aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Move uploads to a named Docker volumeHEADmasterThomas Vanbesien2026-03-241-0/+0
| | | | | | Replace the bind-mounted src/uploads/ with a named volume shared between PHP (read-write) and Nginx (read-only). Remove entrypoint.sh since the volume handles directory creation automatically.
* Add rate limiting on login and password reset endpointsThomas Vanbesien2026-03-222-0/+92
| | | | | | Track attempts per IP in a rate_limits table with a sliding time window. Login allows 5 failed attempts per 15 min, password reset allows 3 requests per 15 min. Old entries are purged automatically.
* Add session cookie hardening and Nginx security headersThomas Vanbesien2026-03-221-0/+11
| | | | | | Set httponly, samesite=Lax, and auto-detected secure flag on session cookies. Add X-Content-Type-Options, X-Frame-Options, and Content-Security-Policy headers in Nginx. Document both in README.
* Add upload security: size limit, per-user and site-wide post capsThomas Vanbesien2026-03-222-0/+35
| | | | | | Reject base64 payloads over 10 MB, limit users to 50 posts each, and cap total posts at 10,000 (~650 MB on disk). Document upload security model in README.
* Add favicon using webcam.svgThomas Vanbesien2026-03-222-0/+5
|
* Replace home page with redirect to gallery or loginThomas Vanbesien2026-03-212-12/+6
|
* Add likes, comments, email notifications, and pagination to galleryThomas Vanbesien2026-03-218-23/+336
|
* Add user's own posts grid and post deletion to editor pageThomas Vanbesien2026-03-214-1/+97
|
* Add editor with webcam/upload capture, overlay compositing, and gallery feedThomas Vanbesien2026-03-2117-1/+758
|
* Add profile page for editing username, email, password, and notificationsThomas Vanbesien2026-03-216-8/+345
|
* Add user authentication with email verification and password resetThomas Vanbesien2026-03-2113-1/+612
| | | | | | Implements registration, login/logout, email verification via token, and password reset flow. Includes CSRF protection, flash messages, MailPit for dev email testing, and security docs in README.
* Initial project scaffoldThomas Vanbesien2026-03-2112-0/+286
Set up MVC architecture with front controller, router, autoloader, database singleton, and Docker Compose stack (Nginx + PHP-FPM + MariaDB). Includes DB schema, responsive layout, dev tooling (php-cs-fixer, parallel-lint), and documentation.
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-16 19:38:45 +0000