Age | Commit message (Collapse) | Author | Files | Lines |
|
So that the /util/sql/ files are in sync with the actual DB again.
|
|
Used to link to a visual-novels.net review or something. Links have been
hidden and dead since ages. No need to keep the column around.
|
|
|
|
This ensures that, if an attacker evers gets read access to the
database, he will not be able to compromise any accounts. SHA-1 suffices
here, because the data being hashed is a random 20 byte string. The
search space is so damn large that you can't sanely brute force it, nor
are rainbow tables any use at that scale.
They're not salted. The password reset tokens are also hashed in the
database and do include salt, but I've no idea why we did that.
|
|
It doesn't make a whole lot to separate the hashed password and the salt
from each other, you need both to do anything with them, and from the
database perspective they're both completely opaque strings only usable
for direct comparison with other hashed strings.
This change is mostly as preparation for switching to a proper key
derivation function (sha256 isn't...) and to add support for longer
and/or binary salt.
Because the passwd field now needs to be interpreted in Perl, it's being
passed around as a binary string rather than a hex-encoded value.
API login is broken in this commit. I'll get to that.
|
|
I believe I didn't do this conversion earlier (back when I converted the
language types) because PostgreSQL didn't support dynamically adding new
values to an existing enum back then, and modifying an enum was a huge
pain. Recent versions do support this, so there's no reason to keep it
as a string.
...I just felt like adding some churn to the code base.
|
|
Easier to work with in custom queries.
|
|
|
|
|
|
|
|
|
|
All the async stuff isn't necessary now that images are processed
synchronously.
|
|
TODO: Get rid of the 'processing' flag and all the async loading of
screenshot data in the screenshot uploader.
|
|
|
|
I used to do this to avoid loading Image::Magick in each TUWF process,
decreasing memory usage, and lowering the blocking time by avoiding too
much processing. Memory isn't much of a problem nowadays, and processing
images is fast enough, too, so this complexity isn't necessary anymore.
(Character images and screenshots pending)
|
|
|
|
|
|
The interface to set a non-integer vote isn't very nice, but at least it
works. Or so I hope.
|
|
And added an update_2.23.sql file which now also includes the previously
added indices. Currently, this update file can be run as often as you
want, it doesn't make any noticable changes when you run it on a
database that has already been updated. (i.e. I can update the main site
without a new release)
|
|
Required in order to search for hidden entries (obviously :P)
|
|
|
|
Users who haven't logged in since 2009-08-09 will find that their
passwords have been reset. They need to use the password recovery
feature before logging in again.
|
|
|
|
This is far more flexible.
|
|
|
|
The lastfetch/price columns can't be modified at the moment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The field isn't used yet.
|
|
The sexual flag isn't used yet.
|
|
|
|
|
|
|
|
I'll have to optimize the updating of traits_chars as soon as I have
some data to test with.
Also renamed tags.c_vns to c_items, to have it share the same name as
traits.c_items. This makes it a lot easier to re-use code for both tags
and traits, such as what I did with dbTagTree/dbTraitTree -> dbTTTree
and the childtags() and parenttags() functions.
|
|
It's more like a cache, and has some unintuitive problems when a trait
is applied to multiple top-level traits. But this'll do the trick
anyway.
|
|
This makes things somewhat simpler.
|
|
|
|
|
|
|
|
The Perl code and SQL-revisioning code only handles the name, original,
alias and desc fields at the moment. There is a basic /i+ and /i+.+ page
for testing, which should have all the functionality required for the
revisioning framework.
|
|
Added new trait notify and i+ id-matching
|
|
|
|
|
|
Not very useful at the moment, but will be used to improve several other
things.
|
|
This is the first step in adding support for overruling tag votes by
moderators.
Also removed some unused options from dbTagStats(); the
tag-vote-stats-by-user pages have been removed in the previous VNDB
update, which was the only page using these additional options.
|
|
This constraint was caused by the character length limit on
vn.c_platforms. Trying to add or edit a release in such a way that a
platform would be added to c_platforms would result in a 500.
|