The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
For some unknown reason, the insecure version of pull request 18 (which
uses easily guessable reset codes) was merged. This commit disables the
password reset until someone makes it secure.
See the comments in https://github.com/postfixadmin/postfixadmin/pull/18
for details.
array('') means to include an empty item, and that results in an invalid
remote specification with a trailing "/"
Using an empty array() fixes this.
Reported by oftc_ftw on IRC.
* Make it possible by config option that non global admins can send
broadcast messages to their domains.
* Allow the sender to select the domains the broadcast message should be
delivered to
* Allow the sender to decide if the broadcast message should just be
delivered to mailboxes
- add more detailed notes about unsupported dovecot:* encryption types
(after hunting them down with r00t^2 on IRC)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1833 a1433add-5e2c-0410-b055-b7f2511e0802
- uses list.php and edit.php instead of the fetchmail-specific template
- replaces fetchmail.php and its template
config.inc.php:
- add $CONF['fetchmail_struct_hook']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1762 a1433add-5e2c-0410-b055-b7f2511e0802
- add note that $CONF[vacation_domain] can't be used for "normal" mails
model/DomainHandler.php:
- validate_new_id():
- error out when trying to add $CONF[vacation_domain]
- some whitespace fixes
- remove superfluous comment on initStruct()
*.lang:
- add 'domain_conflict_vacation_domain' error message
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1694 a1433add-5e2c-0410-b055-b7f2511e0802
restrict reply type to a list of options ($CONF[vacation_choice_of_reply]),
remove input field for custom interval
config.inc.php:
- change $CONF['vacation_choice_of_reply'] to [seconds] => [$PALANG label]
(note: reply to every mail is commented by default because it can be
annoying. Admins will have to explicitely add/enable it in their config.)
- remove $CONF[vacation_replytype_default]
- update comment about dovecot:* for $CONF[encrypt]
*.lang:
- add texts for reply types
VacationHandler.php:
- remove reply_type at various places
- set_away(): remove reply_type from list of function parameters
templates/vacation.tpl:
- update reply type dropdown for the changed $CONF['vacation_choice_of_reply']
- remove the input fields for custom reply delay
vacation.php:
- restrict reply type to a list of options ($CONF[vacation_choice_of_reply])
- if vacation is disabled, but old values are stored in the database,
change the activeFrom and activeUntil date to today to avoid users
have to scroll through the calendar a lot
xmlrpc.php:
- update set_away() call to match the removed parameter
upgrade.php:
- comment out upgrade_1345_mysql() which created the reply_type and
interval_time fields in the vacation table in mysql
- add upgrade_1610() to add the vacation.interval_time field
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1610 a1433add-5e2c-0410-b055-b7f2511e0802
- remove unused $CONF['usercontol'] which leaked in with an unrelated
patch in r1374
- fixed some typos in comments
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1551 a1433add-5e2c-0410-b055-b7f2511e0802
configs/menu.conf:
- change url_create_mailbox to edit.php?table=mailbox
templates/list-virtual.tpl:
- replace hardcoded create-mailbox.php with {#url_create_mailbox#}
functions.inc.php:
- delete functions that are now part of MailboxHandler:
- check_mailbox()
- multiply_quota()
- add some TODO notes
config.inc.php:
- rewrite a comment that referenced create-mailbox.php
create-mailbox.php:
- delete - no longer needed
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1433 a1433add-5e2c-0410-b055-b7f2511e0802
- new config option $CONF['password_validation'] - array with regular
expressions to check if a password is valid/good enough.
The default configuration enforces:
- minimum length 5 characters/digits/whatever
- at least 2 characters
- at least 2 digits
- removed $CONF['min_password_length'] - it's now handled in /.{5}/ in
$CONF['password_validation']
functions.inc.php
- new function validate_password to check a given password against
$CONF['password_validation']
- generate_password: generated password is always 8 chars long
(instead of $CONF['min_password_length'])
edit-admin.php, users/password.php, edit-mailbox.php, setup.php:
- use validate_password instead of $CONF['min_password_length']
This implements
https://sourceforge.net/tracker/?func=detail&aid=1785513&group_id=191583&atid=937967
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1192 a1433add-5e2c-0410-b055-b7f2511e0802
- several comments for the language_hook function:
- x_* naming policy for custom texts
- note that custom texts must appear in all blocks
- note that translation fixes should be reported in the bugtracker
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1177 a1433add-5e2c-0410-b055-b7f2511e0802
- change default of $CONF['admin_email'] to '' and updated the comment.
IMPORTANT: If set, this will be used as mail sender for all mails
(2.3.x used the currently logged admin's username in most cases).
$CONF['admin_email'] = '' will match the 2.3.x behaviour.
functions.inc.php:
- new function smtp_get_admin_email() to get mail sender address
($CONF[admin_email] or currently logged in admin if not set)
- changes compared to Dale's patch:
- added @return in comment
- switched to /** comment style
This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF),
https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1093 a1433add-5e2c-0410-b055-b7f2511e0802
- new config option $CONF['theme_custom_css']. This allows to add another
CSS file that is loaded after $CONF['theme_css']. Useful if someone wants to
do some small changes, but doesn't want to edit default.css
templates/header.tpl:
- include $CONF[theme_custom_css] if set
Changes compared to Dale's patch:
- $CONF['theme_custom_css'] is empty by default
- only include $CONF[theme_custom_css] if not empty
This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF),
https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1092 a1433add-5e2c-0410-b055-b7f2511e0802
- replaced last usage of $CONF['postfix_admin_path'] with $incpath
config.inc.php:
- drop (now unused) $CONF['postfix_admin_path'] config variable
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1070 a1433add-5e2c-0410-b055-b7f2511e0802
$CONF['user_footer_link']. This doesn't really make sense - it should
always be a link to users/main.php.
configs/menu.conf:
- added url_user_main = main.php
templates/users_menu.tpl:
- replaced $CONF.user_footer_link with #url_user_main#
config.inc.php:
- removed (now unused) $CONF['user_footer_link']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1059 a1433add-5e2c-0410-b055-b7f2511e0802
Based on a patch from W. Rossmann (W. Rossmann@SF),
https://sourceforge.net/tracker/index.php?func=detail&aid=2974928&group_id=191583&atid=937966
with some modifications, cleanup and adoptions to trunk (especially templates)
config.inc.php:
- new config option $CONF['domain_quota'] to enable/disable domain-level
quota (default: enabled)
- new config option $CONF['domain_quota_default'] (default: 2 GB)
functions.inc.php - check_quota():
- add code to check the quota sum on a domain
- add optional parameter $username (to exclude that username from quota
calculation, used by edit-mailbox)
edit-domain.php, create-domain.php,
admin_edit-domain.tpl, admin_create-domain.tpl:
- add input field and handling for domain-level quota
list-domain.php, overview-get.tpl, adminlistdomain.tpl:
- display allocated and allowed domain quota
- beautify quota and max_quota fields - display "unlimited" instead of "-1"
edit-mailbox.php:
- hand over username to check_quota()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1042 a1433add-5e2c-0410-b055-b7f2511e0802
- better documentation for $CONF[alias_control], $CONF[alias_control_admin]
and $CONF[special_alias_control] because the existing comments were
confusing (as pointed out by libertytrek in #postfixadmin)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@934 a1433add-5e2c-0410-b055-b7f2511e0802
- hand over $search to smarty templates
templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl:
- add search result highlighting
templates/list-virtual_mailbox.tpl:
- add search result highlighting
- move output of "Mailbox" / "Forward only" outside the foreach loop
(was displayed once per mailbox alias target)
css/default.css:
- add style for ".searchresult"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
upgrade.php
- create quota and quota2 table (upgrade_729)
- create the triggers required by dovecot (upgrade_730_pgsql)
list-virtual.php
- updated to work with both quota tables
Patch by Varren Volz, https://sourceforge.net/tracker/?func=detail&aid=2867629&group_id=191583&atid=937966
- changed query for 1.1 quota table to
WHERE [...] AND ( $table_quota.path='quota/storage' OR $table_quota.path IS NULL )
This fixes https://sourceforge.net/tracker/?func=detail&aid=2794247&group_id=191583&atid=937964
(users not shown when initial email is not sent)
config.inc.php, functions.php
- new config option $CONF['new_quota_table'] (YES means dovecot 1.2 format)
- set variables for new quota2 table
DOCUMENTS/DOVECOT.txt
- added note that quota table is automatically created
- added note about different quota tables for dovecot 1.0/1.1 and >= 1.2
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@730 a1433add-5e2c-0410-b055-b7f2511e0802
- revert (accidential?) changes from r661
(GingerDog, you might want to move your local settings to confic.local.php ;-)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@663 a1433add-5e2c-0410-b055-b7f2511e0802
- removed the $CONF['configured'] = 'I_know_the_risk_of_not_deleting_setup.php'
developer hack (no longer needed since setup.php requires a password)
- this also makes index.php redirecting to login.php again (the old check tested
for file_exists(setup.php)...)
common.php:
- removed a superfluous check for $CONF[setup_password] (see mailinglist for details)
config.inc.php:
- removed a small outdated comment
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@640 a1433add-5e2c-0410-b055-b7f2511e0802
- added dovecotpw encryption support (patch from cmuelle8 (trendypack) + some fixes
from me, see tracker for details)
https://sourceforge.net/tracker2/?func=detail&aid=2607332&group_id=191583&atid=937966
- replaced most "if" with "elseif" to be able to check for invalid $CONF[encrypt] settings
- added error check/message for invalid $CONF[encrypt] settings
config.inc.php:
- $CONF[encrypt]: added description for dovecot:xy
- added new $CONF['dovecotpw'] setting (path to dovecotpw binary)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@580 a1433add-5e2c-0410-b055-b7f2511e0802
- set default for $CONF['create_mailbox_subdirs_prefix'] to 'INBOX.'
to be backward-compatible with the previously hardcoded value
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@446 a1433add-5e2c-0410-b055-b7f2511e0802