1<?xml version="1.0" encoding="UTF-8"?> 2<package packagerversion="1.9.1" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0 http://pear.php.net/dtd/tasks-1.0.xsd http://pear.php.net/dtd/package-2.0 http://pear.php.net/dtd/package-2.0.xsd"> 3 <name>Auth</name> 4 <channel>pear.php.net</channel> 5 <summary>Creating an authentication system.</summary> 6 <description>The PEAR::Auth package provides methods for creating an authentication 7system using PHP. 8 9Currently it supports the following storage containers to read/write 10the login data: 11 12* All databases supported by the PEAR database layer 13* All databases supported by the MDB database layer 14* All databases supported by the MDB2 database layer 15* Plaintext files 16* LDAP servers 17* POP3 servers 18* IMAP servers 19* vpopmail accounts (Using either PECL vpopmail or PEAR Net_Vpopmaild) 20* RADIUS 21* SAMBA password files 22* SOAP (Using either PEAR SOAP package or PHP5 SOAP extension) 23* PEAR website 24* Kerberos V servers 25* SAP servers</description> 26 <lead> 27 <name>Martin Jansen</name> 28 <user>MJ</user> 29 <email>mj@php.net</email> 30 <active>no</active> 31 </lead> 32 <lead> 33 <name>Yavor Shahpasov</name> 34 <user>yavo</user> 35 <email>yavo@siava.org</email> 36 <active>no</active> 37 </lead> 38 <lead> 39 <name>Adam Ashley</name> 40 <user>aashley</user> 41 <email>php@adamashley.name</email> 42 <active>yes</active> 43 </lead> 44 <developer> 45 <name>James E. Flemer</name> 46 <user>jflemer</user> 47 <email>jflemer@acm.jhu.edu</email> 48 <active>no</active> 49 </developer> 50 <developer> 51 <name>Adam Harvey</name> 52 <user>aharvey</user> 53 <email>aharvey@php.net</email> 54 <active>yes</active> 55 </developer> 56 <date>2010-10-26</date> 57 <time>00:50:52</time> 58 <version> 59 <release>1.6.4</release> 60 <api>1.5.0</api> 61 </version> 62 <stability> 63 <release>stable</release> 64 <api>stable</api> 65 </stability> 66 <license uri="http://www.php.net/license">PHP License</license> 67 <notes> 68Fix baseinstalldir 69 </notes> 70 <contents> 71 <dir baseinstalldir="/" name="/"> 72 <file baseinstalldir="/" md5sum="ac6fb793a9aefcc3ead21064b5564c9f" name="Auth/Anonymous.php" role="php" /> 73 <file baseinstalldir="/" md5sum="8c1951eaf366f8c9b55687db0c66a305" name="Auth/Auth.php" role="php" /> 74 <file baseinstalldir="/" md5sum="e9ed0770e37e086e71edfe4a87928fe8" name="Auth/Container.php" role="php" /> 75 <file baseinstalldir="/" md5sum="c0d6f8331a79fa367f0bc7229596652d" name="Auth/Controller.php" role="php" /> 76 <file baseinstalldir="/" md5sum="330e3ad6e3a436b840de70fec71d3294" name="Auth/Container/Array.php" role="php" /> 77 <file baseinstalldir="/" md5sum="aca9277fa0bce718193fb404a66df336" name="Auth/Container/DB.php" role="php" /> 78 <file baseinstalldir="/" md5sum="5512bafd19c3b83a0940d8e1fe744851" name="Auth/Container/DBLite.php" role="php" /> 79 <file baseinstalldir="/" md5sum="dde39f93bc73ec2c8c7625cc3001b869" name="Auth/Container/File.php" role="php" /> 80 <file baseinstalldir="/" md5sum="06db5f947bc4e9d6cdfd09c7a7dd5cb1" name="Auth/Container/IMAP.php" role="php" /> 81 <file baseinstalldir="/" md5sum="15d2734f7fa49068c56e0188ead727f7" name="Auth/Container/KADM5.php" role="php" /> 82 <file baseinstalldir="/" md5sum="f5bae02b6949a48fe9927f1230ccb348" name="Auth/Container/LDAP.php" role="php" /> 83 <file baseinstalldir="/" md5sum="728e305236093862e4f619f31b2e9698" name="Auth/Container/MDB.php" role="php" /> 84 <file baseinstalldir="/" md5sum="52b9bf3afb418058888fac413960a034" name="Auth/Container/MDB2.php" role="php" /> 85 <file baseinstalldir="/" md5sum="6d2fbb513fd4ccf9dc9f3a263129df96" name="Auth/Container/Multiple.php" role="php" /> 86 <file baseinstalldir="/" md5sum="8a2fec942b6662f0794e2de1fc5515be" name="Auth/Container/NetVPOPMaild.php" role="php" /> 87 <file baseinstalldir="/" md5sum="8015e81320ed97f215884f256d061876" name="Auth/Container/PEAR.php" role="php" /> 88 <file baseinstalldir="/" md5sum="c49ae7f03328f1125c1116ee63bd6665" name="Auth/Container/POP3.php" role="php" /> 89 <file baseinstalldir="/" md5sum="b36ca8470e95ef7a75c59acd7b63a15e" name="Auth/Container/RADIUS.php" role="php" /> 90 <file baseinstalldir="/" md5sum="79e2a30c7510d39229bc267d3f3b4240" name="Auth/Container/SAP.php" role="php" /> 91 <file baseinstalldir="/" md5sum="c89ea34ffcf230e04935f22ceddf9db2" name="Auth/Container/SMBPasswd.php" role="php" /> 92 <file baseinstalldir="/" md5sum="0d0174395d31aa30d380eb93327c10f7" name="Auth/Container/SOAP.php" role="php" /> 93 <file baseinstalldir="/" md5sum="ebd5e804afd32fa828ad166c327bbad7" name="Auth/Container/SOAP5.php" role="php" /> 94 <file baseinstalldir="/" md5sum="3c248af7b9cf45741dadfa99eb4c486f" name="Auth/Container/vpopmail.php" role="php" /> 95 <file baseinstalldir="/" md5sum="c73e8379d73f0c97d0d5330684c7b30a" name="Auth/Frontend/Html.php" role="php" /> 96 <file baseinstalldir="/" md5sum="6d03025f455869185b57b5c138fd1c01" name="Auth/Frontend/md5.js" role="data" /> 97 <file baseinstalldir="/" md5sum="797b51ba0f58858ab014771aa1b26fd6" name="examples/logging.php" role="doc" /> 98 <file baseinstalldir="/" md5sum="c0234bbeeb10e24cdb6f64272e5e9831" name="examples/multi-container.php" role="doc" /> 99 <file baseinstalldir="/" md5sum="a3482937f298d5a2742f32a54812c0c9" name="tests/AllTests.php" role="test" /> 100 <file baseinstalldir="/" md5sum="b60c8b083eb08119d88089db53ee2ede" name="tests/auth_container_db_options.php" role="test" /> 101 <file baseinstalldir="/" md5sum="907193304f6f6d0a03321a344d81a8a8" name="tests/auth_container_file_options.php" role="test" /> 102 <file baseinstalldir="/" md5sum="70468618acb6cf9314c234f241e93aae" name="tests/auth_container_imap_options.php" role="test" /> 103 <file baseinstalldir="/" md5sum="2070e2661d33de660a39837ecdec8ca7" name="tests/auth_container_mdb2_options.php" role="test" /> 104 <file baseinstalldir="/" md5sum="2070e2661d33de660a39837ecdec8ca7" name="tests/auth_container_mdb_options.php" role="test" /> 105 <file baseinstalldir="/" md5sum="7e41dc017dbc7f9c3841f205736cf2ab" name="tests/auth_container_pop3a_options.php" role="test" /> 106 <file baseinstalldir="/" md5sum="f2884c6ddc8f0405364aad909105f0d5" name="tests/auth_container_pop3_options.php" role="test" /> 107 <file baseinstalldir="/" md5sum="3796a67d8c5d3f281ceb414638f60cfa" name="tests/bug8735.passwd" role="test" /> 108 <file baseinstalldir="/" md5sum="7a5ca7c595123a06d18543b803355158" name="tests/bug8735.phpt" role="test" /> 109 <file baseinstalldir="/" md5sum="ad27a7b244511da0c2c75674033c3745" name="tests/DBContainer.php" role="test" /> 110 <file baseinstalldir="/" md5sum="314cd40e8b882f27a807b4eb824abceb" name="tests/DBLiteContainer.php" role="test" /> 111 <file baseinstalldir="/" md5sum="3b6bb4b847b756f4f25e003ad086bb79" name="tests/FileContainer.php" role="test" /> 112 <file baseinstalldir="/" md5sum="ca84f548b8cd3abdbca6ffb520e7c864" name="tests/IMAPContainer.php" role="test" /> 113 <file baseinstalldir="/" md5sum="8c8aaae73d38c31f9fcd0e40759b8794" name="tests/MDB2Container.php" role="test" /> 114 <file baseinstalldir="/" md5sum="ac86dc743cdd78c350605f4ba4d890d2" name="tests/MDBContainer.php" role="test" /> 115 <file baseinstalldir="/" md5sum="c0ea6513ca30793404fa300c1f82995e" name="tests/mysql_test_db.sql" role="test" /> 116 <file baseinstalldir="/" md5sum="470101473f5dc9ab8d0ef35a0f343185" name="tests/POP3aContainer.php" role="test" /> 117 <file baseinstalldir="/" md5sum="fd933ecf46e31034adc522b7a40aeaa4" name="tests/POP3Container.php" role="test" /> 118 <file baseinstalldir="/" md5sum="4326ab6109775f02111a64d38cf37e2b" name="tests/TestAuthContainer.php" role="test" /> 119 <file baseinstalldir="/" md5sum="db9782123c381f0d638ed9ace4f6d42d" name="tests/tests.php" role="test" /> 120 <file baseinstalldir="/" md5sum="68b329da9893e34099c7d8ad5cb9c940" name="tests/users" role="test" /> 121 <file baseinstalldir="/" md5sum="7c9142f6d86e90aa18432a1dc983e76d" name="Auth.php" role="php" /> 122 <file baseinstalldir="/" md5sum="14012d9f7ed31ca900dc177cc37df9b5" name="README.AdvancedSecurity" role="doc" /> 123 <file baseinstalldir="/" md5sum="38eac955611c0458f057799e6160a361" name="README.Auth" role="doc" /> 124 </dir> 125 </contents> 126 <dependencies> 127 <required> 128 <php> 129 <min>4.3.3</min> 130 </php> 131 <pearinstaller> 132 <min>1.4.0b1</min> 133 </pearinstaller> 134 </required> 135 <optional> 136 <package> 137 <name>Log</name> 138 <channel>pear.php.net</channel> 139 <min>1.9.10</min> 140 </package> 141 <package> 142 <name>File_Passwd</name> 143 <channel>pear.php.net</channel> 144 <min>1.1.0</min> 145 </package> 146 <package> 147 <name>Net_POP3</name> 148 <channel>pear.php.net</channel> 149 <min>1.3.0</min> 150 </package> 151 <package> 152 <name>DB</name> 153 <channel>pear.php.net</channel> 154 <min>1.6.0</min> 155 </package> 156 <package> 157 <name>MDB</name> 158 <channel>pear.php.net</channel> 159 </package> 160 <package> 161 <name>MDB2</name> 162 <channel>pear.php.net</channel> 163 <min>2.0.0RC1</min> 164 </package> 165 <package> 166 <name>Auth_RADIUS</name> 167 <channel>pear.php.net</channel> 168 </package> 169 <package> 170 <name>Crypt_CHAP</name> 171 <channel>pear.php.net</channel> 172 <min>1.0.0</min> 173 </package> 174 <package> 175 <name>File_SMBPasswd</name> 176 <channel>pear.php.net</channel> 177 <min>1.0.0</min> 178 </package> 179 <package> 180 <name>HTTP_Client</name> 181 <channel>pear.php.net</channel> 182 <min>1.1.0</min> 183 </package> 184 <package> 185 <name>SOAP</name> 186 <channel>pear.php.net</channel> 187 <min>0.9.0</min> 188 </package> 189 <package> 190 <name>Net_Vpopmaild</name> 191 <channel>pear.php.net</channel> 192 <min>0.1.0</min> 193 </package> 194 <package> 195 <name>vpopmail</name> 196 <channel>pecl.php.net</channel> 197 <min>0.2</min> 198 <providesextension>vpopmail</providesextension> 199 </package> 200 <package> 201 <name>kadm5</name> 202 <channel>pecl.php.net</channel> 203 <min>0.2.3</min> 204 <providesextension>kadm5</providesextension> 205 </package> 206 <extension> 207 <name>imap</name> 208 </extension> 209 <extension> 210 <name>saprfc</name> 211 </extension> 212 <extension> 213 <name>soap</name> 214 </extension> 215 </optional> 216 </dependencies> 217 <phprelease /> 218 <changelog> 219 <release> 220 <version> 221 <release>1.2.2</release> 222 <api>1.2.2</api> 223 </version> 224 <stability> 225 <release>stable</release> 226 <api>stable</api> 227 </stability> 228 <date>2003-07-29</date> 229 <license uri="http://www.php.net/license">PHP License</license> 230 <notes> 231* Added support for passing contaner as an object 232* Added fix when db_fileds is * 233* Added Test Suite (experimental) 234* Added generic support for arbitrary password crypting functions 235 different than MD5, DES and plain text. (Patch by Tom Anderson) 236* Added new MDB storage container written by Lorenzo Alberton 237* Added new Container for SAMBA password files (SMBPasswd) 238 </notes> 239 </release> 240 <release> 241 <version> 242 <release>1.2.3</release> 243 <api>1.2.3</api> 244 </version> 245 <stability> 246 <release>stable</release> 247 <api>stable</api> 248 </stability> 249 <date>2003-09-08</date> 250 <license uri="http://www.php.net/license">PHP License</license> 251 <notes> 252* new Method to auth_container getUser() 253* New Auth_Container_File, using new File_Passwd class. Provided by Michael Wallner <mike@php.net> 254* Login/Logout callbacks now get a reference to auth 255* New Login Failed Callback added (method setFailedLoginCallback) 256* SOAP container patch to keep a reference to the Soap responce by Bruno Pedro <bpedro@co.sapo.pt> 257* Auth is now installed in /pear-dir/Auth.php instead of /pear-dir/Auth/Auth.php, an 258 empty file /pear-dev/Auth/Auth.php wich includes Auth.php is added for BC 259* The contaner now gets a reference to the auth object ($auth->storage->_auth_obj) 260*Some patches from the pear-dev list bellow 261 -maka3d@yahoo.com.br - Patch to use a method of the container in Auth_Container::verifyPassword 262 -Lorenzo Alberton <l.alberton@quipo.it> - Patch to use variable session variable name, untill now the variable auth was used 263 -Marcos Neves <maka3d@yahoo.com.br> - Avaoid error when calling getAuthData() before the login 264 </notes> 265 </release> 266 <release> 267 <version> 268 <release>1.3.0r1</release> 269 <api>1.3.0r1</api> 270 </version> 271 <stability> 272 <release>beta</release> 273 <api>beta</api> 274 </stability> 275 <date>2004-06-04</date> 276 <license uri="http://www.php.net/license">PHP License</license> 277 <notes> 278* Changes to LDAP container: 279 - check for loaded ldap extension at startup as suggested by Markku Turunen 280 - make ldap version configurable via config array 281 - documentation fix for active directory default user container 282 [ 14/Jun/2004 - jw] 283* Added an Auth_Controller class, to manage automatic redirection to login page and redirect back 284 to the calling page [04/06/2004 - Yavo] 285* Changes to LDAP container: 286 - additional attribute fetching to authData via new option attributes 287 - utf8 encoding username for ldapv3 (fixes german umlaut problem) 288 - make scope definable for user and group searching seperately 289 - remove useroc, groupoc and replace them with userfilter, groupfilter which is way more flexible 290 - updated documentation on all new and changed parameters 291 As some of the parameters changed this one is not backwards compatible to earlier versions. 292 Look at the top of the class where all parameters are explained in detail. 293 [08/April/2004 - jw] 294* Added new MDB2 container [30/March/2004 - quipo] 295* Implements changePassword and CS fixed, patch from Cipriano Groenendal <cipri@cipri.com> 296 [29/March/2004 - yavo] 297* Added options for changing the post variables, patch supplied by Moritz Heidkamp <moritz.heidkamp@invision-team.de> 298 [03/March/2004 - yavo] 299* Added method setAdvancedSecurity and set advanced security to off by default, if turned on auth will perform additional 300 security checks if ip or user agent has changed across requests 301* Login is now performed only if showLogin is true, do not allow for logins to be performed from any page which calls auth->start 302 spotted by Matt Eaton <pear@divinehawk.com> [16/Jan/2004 - yavo] 303* Fixed bug noted by Jeroen Houben <jeroen@terena.nl>, calling loginFailedCallback 304 would not have the proper status set [16/Jan/2004 - yavo] 305* Added PEAR container, authenticate the user against the pear web site 306 (probably php.net also) [16/Dec/2003 - yavo] 307 </notes> 308 </release> 309 <release> 310 <version> 311 <release>1.3.0r3</release> 312 <api>1.3.0r3</api> 313 </version> 314 <stability> 315 <release>beta</release> 316 <api>beta</api> 317 </stability> 318 <date>2004-08-07</date> 319 <license uri="http://www.php.net/license">PHP License</license> 320 <notes> 321* Moved login screen generation code to Auth/Frontend/Html.php 322 In the future the frontend will be configurable. 323* Implemented support for Challenge / Responce password authenthication 324 have to enable advanced security $auth->setAdvancedSecurity 325 will work only with DB container and cryptType = none|md5 326* Implemented setAllowLogin to control which pages are allowed to perform login, 327 to preservce BC. Previusly the showLogin flag was used to control this - yavo 328* Implmented lazy loading for the storage constructor, constructor is only created when needed 329 to make Auth more lightweight (this might be adding a bit more overhead to login and usermanagement functions) 330* Removed include of PEAR, was not used anywhare in Auth.php 331* Created a new storage container DBLite same as DB but with the user manipulation functions removed (50% smaller) 332* Added a new method staticCheckAuth which can be called statically with only the auth options 333* Auth::importGlobalVariable method was removed and replaced by references to global variables 334* Removed all calls to $session[$this->_sessionName], made local reference session point to that instead 335* Changed call_user_func to call_user_func_array for the callbacks, to avoid using @ for passing variables by reference 336* Code Cleanup, removed most vi comments 337 </notes> 338 </release> 339 <release> 340 <version> 341 <release>1.3.0r4</release> 342 <api>1.3.0r4</api> 343 </version> 344 <stability> 345 <release>beta</release> 346 <api>beta</api> 347 </stability> 348 <date>2006-02-14</date> 349 <license uri="http://www.php.net/license">PHP License</license> 350 <notes> 351This release fixes a security issue that allows an attacker to perform 352injection attacks against the underlying storage containers. Upgrading 353is strongly recommended if you are using beta releases of the Auth 354package. 355 356* Improved parameter validation in the DB and LPAP containers. (Patch 357 provided by Matthew Van Gundy.) 358* Fixed Bug #3101: Wrong variable names in Auth/Container/File.php (mike) 359* renamed supportsChallengeResponce() to supportsChallengeResponse() 360 in the DB container (quipo) 361* Fixed Bug #4347: recognition of DB and MDB objects passed as dsn 362* Fixed Bug #6324: updated MDB2 container 363* Fixed Bug #5174: "Only variable references should be returned by reference" 364 bug in _factory() 365* Fixed Bug #2446: english language typos. 366 This results in a BC break for any custom containers that have implemented 367 supportsChallengeResponce(). Also all containers already 368 supportsChallengeResponse() instead of supportsChallengeResponce() and 369 therefore the call in Auth_Frontend_Html always called the default 370 implementation and not the container implementation. 371 </notes> 372 </release> 373 <release> 374 <version> 375 <release>1.3.0r5</release> 376 <api>1.3.0r5</api> 377 </version> 378 <stability> 379 <release>beta</release> 380 <api>beta</api> 381 </stability> 382 <date>2006-02-21</date> 383 <license uri="http://www.php.net/license">PHP License</license> 384 <notes> 385* Fixed Bug #2873: Allow calling programs to gracefully handle being unable 386 to connect/bind to LDAP server. 387* Fixed Bug #4918: Added support to specify which authentication method to 388 prefer when authenticating against a POP3 backend. 389* Fixed Bug #6644: Added support for LDAP_OPT_REFERRALS. Setting to false can 390 improve compatibility with Active Directory. 391* Fixed Bug #6791: Made all calls to call_user_func() call_user_func_array and 392 made calls consistant per change done in 1.3.0r3. 393* Fixed Bug #6803: depreciated DB function. Now requires DB >= 1.6.0 394* Fixed Bug #6808: Whenever Auth_Container_DB attempts to change the database 395 make sure the connection/DB object exists and is correct before attempting to 396 use the DB quoting features. 397 </notes> 398 </release> 399 <release> 400 <version> 401 <release>1.3.0RC6</release> 402 <api>1.3.0RC6</api> 403 </version> 404 <stability> 405 <release>beta</release> 406 <api>beta</api> 407 </stability> 408 <date>2006-02-22</date> 409 <license uri="http://www.php.net/license">PHP License</license> 410 <notes> 411 412 </notes> 413 </release> 414 <release> 415 <version> 416 <release>1.3.0RC7</release> 417 <api>1.3.0RC7</api> 418 </version> 419 <stability> 420 <release>beta</release> 421 <api>beta</api> 422 </stability> 423 <date>2006-03-01</date> 424 <license uri="http://www.php.net/license">PHP License</license> 425 <notes> 426This release is primarily a coding standard clean-up before the 1.3.0 final 427release. 428 429In addition the following improvements to the LDAP Container where supplied 430by Hugues Peeters <hugues.peeters@claroline.net>. 431 * Changed default attrformat to AUTH so that loaded attributes are 432 presented in the same format as other backends provide. 433 * Added compatibility support to 1.2 style configuration options 434 * Attributes option now accepts a comma seperated string as well as 435 as array the same as db_fields in the DB, MDB and MDB2 backends. 436 437Finally there are additional checks that the relevant PHP module is loaded 438when loading the IMAP and VPOPMail Containers. 439 </notes> 440 </release> 441 <release> 442 <version> 443 <release>1.3.0</release> 444 <api>1.3.0</api> 445 </version> 446 <stability> 447 <release>stable</release> 448 <api>stable</api> 449 </stability> 450 <date>2006-03-03</date> 451 <license uri="http://www.php.net/license">PHP License</license> 452 <notes> 453This is the final stable release of Auth 1.3.0. This version contains many new 454features over previous versions. Summary of changes: 455 456 * New MDB2 container [30/March/2004 - quipo] 457 * New PEAR container, authenticate against pear.php.net [16/Dec/2003 - yavo] 458 * New Advanced Security mode to catch man-in-the-middle attacks. 459 * Added options for changing the post variables, patch supplied by Moritz 460 Heidkamp <moritz.heidkamp@invision-team.de> 461 * New DBLite container, same as DB but with the user manipulation functions 462 removed (50% smaller). 463 * Split login form to Auth_Frontend_HTML with goal to make it easily 464 customisable. 465 466Numerous other small fixes and improvements to all storage containers thanks 467to the following people: Matt Eaton, Jeroen Houben, Cipriano Groenendal, 468Markku Turunen, Matthew Van Gundy, marc at practeo dot ch and I'm sure many 469others that have contributed over the years it's taken to get this release 470out. 471 </notes> 472 </release> 473 <release> 474 <version> 475 <release>1.3.1RC1</release> 476 <api>1.3.1RC1</api> 477 </version> 478 <stability> 479 <release>beta</release> 480 <api>beta</api> 481 </stability> 482 <date>2006-08-11</date> 483 <license uri="http://www.php.net/license">PHP License</license> 484 <notes> 485This release candidate is test the numerous fixes described below. It is also 486to get feedback on the change made for Bug #8407. Bug #8407 adds automatic 487quoting of table and field names used in SQL in the Database backends. 488 489 * Fixed Bug #7031: session_regenerate_id() not cleaning up old session storage. 490 Fix for this bug in PHP5.1.0+ has been done, still a problem in older versions 491 of PHP. 492 * Fixed Bug #7421: Allow false to be passed in for allowLogin and advancedSecurity 493 options. 494 * Fixed Bug #7434: Enable start_tls support for LDAP Container by Stuart Prescott 495 <php.net@nanonanonano.net> 496 * Fixed Bug #7537: Made File Container capable of using all File_Passwd backends. 497 * Fixed Bug #7841: Added missing </center>. Really the whole frontend needs 498 reworking. 499 * Fixed Bug #7860: Removed deprecated session_register call. 500 * Fixed Bug #7899: sessionValidThru() returning incorrect value when no idle 501 timeout set. 502 * Fixed Bug #7956: Session handling had several security bugs before PHP4.3.3. 503 Bumped PHP dependancy so we don't have to deal with them. 504 * Fixed Bug #8076: MDB & MDB2 Containers not using default db_fields values 505 * Fixed Bug #8351: Documentation of $loginFailedCallback pointed to incorrect 506 set function. 507 * Fixed Bug #8406: Error message updates by Adam Harvey <pear@adamharvey.name> 508 * Fixed Bug #8407: Database containers don't quote table/field names by Adam 509 Harvey <pear@adamharvey.name> 510 </notes> 511 </release> 512 <release> 513 <version> 514 <release>1.3.1</release> 515 <api>1.3.1</api> 516 </version> 517 <stability> 518 <release>stable</release> 519 <api>stable</api> 520 </stability> 521 <date>2006-08-21</date> 522 <license uri="http://www.php.net/license">PHP License</license> 523 <notes> 524* Fixed Bug #7031: session_regenerate_id() not cleaning up old session storage. 525 Fix for this bug in PHP5.1.0+ has been done, still a problem in older versions 526 of PHP. 527* Fixed Bug #7421: Allow false to be passed in for allowLogin and advancedSecurity 528 options. 529* Fixed Bug #7434: Enable start_tls support for LDAP Container by Stuart Prescott 530 <php.net@nanonanonano.net> 531* Fixed Bug #7537: Made File Container capable of using all File_Passwd backends. 532* Fixed Bug #7841: Added missing </center>. Really the whole frontend needs 533 reworking. 534* Fixed Bug #7860: Removed deprecated session_register call. 535* Fixed Bug #7899: sessionValidThru() returning incorrect value when no idle 536 timeout set. 537* Fixed Bug #7956: Session handling had several security bugs before PHP4.3.3. 538 Bumped PHP dependancy so we don't have to deal with them. 539* Fixed Bug #8076: MDB & MDB2 Containers not using default db_fields values 540* Fixed Bug #8351: Documentation of $loginFailedCallback pointed to incorrect 541 set function. 542* Fixed Bug #8406: Error message updates by Adam Harvey <pear@adamharvey.name> 543* Fixed Bug #8407: Database containers don't quote table/field names by Adam 544 Harvey <pear@adamharvey.name> 545 </notes> 546 </release> 547 <release> 548 <version> 549 <release>1.3.2</release> 550 <api>1.3.2</api> 551 </version> 552 <stability> 553 <release>stable</release> 554 <api>stable</api> 555 </stability> 556 <date>2006-08-31</date> 557 <license uri="http://www.php.net/license">PHP License</license> 558 <notes> 559* Fixed Bug #8524: Notice from attempting to perform string operation on what 560 might be an array in DB, DBLite, MDB and MDB2. Thanks to dozoyousan at gmail 561 dot com. 562* Remove debug message from RADIUS Container when using CHAP_MD5 or MSCHAPv1 563 style passwords. Thanks to Stoyan Stefanov <ssttoo at gmail dot com> for 564 pointing out this 3yr old bug. 565 </notes> 566 </release> 567 <release> 568 <date>2006-09-11</date> 569 <time>03:30:33</time> 570 <version> 571 <release>1.4.0RC1</release> 572 <api>1.4.0</api> 573 </version> 574 <stability> 575 <release>beta</release> 576 <api>stable</api> 577 </stability> 578 <license uri="http://www.php.net/license">PHP License</license> 579 <notes> 580* Added new SOAP container that makes use of the PHP5 SOAP Client. Thanks to 581 Marcel Oelke <puRe at rednoize dot com>. Fixes #2612. 582* Added support for trying all the user accounts returned from an LDAP server 583 not just the first one so as to support authenticating against Lotus Notes 584 which allows identical usernames where the only difference is the password. 585 Fixes #5365. 586* Added new Array container for simple authentication setups where it's easier 587 to list users in the file than setup some sort of backend. Thanks to 588 georg_1 at have2 dot com. Fixes #5832. 589* Added KADM5 container that makes use of the PECL kadm5 extension to 590 authenticate against Kerberos 5 servers. Thanks to Andrew Teixeira 591 <ateixeira at gmail dot com>. Fixes #6671. 592* Fixed #8597. Remove references to $GLOBALS['HTTP_*_VARS'] now that we require 593 PHP 4.3.3+ for other reasons. 594* Added SAP container that makes use of the SAPRFC extension available from 595 http://saprfc.sourceforge.net/. Thanks to Stoyan Stefanov <ssttoo at gmail dot com>. 596 Fixes #8637. 597* Fix #8599. Allow identifier quoting in DB, DBLite, MDB and MDB2 backends to 598 be switched off by developer. 599 </notes> 600 </release> 601 <release> 602 <date>2006-09-21</date> 603 <time>10:00:00</time> 604 <version> 605 <release>1.4.0RC3</release> 606 <api>1.4.0</api> 607 </version> 608 <stability> 609 <release>beta</release> 610 <api>stable</api> 611 </stability> 612 <license uri="http://www.php.net/license">PHP License</license> 613 <notes> 614* Fix Bug #8732: Auth_Container_DB having problems with SQLite databases. 615 SQLite returns the name of quoted field names including the quotes instead 616 of stripping the quotes like all other DBs. 617* Fix Bug #8735: Auth_Container_File::addUser() working on different instances 618 of File_Passwrd object. 619 </notes> 620 </release> 621 <release> 622 <date>2006-10-20</date> 623 <time>10:00:00</time> 624 <version> 625 <release>1.4.0</release> 626 <api>1.4.0</api> 627 </version> 628 <stability> 629 <release>stable</release> 630 <api>stable</api> 631 </stability> 632 <license uri="http://www.php.net/license">PHP License</license> 633 <notes> 634* Added new SOAP container that makes use of the PHP5 SOAP Client. Thanks to 635 Marcel Oelke <puRe at rednoize dot com>. Fixes #2612. 636* Added support for trying all the user accounts returned from an LDAP server 637 not just the first one so as to support authenticating against Lotus Notes 638 which allows identical usernames where the only difference is the password. 639 Fixes #5365. 640* Added new Array container for simple authentication setups where it's easier 641 to list users in the file than setup some sort of backend. Thanks to 642 georg_1 at have2 dot com. Fixes #5832. 643* Added KADM5 container that makes use of the PECL kadm5 extension to 644 authenticate against Kerberos 5 servers. Thanks to Andrew Teixeira 645 <ateixeira at gmail dot com>. Fixes #6671. 646* Fixed #8597. Remove references to $GLOBALS['HTTP_*_VARS'] now that we require 647 PHP 4.3.3+ for other reasons. 648* Added SAP container that makes use of the SAPRFC extension available from 649 http://saprfc.sourceforge.net/. Thanks to Stoyan Stefanov <ssttoo at gmail dot com>. 650 Fixes #8637. 651* Fix #8599. Allow identifier quoting in DB, DBLite, MDB and MDB2 backends to 652 be switched off by developer. 653* Fix Bug #8732: Auth_Container_DB having problems with SQLite databases. 654 SQLite returns the name of quoted field names including the quotes instead 655 of stripping the quotes like all other DBs. 656* Fix Bug #8735: Auth_Container_File::addUser() working on different instances 657 of File_Passwrd object. 658 </notes> 659 </release> 660 <release> 661 <date>2006-10-28</date> 662 <time>07:00:00</time> 663 <version> 664 <release>1.4.1</release> 665 <api>1.4.0</api> 666 </version> 667 <stability> 668 <release>stable</release> 669 <api>stable</api> 670 </stability> 671 <license uri="http://www.php.net/license">PHP License</license> 672 <notes> 673* Forgot to add Auth/Container/Array.php to package2.xml. 674 </notes> 675 </release> 676 <release> 677 <date>2006-11-10</date> 678 <time>07:00:00</time> 679 <version> 680 <release>1.4.2</release> 681 <api>1.4.0</api> 682 </version> 683 <stability> 684 <release>stable</release> 685 <api>stable</api> 686 </stability> 687 <license uri="http://www.php.net/license">PHP License</license> 688 <notes> 689* Fixed Bug #9241: Callback functions where being passed a copy of 690 the login object instead of a reference to it under PHP4. 691* Fixed Bug #9286: Comparison of passwords and their hashes could give 692 false positive. 693 </notes> 694 </release> 695 <release> 696 <date>2006-12-06</date> 697 <time>07:00:00</time> 698 <version> 699 <release>1.4.3</release> 700 <api>1.4.0</api> 701 </version> 702 <stability> 703 <release>stable</release> 704 <api>stable</api> 705 </stability> 706 <license uri="http://www.php.net/license">PHP License</license> 707 <notes> 708* Fixed Bug #9380: Default Auth_Container_POP3 configuration not 709 working. 710* Fixed Bug #9407: Add callback in checkAuth() process. 711* Fixed Bug #9479: Typo in Auth_Container_KADM5::_checkServer causes 712 failure. Thanks to Matt T. Proud (khanreaper at nerp dot net). 713 </notes> 714 </release> 715 <release> 716 <date>2007-01-17</date> 717 <time>07:00:00</time> 718 <version> 719 <release>1.5.0RC1</release> 720 <api>1.5.0</api> 721 </version> 722 <stability> 723 <release>beta</release> 724 <api>stable</api> 725 </stability> 726 <license uri="http://www.php.net/license">PHP License</license> 727 <notes> 728* Completed Request #2229: Ability to attach fall through containers. This 729 is implemented through the use of a new container Auth_Container_Multiple. 730 See multi-container.php in examples directory. 731* Completed Request #4126: Enhancements to Advanced Security Mode. Thanks 732 to makler at man dot torun dot pl. 733* Completed Request #6949: Use Log package for debugging messages. See logging.php 734 in examples directory. 735* Completed Request #7089: Add optional extra WHERE options to DB and MDB(2) 736 containers. 737* Add ability to pass an instanciated DB, MDB or MDB2 database connection to each 738 of the respective Auth Containers. 739 </notes> 740 </release> 741 <release> 742 <date>2007-02-02</date> 743 <time>07:00:00</time> 744 <version> 745 <release>1.5.0RC2</release> 746 <api>1.5.0</api> 747 </version> 748 <stability> 749 <release>beta</release> 750 <api>stable</api> 751 </stability> 752 <license uri="http://www.php.net/license">PHP License</license> 753 <notes> 754* Fixed Bug #9944: Logging constants not defined when logging disabled. 755* Fixed Bug #10000: Stupid developer didn't stop to look what he was doing 756 and broke things. 757* Fixed Bug #10004: Logging of connection failures in LDAP container missing. 758 </notes> 759 </release> 760 <release> 761 <date>2007-02-13</date> 762 <time>10:35:00</time> 763 <version> 764 <release>1.5.0</release> 765 <api>1.5.0</api> 766 </version> 767 <stability> 768 <release>stable</release> 769 <api>stable</api> 770 </stability> 771 <license uri="http://www.php.net/license">PHP License</license> 772 <notes> 773* Completed Request #2229: Ability to attach fall through containers. This 774 is implemented through the use of a new container Auth_Container_Multiple. 775 See multi-container.php in examples directory. 776* Completed Request #4126: Enhancements to Advanced Security Mode. Thanks 777 to makler at man dot torun dot pl. 778* Completed Request #6949: Use Log package for debugging messages. See logging.php 779 in examples directory. 780* Completed Request #7089: Add optional extra WHERE options to DB and MDB(2) 781 containers. 782* Fixed Bug #9944: Logging constants not defined when logging disabled. 783* Fixed Bug #10000: Stupid developer didn't stop to look what he was doing 784 and broke things. 785* Fixed Bug #10004: Logging of connection failures in LDAP container missing. 786 </notes> 787 </release> 788 <release> 789 <date>2007-03-23</date> 790 <time>10:35:00</time> 791 <version> 792 <release>1.5.1</release> 793 <api>1.5.0</api> 794 </version> 795 <stability> 796 <release>stable</release> 797 <api>stable</api> 798 </stability> 799 <license uri="http://www.php.net/license">PHP License</license> 800 <notes> 801* Added missing optional dependancy on PEAR Log to package.xml 802* Fixed Bug #10125: Auth_Container_LDAP::fetchData only fetching attributes for 803 first entry. 804 </notes> 805 </release> 806 <release> 807 <date>2007-06-12</date> 808 <time>10:35:00</time> 809 <version> 810 <release>1.5.2</release> 811 <api>1.5.0</api> 812 </version> 813 <stability> 814 <release>stable</release> 815 <api>stable</api> 816 </stability> 817 <license uri="http://www.php.net/license">PHP License</license> 818 <notes> 819* Feature Request #10729: Optionally regenerate session id on every page request. 820 Thanks to Bernhard for patch. 821* Fixed Bug #10785: Notice when Auth::logout() called with a login callback 822 defined but no user logged in. Suggested fix thanks to Sascha Grossenbacher. 823 </notes> 824 </release> 825 <release> 826 <date>2007-07-02</date> 827 <time>10:35:00</time> 828 <version> 829 <release>1.5.3</release> 830 <api>1.5.0</api> 831 </version> 832 <stability> 833 <release>stable</release> 834 <api>stable</api> 835 </stability> 836 <license uri="http://www.php.net/license">PHP License</license> 837 <notes> 838* Fixed Bug: If Auth::setSessionName() is called new session name variable is 839 not initialised so checks for session storage fail. 840* Fixed Bug #11396: Auth_Container_Pear doesn't work with latest changes to 841 pear.php.net. Fix by Adam Harvey. 842* Fixed Bug #11476: SOAP5 container's _validateOptions() and _setDefaults() 843 functions where setting options into the wrong object parameter. Thanks to 844 Köles Mihály for fix. 845 </notes> 846 </release> 847 <release> 848 <date>2007-07-02</date> 849 <time>10:35:00</time> 850 <version> 851 <release>1.5.4</release> 852 <api>1.5.0</api> 853 </version> 854 <stability> 855 <release>stable</release> 856 <api>stable</api> 857 </stability> 858 <license uri="http://www.php.net/license">PHP License</license> 859 <notes> 860* Fixed Bug #11499: Redundant parameter in Auth_Container_SOAP5::_validateOptions() 861 definition. Thanks to Koles Mihaly for spotting this. 862 </notes> 863 </release> 864 <release> 865 <date>2008-04-04</date> 866 <time>10:35:00</time> 867 <version> 868 <release>1.6.0</release> 869 <api>1.5.0</api> 870 </version> 871 <stability> 872 <release>stable</release> 873 <api>stable</api> 874 </stability> 875 <license uri="http://www.php.net/license">PHP License</license> 876 <notes> 877* Fixed Bug #12112: Advanced Security Cookie has different settings to 878 session cookie. 879* Implemented Request #13337: New vpopmail container utilising Net_Vpopmaild. 880 Patch supplied by Bill Shupp (shupp) 881* Implemented Request #13418: Karma support for PEAR Container. Patch supplied 882 by Christian Weiske (cweiske). 883* Added correct debug message for when no login has occured instead of session 884 storage not found. 885* Implemented Request #12061: Auto Quote handle database schema changes. ie 886 schema.tableName -> "schema"."tableName" 887* Implemented Request #12087: Ability to select which Advanced Security options 888 are used. 889* Fixed Doc Bug #12156: Correction to doc page for Auth::setSessionName() by 890 Adam Harvey (aharvey) 891 </notes> 892 </release> 893 <release> 894 <date>2008-04-04</date> 895 <time>15:33:00</time> 896 <version> 897 <release>1.6.1</release> 898 <api>1.5.0</api> 899 </version> 900 <stability> 901 <release>stable</release> 902 <api>stable</api> 903 </stability> 904 <license uri="http://www.php.net/license">PHP License</license> 905 <notes> 906* Actually included the new NetVPOPMaild container file. 907 *mutter*grumble*stupid package.xml*grumble*mutter* 908* Fix Bug #13578: Parse errors in DB Containers 909 </notes> 910 </release> 911 <release> 912 <version> 913 <release>1.6.2</release> 914 <api>1.5.0</api> 915 </version> 916 <stability> 917 <release>stable</release> 918 <api>stable</api> 919 </stability> 920 <date>2010-02-12</date> 921 <license uri="http://www.php.net/license">PHP License</license> 922 <notes> 923* Fix Bug #13756: Variable name mispelling in SAP container 924* Fix Bug #13757: AUTH_LOG_ERR used but not defined 925* Fix Bug #14248: Typo and documentation fixes 926* Fix Bug #16676: Notices in PEAR container (cweiske) 927 </notes> 928 </release> 929 <release> 930 <version> 931 <release>1.6.3</release> 932 <api>1.5.0</api> 933 </version> 934 <stability> 935 <release>stable</release> 936 <api>stable</api> 937 </stability> 938 <date>2010-10-26</date> 939 <license uri="http://www.php.net/license">PHP License</license> 940 <notes> 941Automatically built QA release 942Bug #17691 PATCH: Using explode instead of split - doconnor 943 </notes> 944 </release> 945 <release> 946 <version> 947 <release>1.6.4</release> 948 <api>1.5.0</api> 949 </version> 950 <stability> 951 <release>stable</release> 952 <api>stable</api> 953 </stability> 954 <date>2010-10-26</date> 955 <license uri="http://www.php.net/license">PHP License</license> 956 <notes> 957Fix baseinstalldir 958 </notes> 959 </release> 960 </changelog> 961</package> 962