...and improve profile JS. Replaces can_manage_api_key() with connected_with_pwg_ui() to ensure API key management is only allowed from UI logins, and sets 'connected_with' in session during auto-login. Refactors profile.js to respect canUpdatePreferences and canUpdatePassword, moves user state initialization to template, and improves preference reset/default logic. Also adjusts script loading and minor UI details in profile.tpl.
- Added API key get, creation, editing, and revocation methods.
- Updated the profile template to include API key management features.
- Updated the database schema to support the new API key system, including additional fields for key management.
- Added client-side JavaScript functionality to handle API key operations and display responses.
- Update tools/htm.ws with the new way to authenticate.
- Restriction of certain api methods when used with an api key
- Backward compatibility with older apps
create new theme standard pages with tpl, css, js and images
update backend to handle pages
add config use_standard_pages
on update set config to false, on install set config to true
add standard pages to no be ingored in git
When a password activation or reset link is generated, the link expiry time is now defined in two conf: $conf[’password_reset_duration‘] with a default time of one hour and $conf[’password_activation_duration‘] with a default time of 72 hours.
- add field for add user
- in the `pwg.users.add` method, the params `send_password_by_mail` does nothing anymore. Because we no longer want to send passwords in clear text.
- in the `pwg.users.add` add a new `auto_password` parameter to generate a random password when a user is created
- use this parameter (`auto_password`) in user_list.js
- change mail content et password page on first login
- Implementation of a new modal for modifying a user or guest
- Addition of a function to allow plugins to add a tab to the new user modal
- Fix bug: "badger-number" is updated when a user is added or deleted
- Fix bug: When the user who is editing has permissions to delete the user he is modifying, the delete icon is now displayed correctly
- Added a new api method for modifying the main user and generating a link to reset a password
- Passed $conf[‘webmaster_id’] in database configuration
In PHP 7.2 and later you will get a warning if you call count() on null. So either initialize $errors to an empty array here, or use empty() to check it as I have done here.
When loading a user's theme, make sure it's installed. Also, when
determining the default theme, account for the situation in which
zero themes are installed (and use 'default' then).
Refs #1061
This will speed up user edit popin opening, by avoiding to search in history for the last user visit.
The column user_infos.last_visit_from_history true/false says if the last_visit has already been search in history (to avoid making it twice). I could have implemented the search of last_visit for all users in the migration task 149 but in case of many users and long history, it would have taken years to execute...
When a user successfully performs an authentication with an auth_key, Piwigo
registers it in the history table.
For now, it is not shown/searchable in the history screen, but we can add it
in the future and we can provide a plugin with specific details about
authentication keys usage.
* On album notification (for a group), sends one distinct email for each user
with a new authentication key.
* When someone clicks the link with auth=<key> in URL, if the user is not
already connected, Piwigo will automatically connect the user.
bug 3223 fixed: make sure we have found a user before validating the connection
git-svn-id: http://piwigo.org/svn/trunk@31168 68402e56-0260-453c-a942-63ccdbb3a9ee
