* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
fixes: #5264
The issue was all the string concatenation...
But I decided to try loading the select via ajax. Seems ok. We could just use something like select2. Opinions? Use this approach or load at page load.
I was able to reduce the loading of the 4000 select items from 1.6s to 0.6s on my laptop by optimizing the sql.
I added 4000 devices to my database to check this :)
* Removed duplicate include
* Move set_debug into functions.php, and restore the (re)loading of includes/defaults
* Move debug call until after function has been included
