Tuskfish 2.0.4 brings a user management module and Editorial role, improved modularity and improved internal admin checks. Download it here:
- Add user management module (content creators/editors) (1).
- Improved modularity for adding further extensions (2).
- Login check now tests against surrogate password hash rather than session flag (3).
- Fix display of internal link in RSS feeds.
- The user management module is for adding TRUSTED users - Editors - that will help run or manage the site. Editors do not have access to global site preferences, but they do have full access to content creation and editing, so it is a sensitive role. Editors must be manually registered by the super user (admin). Think carefully before granting such access to anyone.
- Tidied up the file structure a bit to make installing modules cleaner.
- Previously a successful login set a session flag that was used for subsequent admin checks. Now a surrogate password hash is set in the session instead, and admin checks query the database and recalculate the surrogate hash for consistency. This means: If the Admin/Editor resets their password at any time, any existing login sessions for that user become invalid. This is a small security improvement.
Copyright, all rights reserved.