! account signup check that display_name is unique in whole system (prevents from User-faking)! add POST Request to admintools
! supress frontend preferences, if user have no permission for it
! all changes in folder account, Signup with confirmation Mail! frontend.css now included by account script
+ add methode StripCodeFromText in class.wb to clean injection! rebranding the admin/settings and security fixes! a few new styling in backend wb_theme! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates
wb theme styling
! account split html and code+ add signup activation registering+ add missing icons in themes
! Now you can style account login with your frontend Template CSS this change is in work for the whole account
! change redirect logic for registered pages
! beginning update frontend account! remove html markup from code
! fixed signup, remove $admin->print_error methods+ add send registation mail to systemadministartor
Fixed SERVER_EMAIL in languages, needs double bracketsInstaller redesign Step 2
fallback signuo2.php revision 1633
! update language files and rework some core files (read DEVINFOS)! compress mdcr.js+ add DEVINFOS Instructions/Informations for modulecoder
login.php fallback to revision 1602
fixed parse error in login.php
fix local module reload and module manuell installforgot to upload login.php
little designfix in forgot_form.phpfix media if uploading zip files with folder, than create FolderProtectFiles
update all used files with redirect_url to $_SESSION['HTTP_REFERER']
highly critical security-fixannounced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt
fix form language vars for better understanding (Tks to Maverik)change request if HTTP_REFERER is not empty in logout.php
remove session_start() in /account/logout.php
possible errors on 'save password' fixed. Minimum length of password set to 6 chars
fix class.login, when name and pass are both empty, no longer call increase_attempssome redirect updates in frontend account files
+ add languages vars in languages files+ add upload error mesages moduleinstall+ add index.php if not exists in function createFolderProtectFile! corrected changed coding between login_form and forgot_form
! recoded /account/forgot_form.php! update quickSkin ! update languages files + add /temp/quickSkin/ folder! begin fixing sec_anchor in urls
add new backend theme handling (Tks to Stefek)
fix redirect login
account/signup.php, check if user is already loggedfix non object message in framework/functions.php
continue fixing frontend account
fixed print_error exit in frontend account
found more backlinks to fixremove not working ftan in frontendfixed redirect in login procedure (Tks to mr-fan)update droplet LoginBox, additional parameter $redirectremove double config call in media (Tks to Testör)
fixed validation of loginname (admin/users and signup)
fix entities converting in select languages (Tks to the community)see http://www.websitebaker2.org/forum/index.php/topic,20547.msg140512.html#msg140512
redefined wrong admin backlinks
YGN Ethical Hacker Group (2.8.2 / 2.9.0)
update headerinfos
fixed headerinfos
add ini_set('display_errors', 1) (Tks to Thorn)update headerinfos
Ticket #985 With #1318 no login in backend possibleTicket #986 Typo inside the german language file Ticket #982 Unnessesary heredoc causes on errors while installation!Ticket #926/Ticket #928 Mail Notification on new user registration
Ticket #971 Using $_POST in Admin - account - login.php (tks to Aldus)update class.wb.php added tokens function
continue update headertextTicket #930 disabled SyntaxHighlighter from default WB Installationchange help url to www.websitebaker2.org
update headertext
update header info
Beginning header information update
fix login_form.php sometimes produce javascript errors in IE
Clean check in of minor bugfixes: Add some localizations, correct html/php syntax
Ticket #832: Fix wrong configuration of timezone-handling when saving preferences-form on backend and frontend
validate some output files
fix some PHP 5.3 deprecated functions
Created 2.8.x branch
Fixed E_ALL&E_STRICT warning on PHP5 servers (Thanks to Aldus)
replaced all remaining mktime() with time(), except from third party scripts
Fixed not defined language variable in account/email.php (Thanks to Forum-User BlackTiger)
removed unneeded icons from wb_theme
removed unneeded stylesheet.css from account dir
renamed warning.htt to warning.html to fix display of sourcecode after invalid login attemps
added fixed error.htt also to classic theme
added skinable Admin Interface
Mail text for register, signup and forgot mail now taken from WB language file (ticket #684)
Copyright notices now includes 2009
applied additional mail check to forgot login form
some small fixes: group_id/groups_id-handling, safe_mode-query in install, better work-around for issue with phplib and code-module (removed {})
fixed bug with registration of users are not added to signup group
removed include/captcha/asp.php. css have to be added to module's css-files.
reintroduced include/captcha/asp.php
removed include/captcha/asp.php
fixed bug in user signup
Fixed possible XSS in account/login.php and forgot-form.php
fixed fixed typo :-(
fixed typo
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].
added new CAPTCHA and ASP (Advanced Spam Protection)
removed the PAGE_EXTENSION added with changeset 549
fixed bug in frontend login and multiple groups (in conjunction with error_reporting = E_ALL)
added the "users in multiple groups" feature (closes parts of ticket #546)
Replaced the variable PAGE_EXTENSION with hardcoded .php on all places where the pathes points to WB Corefiles with the page extension .php
Replaced hardcoded text in login.php with language variables (fixes #386)
Changed all copyright notices to include now 2008
Security enhancement (reduced number of login trials from 50 to 3).
Added 2007 to all copyright noticesAdded missing ID KeywordsRemoved not Unix conform line endings
Fixed spelling errors in the signup2.php (#330)
Fixed more security issue's related to ticket #237
Fixed tickets 190 and 207
Fixes security issue #237.
Removed "From:" from calls to internal mail function. Ticket 189
Applied fix regarding ticket #138
Ticket #137 - Last Reset timer not reset in frontend forgotten password process
Updated all copyright notices to include 2006
Ticket #126. Cookie REMEMBER_KEY wasn't cleared in account/logout and expiration date is now set to time in the past. Thanks to alex!
Changed mail calls to $wb->mail (thanks to John!).
John: changed captcha.php call to include timestamp
Forgotten password: if sending of e-mail fails, restore old password. Ticket #110
Added an exit call after every heading("Location:...") redirector to prevent unwanted execution of code.