Commit Graph

56 Commits

Author SHA1 Message Date
calzoneman 84fb4214d7 Fix cross-domain issues 2013-04-25 23:57:46 -05:00
calzoneman 087f612b37 Bugfixes for last commit
- Fix race condition for login frame
- Fix guest logins
2013-04-25 23:04:51 -05:00
calzoneman 3a7acd0526 Implement new session system
I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:

ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
2013-04-25 22:50:12 -05:00
calzoneman ea4ed864c8 Fix content-length bug for api.js
Well, it finally happened.  I made an assumption about text and it bit me in the butt.  Protip: not everything is 1 byte per character!
2013-04-25 16:36:56 -05:00
calzoneman a88088f2d6 Continue working on API 2013-04-25 16:16:53 -05:00
calzoneman 9786d7eff5 start working on API 2013-04-25 11:00:06 -05:00