adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-01 20:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes #2440 enhance login security and user activity display

Browse Source 
Improves login security by:
- implementing constant-time authentication to reduce timing attacks
- refactoring user lookup into find_user_by_username_or_email() for username or email login
- introducing a fake user to keep password verification time consistent
- adding a finalize_login hook so plugins can control the authentication flow (2FA, rate limiting, etc.)

Also updates user activity JS to:
- better display action details
- properly handle user lists (login/logout with multiple users)
This commit is contained in:
Linty
2025-11-13 14:05:35 +01:00
parent c257866d71
commit 0f494baa0c
2 changed files with 151 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/themes/default/js/user_activity.js
+10 -3
View File
@@ -272,6 +272,9 @@ function lineConstructor(line) {
default:
newLine.find(".action-type").addClass("icon-purple");
newLine.find(".user-pic").addClass(color_icons[line.user_id % 5]);
newLine.find(".action-section").addClass("icon-user-1");
newLine.find(".action-name").html(line.action);
final_albumInfos = 'x' + line.counter;
break;
}
} else {
@@ -456,6 +459,9 @@ function lineConstructor(line) {
default:
newLine.find(".action-type").addClass("icon-purple");
newLine.find(".user-pic").addClass(color_icons[line.user_id % 5]);
newLine.find(".action-section").addClass("icon-user-1");
newLine.find(".action-name").html(line.action);
final_albumInfos = 'x' + line.counter;
break;
}
}
@@ -488,9 +494,10 @@ function lineConstructor(line) {
if (line.details.agent) {
newLine.find(".detail-item-3").html(line.details.agent);
newLine.find(".detail-item-3").attr('title', line.details.agent);
} else if (line.details.users_string && line.action != "logout" && line.action != "login") {
newLine.find(".detail-item-3").html(line.details.users_string);
newLine.find(".detail-item-3").attr('title', users_key + ": " +line.details.users_string);
} else if (line.details.users && line.action != "logout" && line.action != "login") {
const user_string = [...new Set(line.details.users)].toString();
newLine.find(".detail-item-3").html(user_string);
newLine.find(".detail-item-3").attr('title', users_key + ": " + user_string);
} else {
newLine.find(".detail-item-3").remove();
}