mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 19:22:14 +02:00
Code
2,002 Commits 10 Branches 55 Tags 16 MiB
b1795ab596
Commit Graph

283 Commits

Author SHA1 Message Date
David Goodwin
b1795ab596 phpdoc 2018-09-07 11:09:34 +01:00
David Goodwin
1e158245d6 try and fix #30 - cope with timestamp and numeric field number comparison better for PostgreSQL. 2018-09-07 11:04:19 +01:00
David Goodwin
a8b02cfc05 Default to default values 2018-09-07 11:01:18 +01:00
David Goodwin
563b8c7636 phpdoc fixes (psalm) 2018-06-18 21:54:05 +01:00
David Goodwin
318ac048d5 psalm fixes 2018-06-10 21:24:12 +01:00
Aleksi Kinnunen
2df4348f09
Typo fix 2018-05-29 02:37:38 +02:00
Aleksi Kinnunen
48c19a1cbd
Combine encrypt CONF-keys 
Went through the old PR #25, updated the encrypt rounds/cost setting to be in the encrypt -configuration key as per suggestion from @cboltz
 2018-05-29 02:36:08 +02:00
Aleksi Kinnunen
c1b5e66e27
Add missing global 
... you should never edit with the GitHub web GUI, lazy me.
 2018-05-29 01:34:46 +02:00
Aleksi Kinnunen
b676e8337f
Allow empty $CONF['encrypt_difficulty'] for defaults 2018-05-29 01:29:50 +02:00
Aleksi Kinnunen
9c2161a549
Added support for password generation cost/rounds 
$CONF["php_crypt_difficulty"], only for php_crypt:BLOWFISH, php_crypt:SHA256 and php_crypt:SHA512
 2018-05-29 01:14:38 +02:00
David Goodwin
3754381f0e
Merge pull request #175 from racerxdl/master 
'row' is a reserved word in MySQL 8.0
 2018-05-18 08:38:20 +01:00
Lucas Teske
11f9680963
'row' is a reserved word in MySQL 8.0 2018-05-17 20:45:35 -03:00
Christian Boltz
2eb5a7ed60
simplify function_exists() checks for random_int() 
It's easier to define a compat function than to have function_exists()
checks all over the code.
 2018-05-04 22:36:05 +02:00
David Goodwin
b4849b8431 bump minimum db version 2018-05-02 21:25:36 +01:00
David Goodwin
4c6bcdbc39 update version 2018-05-02 21:25:06 +01:00
David Goodwin
5b7f4cda48 add phpdoc comments, default php_crypt hash to use SHA512 rather than MD5 2018-05-02 21:21:25 +01:00
David Goodwin
7282928e6d update generate_password() to allow length to be specified; update test 2018-05-02 21:19:47 +01:00
Christian Boltz
a3feba7c73
change default for php_crypt to SHA512 
(+ a few whitespace changes)
 2018-05-02 22:18:24 +02:00
David Goodwin
b48f99d4c6 reformat (phpcs) 2018-05-02 12:54:17 +01:00
David Goodwin
e7f9d536d9 change default salt method with php_crypt 2018-05-02 12:49:47 +01:00
David Goodwin
f543c7d403 use random_int() if available 2018-04-29 21:53:38 +01:00
David Goodwin
7c0cb82be8 use random_int if it is available 2018-04-29 20:51:48 +01:00
snuggeman
11f0ceb615 added php_crypt scheme 2018-04-29 15:39:58 +02:00
David Goodwin
9a07772626 remove commented out echo 2018-04-23 09:14:45 +01:00
Christian Boltz
30c61e81b3
better comment for pacol() parameter 2018-04-22 20:09:13 +02:00
Lucas Teske
50ac4c7597
Fixed "Incorrect integer value: 'Array' for column" error in updates. 2018-02-21 22:50:02 -03:00
David Goodwin
d57aa46eb5 remove explode() 2018-02-21 19:48:17 +00:00
David Goodwin
2a1d8daeba remove unused variables 2018-02-21 19:48:17 +00:00
David Goodwin
b79ad2ae28 composer format ... 2018-02-19 21:01:23 +00:00
David Goodwin
6446f3f6cc split up pacrypt() into different functions; add some minimal test coverage 2018-02-19 20:59:52 +00:00
David Goodwin
6ed1527497 fix phpdoc 2018-02-18 20:32:34 +00:00
David Goodwin
cb34da4f46 phpcs reformat 2018-02-18 19:59:37 +00:00
David Goodwin
43a2493876 remove unused code. 2018-02-10 21:07:33 +00:00
David Goodwin
4dec9cd24e refactor (reduce nesting) 2018-02-10 21:07:10 +00:00
David Goodwin
d088651fd6 Drop db_commit(), db_rollback(), db_begin() functions (unused). 2018-02-10 21:05:57 +00:00
David Goodwin
0b66cd6bd2 Do not try to db_escape() an SQL field. 2018-02-10 21:04:29 +00:00
David Goodwin
4e9d166765 use db_assoc() rather than db_array() as we're depending on an assoc array afterall. 2018-02-10 21:02:52 +00:00
David Goodwin
45a1073b97 change to use foreach($a as $k => $v) { ... } 2018-02-10 21:02:09 +00:00
David Goodwin
8ac94394cb improve phpdoc 2018-02-10 21:00:58 +00:00
David Goodwin
e2b1233269 Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...) 2018-02-10 20:56:56 +00:00
David Goodwin
5e1855632a allow local aliases - see #134 2018-02-09 21:19:45 +00:00
Adrien Crivelli
15df6c1d7b
Reformat everything with PHP-Cs-Fixer 2018-01-26 23:54:37 +09:00
David Goodwin
a320b67508 possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL) 2018-01-03 16:05:46 +00:00
Christian Boltz
977f335a0f
Fix quoting in table_by_key() 
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
 2017-12-30 13:42:47 +01:00
er1cs
7b8626ca81
Update functions.inc.php 
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works.  FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
 2017-12-24 16:32:06 +02:00
Lee Clemens
ebbd9025e4 Add support for MySQL connections over SSL 2017-11-14 19:53:59 -05:00
Sylvain Tissot
ffb84283c2
Harden password reset process 
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
 2017-10-09 11:45:51 +09:00
David Goodwin
4b999b3f6b improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73 2017-09-05 10:09:36 +01:00
Sylvain Tissot
9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 2017-08-21 13:05:25 +02:00
Christian Boltz
be5fafa9fb
changelog update etc. for 3.1 release 2017-06-25 16:37:42 +02:00