can set a list of fields in your auth<br />
container storage config, default is 'handle', example:<br />
'handles' => array('handle', 'auth_user_id', 'email')<br />
these fields are now used to find the right user on login (Request #7781)<br />
- fixed LiveUser::decryptPW(): added missing third parameter 'secret'<br />
- check if safe_mode is enabled in fileExists() to determine what algo to use (Bug #8296)
2006-08-22T13:34:20-05:00lsmithLiveUser_Admin 0.3.8
http://pear.php.net/package/LiveUser_Admin/download/0.3.8/
- wrong parameter used in getUsers('auth', ..) (report by gregory)<br />
- fixed usage of outdated getUsers() API in init()<br />
- phpdoc fix in outputRightsConstants() (bug #7037)<br />
- removed bogus parameter from phpdoc in getRights() in medium/complex container<br />
- added support for selectable_tables in the param array in get*() methods<br />
- fixed updating of implied right field in umimplyRight() (bug #7050)<br />
- made stack property public<br />
- remove artificial limitation that prevented groups to have multiple parents<br />
- fixed PDO storage layer queryAll() method (bug #7213)<br />
- expanded error handling in Log instance creation<br />
- fixed outdated API call to getRights() in _getInheritedRights() (bug #7236)<br />
- made translations columns wider for example1<br />
- replace isset() with array_key_exists() where applicable<br />
- added link to area admin area test to the menu in example1<br />
- reworked getRights() and getGroups() API for recursive reads<br />
(related to bug #7241) *BC break*<br />
Set the filter parameters for the recursion explicitly. For getGroups() in the<br />
'subgroups', 'hierarchy' keys (note that hierarchy is now no longer specified<br />
by setting 'subgroups' => 'hierarchy'). For getRights() 'inherited', 'implied'<br />
and 'hierarchy' (note that hierarchy is now no longer specified by setting<br />
'implied' => 'hierarchy';).<br />
- expanded outputRightsConstants() filtering<br />
- changed the getUsers(), addUser() and updateUser() API to be more in line<br />
with the container APIs *BC break* (req #7025)<br />
- added LiveUser_Admin_Storage::setSelectDefaultParams() to centralize default setting<br />
- added selectable_tables property to auth backend<br />
- fixed typos in 'with' handling in the perm container<br />
- prevent duplictate entries in the fields not yet linked array
2006-04-19T04:46:01-05:00lsmithLiveUser 0.16.11
http://pear.php.net/package/LiveUser/download/0.16.11/
- parse error typo fix in PEARAuth container (bug #6968)<br />
- minor improvements to the phpdoc comments in PEARAuth container<br />
- use ugly fopen() hack in fileExists()<br />
http://marc.theaimsgroup.com/?l=pear-dev&m=114148949106207&w=2<br />
- changed API for readuserData(), auth_user_id parameter now contains the<br />
auth_user_id to use<br />
- login() now supports passing in an auth_user_id instead of the handle/password<br />
- made stack property public<br />
- typo fix in PDO container readImplyingRights() method (bug #7195)<br />
- expanded error handling in Log instance creation<br />
- handle if no proper credentials where passed to readUserData() (bug #7262)<br />
- replace isset() with array_key_exists() where applicable<br />
- disable __autoload() in class_exists() calls (bug #7304)<br />
- brought property names in line s/rights/right_ids *BC break*<br />
- MDB2_Schema 0.5 and MDB2 2.0.1 handles nulls in schema files properly so<br />
there is no need to disable MDB2_PORTABILITY_EMPTY_TO_NULL in the installer
2006-04-19T04:44:56-05:00lsmithLiveUser 0.16.10
http://pear.php.net/package/LiveUser/download/0.16.10/
- Do not include Cache.php since its only a concept and not implemented yet<br />
- fixed serious issue with right reading in the Medium and Complex container<br />
- right_level may not be null in schema (use default if not explicitly set)<br />
- phpdoc improvements<br />
- bumped dependency for MDB2 to first stable release<br />
- added missing optional dependency on mcrypt<br />
- made admin user a superadmin in example4<br />
- bumped copyright to 2006
2006-02-27T13:17:51-05:00lsmithLiveUser_Admin 0.3.7
http://pear.php.net/package/LiveUser_Admin/download/0.3.7/
- fix "No rights for a user if the user only has inherited rights" (bug #6374)<br />
- do not overwrite all filters in _get*() helper methods<br />
- minor issue with 'alias' position in the config array in example1<br />
- make sure that tables required as intermediate join steps are listed in the from<br />
- add depth parameter to createJoinFilter (may be used to determine shortest join path eventually)<br />
- fixed detection if list of tables has been reduced or not<br />
- do not push an error on the stack for a possible recursion because it may just<br />
be one possible path we are evaluating<br />
- added "by_group" optional parameter to params getRights() which determines if<br />
the userrights table should be used or rather the grouprights and groupupsers tables<br />
- incorrect handling of filters inside unimplyRights() (bug #6592)<br />
- renamed "connection" config option to "dbc" *BC BREAK*<br />
- cleaned up and unified init() in the storage classes<br />
- added support for '*' in fields list as an alias to fetch all fields in the root table<br />
- made LiveUser_Admin::getUsers() API as flexible as in the containers *BC BREAK*<br />
- fixed serious issue in join filter handling that caused join filters to be ignored<br />
- removed allowDuplicateHandles and allowEmptyPasswords options, they are now<br />
handled through the table definition in the given Globals.php (overwriteable<br />
via the config array) *BC BREAK*<br />
- typo fix in extended module loading in the MDB2 storage container<br />
- fixed inherited and implied handling in getRights() when fetching only 2 columns<br />
- added initial version of a PDO storage container (needs more testing)<br />
- removed setCurrentApplication()/getCurrentApplication() methods since they are<br />
no longer relevant *BC BREAK*
2006-02-21T14:39:09-05:00lsmithLiveUser 0.16.9
http://pear.php.net/package/LiveUser/download/0.16.9/
This releases fixes a minor security issue that is limited to the optional<br />
remember me feature. This issue was report to us by GulfTech Security Research.<br />
<br />
The issue would allow an attacker to determine the existance of files inside the<br />
file system, as well as being able to delete files:<br />
- if the relativ path is shorter than 32 characters (including a null<br />
byte)<br />
- if null bytes are handled inside the "_COOKIE" superglobal, for example<br />
through usage of magic_quotes_gpc, the issue becomes essentially limited to<br />
files ending with ".lu".<br />
<br />
All installations using the remember me feature are strongly urged to update.<br />
This release also changes some other aspects including a BC break so developers<br />
can optionally patch their current installations from the changes in the<br />
following commit:<br />
http://cvs.php.net/viewcvs.cgi/pear/LiveUser/LiveUser.php?r1=1.148&r2=1.149&diff_format=u<br />
<br />
- fixed major bug in PEARAuth container: auth_user_id is not an optional property<br />
- added passwordEncryptionMode and secret to phpdoc comment<br />
- made cryptRC4() method public to match usage in auth common in the client and admin api<br />
- fixed handling of the secret user defineable property (bug #6551)<br />
- added support for user_group_ids (bug #6517)<br />
- allow grouprights and groupusers table to join eachother<br />
- updateProperty doesn't update the session (bug #6612)<br />
- renamed "connection" config option to "dbc" *BC BREAK*<br />
- cleaned up and unified init() in the storage classes<br />
- added example for dumping SQL to a file to installer<br />
- add support for force_seq to installer<br />
- removed allowDuplicateHandles and allowEmptyPasswords options, they are now<br />
handled through the table definition in the given Globals.php (overwriteable<br />
via the config array) *BC BREAK*<br />
- initial untested support for PDO in the installer<br />
- added examples for setting length and defaults to installer<br />
- use overwrite when unlink is enabled in the installer<br />
- reworked handling of merging user with group rights *BC BREAK*<br />
When using the Medium or Complex container a user may gain rights through direct<br />
assignment or through membership in a group that has rights assigned. The user<br />
and group rights are merged with the following logic:<br />
* if the right is only assigned to a member group but not the user the right is<br />
available to the user at the level at which the group has the right<br />
* if the right is only assigned to the user at a level greater than zero but not<br />
to a member group the right is available to the user at the level at which<br />
user has the right<br />
* if the right is only assigned to the user at a level equal to zero but not<br />
to a member group the right is available to the user at the level at which<br />
user has the right<br />
* if the right is only assigned to the user at a level lower than zero but not<br />
to a member group then the right is unavailable to the user<br />
* if the is assigned to a member group and the user and the level at which the<br />
user has the right is greater than zero, then the right is available to the<br />
user at higher level of the two<br />
* if the is assigned to a member group and the user and the level at which the<br />
user has the right is equal to zero, then the right is unavailable to the user<br />
* if the is assigned to a member group and the user and the level at which the<br />
user has the right is lower than zero, then the right is available to the<br />
user at the minimum of the group assigned level and the addition of the<br />
negativ user level and the maximum level<br />
Example:<br />
The user as the following right_id => level pairs<br />
array<br />
1 => 3<br />
2 => -2<br />
3 => 0<br />
5 => -1<br />
<br />
The groups he is a member of have the following right_id => level pairs<br />
array<br />
1 => 1<br />
2 => 3<br />
3 => 3<br />
4 => 2<br />
<br />
The final right_id => level pairs are as follows<br />
array<br />
1 => 3 // user has a higher level (3) than the group level (1)<br />
2 => 1 // 3 - 2 means a maximum possible level of 1<br />
4 => 2 // only group has the right at level 2<br />
5 => 2 // only user has the right at level 3 - 1 = 2
2006-02-21T14:38:18-05:00lsmith