Parameters typing and using strict types overall increase the codebase
quality by enforcing the a given parameter will have the expected type.
It also removes the need to unnecessary unit tests checking methods
behavior with invalid input.
On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version,
causing authentication issues.
See: https://stackoverflow.com/a/48238224/1484919
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.
Fixes#1032#587
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
