AbleDesign - Programs
Programs > D-Man > Version History
3/23/09 - Version 3.10b1 released
- Additions:
- changed the lost password routines to utilize a secret question system for improved security and ease of use (requires turning off password encryption config setting)
- added optional page spanning to the main display for large lists of downloads (currently only works when authorizations are turned off, i.e. all files available to all logged in users, but works with category groupings)
- Miscellaneous:
- various tweaks for PHP5 compatibility
- password encryption now turned off by default (config.php) so as to utilize the new secret question reminder system
- updated the Delete Confirmation (users, downloads, download groups, user groups) to indicate the name/title about to be deleted in addition to the ID#
- updated the Dutch language file
- reverted to the pre-v3.0 file delivery method (download.php), but added a config option to use either method
- modified browser detection code to keep text boxes the proper size in Firefox
- now shows Full Name/Email in download notifications to admin when authorizations are turned off (can be disabled if you'd rather save the query and don't care for the added information)
- a failed login from admin-only login page now redirects to that same page, not the regular login
- Bug Fixes:
- addressed the $title variable Cross-Site Scripting vulnerability found here: http://secunia.com/advisories/18074/
- fixed a download.php bug (introduced in v3.0) that kept credits from being deducted (wrong config array referenced)
- fixed a main display bug for admin override views when no download groups in use
- modified Printer Friendly Page code to pick up POST variables
- fixed a bug in create_account.php that used the wrong variables for username/password for the email sent when account confirmation is not required
- fixed a bug that kept quoted portions of text from showing up in some text input boxes when editing entries
- fixed a bug in the admin's main display that keeps all available downloads from showing up when authorizations are turned off (was only showing those downloads with group settings)
- fixed a sql bug that kept the alpha page spanning from working when authorizations are turned off
- switched a short tag <? to <?php in set_groups.php to address a PHP5 issue
- cleaned up numerous warnings for uninitialized variables, undefined array indexes, etc.
7/27/05 - Version 3.00 released
- Additions:
- added in "hooks" for optional plugins: Auto Payment Processor (PayPal IPN) and License Generator
- when adding a user, any required fields not filled out properly will now return you to the Add form with previously entered info still in place
- added option to main display to have downloads sorted by any of the fields order (i.e. alphabetical by title, by file size, etc.)
- replaced hard-coded Users and Downloads table field names with flexible config array equivalents (easier to customize); see this thread.
- Email Newsletter now has batch settings to avoid timing out on large lists
- Email Newsletter has an added option to email specific users regardless of authorization settings
- added optional file type icons for the main downloads display
- added an option for allowing users to edit their account info
- added an admin area for removing downloads files from the server
- added user's email address and full name to admin download notifications
- added code to the login page to detect if the user's browser settings accept cookies and issue a warning if not
- added an option for turning off the requirement to confirm user accounts through email
- added report to usergroup/download group control panels for viewing just those included in a group
- added a Dutch language file
- Miscellaneous:
- improved the optional main display category setup to only show those categories (groups) with authorized downloads
- modified the main display authorization queries to not look up authorization schemes not in use (based on database content) -
- for improved efficiency
- removed an unnecessary database query (for user's full name) from main.php to speed up the main display slightly
- modified the download delivery to a possibly less memory intensive method
- when deleting users or downloads, the Access table entries are now removed in addition to the user/download group entries
- updated the "SMTP E-mail sending class" newsletter routines to the latest version
- changed the download groups control panel sort order from ID to Title
- changed function dl_subdir_list() to ensure subdirectory lists are displayed in alphabetical order regardless of server setup
- disabled the lost password routines for inactive/unconfirmed accounts, as confirming the new password activates the account and may override an intentionally deactivated setting
- added hook for tracking incomplete downloads
- increased the default filename field input max size from 35 to 75 characters
- upped the username max character limit in the 'lost password' request utility
- updated the IPN plugin with a new option tied to the Credits system for allowing users to purchase additional credits directly from their D-Man account, via an Authorize.net merchant account
- Bug Fixes:
- fixed a bug in 'email_user_info' (admin.php) that did not allow encrypted passwords to be passed in from the new user Add form
- updated the old admin email variable in the failed login, banned IP, and account creation messages
- fixed a lib.php build_input_area() bug that kept downloads and usergroups from appearing on the user add/edit forms if no download groups present (incorrectly named array checks)
- fixed logic bug that throws off main display category counts for the admin when admin-group auth's are not present
- added back ticks to prepended database name in config.php to not cause errors with db's with hyphens in the name
- fixed a purge users bug that didn't allow submission of the confirmation form
- fixed a bug that kept default non-english language selections from working
2/14/03 - Version 2.00.3 released
- Additions:
- updated the Edit/Validate forms to allow users to be assigned to groups and downloads in one step like with the Add form
- added a German language file
- Miscellaneous:
- added a bypass to the email newsletter for server setups that do not work with the SMTP mail class
- added a condition to main.php to account for installations which do not use a "Version" field
- Bug Fixes:
- fixed a language file function inconsistency (L_valid_pswd() mis-named in some files)
- fixed a bug that resulted in some download files not found depending on how their records were added to the database (dropdown default setting)
- removed some erroneous $_POST variables (from previous version) in email.php that may adversely affect the email newsletter utility on PHP installations older than 4.1.0
- fixed a "cosmetic" bug (introduced by changes to the last beta series) that kept the is_confirmed field title from displaying when viewing a user account
- fixed a bug that kept admin-set default field values (such as default Credits) from being set when a user creates an account
- improved the conditional lost password email templating
- added some missing variables for min/max username settings
1/15/03 - Version 2.00.2 released
- added a British-English language file
- added language selection flags
- fixed a typo/bug in search_results.php that kept the Description search terms from being echoed
- removed a few erroneous variables and verbiages (from MyCalendar; shared setups)
1/10/03 - Version 2.00.1 released
- bug fix in lost_password.php that did not display a few language variables
1/08/03 - Version 2.00 Released
- Additions:
- now allows gzip'd (.tgz and .tar.gz) and .pdf files to be used as downloads, in addition to .zip files; numerous other file types can be handled, but not all are as reliable
- can now authorize downloads by specific download/user settings, by available credits, or both
- added optional user groups and file groups, along with the ability to authorize downloads by any of the following criteria:
- user group given access to all files in file group
- user group given access to all files in subdirectory
- user group given access to single file (custom list)
- single user given access to all files in file group (custom list)
- single user given access to all files in subdirectory
- single user given access to all files
- user group given access to all files
- single user given access to single file (old method)
- all users given access to all files *
* added an option to turn off download authorizations, which allows you to to give *all* users access to *all* downloads (bypass all authorization/credits criteria); handy for a large number of downloads where specific access rights are not a concern
- restructured main display to allow for categorical grouping of downloads
- generalized the downloads display formatting to allow easier end-user customization (for non-program use, such as pdf's or images) - you can now configure which database fields to display for a download, instead of the previously hard coded 'title-version' display
- email newsletter (email.php) changes:
- now allows you to select multiple downloads and/or download groups to send emails to authorized users and/or user groups
- added the option to email all users, regardless of authorization settings
- added the option to email one or more user groups, regardless of authorization settings
- added a confirmation to the form 'reset' button to keep you from accidentally deleting your message before sending
- added an on/off flag to easily turn off the sending of emails; convenient for testing that the intended users are being looked up before actually sending the emails
- added customizable markup tags
- now allows the admin to add new users to user groups and authorize them for downloads or download groups in the same step as creating their account
- added an option to require the admin to log in through a separate (hidden) page that uses a hidden key and can be given an additional layer of password protection, making it much more difficult for unauthorized users to gain admin access
- added an option to place new user accounts into a default user group
- moved text into language files for translation flexibility
- added checks to allow files larger than PHP's default max (generally 8 meg) to be downloaded
- now allows unlimited subdirectories (one level deep) for categorizing your downloadable files
- added the option to allow users to upload files for admin approval
- added IP address logging for logins and downloads
- added a new table for banning IP addresses, either manually or automatically if the user has more failed logins than the max setting
- added an option for the admin to view the authorized downloads (main.php) as any specified user would see it; useful for making sure the assorted authorization schemes are set to your liking
- added an option to temporarily close off the downloads area to user logins, such as when the site is under construction
- added a feature that shows number of authorized users per download along with a bar chart display (can easily be changed to a pie chart)
- now allows direct linking (http://domain.com/d-man/download.php?id=X) to specific files from throughout your site
- added a user-accessible search utility for the downloads
- added an optional letter/number first character (title) grouping system for the main display
- added an "A" to "Z" letter bar for the "list all" user/downloads pages for a one-click quick link to that section of the alphabet
- added an option to use unencrypted user passwords (allows them to be retrieved later on)
- added a config option to use your own site-wide CSS files in place of D-Man's default
- converted the Documentation/Help file (readme.txt) to an HTML equivalent
- added a context sensitive help file with separate items for admin and users
- added a popup color picker for the 'set variables' section
- added "printer friendly" options for all pages
- removed dependency on register_globals being turned on; now works either way
- added an .htaccess file to force the turning off of register_globals
- added the version number (optional) to the display of download histories
- changed some headers to allow the script to work on secure servers (SSL) in Internet Explorer (already worked in other browsers)
- for the email an individual user section (for login/username reminders), added a confirmation to the form 'reset' button to keep you from accidentally deleting your message before sending
- added admin tools for purging old user accounts (by last login or download)
- added a reminder when logged in as the admin to change the admin email address if not already done (i.e. for new installs)
- added a reminder when logging in as the admin to change the default password if not already done (i.e. for new installs)
- Bug Fixes:
- fixed a security hole in download.php that could allow someone to download files they are not authorized for if they are logged in (corrected in the re-release of v1.12)
- fixed a security hole that could allow people to spoof a valid session and gain access to some of the admin functions (corrected in the re-release of v1.12)
- when creating an account (create_account.php), invalid usernames or passwords now provide specific feedback as to the problem
- removed the unused (and problematic with SAFE MODE) chdir() line from download_dir.php (corrected in the re-release of v1.12)
- specified the file path in download_dir.php to ensure filesize() is correctly calculated (system dependent) (corrected in the re-release of v1.12)
- fixed a bug that kept the "list all" page spanning from tracking the correct value for non-user searches (i.e. downloads or groups)
- fixed a bug that allowed users who had not yet confirmed their account (through the emailed confirmation link) to log in (corrected in the re-release of v1.12)
- carrying forward user authorizations no longer causes an error if the receiving download already has the same user ID(s) authorized (no duplicate key inserts)
- added the missing spacer.gif image to the /images/ directory
- Miscellaneous:
- download_dir.php now display files in the download directory in alphabetical order, not by ID order
- modified create_account.php to disallow non-unique email addresses
- after the admin adds a user account, instead of displaying their 'view info' page, the user is now displayed through a search form to show the edit access, email, groups, logins, etc. quick links
- after admin adds a user account, the email address is now passed through unencrypted to the 'email user info' form
- updated smtp.php (for the email newsletter) to avoid pass by reference warnings (pass-by-reference has been deprecated)
- the change email address confirmation email is no longer the general account confirmation one; more specific
- the link for emailing a user their account info is now included on the individual user info pages, as well as the "list all" page
- with the new file types allowed for downloads, files that will be opened in the browser (such as pdf, txt, and html) are automatically opened in a new window to avoid having to 'page back' after viewing
- the download history (by user) display now shows entries for downloads that have been deleted
- the download history (by user) display now shows the users' name next to the userid for each user, plus a link to their full account info in a popup window
- added more input error checking
- added an initial config variable for servers that do not work with the custom session management
- placed the admin footer links into dropdown select forms for cleaner organization
- sped up the automatic creation of add/view/edit/delete forms for users and downloads by bypassing regular expressions for most fields
- shortened the URL sent in emails for confirming account creations and email address changes by removing the add/edit component
- the admin's view of the user account info screens now contains links to view the downloads, uploads, and logins for that user
- the view download totals (counts) page now shows the percentage each file comprises of the total downloads
- replaced the user authorization 'swap' method with radio select boxes in a standard form; the JavaScript was unreliable for sorting upper and lower case names together and for handling names with non-letter characters
- changed the title for 'Set Variables' to a more intuitive and less technical 'Set Options'
- modified the single user authorization section (from the user's account display) to show downloads vertically instead of horizontally across the page -
- better for working with a large number of downloads
- removed the ParentID field from the Downloads table and adjusted the 'carry_forward_auths' section accordingly
- improved admin area page spanning for large lists of users, downloads, groups, etc.
8/29/01 - Version 1.12.2 released
- bug fix in index.php that allowed users to log in before their account had been confirmed
7/17/01 - Version 1.12.1 released
- bug fix in index.php and download.php to keep someone from spoofing a valid session and gain limited admin access
6/20/01 - Version 1.12 released
- when editing a download, the download_dir.php popup page is now enabled the same as with 'add' routines
- when validating a user account, clicking on the Validate button now automatically sets their account status to Active
- fixed a bug in Netscape that kept the dropdown select boxes in add/modify/validate forms from displaying
- fixed a bug in the search form that kept the get_parent_id.php popup window from populating the main window with the selected Parent ID for downloads
- made some changes in the set_variables.php page to avoid header errors on some servers
- modified much of the user/downloads add/validate routines to allow you to easily add more fields to the database without having to make changes throughout the program
- changed variable naming on modify multiple routines to work consistently with various JavaScript functions
- changed the browser checking routine to a faster method
- changed the 'Title' column in the Downloads table (for new setups) to NOT NULL by default
- moved the maximum file size setting for uploads to a variable in config.php
- changed the D-Man version variable's name to not overwrite submitted version numbers when adding downloads
- set_variables.php no longer requires numbering all the variables to be set, making it easier to add new variables in any order
- modified the code of several files to make the HTML pieces more easily editable
5/18/01 - Version 1.11 released
- added optional cookies for remembering login info each time
- fixed a bug that disallowed deleting of downloads
- fixed a bug that showed no search results when searching for a download to delete
- "list all" searches for downloads & users now sorts alphabetically
- file sizes are now listed on the main download page
4/16/01 - Version 1.10 released
- confirmation of user account additions was not correctly echoing the result of the database search
- added an alternate method for viewing/setting user download authorizations (menu swap)
- purge logins by username, handy for removing admin login info but keeping stats for users
- added validate/modify/delete multiple support for users and downloads
- improved session handling, especially when logging out, now actually shows you as logged out on the first page you are brought to, instead of still seeing the logged in options
- removed the browser-determining regular expression from pages that don't use it (faster loading)
- added an optional 'Powered by D-Man' link/logo at the bottom of pages
- replaced all .php file extensions with a .$phpEX variable, allowing you to name the files as needed (i.e. .php4) easier
- changed to specifying the database name in all queries in case the program is used on the same page as another program querying a different database
- the $database_name variable was not specified in functions user_register() user_confirm(), change_user_password(), change_user_email(), and get_lost_password() in lib.php
- user/download searches, including "list all," now default to sorting by user ID in ascending order
- when editing a user account, the password will not be re-encrypted if it is already encrypted -- avoids creating a non-retreivable password
- added a two-part option to automatically build dropdown selection boxes -- allows the form name and value to be different if desired (concise database storage for numerical flags while presenting something easier to remember than a number)
- setting a single user's download authorizations (through viewing their user info page) pointed to the wrong location
- moved a few more variables into the group that can be set online through the browser
- added a "responsible use" warning to the login page
- fixed the title on the 'Change Email' page
2/22/01 - Version 1.00 Released