Commit Graph

127 Commits

Author SHA1 Message Date
calzoneman 62e80cec63 Add password change (#88) 2013-05-04 13:01:04 -05:00
calzoneman 3600a3114a Transition channel page away from index.html 2013-05-01 13:39:01 -05:00
calzoneman f76b509430 Pressing enter on media URL queues next 2013-04-30 11:15:03 -05:00
calzoneman 9bc712c003 Mask user IPs for nonadmins 2013-04-29 20:01:46 -05:00
calzoneman d43f39caa1 Better channel bans 2013-04-29 18:59:51 -05:00
calzoneman e315407a48 Allow range IP bans 2013-04-29 17:06:39 -05:00
calzoneman 4b0e920dc6 Begin improving filters 2013-04-29 12:29:31 -05:00
calzoneman 9350ef6d75 Change some permissions to channel admins (#67) 2013-04-29 11:26:01 -05:00
calzoneman 7f7ae16138 Add JWPlayer support 2013-04-28 17:06:58 -05:00
calzoneman 406988aef1 Allow chaining for /m 2013-04-28 13:04:15 -05:00
calzoneman 3730ae0066 Add global bans 2013-04-28 01:30:18 -05:00
calzoneman 7003101828 Limit connections per IP 2013-04-28 01:06:58 -05:00
calzoneman 535b80153d Fix ip bans for like the 4th time 2013-04-27 23:10:48 -05:00
calzoneman 5e5ff5f414 Fix chat antiflood (#56) 2013-04-27 12:13:37 -05:00
calzoneman d5fc0bb03d Fix 'that username is already taken' login bug 2013-04-26 12:50:31 -05:00
calzoneman 84fb4214d7 Fix cross-domain issues 2013-04-25 23:57:46 -05:00
calzoneman 087f612b37 Bugfixes for last commit
- Fix race condition for login frame
- Fix guest logins
2013-04-25 23:04:51 -05:00
calzoneman 3a7acd0526 Implement new session system
I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:

ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
2013-04-25 22:50:12 -05:00
calzoneman a88088f2d6 Continue working on API 2013-04-25 16:16:53 -05:00
calzoneman 57475d5d3d Show name of who added something (Issue #50)
Hovering over a queue item will now show the name of the person who added it.
If it was added by a guest, or if it was added while the server was running a previous version, it will show up as "unknown".
2013-04-24 13:10:08 -05:00
calzoneman 0d7da77715 Add version update script 2013-04-23 16:16:43 -05:00
calzoneman ce34a3efe0 Tweak express instance to support /r/channel form
This means it is no longer necessary to perform a .htaccess hack if you want nice URLs.
By default, hostname:port/r/channel acts the same as hostname:port/index.html?channel=channel.
2013-04-22 14:42:39 -05:00
Calvin Montgomery bb019deeb7 Implement ACL for channel owners (Issue #42) 2013-04-22 22:28:40 +04:00
calzoneman 7b6bba3697 Fix version number 2013-04-20 20:21:03 -05:00
calzoneman 9338905519 Minor fix- greentext and escaping youtube queries 2013-04-17 23:24:37 -05:00
calzoneman a93e7fe3c2 Switch from connect to express 2013-04-17 13:42:29 -05:00
calzoneman e8dfb616ea Add package.json 2013-04-14 18:16:48 -05:00