* Remove $debug global
and $vdebug global
makes these variables more accessible and protects from collisions.
* the on boot set sends application as the first parameter, just handle that
* Relocate other debug related functions
* Log debug to stdout
* Wrong output
* remove stupid constants
* Fix lint and style issues
* Remove $_SESSION usage, except install
Fixes issue with device debug capture
Removes secure_cookies setting, use the .env variable SESSION_SECURE_COOKIE instead. Reminder secure cookies requires cookies are transported over https, if everything is already transported via https, the setting won't make a difference.
* Fix availability map controls
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
Fix incorrectly updating session with build-ok before start of schema update
Set a timeout for progress on the schema build 40s (lock wait time is 30s, so must be more than that). Allow the user to restart the process if this timeout is reached.
Animate the progress bar while waiting for the schema update. Stop animation on failure or success.
Properly destroy the session after install. This allows the user to restart if they need to without any tricks.
Move next step buttons to the right.
always check that the base sql has been imported.
async db building
After this merge, we could move install.php to the end of the install documentation. Makes a more natural flow.
