Commit Graph

81 Commits

Author SHA1 Message Date
calzoneman 3a7acd0526 Implement new session system
I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:

ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
2013-04-25 22:50:12 -05:00
calzoneman a88088f2d6 Continue working on API 2013-04-25 16:16:53 -05:00
calzoneman 9786d7eff5 start working on API 2013-04-25 11:00:06 -05:00
calzoneman 57475d5d3d Show name of who added something (Issue #50)
Hovering over a queue item will now show the name of the person who added it.
If it was added by a guest, or if it was added while the server was running a previous version, it will show up as "unknown".
2013-04-24 13:10:08 -05:00
calzoneman 0d7da77715 Add version update script 2013-04-23 16:16:43 -05:00
calzoneman ce34a3efe0 Tweak express instance to support /r/channel form
This means it is no longer necessary to perform a .htaccess hack if you want nice URLs.
By default, hostname:port/r/channel acts the same as hostname:port/index.html?channel=channel.
2013-04-22 14:42:39 -05:00
Calvin Montgomery bb019deeb7 Implement ACL for channel owners (Issue #42) 2013-04-22 22:28:40 +04:00
calzoneman 7b6bba3697 Fix version number 2013-04-20 20:21:03 -05:00
calzoneman 9338905519 Minor fix- greentext and escaping youtube queries 2013-04-17 23:24:37 -05:00
calzoneman a93e7fe3c2 Switch from connect to express 2013-04-17 13:42:29 -05:00
calzoneman 6ae16d5671 Fix "end poll" button for leaders
Fixes Issue #30
2013-04-16 10:43:53 -05:00
calzoneman a9b3319e3d Force client disconnect, fix userlist bug 2013-04-11 11:30:20 -05:00
calzoneman 3f2095b14e Fix banning 2013-04-10 19:51:30 -05:00
calzoneman b7cdc0c056 Force channel names to be lowercase
Since MySQL is case-insensitive, treating varying cases as unique names was a prroblem.
Existing channels with uppercase names should not be affected as the database lookup finds a match without case sensitivity.
2013-04-05 14:03:35 -05:00
calzoneman 823ab91d04 patch a couple of bugs 2013-04-04 18:22:11 -05:00
calzoneman 0e49f06fbf Fixes and stuff 2013-04-04 14:56:43 -05:00
calzoneman 362fd0ab23 Implement YouTube search, minor fixes, remove "Play Next" button 2013-04-04 11:39:43 -05:00
calzoneman f7bc601fed Fix Issue#23 2013-04-04 11:05:01 -05:00
calzoneman 7e9907ebdc Finish refactoring 2013-04-03 12:47:41 -05:00
calzoneman fab4039fc1 Add MOTD and chat filter interface 2013-04-01 16:02:09 -05:00
calzoneman ddc5016497 Serverside support for custom chat filters 2013-03-31 14:27:54 -05:00
calzoneman 954751ec6c Autogen chandump and chanlogs folders 2013-03-31 13:31:56 -05:00
calzoneman 546d50f917 Support click and drag to move; add play button; dump channels on exit 2013-03-28 18:51:08 -05:00
calzoneman 124ec0080f Improve logging 2013-03-27 14:28:51 -05:00
calzoneman 34f20f423f Transition to using bcrypt for password hashing/storage 2013-03-26 14:12:02 -05:00
calzoneman 5f5049db12 Change quotes to be consistent
Fixes Issue#11
2013-03-24 12:23:48 -05:00
calzoneman 0b56909e20 Change license to MIT 2013-03-23 21:28:20 -05:00
calzoneman e76f149916 Use socket.io rooms instead of manually implementing sendAll
Should fix Issue#9
2013-03-20 13:03:32 -05:00
calzoneman 5ca419d3e3 Start working on ACP 2013-03-06 16:02:40 -06:00
calzoneman e902a8074a Update README; add LICENSE 2013-02-16 11:19:59 -06:00
calzoneman 68fc74edd5 Push to github 2013-02-15 23:02:42 -06:00