changed the lost password routines to utilize a secret question system for improved security and ease of use (requires turning off password encryption config setting)
added optional page spanning to the main display for large lists of downloads (currently only works when authorizations are turned off, i.e. all files available to all logged in users, but works with category groupings)
Miscellaneous:
various tweaks for PHP5 compatibility
password encryption now turned off by default (config.php) so as to utilize the new secret question reminder system
updated the Delete Confirmation (users, downloads, download groups, user groups) to indicate the name/title about to be deleted in addition to the ID#
updated the Dutch language file
reverted to the pre-v3.0 file delivery method (download.php), but added a config option to use either method
modified browser detection code to keep text boxes the proper size in Firefox
now shows Full Name/Email in download notifications to admin when authorizations are turned off (can be disabled if you'd rather save the query and don't care for the added information)
a failed login from admin-only login page now redirects to that same page, not the regular login
fixed a download.php bug (introduced in v3.0) that kept credits from being deducted (wrong config array referenced)
fixed a main display bug for admin override views when no download groups in use
modified Printer Friendly Page code to pick up POST variables
fixed a bug in create_account.php that used the wrong variables for username/password for the email sent when account confirmation is not required
fixed a bug that kept quoted portions of text from showing up in some text input boxes when editing entries
fixed a bug in the admin's main display that keeps all available downloads from showing up when authorizations are turned off (was only showing those downloads with group settings)
fixed a sql bug that kept the alpha page spanning from working when authorizations are turned off
switched a short tag <? to <?php in set_groups.php to address a PHP5 issue
cleaned up numerous warnings for uninitialized variables, undefined array indexes, etc.
7/27/05 - Version 3.00 released
Additions:
added in "hooks" for optional plugins: Auto Payment Processor (PayPal IPN) and License Generator
when adding a user, any required fields not filled out properly will now return you to the Add form with previously entered info still in place
added option to main display to have downloads sorted by any of the fields order (i.e. alphabetical by title, by file size, etc.)
replaced hard-coded Users and Downloads table field names with flexible config array equivalents (easier to customize); see this thread.
Email Newsletter now has batch settings to avoid timing out on large lists
Email Newsletter has an added option to email specific users regardless of authorization settings
added optional file type icons for the main downloads display
added an option for allowing users to edit their account info
added an admin area for removing downloads files from the server
added user's email address and full name to admin download notifications
added code to the login page to detect if the user's browser settings accept cookies and issue a warning if not
added an option for turning off the requirement to confirm user accounts through email
added report to usergroup/download group control panels for viewing just those included in a group
added a Dutch language file
Miscellaneous:
improved the optional main display category setup to only show those categories (groups) with authorized downloads
modified the main display authorization queries to not look up authorization schemes not in use (based on database content) -
for improved efficiency
removed an unnecessary database query (for user's full name) from main.php to speed up the main display slightly
modified the download delivery to a possibly less memory intensive method
when deleting users or downloads, the Access table entries are now removed in addition to the user/download group entries
updated the "SMTP E-mail sending class" newsletter routines to the latest version
changed the download groups control panel sort order from ID to Title
changed function dl_subdir_list() to ensure subdirectory lists are displayed in alphabetical order regardless of server setup
disabled the lost password routines for inactive/unconfirmed accounts, as confirming the new password activates the account and may override an intentionally deactivated setting
added hook for tracking incomplete downloads
increased the default filename field input max size from 35 to 75 characters
upped the username max character limit in the 'lost password' request utility
updated the IPN plugin with a new option tied to the Credits system for allowing users to purchase additional credits directly from their D-Man account, via an Authorize.net merchant account
Bug Fixes:
fixed a bug in 'email_user_info' (admin.php) that did not allow encrypted passwords to be passed in from the new user Add form
updated the old admin email variable in the failed login, banned IP, and account creation messages
fixed a lib.php build_input_area() bug that kept downloads and usergroups from appearing on the user add/edit forms if no download groups present (incorrectly named array checks)
fixed logic bug that throws off main display category counts for the admin when admin-group auth's are not present
added back ticks to prepended database name in config.php to not cause errors with db's with hyphens in the name
fixed a purge users bug that didn't allow submission of the confirmation form
fixed a bug that kept default non-english language selections from working
2/14/03 - Version 2.00.3 released
Additions:
updated the Edit/Validate forms to allow users to be assigned to groups and downloads in one step like with the Add form
added a German language file
Miscellaneous:
added a bypass to the email newsletter for server setups that do not work with the SMTP mail class
added a condition to main.php to account for installations which do not use a "Version" field
Bug Fixes:
fixed a language file function inconsistency (L_valid_pswd() mis-named in some files)
fixed a bug that resulted in some download files not found depending on how their records were added to the database (dropdown default setting)
removed some erroneous $_POST variables (from previous version) in email.php that may adversely affect the email newsletter utility on PHP installations older than 4.1.0
fixed a "cosmetic" bug (introduced by changes to the last beta series) that kept the is_confirmed field title from displaying when viewing a user account
fixed a bug that kept admin-set default field values (such as default Credits) from being set when a user creates an account
improved the conditional lost password email templating
added some missing variables for min/max username settings
1/15/03 - Version 2.00.2 released
added a British-English language file
added language selection flags
fixed a typo/bug in search_results.php that kept the Description search terms from being echoed
removed a few erroneous variables and verbiages (from MyCalendar; shared setups)
1/10/03 - Version 2.00.1 released
bug fix in lost_password.php that did not display a few language variables
1/08/03 - Version 2.00 Released
Additions:
now allows gzip'd (.tgz and .tar.gz) and .pdf files to be used as downloads, in addition to .zip files; numerous other file types can be handled, but not all are as reliable
can now authorize downloads by specific download/user settings, by available credits, or both
added optional user groups and file groups, along with the ability to authorize downloads by any of the following criteria:
user group given access to all files in file group
user group given access to all files in subdirectory
user group given access to single file (custom list)
single user given access to all files in file group (custom list)
single user given access to all files in subdirectory
single user given access to all files
user group given access to all files
single user given access to single file (old method)
all users given access to all files *
* added an option to turn off download authorizations, which allows you to to give *all* users access to *all* downloads (bypass all authorization/credits criteria); handy for a large number of downloads where specific access rights are not a concern
restructured main display to allow for categorical grouping of downloads
generalized the downloads display formatting to allow easier end-user customization (for non-program use, such as pdf's or images) - you can now configure which database fields to display for a download, instead of the previously hard coded 'title-version' display
email newsletter (email.php) changes:
now allows you to select multiple downloads and/or download groups to send emails to authorized users and/or user groups
added the option to email all users, regardless of authorization settings
added the option to email one or more user groups, regardless of authorization settings
added a confirmation to the form 'reset' button to keep you from accidentally deleting your message before sending
added an on/off flag to easily turn off the sending of emails; convenient for testing that the intended users are being looked up before actually sending the emails
added customizable markup tags
now allows the admin to add new users to user groups and authorize them for downloads or download groups in the same step as creating their account
added an option to require the admin to log in through a separate (hidden) page that uses a hidden key and can be given an additional layer of password protection, making it much more difficult for unauthorized users to gain admin access
added an option to place new user accounts into a default user group
moved text into language files for translation flexibility
added checks to allow files larger than PHP's default max (generally 8 meg) to be downloaded
now allows unlimited subdirectories (one level deep) for categorizing your downloadable files
added the option to allow users to upload files for admin approval
added IP address logging for logins and downloads
added a new table for banning IP addresses, either manually or automatically if the user has more failed logins than the max setting
added an option for the admin to view the authorized downloads (main.php) as any specified user would see it; useful for making sure the assorted authorization schemes are set to your liking
added an option to temporarily close off the downloads area to user logins, such as when the site is under construction
added a feature that shows number of authorized users per download along with a bar chart display (can easily be changed to a pie chart)
now allows direct linking (http://domain.com/d-man/download.php?id=X) to specific files from throughout your site
added a user-accessible search utility for the downloads
added an optional letter/number first character (title) grouping system for the main display
added an "A" to "Z" letter bar for the "list all" user/downloads pages for a one-click quick link to that section of the alphabet
added an option to use unencrypted user passwords (allows them to be retrieved later on)
added a config option to use your own site-wide CSS files in place of D-Man's default
converted the Documentation/Help file (readme.txt) to an HTML equivalent
added a context sensitive help file with separate items for admin and users
added a popup color picker for the 'set variables' section
added "printer friendly" options for all pages
removed dependency on register_globals being turned on; now works either way
added an .htaccess file to force the turning off of register_globals
added the version number (optional) to the display of download histories
changed some headers to allow the script to work on secure servers (SSL) in Internet Explorer (already worked in other browsers)
for the email an individual user section (for login/username reminders), added a confirmation to the form 'reset' button to keep you from accidentally deleting your message before sending
added admin tools for purging old user accounts (by last login or download)
added a reminder when logged in as the admin to change the admin email address if not already done (i.e. for new installs)
added a reminder when logging in as the admin to change the default password if not already done (i.e. for new installs)
Bug Fixes:
fixed a security hole in download.php that could allow someone to download files they are not authorized for if they are logged in (corrected in the re-release of v1.12)
fixed a security hole that could allow people to spoof a valid session and gain access to some of the admin functions (corrected in the re-release of v1.12)
when creating an account (create_account.php), invalid usernames or passwords now provide specific feedback as to the problem
removed the unused (and problematic with SAFE MODE) chdir() line from download_dir.php (corrected in the re-release of v1.12)
specified the file path in download_dir.php to ensure filesize() is correctly calculated (system dependent) (corrected in the re-release of v1.12)
fixed a bug that kept the "list all" page spanning from tracking the correct value for non-user searches (i.e. downloads or groups)
fixed a bug that allowed users who had not yet confirmed their account (through the emailed confirmation link) to log in (corrected in the re-release of v1.12)
carrying forward user authorizations no longer causes an error if the receiving download already has the same user ID(s) authorized (no duplicate key inserts)
added the missing spacer.gif image to the /images/ directory
Miscellaneous:
download_dir.php now display files in the download directory in alphabetical order, not by ID order
modified create_account.php to disallow non-unique email addresses
after the admin adds a user account, instead of displaying their 'view info' page, the user is now displayed through a search form to show the edit access, email, groups, logins, etc. quick links
after admin adds a user account, the email address is now passed through unencrypted to the 'email user info' form
updated smtp.php (for the email newsletter) to avoid pass by reference warnings (pass-by-reference has been deprecated)
the change email address confirmation email is no longer the general account confirmation one; more specific
the link for emailing a user their account info is now included on the individual user info pages, as well as the "list all" page
with the new file types allowed for downloads, files that will be opened in the browser (such as pdf, txt, and html) are automatically opened in a new window to avoid having to 'page back' after viewing
the download history (by user) display now shows entries for downloads that have been deleted
the download history (by user) display now shows the users' name next to the userid for each user, plus a link to their full account info in a popup window
added more input error checking
added an initial config variable for servers that do not work with the custom session management
placed the admin footer links into dropdown select forms for cleaner organization
sped up the automatic creation of add/view/edit/delete forms for users and downloads by bypassing regular expressions for most fields
shortened the URL sent in emails for confirming account creations and email address changes by removing the add/edit component
the admin's view of the user account info screens now contains links to view the downloads, uploads, and logins for that user
the view download totals (counts) page now shows the percentage each file comprises of the total downloads
replaced the user authorization 'swap' method with radio select boxes in a standard form; the JavaScript was unreliable for sorting upper and lower case names together and for handling names with non-letter characters
changed the title for 'Set Variables' to a more intuitive and less technical 'Set Options'
modified the single user authorization section (from the user's account display) to show downloads vertically instead of horizontally across the page -
better for working with a large number of downloads
removed the ParentID field from the Downloads table and adjusted the 'carry_forward_auths' section accordingly
improved admin area page spanning for large lists of users, downloads, groups, etc.
8/29/01 - Version 1.12.2 released
bug fix in index.php that allowed users to log in before their account had been confirmed
7/17/01 - Version 1.12.1 released
bug fix in index.php and download.php to keep someone from spoofing a valid session and gain limited admin access
6/20/01 - Version 1.12 released
when editing a download, the download_dir.php popup page is now enabled the same as with 'add' routines
when validating a user account, clicking on the Validate button now automatically sets their account status to Active
fixed a bug in Netscape that kept the dropdown select boxes in add/modify/validate forms from displaying
fixed a bug in the search form that kept the get_parent_id.php popup window from populating the main window with the selected Parent ID for downloads
made some changes in the set_variables.php page to avoid header errors on some servers
modified much of the user/downloads add/validate routines to allow you to easily add more fields to the database without having to make changes throughout the program
changed variable naming on modify multiple routines to work consistently with various JavaScript functions
changed the browser checking routine to a faster method
changed the 'Title' column in the Downloads table (for new setups) to NOT NULL by default
moved the maximum file size setting for uploads to a variable in config.php
changed the D-Man version variable's name to not overwrite submitted version numbers when adding downloads
set_variables.php no longer requires numbering all the variables to be set, making it easier to add new variables in any order
modified the code of several files to make the HTML pieces more easily editable
5/18/01 - Version 1.11 released
added optional cookies for remembering login info each time
fixed a bug that disallowed deleting of downloads
fixed a bug that showed no search results when searching for a download to delete
"list all" searches for downloads & users now sorts alphabetically
file sizes are now listed on the main download page
4/16/01 - Version 1.10 released
confirmation of user account additions was not correctly echoing the result of the database search
added an alternate method for viewing/setting user download authorizations (menu swap)
purge logins by username, handy for removing admin login info but keeping stats for users
added validate/modify/delete multiple support for users and downloads
improved session handling, especially when logging out, now actually shows you as logged out on the first page you are brought to, instead of still seeing the logged in options
removed the browser-determining regular expression from pages that don't use it (faster loading)
added an optional 'Powered by D-Man' link/logo at the bottom of pages
replaced all .php file extensions with a .$phpEX variable, allowing you to name the files as needed (i.e. .php4) easier
changed to specifying the database name in all queries in case the program is used on the same page as another program querying a different database
the $database_name variable was not specified in functions user_register() user_confirm(), change_user_password(), change_user_email(), and get_lost_password() in lib.php
user/download searches, including "list all," now default to sorting by user ID in ascending order
when editing a user account, the password will not be re-encrypted if it is already encrypted -- avoids creating a non-retreivable password
added a two-part option to automatically build dropdown selection boxes -- allows the form name and value to be different if desired (concise database storage for numerical flags while presenting something easier to remember than a number)
setting a single user's download authorizations (through viewing their user info page) pointed to the wrong location
moved a few more variables into the group that can be set online through the browser
added a "responsible use" warning to the login page
