David Goodwin
96a022747c
release 3.3.5 perhaps
2021-01-27 22:01:32 +00:00
David Goodwin
97ae019e10
remove duplication; comment out the length_check password_verify rule as we already have /.{5}/
2021-01-27 10:56:40 +00:00
David Goodwin
e15d9abe06
improve comment, fix return value in callable for password_verify.
2021-01-26 21:06:35 +00:00
David Goodwin
dd6616bbb2
bump version number
2021-01-26 19:45:59 +00:00
David Goodwin
a1025b4760
and trim string before length check
2021-01-25 21:57:59 +00:00
David Goodwin
2acdcdbd75
see : https://github.com/postfixadmin/postfixadmin/issues/423 - change password length check behaviour
2021-01-25 20:12:47 +00:00
David Goodwin
6d101b79e6
bump version numbers/changelog for 3.3.4
2021-01-19 20:04:31 +00:00
David Goodwin
c6a8117e82
improve doc comment - see https://github.com/postfixadmin/postfixadmin/issues/423
2021-01-17 22:31:53 +00:00
David Goodwin
41531b8bf2
3.3.3 release
2021-01-14 17:06:49 +00:00
David Goodwin
728fc45d38
bump version number
2021-01-12 22:14:23 +00:00
David Goodwin
7090b5af75
changes to pacrypt to support a prefix like {SHA265-CRYPT} on a hash - @see https://github.com/postfixadmin/postfixadmin/issues/344
2021-01-12 10:59:25 +00:00
David Goodwin
cc23eba9dd
bump version number
2021-01-11 09:36:51 +00:00
David Goodwin
d833f6bec8
bump version number
2021-01-07 21:09:59 +00:00
David Goodwin
750838d7f7
psalm fixes; make safepost()/safeget() return strings
2020-11-09 21:40:52 +00:00
David Goodwin
b8fa60bb8a
more type hints / psalm fixes
2020-09-28 20:33:54 +01:00
David Goodwin
8abde0dc0b
move $version into $CONF / Config from functions.inc.php
2020-09-27 10:47:56 +01:00
David Goodwin
6ad44679a7
change default theme to the bootstrap one
2020-09-25 21:52:22 +01:00
David Goodwin
3b9d8f867e
merge sha512.b64 encrypt support - see https://github.com/postfixadmin/postfixadmin/issues/58
2020-03-14 22:30:51 +00:00
David Goodwin
a4afebbe77
verify ssl certs when connecting to the db by default (we also do if this setting is not present)
2020-03-02 09:36:39 +00:00
David Goodwin
212415db56
document better
2020-02-28 14:19:31 +00:00
Christian Boltz
3d0add075a
Add empty $CONF['database_socket'] to avoid warnings
...
... about reading an undefined config option
2020-02-12 15:05:04 +01:00
David Goodwin
52e0d3e4b0
work around nano highlighting - see https://github.com/postfixadmin/postfixadmin/issues/320
2019-12-27 19:42:34 +00:00
David Goodwin
87824ef970
psalm fixes/workarounds; require PHP 5.6+
2019-10-19 20:51:05 +01:00
gotty
13549cea0f
Favicon config and ru_lang:
...
1. Favicon configuration of the project:
a. Fixed incorrect link to favicon from the subfolder /users/
b. Added ability to set favicon via config
2. Completed translation of all string constants into Russian language.
2019-10-19 18:33:18 +03:00
David Goodwin
758ccb9a19
add note in config for mailbox subdir creation requiring imap extension
2019-09-05 18:12:10 +01:00
Felix Ableitner
a46245eecc
Add config option for TLS
2019-07-17 11:44:04 +02:00
Felix Ableitner
600248e955
Add option to use smtp password when sending admin emails ( fixes #272 )
2019-07-02 13:41:58 +02:00
Sven Strickroth
56395709f3
Make quota levels configurable
...
Signed-off-by: Sven Strickroth <email@cs-ware.de>
2019-03-16 16:06:58 +01:00
David Goodwin
cdacb5697f
improve formatting of error message; remove use of db_array (to be removed).
2019-01-01 19:24:04 +00:00
David Goodwin
20b1eb842e
fix sqlite display of password expired check for mailboxes
2018-12-28 19:57:21 +00:00
David Goodwin
766c947190
fix case of $conf; improve comments
2018-12-28 19:14:26 +00:00
David Goodwin
74002bbf57
psalm fixes
2018-12-27 21:43:11 +00:00
Damien Martins
12ce418f79
No need to have password expiration value in config file
2018-08-21 16:09:39 +02:00
Damien Martins
84533224ba
Adds colored indicators for password expired, account disabled and vacation enabled accounts
2018-08-21 16:04:28 +02:00
Damien Martins
b33d79125c
Merge branch 'master' of github.com:doktoil-makresh/postfixadmin
2018-08-21 16:02:02 +02:00
Damien Martins
d809e0fbf7
Adds colored indicators for password expired, account disabled and vacation enabled accounts
2018-08-21 15:57:06 +02:00
Damien Martins
72dddbc93b
Adds colored indicators for password expired, account disabled and vacation enabled accounts
2018-08-21 15:49:40 +02:00
Damien Martins
e786609aa9
Adding support for password expiration. Please read README.password_expiration for more details
2018-08-17 16:07:14 +02:00
David Goodwin
ba14535489
Merge pull request #172 from abonanni/bootstrap
...
Bootstrap Integration
2018-07-10 10:29:13 +01:00
Aleksi Kinnunen
48c19a1cbd
Combine encrypt CONF-keys
...
Went through the old PR #25 , updated the encrypt rounds/cost setting to be in the encrypt -configuration key as per suggestion from @cboltz
2018-05-29 02:36:08 +02:00
Aleksi Kinnunen
7b16e8a1c2
Add info about php_crypt and encrypt_difficulty to sample config
2018-05-29 01:27:55 +02:00
root
fb3e968cfc
Bootstrap template integration
2018-05-04 13:25:34 +02:00
David Goodwin
f7ba904800
see #171
2018-04-29 21:58:57 +01:00
Christian Boltz
7c38bdd871
add a big notice about using config.local.php
2018-04-27 22:38:38 +02:00
Christian Boltz
3f1866d041
display phone number field only if $CONF[sms_send_function] is set
...
Without a way to send a SMS, asking users for their mobile number is
pointless.
2018-04-22 22:55:55 +02:00
Lee Clemens
ebbd9025e4
Add support for MySQL connections over SSL
2017-11-14 19:53:59 -05:00
Sylvain Tissot
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
2017-10-09 11:45:51 +09:00
David Goodwin
4b999b3f6b
improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73
2017-09-05 10:09:36 +01:00
Christian Boltz
2251c00fb8
disable password reset until it is secure
...
For some unknown reason, the insecure version of pull request 18 (which
uses easily guessable reset codes) was merged. This commit disables the
password reset until someone makes it secure.
See the comments in https://github.com/postfixadmin/postfixadmin/pull/18
for details.
2017-08-22 14:35:40 +02:00
Sylvain Tissot
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
2017-08-21 13:05:25 +02:00