v0.3.1.18

Bugfixes:

• Add check for logging being enabled but log file not existing yet

0.3.1.17

Minor Changes:

• Layout fixes to better fit mobile devices

Bugfixes:

• Database error instead of installation screen on certain conditions
• Error log not working in dashboard on certain conditions

0.3.1.16

French language translations

Minor bugfixes to the following systems:

• HTTP status codes for error pages
• Database error handling

0.3.1.15

0.3.1.15

• Fix unattached submitHandler bug in Group and Auth edit interfaces (#465)
• Remove references to nonexistent formUserView and formGroupView (#478)
• Gracefully handle session destruction due to missing or disabled accounts (#510)
• Add attributeExists and relationExists for models (#520)

0.3.1.14

• Stop reading entire log files to avoid out-of-memory errors (#497)
• Deploy league/csv to properly generate CSV files (#557)
• Fix typos in language files

0.3.1.13

• Bump dependencies
• userfrosting/fortress now has a release version

0.3.1.12

• Add sendmail support in Notification class
• Fixed problem with strict comparison in Handlebars templates and inconsistent data types among different database technologies
• Overrided paths to font files for Bootstrap Glyphicons to support the UserFrosting directory structure
• Added missing lines of Thai language (popiazaza)
• Fixed a vulnerability where users still logged in wouldn't automatically be logged out if they were disabled
• Added option for HTTPS in .htaccess, commented out by default
• Minor syntax fixes in public/js/userfrosting.js, widget-auth.js, widget-groups.js, and widget-users.js

0.3.1.11

• Composer can now include composer.json files from plugin folders (added "wikimedia/composer-merge-plugin" to composer)

0.3.1.10

• Select correct versions (PHP 5.x compatible) of packages in composer.json
• Turkish language translation
• Return User object created in AccountController::register

0.3.1.9

• Revert to loose comparison for user_ids because of issues with Ubuntu's PDO driver (see http://stackoverflow.com/questions/5323146/mysql-integer-field-is-returned-as-string-in-php#comment41836471_5323169)

0.3.1.8

• Finish replacing all usages of *Loader classes with Eloquent syntax
• Installer warning for missing imagepng
• Fix bug in CSV generation for user table

0.3.1.7

• Change "default theme" to "guest theme" and fix loading issues (#463). What used to be called "default theme" is now base theme, i.e. the theme to fall back to when a template file cannot be found in the current theme (user group or guest theme)
• New public template for "nyx" theme
• Remove trailing slash from configuration JS/CSS paths to make uniform with site.uri.public
• Make routes for config.js and theme.css dynamically generated from configuration variables (#461)
• Make cookie name for "remember me" use session name
• Fix potential bug in configuration user_id's for guest, master accounts

0.3.1.6

• Fix exception-handling for mail server errors
• Notify if account creation was successful, even if mail server failed.

0.3.1.5

• Add Romanian translation
• Upgrade Tablesorter and pretty URLs for searched/sorted/paginated tables
• Fix bug in default value for user secret_token

0.3.1.4

• .htaccess redirect trailing slash: change to only redirect GET requests
• Natural sort order in API
• Fix bug in table pagination
• Fix bug in loading user primary group properties as user properties
• Fix mailto link bug in tables
• Warn if config file missing (#445)
• Fix dutch error (#447)

0.3.1.3

• Implement CSV download feature

0.3.1.2

• Implement no_leading_whitespace and no_trailing_whitespace rules

v0.3.1

• Improved initialization routine as middleware
• Implemented "remember me" for persistent sessions - see https://github.com/gbirke/rememberme
• Converted page templates to inheritance architecture, using Twig extends
• Start using the .twig extension for template files
• All content is now part of a theme, and site can be configured so that one theme is the default theme for unauthenticated users
• User session stored via user_id, rather than the entire User object
• Data model is now built on Eloquent, instead of in-house
• Cleaned up some of the per-page Javascript, refactoring repetitive code
• Implement server-side pagination
• Upgrade to Tablesorter v2.23.4
• Switch from DateJS to momentjs
• Switch to jQueryValidation from FormValidation
• Implement basic interface for modifying group authorization rules
• User events - timestamps for things like sign-in, sign-up, password reset, etc are now stored in a user_event table
• Wrapper class Notification for sending emails, other notifications to users
• Remove username requirement for password reset. It is more likely that an attacker would know the user's username, than the user themselves. For the next version, we can try to implement some real multi-factor authentication.
• When a user creates another user, they don't need to set a password. Instead, an email is sent out to the new user, with a token allowing them to set their own password.
• Admins can manually generate a password reset request for another user, or directly change the user's password.

French!

Got French?

Check include path

Should report now if there is a problem with the include path to initialize.php.

v0.3.0

Version 0.3.0 is an attempt to bring UserFrosting up to speed with the tools and practices of the modern PHP community. We proudly introduce the following design elements in UF 0.3.0:

• Model-view-controller architecture (MVC)
• Autoloading with Composer
• Front controller routing with Slim PHP
• RESTful URLs
• Templating with Twig
• Object-oriented data model
• PHPDoc documentation

If you're not familiar with these concepts, don't worry! They're easy, and definitely worth it. You can learn more about the new concepts here.

We also highly recommend that you check out PHP The Right Way. It does a good job explaining the major considerations for building clean, maintainable, and secure software in PHP, without pushing any particular framework down your throat.

v0.2.2

• Implemented db-driven menu system. Menu items are pulled from the database, and can be modified via plugins.
• Implemented backend templating of forms and tables via Bootsole.
• Implemented upgrade system, will pull new version list from github and automatically grab update files as well.
• Moved file list from config.php to the database to be easier to add and remove file paths
• Added version to the configuration table to aid in the upgrading of Userfrosting
• Added dev_env to config.php as well as new setting to db-setting.php when set to true UF will no longer check for the install or upgrade directory (good for development defaults to FALSE)
• Removal of models/captcha.php and replace with base64 captcha function.

v0.2.0 - butterflyknife

• Converted all DB calls to PDO.
• Renamed "permissions" to "groups". Same concept, but using the word "group" suggests that it can be used for more than just access control.
• Implemented "primary group" membership for users. A user can belong to multiple groups, but only one of those will be their primary group.
• Implemented DB-driven home pages for groups. Upon login, a user will be redirected to the home_page for their primary group.
• Implemented templated menus. Every group has a corresponding menu template in models/menu-templates. Upon login, the menu for a user's primary group is automatically loaded and rendered.
• Implemented function-level user authorization. Whenever a function in secure_functions is called, the user_action_permits table is checked to see whether or not that user has access to the function (the action column), conditional on the boolean functions specified in the permits column.
• Organized pages into four categories: account pages, API pages, form pages, and public pages. Public pages reside in the root directory and can be accessed by anyone. Account pages are in the account directory and are only accessible after logging in. API pages are in the api directory, and consist of all the pages that process or fetch data from the DB and interact with the frontend via AJAX/JSON. They are accessible by any logged in user, but will only perform a function if the user is authorized. Form pages are in the forms directory, and consist of pages that generate forms (for creating/updating users, groups, etc.)
• Converted registration page to AJAX.
• Improved installer with site configuration.