summaryrefslogtreecommitdiffstats
path: root/etc/inc/authgui.inc
Commit message (Collapse)AuthorAgeFilesLines
* * Adding function get_configured_ip_addresses() which returns all interfaces ↵Scott Ullrich2010-11-101-1/+1
| | | | | | | | | and their configured IP address * Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks * Add and enforce HTTP_REFERER check if checkbox is not checked. This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
* Fix text.Erik Fonnesbeck2010-10-101-1/+1
|
* Wording fix.Warren Baker2010-10-101-2/+2
|
* No need to use # in color code, it's already set with thisScott Ullrich2010-07-141-1/+1
|
* Allow overriding the Nifty corners background colorScott Ullrich2010-07-141-3/+7
|
* Handle VIP DNS-Rebinding detection correctlyScott Ullrich2010-07-141-0/+5
|
* Fix this function call, it only takes one parameter.jim-p2010-07-131-1/+1
|
* Print a warning on the login screen if you are accessing the router by a ↵jim-p2010-07-091-0/+20
| | | | non-local IP address (one not configured on the system) to warn about potential MITM attacks.
* Overhaul the user login system to use the Servers tab as its base.Ermal Luçi2010-03-031-28/+3
| | | | Fix quite a few problems down the way.
* Recommit #161 changes. It appears a different commit has broken firewall ↵sullrich2009-12-031-0/+2
| | | | rules edit and firewall nat edit.
* Revert "Redirect to / when logging in to avoid posting to forms accidently ↵sullrich2009-12-031-3/+1
| | | | | | and clearing the form and causing all kinds of chaos. Ticket #161" This reverts commit 6af7c40b296e0f95ec308d41aea55b3306c5e1ee.
* Redirect to / when logging in to avoid posting to forms accidently and ↵sullrich2009-12-031-1/+3
| | | | clearing the form and causing all kinds of chaos. Ticket #161
* Add priv.defs.inc to authgui.incsullrich2009-12-031-2/+2
|
* Set 2nd parameter for isAllowedPage. Will be required for #34, 33, 32sullrich2009-12-021-1/+1
|
* Rework includes/require. This saves about 4 megabytes.Scott Ullrich2009-11-211-0/+1
| | | | Simplify get_memory(). Tested on mips/i386
* Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additionsScott Ullrich2009-09-121-0/+2
|
* * Move functions that output html to guiconfig.incErmal Luci2009-06-181-2/+1
| | | | | | | | | * Remove some recursive dependency on some includes * Remove ^M or \r from files * Remove some entries from functions.inc to avoid including them twice * Remove some unneccessary includes from some files NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
* Set focus to the username fieldBill Marquette2009-03-121-0/+2
|
* Fix the case when users without access to index.php get an error message.Ermal Luçi2008-11-221-33/+17
| | | | | | This redirects the users to the first allowed pagge if they do not have access to index.php and errors out only if no page has been assigned to them. NOTE: It is strange that a user cannot change its password!
* Cleanup some of the authentication code. Fix the problem where you mustMatthew Grooms2008-09-031-40/+17
| | | | | | | navigate away from the initial page twice to get somewhere. Remove some of the cruft that was no longer used. Don't unconditionally redirect a user to their homepage if another url was specified pre-login. This will allow admins to create bookmarks to specific pfsense webui pages.
* Cleanup authentication code. The basic auth method, the passwd, htpasswdMatthew Grooms2008-08-031-3/+2
| | | | | | | | | | | | | and pam backing functions have been removed. The basic auth method was legacy code and the backing functions were redundant with no added value that I could see. A simplified replacement backing function named local_backed has been added that authenticates to the local configuration info which should be identical to system pwdb credentials. Since the htpassword file is no longer required, sync_webgui_passwords and its wrapper function system_password_configure have been removed. The local account management functions were renamed for consistency. A few minor bugs related to setting local passwords have also been corrected.
* Rewrite portions of the user manager to ensure data is properly synced toMatthew Grooms2008-07-251-197/+208
| | | | | | | | | | | the system password and group databases. This is to provide better support for centralized user management when local account administration is preferred. I also took this opportunity to do some housekeeping. A lot of funtions that were only being used in one place or not at all were removed. The user page privelege checks were also simplified in preperation for future work in this area.
* fix IE loginChris Buechler2008-07-131-1/+1
| | | | Ticket #1707
* Make loginpage more themeable. Only theme that uses this so far is ↵Holger Bauer2008-04-051-318/+282
| | | | the_wall. Other themes look ugly now (only loginpage) but are usable. Will be fixed within the next day(s).
* * Remove blank trailing lineScott Ullrich2008-02-161-1/+2
| | | | * Allow custom urls that include pkg.php to be saved
* Latest LDAP changes from Mark BatchelorScott Ullrich2008-02-031-9/+2
|
* * Remove trailing blank lineScott Ullrich2008-02-031-1/+1
| | | | * Make sure $search has data before operating on it
* Latest eDir / Active Directory tweaks from Mark Batchelor.Scott Ullrich2008-01-311-309/+325
| | | | Thanks again for him helping us with this project!
* * Missing =Scott Ullrich2008-01-011-3/+3
| | | | * Allow user manager to adhere to admins group
* Allow multiple groups to be assigned per user.Scott Ullrich2007-12-281-5/+7
| | | | Work sponsored-by: Centipede Networks
* Adding LDAP backend glue.Scott Ullrich2007-12-271-7/+14
| | | | Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>
* Store global privs list in $g['privs']Scott Ullrich2007-12-031-0/+1
|
* Nuke code that does nothing.Scott Ullrich2007-11-191-23/+4
|
* Make the error message clickable so that the admin can easily return to the GUI.Scott Ullrich2007-11-191-0/+1
|
* Do not logout session if the user does not have access to a page. We should ↵Scott Ullrich2007-11-191-6/+1
| | | | also hide menu items that user does not have access to.
* Correctly check for page names by including .php. Strip off / if found so ↵Scott Ullrich2007-11-191-2/+2
| | | | that we can get an exact page match against the URL. My test diagnostics user now works.
* Instead of throwing a very vague 401 error actually tell the user which page ↵Scott Ullrich2007-11-181-1/+1
| | | | they do not have access to. This will also help admins troubleshoot group manager page privs.
* Correctly show 401 errors.Scott Ullrich2007-11-181-1/+8
|
* Fix field display on login screenBill Marquette2007-08-061-4/+4
|
* Users that have specific page access can now loginBill Marquette2007-08-011-5/+10
|
* * fix: background on login screenDaniel Stefan Haischt2007-06-031-1/+5
|
* Remove trailing space / crScott Ullrich2007-05-271-1/+1
|
* Correct style sheet class.Seth Mos2007-05-111-2/+2
|
* Backport usermanager code from HEAD so I can get it in the snaps andBill Marquette2007-04-131-0/+306
start testing it properly There's still some CSS/HTML fixes needed but the code seems to work
OpenPOWER on IntegriCloud