84492f29b1
* If token is present do token based auth and do not do anything with session * update HostController. Use config constants, don't use sessions * Remove Session from the components list * spacing * Remove Session from App Components list. * Move APIEnabled check to the api from auth.php * Rework auth. login using username and password only occurs on login action now. Including auth.php should not touch the session. auth_hash logins no longer touch the session. replace userLogin with a function called validateUser which matches the semantics of validateToken. * remove debugging * Add session storage if stateful query param is on, but only for LEGACY_API_AUTH * fix mUser to username, etc. * shuffle lines * use instead of session when generating auth hash. * Add docs regarding the use of cookies and stateful query param * Only open/close session if we are clearing a session var * Use zm_session_start instead of session_start * Should use zm_session_start instead of session_start * document that zm_session_start should be called previously to session_regenerate_id * Don't actually write out the session when generating auth hashes. Means they should never actually persist. * More backticking of SQL * add .. to fix #2686 * Use material icons for sort because they look nicer * fix typo * have to add authhash to session on login * restore username&password login for all urls * fix * fixes |
||
|---|---|---|
| .. | ||
| Config | ||
| Console | ||
| Controller | ||
| Model | ||
| Plugin | ||
| View | ||
| vendor | ||
| webroot | ||
| index.php | ||