Currently, the unique way to disable the update of session_page is to pass
"false" to the parameter of session_begin(). This method is directly
called in app.php, so pages served from the routing system can't disable
the update of session informations.
By moving the update to page_footer, we can allow controllers to tell to
the session manager that we don't want to update the session infos.
PHPBB3-14261
As requested events are named *_after
core.session_start_after is moved after
USERS_TABLE update to prevent returning
session data from extensions
PHPBB3-13817
Ticket was changed to add few more session related events
core.session_kill - send user_id and session_id
core.session_gc - just triger event
PHPBB3-13817
* github-marc1706/ticket/12352: (33 commits)
[ticket/12352] Do not check hashes that don't have the necessary length
[ticket/12352] Update file headers to fit new format
[ticket/12352] Use custom provider collection for auth providers
[ticket/12352] Add checks for existing user_pass_convert to migrations
[ticket/12352] Remove usages of user_pass_convert column
[ticket/12352] Update schema json file
[ticket/12352] Remove user_pass_convert column from database
[ticket/12352] Check each newly added passwords driver in manager_test
[ticket/12352] Add get_settings_only method to passwords driver base
[ticket/12352] Add passwords driver for xenforo 1.0, 1.1 passwords
[ticket/12352] Add tests for wcf1 and wcf2 drivers
[ticket/12352] Add driver for woltlab community framework 1 passwords
[ticket/12352] Add driver for woltlab community framework 2 passwords
[ticket/12352] Add missing $ to md5_mybb and md5_vb driver
[ticket/12352] Fix spacing in passwords tests
[ticket/12352] Add passwords driver for vB passwords
[ticket/12352] Use correct hashing method in md5_mybb driver
[ticket/12352] Add driver for myBB md5 passwords
[ticket/12352] Rename phpbb2_md5 driver to fit filenames of other drivers
[ticket/12352] Add passwords driver for sha1 password hashes
...
Using this custom provider collection, we can properly check whether the
configured auth provider does exist. The method get_provider() has been added
for returning the default auth provider or the standard db auth provider if
the specified one does not exist.
Additionally, the method get_provider() will throw an RuntimeException if
none of the above exist.
PHPBB3-12352
This will make sure that we will not encounter a non-existing auth provider.
We will revert to the default db auth provider if the one set in the config
does not exist in our auth provider collection.
PHPBB3-12352
# By Nils Adermann (68) and others
# Via Andreas Fischer (12) and others
* 'develop' of github.com:phpbb/phpbb3: (102 commits)
[ticket/11876] Replace MD5 with SHA256.
[ticket/11876] Move checksum generation from build PHP files to phing build.xml
[develop-olympus] Build against 3.0.12 instead of 3.0.12-RC3. Tag exists now.
[prep-release-3.0.12] Update changelog for 3.0.12 release.
[ticket/11873] Add unit test for large password input.
[ticket/11873] Do not hash very large passwords in order to safe resources.
[ticket/11862] Correct var names in user_delete() events due to prune-users
[develop-olympus] Use 3.0.13-dev as build version. Use latest 3.0.12 RC tag.
[prep-release-3.0.12] Bumping version number for 3.0.12 final.
[ticket/11852] Add class file
[ticket/11852] Move tests to folder with new class name
[ticket/11852] Split filesystem and path_helper into 2 classes
[ticket/11868] Add @depends to test
[ticket/11868] Add functional test for registration
[ticket/11868] Replace phpbb_request_interface references
[ticket/11866] Only single backslash in .md files
[ticket/11866] Remove outdated and broken develop script
[ticket/11866] More namespaces
[ticket/11866] Update some occurances of phpbb_db_ to new Namespace
[ticket/11865] Convert old class name to namespaced version
...
Conflicts:
tests/security/extract_current_page_test.php
tests/session/testable_facade.php