Commits on Jan 6, 2016
  1. @machack666

    Update missing MANIFEST items

    machack666 committed Dec 22, 2015
  2. @machack666
  3. @machack666
Commits on Dec 28, 2015
  1. @jdigory
Commits on Dec 11, 2015
  1. @jdigory
Commits on Dec 8, 2015
  1. @jdigory

    Enhancements to External.pm

    * This is little-known core module, but can allow command-line access to
      Interchange, and other uses.
    * Add failure on env
    * Add logError sub
    * Default IP address
    jdigory committed Dec 8, 2015
Commits on Dec 5, 2015
  1. @jdigory

    Remove admin/test_code.html page

    * Relocated to eg/ for future reference
    * Deemed a slight security risk
    * Best to not include by default in the Admin UI
    jdigory committed Dec 5, 2015
Commits on Nov 26, 2015
  1. @jdigory

    Adjust helper arrows under IMAGE_DIR during makecat

    * 'strap' is shorter than 'standard'
    jdigory committed Nov 25, 2015
Commits on Nov 24, 2015
  1. @jdigory
Commits on Nov 19, 2015
  1. @perusionmike

    * The [jsonq] tag generates a record in a table (by default C<qc>)

      that allows users to access JSON records created by a query. The
      query associated with the record will be run with any parameters
      that are specified being taken either from 1) CGI variables or 2)
      the path info.
    
    * Adds QueryCache directive that speficies the "introducer", the URL
      fragment which calls the query cache short circuit, the table to be
      used, the content-type,
    
    * Adds hook early in the cycle to vet queries based on Session ID
      cookie and IP address, allowing the query to happen before sessions
      are attached or deep page initialization completes. This improves
      performance dramatically.
    
    * Adds access routine in Vend::Data to actually process the query
      and access the tables in question.
    
    * Hooks to allow an external program (eg will be added soon) to
      totally bypass IC for even lower overhead for queries.
    perusionmike committed Nov 19, 2015
Commits on Nov 18, 2015
  1. @jdigory
  2. @jdigory

    Use bcrypt in admin

    jdigory committed Nov 18, 2015
Commits on Nov 17, 2015
  1. @perusionmike
  2. @jdigory

    Use bcrypt in Strap demo

    * Show demo user credentials while in demo mode
    * Warnings about pepper
    * Rework password reset to change password and set (plain), then
      login user (promotes from_plain), then user can change their
      password without knowing the old one (we set from what we changed
      it to earlier). The initial set also invalidates the emailed link.
    jdigory committed Nov 16, 2015
Commits on Nov 13, 2015
  1. @jdigory

    Update pw_reset page to use Bootstrap 3 styles

    Somehow this got overlooked...
    jdigory committed Nov 13, 2015
Commits on Oct 22, 2015
  1. @jdigory

    Use area tag for password reset

    Thanks, Peter
    jdigory committed Oct 22, 2015
Commits on Oct 1, 2015
  1. @pajamian

    Add support for password promote from plain text.

    Adds a new UserDB option, "from_plain" that when set to 1 along with the
    promote option will cause Interchange to assume that all current passwords are
    plain text unless they meet the criteria of the new encryption scheme.  Note
    that this is not perfect as it is possible for plain text passwords to appear to
    Interchange as if they are already encrypted, and if Interchange thinks they
    look like the encryption scheme that you're promoting to, either by password
    length, or by a regexp match in the case of bcrypt then Itnerchange will not
    promote the password and assuming it is already encrypted the login will fail.
    While not a perfect solution to the issue of gracefully promoting passwords from
    plain text this is a "better than nothing" approach.
    
    To use this option, specify the following in your catalog.cfg in addition to the
    other option changes necessary to convert to encrypted passwords:
    
        UserDB foo promote 1
        UserDB foo from_plain 1
    
    Note that it is not recommended that you simply set this and forget in order to
    promote plain text passwords.  Having plain text passwords in your DB is now
    considered extremely bad practice and if you simply attempt to promote them via
    this method you will still have a large number of plain text passwords in your
    db for some time to come.  It is instead recommended that you use this method in
    conjunction with another method to convert all remaining passwords as quickly as
    possible.  This is simply in place as a means to help you avoid downtime of your
    site while the passwords are being promoted.
    pajamian committed Oct 2, 2015
Commits on Sep 26, 2015
  1. @jdigory
Commits on Sep 25, 2015
  1. @jdigory

    Remove ncheck message

    jdigory committed Sep 25, 2015
  2. @jdigory
  3. @jdigory
  4. @jdigory

    Move ncheck subroutine to global

    Various installations had trouble with $Tag being called from a non-global sub.
    Including: Perl 5.14.1 and 5.22.0.
    However, a different 5.14.1 installation worked...
    jdigory committed Sep 25, 2015
  5. @jdigory

    Use strap in MakeCat.pm, too

    jdigory committed Sep 16, 2015
  6. @jdigory
  7. @jdigory
  8. @jdigory

    use strap as default for makecat

    jdigory committed Sep 16, 2015
  9. @jdigory
  10. @jdigory

    add Strap template

    jdigory committed Sep 12, 2015
Commits on Sep 18, 2015
  1. @perusionmike

    * Allow explicit setting of negative numbers in items without

      raising error on quantity update.
    
      To make an item eligible, set the mv_negative attribute true.
      (You must also have mv_control = notoss if you wish to survive
      the cart toss routine.)
    perusionmike committed Sep 18, 2015
Commits on Sep 16, 2015
  1. @perusionmike
  2. @perusionmike
Commits on Sep 12, 2015
  1. @perusionmike

    * Fix problem where we were stepping on '%' in message even when

      there were no parameters submitted for substitution in sprintf.
    perusionmike committed Sep 12, 2015
Commits on Aug 31, 2015
  1. @jonjensen
  2. @jonjensen

    Remove Signio module for long-defunct Payflow Pro API

    Use Vend::Payment::PayflowPro now instead.
    jonjensen committed Jun 10, 2015
Commits on Aug 15, 2015
  1. @pajamian

    Fix --exclude option in interchange startup script.

    Getopt::Long made an incompatible change as of version 2.33 hash values become
    mandatory when they are specified with "=", this makes our documented syntax
    for --exclude invalid.  To make it work again the hash values must be made
    optional by changing the "=" to ":".
    pajamian committed Aug 16, 2015