Hide AddUser error block on close and make the AddUser popin scrollable with layout fixes. Also refine two French translations (password and login key).
Use binary (1024-based) prefixes instead of decimal (1000-based) for
storage unit conversion. Previously dividing by 1000000 and 1000,
now correctly dividing by 1048576 (1024*1024) and 1024.
Fixes#2502
Detect if running in a official container and replace updates buttons by links to the documentation
fixed on master with bfbc8f68
fixed on 16.x with d238c545
Add a more granular container detection
Replace is_in_container by get_container_info
Currently detect Official container (once they update a version with a tagfile) and LinuxServer container
All other container are marked as Unknown
Report two field :
- container_type ( none | Official | LinuxServer | Unknown
- container_version ( build Version number like 16.2.0a, only reported if Official container is detected )
Updated user activity display to show when a user is connected via API key, including an icon and updated tooltip. Modified backend to set a 'connected_with' flag in activity details when API key authentication is used.
Introduces password and password confirmation fields when creating a user with 'generic' status. The password fields are shown or hidden based on the selected user status, and validation is added to ensure passwords are entered and match. Also adds a button to generate random passwords for new generic users.
Improves login security by:
- implementing constant-time authentication to reduce timing attacks
- refactoring user lookup into find_user_by_username_or_email() for username or email login
- introducing a fake user to keep password verification time consistent
- adding a finalize_login hook so plugins can control the authentication flow (2FA, rate limiting, etc.)
Also updates user activity JS to:
- better display action details
- properly handle user lists (login/logout with multiple users)
* instead of using the provided cat_id in the URL parameters, registers the "context" of the last 10 photos viewed. Be it an album, a search, a tag...
* maybe not the cleanest way to do it (because we do not rebuild the url string) but simple and straightforward
Replaced hardcoded 'username' and 'id' fields in the user query with configurable fields from $conf['user_fields'] to improve flexibility and compatibility with custom user schemas.
- Add 3XL and 4XL sizes to defaults but keep them disabled by default
- Update admin restore default derivatives resets sizes and clears cache
- Update migration 177 => updates existing installs: set 3XL/4XL as disabled
Append info on PHP_OS in the template of `admin/maintenance_env.php` and in `include/functions.inc.php` -> `send_piwigo_infos()`
Detection works by checking if PHP is running on Linux then check if PID2 is kthreadd
Kthreadd is useless in a container so PID2 should not exist of be another process
If unable to read /proc/2/sched for some reason, assume a SELinux restriction and that PHP is not running in a container
`is_in_container()` doesn't differentiate between VMs or bare metal, it only check if PHP is running in a containerized environement via tools like docker or podman
