Releases: PHPAuth/PHPAuth
Releases · PHPAuth/PHPAuth
1.5.0
Completly removed uses of bjeavons/zxcvbn-php
package from PHPAuth Core. See CUSTOM_VALIDATORS.md
. Package added to 'suggest' section of composer.json
Please use:
use ZxcvbnPhp\Zxcvbn;
$config = $config->setPasswordValidator(static function($password) use ($config) {
return (bool)((new Zxcvbn())->passwordStrength($password)['score'] >= intval($config->password_min_score));
});
1.4.10
- [+] added
__lang()
method in trait Helpers. Supported new to legacy key conversion. - [-] removed duplicated emails from
database_emails_banned.sql
- [-] removed strict PDO type from constructors of Auth and Config. This is done because not only the PDO, but also a wrapper over the PDO can be passed as a connection.
- [*] changed some message codes (for more clarity)
- [+] for a number of configuration variables, the zero value is now available. A value of zero means that the check for this rule should be skipped. So,
verify_email_min_length = 0
means that the email is not checked for the minimum length. - [+] added two rules for setForgottenDefaults():
verify_email_valid TRUE
,verify_email_use_banlist TRUE
- [+] added setCaptchaValidator implementation
- [+]
Config::__set()
now saving settings to DB only if Config type is SQL - [-] removed
database_informix.sql
- [*] fix tests: runs
testRegister()
andtestLogin()
in separate process (prevents 'headers already sent' error) - [*] fixed
setLocalization()
method
see also DEPRECATION_WARNING.md
Session Auth in addition to Cookie Auth mechanism
Added Session Authentication to the PHPAuth Core Class. Users can now choose between using a Session or a Cookie by setting the 'use_session' configuration option to 1 or 0
Fixed: undefined class constant
Fixed #532 , Undefined class constant 'self::TOKEN_LENGTH'
Fix: PDO fetch result comparsion to zero
Fix brute-force protection
- [*] fix: getIP() brute-force protection can be bypassed (#528)
Version fix. This release is equal to 1.3.5.
This release is equal to 1.3.5 version, but must be 1.4.0, because changed a lot of minor functionality.
Minor changes
- [!] recommended version for composer is
latest
, NOTdev-master
- [!] minimal PHP required 7.2.*
- [!] added mb-string dependency, because using mb_strtolower instead of strtolower (email can have non-english domain)
- [!] All dies replaced with RuntimeException
Minor additions
- [+] added "phpauth/phpauth.l10n" to composer.json suggests
- [+] added custom password and email validator
- [+] add
Config::setLocalization()
method that update config's internal dictionary from given array. - [+] add
Config::setCustomMailer()
method - future custom closure for sendMail method - [+] please, use
deleteExpiredData()
instead ofcron()
- [+] export script from SQL dictionary to PHP file
Fixes
- [*] Added ConfigInterface and AuthInterface
- [*] refactored
checkTableExists()
method. Uses different detection methods for separate drivers - [*] Source files moved to sources/ directory. Updated autoload/psr-4 section at composer.json
- [*] Zxcvbn moved to separate method (isPasswordStrong)
- [*] configuration types declared as ConfigInterface public constants
- [*] documentation fixes
- [*] Updated localization dictionary generation: if message not found in custom dictionary - used message from en_GB dictionary.
- [*] Updated getForgottenDictionary() method
- [*] Moved methods to Helper class:
getForgottenDictionary()
,getIP
,getRandomKey()
,getHash()
1.3.5
See 1.4.0 description
[1.3.4] Version fix
Update composer.json removed hardcoded version from composer.json Actual version defined with VERSION TAG at releases page
Version fix: 1.3.2
Version fix: 1.3.2