David Goodwin
7838e85ff0
fix formatting
2019-01-11 17:20:25 +00:00
David Goodwin
5db463b35c
improve docs
2019-01-11 17:12:16 +00:00
David Goodwin
cef2ba5598
Merge remote-tracking branch 'origin/master' into feature-try-pdo
2019-01-10 06:45:30 +00:00
Luca
e347b4677b
Fix for MySQL 8
...
The keyword ROW became reserved in MySQL 8.0.2
https://dev.mysql.com/doc/refman/8.0/en/keywords.html#keywords-8-0-detailed-R
2019-01-08 19:33:14 +01:00
David Goodwin
803e2342f8
fix psalm issues; reformat; rename new db functions
2019-01-06 21:32:58 +00:00
David Goodwin
1176c9ce78
reformat; fix some transition bugs
2019-01-06 21:32:58 +00:00
David Goodwin
ea33d9951a
try migrating to pdo
2019-01-06 21:32:58 +00:00
David Goodwin
8798a65a06
remove db_array() function (not in use); use Config::read_string(..) more
2019-01-01 19:28:59 +00:00
David Goodwin
cdacb5697f
improve formatting of error message; remove use of db_array (to be removed).
2019-01-01 19:24:04 +00:00
David Goodwin
2ea829eb7a
fix postgresql compatability - see #227
2018-12-31 22:19:29 +00:00
David Goodwin
b2e814967f
try and get working under travis ...
2018-12-29 21:45:12 +00:00
David Goodwin
590c80f0bc
add more unit tests; re-enable random_int warning in functions.inc.php for old php versions etc etc
2018-12-29 20:54:25 +00:00
David Goodwin
e8acb609c2
reformat
2018-12-28 19:59:35 +00:00
David Goodwin
20b1eb842e
fix sqlite display of password expired check for mailboxes
2018-12-28 19:57:21 +00:00
David Goodwin
1dfb03ea32
fix sqlite query for mailbox password_expiry
2018-12-28 19:54:25 +00:00
David Goodwin
4fcdba9cf4
run php-cs-fixer (code reforamt)
2018-12-28 19:31:43 +00:00
David Goodwin
19cda31849
remove psalm warnings from code; fix password_expiry behaviour when enabled/disabled on MySQL
2018-12-28 19:27:33 +00:00
David Goodwin
74002bbf57
psalm fixes
2018-12-27 21:43:11 +00:00
David Goodwin
7408a3b30a
fix safepost doc
2018-12-27 13:55:21 +00:00
David Goodwin
69e234f668
Merge pull request #200 from doktoil-makresh/master
...
Support for password expiration, managed in PostFix Admin
2018-11-27 09:14:36 +00:00
David Goodwin
87472af5ba
add Date header into smtp_from(...) function - see #203
2018-09-21 21:56:35 +01:00
David Goodwin
b1795ab596
phpdoc
2018-09-07 11:09:34 +01:00
David Goodwin
1e158245d6
try and fix #30 - cope with timestamp and numeric field number comparison better for PostgreSQL.
2018-09-07 11:04:19 +01:00
David Goodwin
a8b02cfc05
Default to default values
2018-09-07 11:01:18 +01:00
David Goodwin
77d1b6c2e7
rename sql fields to just have mailbox.password_expiry and domain.password_expiry
2018-08-28 21:19:56 +01:00
Damien Martins
8115d8d047
Reverting unexpected changes
2018-08-22 14:32:16 +02:00
Damien Martins
84533224ba
Adds colored indicators for password expired, account disabled and vacation enabled accounts
2018-08-21 16:04:28 +02:00
Damien Martins
b33d79125c
Merge branch 'master' of github.com:doktoil-makresh/postfixadmin
2018-08-21 16:02:02 +02:00
Damien Martins
d809e0fbf7
Adds colored indicators for password expired, account disabled and vacation enabled accounts
2018-08-21 15:57:06 +02:00
Damien Martins
72dddbc93b
Adds colored indicators for password expired, account disabled and vacation enabled accounts
2018-08-21 15:49:40 +02:00
Damien Martins
ce60b9fa59
Now password expiration is managed through Postfix Admin GUI
2018-08-20 15:32:53 +02:00
Damien Martins
e786609aa9
Adding support for password expiration. Please read README.password_expiration for more details
2018-08-17 16:07:14 +02:00
David Goodwin
563b8c7636
phpdoc fixes (psalm)
2018-06-18 21:54:05 +01:00
David Goodwin
318ac048d5
psalm fixes
2018-06-10 21:24:12 +01:00
Aleksi Kinnunen
2df4348f09
Typo fix
2018-05-29 02:37:38 +02:00
Aleksi Kinnunen
48c19a1cbd
Combine encrypt CONF-keys
...
Went through the old PR #25 , updated the encrypt rounds/cost setting to be in the encrypt -configuration key as per suggestion from @cboltz
2018-05-29 02:36:08 +02:00
Aleksi Kinnunen
c1b5e66e27
Add missing global
...
... you should never edit with the GitHub web GUI, lazy me.
2018-05-29 01:34:46 +02:00
Aleksi Kinnunen
b676e8337f
Allow empty $CONF['encrypt_difficulty'] for defaults
2018-05-29 01:29:50 +02:00
Aleksi Kinnunen
9c2161a549
Added support for password generation cost/rounds
...
$CONF["php_crypt_difficulty"], only for php_crypt:BLOWFISH, php_crypt:SHA256 and php_crypt:SHA512
2018-05-29 01:14:38 +02:00
David Goodwin
3754381f0e
Merge pull request #175 from racerxdl/master
...
'row' is a reserved word in MySQL 8.0
2018-05-18 08:38:20 +01:00
Lucas Teske
11f9680963
'row' is a reserved word in MySQL 8.0
2018-05-17 20:45:35 -03:00
Christian Boltz
2eb5a7ed60
simplify function_exists() checks for random_int()
...
It's easier to define a compat function than to have function_exists()
checks all over the code.
2018-05-04 22:36:05 +02:00
David Goodwin
b4849b8431
bump minimum db version
2018-05-02 21:25:36 +01:00
David Goodwin
4c6bcdbc39
update version
2018-05-02 21:25:06 +01:00
David Goodwin
5b7f4cda48
add phpdoc comments, default php_crypt hash to use SHA512 rather than MD5
2018-05-02 21:21:25 +01:00
David Goodwin
7282928e6d
update generate_password() to allow length to be specified; update test
2018-05-02 21:19:47 +01:00
Christian Boltz
a3feba7c73
change default for php_crypt to SHA512
...
(+ a few whitespace changes)
2018-05-02 22:18:24 +02:00
David Goodwin
b48f99d4c6
reformat (phpcs)
2018-05-02 12:54:17 +01:00
David Goodwin
e7f9d536d9
change default salt method with php_crypt
2018-05-02 12:49:47 +01:00
David Goodwin
f543c7d403
use random_int() if available
2018-04-29 21:53:38 +01:00
David Goodwin
7c0cb82be8
use random_int if it is available
2018-04-29 20:51:48 +01:00
snuggeman
11f0ceb615
added php_crypt scheme
2018-04-29 15:39:58 +02:00
David Goodwin
9a07772626
remove commented out echo
2018-04-23 09:14:45 +01:00
Christian Boltz
30c61e81b3
better comment for pacol() parameter
2018-04-22 20:09:13 +02:00
Lucas Teske
50ac4c7597
Fixed "Incorrect integer value: 'Array' for column" error in updates.
2018-02-21 22:50:02 -03:00
David Goodwin
d57aa46eb5
remove explode()
2018-02-21 19:48:17 +00:00
David Goodwin
2a1d8daeba
remove unused variables
2018-02-21 19:48:17 +00:00
David Goodwin
b79ad2ae28
composer format ...
2018-02-19 21:01:23 +00:00
David Goodwin
6446f3f6cc
split up pacrypt() into different functions; add some minimal test coverage
2018-02-19 20:59:52 +00:00
David Goodwin
6ed1527497
fix phpdoc
2018-02-18 20:32:34 +00:00
David Goodwin
cb34da4f46
phpcs reformat
2018-02-18 19:59:37 +00:00
David Goodwin
43a2493876
remove unused code.
2018-02-10 21:07:33 +00:00
David Goodwin
4dec9cd24e
refactor (reduce nesting)
2018-02-10 21:07:10 +00:00
David Goodwin
d088651fd6
Drop db_commit(), db_rollback(), db_begin() functions (unused).
2018-02-10 21:05:57 +00:00
David Goodwin
0b66cd6bd2
Do not try to db_escape() an SQL field.
2018-02-10 21:04:29 +00:00
David Goodwin
4e9d166765
use db_assoc() rather than db_array() as we're depending on an assoc array afterall.
2018-02-10 21:02:52 +00:00
David Goodwin
45a1073b97
change to use foreach($a as $k => $v) { ... }
2018-02-10 21:02:09 +00:00
David Goodwin
8ac94394cb
improve phpdoc
2018-02-10 21:00:58 +00:00
David Goodwin
e2b1233269
Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...)
2018-02-10 20:56:56 +00:00
David Goodwin
5e1855632a
allow local aliases - see #134
2018-02-09 21:19:45 +00:00
Adrien Crivelli
15df6c1d7b
Reformat everything with PHP-Cs-Fixer
2018-01-26 23:54:37 +09:00
David Goodwin
a320b67508
possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL)
2018-01-03 16:05:46 +00:00
Christian Boltz
977f335a0f
Fix quoting in table_by_key()
...
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
2017-12-30 13:42:47 +01:00
er1cs
7b8626ca81
Update functions.inc.php
...
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works. FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
2017-12-24 16:32:06 +02:00
Lee Clemens
ebbd9025e4
Add support for MySQL connections over SSL
2017-11-14 19:53:59 -05:00
Sylvain Tissot
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
2017-10-09 11:45:51 +09:00
David Goodwin
4b999b3f6b
improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73
2017-09-05 10:09:36 +01:00
Sylvain Tissot
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
2017-08-21 13:05:25 +02:00
Christian Boltz
be5fafa9fb
changelog update etc. for 3.1 release
2017-06-25 16:37:42 +02:00
Christian Boltz
64f1593818
revert "support unicode domain names - see #47 "
...
Unicode support is a much bigger can of worms (see the discussion in #47 ),
and having just a little part of unicode support in is a bad idea.
You can of course use the xn--whatever notation for unicode domains ;-)
2017-06-22 20:48:07 +02:00
David Goodwin
a09a3fa3b0
support unicode domain names - see #47
2017-06-02 12:54:34 +01:00
Christian Boltz
88bd9bfd19
drop $db_conn parameter from escape_string()
...
Connection caching is now done in db_connect() which is a much better
place.
This reverts most of c253ef7dbd
2017-04-17 12:39:04 +02:00
Christian Schrötter
846dcb756c
Remove unnecessary code
2017-03-27 18:15:11 +02:00
Christian Schrötter
e28f3f5959
Fix for mysqli_connect()
2017-03-21 18:05:33 +01:00
Christian Schrötter
2dea9fadd4
Remove whitespace
2017-03-21 17:43:27 +01:00
David Goodwin
c253ef7dbd
allow escape_string() to take a db connection as a parameter; should improve performance when there are a large number of things to escape
2017-02-24 10:59:45 +00:00
Christian Boltz
28703935b3
3.0.2 release
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1894 a1433add-5e2c-0410-b055-b7f2511e0802
2017-02-09 05:21:12 +00:00
Christian Boltz
16e1407621
db_where_clause(): allow NULL and NOTNULL searchmodes
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1878 a1433add-5e2c-0410-b055-b7f2511e0802
2016-11-01 15:45:45 +00:00
Christian Boltz
bbec3e9f0e
pacrypt(): allow switching between dovecot:* password schemes
...
Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.
This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.
Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
2016-10-20 20:15:15 +00:00
Christian Boltz
6eda18fcde
prepare PostfixAdmin 3.0 release
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1861 a1433add-5e2c-0410-b055-b7f2511e0802
2016-09-10 20:02:33 +00:00
Christian Boltz
2a6247a6d9
db_connect(): drop unused variable $succes(s)
...
One of the variable names had a typo [1], and since those variables are
unused, the best way is to drop them.
[1] reported by tfarina, https://github.com/postfixadmin/postfixadmin/issues/15
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1858 a1433add-5e2c-0410-b055-b7f2511e0802
2016-09-09 19:43:18 +00:00
Christian Boltz
13cdd50d0a
Add checks to login.php and cli to ensure database layout is up to date
...
- add check_db_version() to functions.inc.php
- add $min_db_version (needs to be updated at least before the release)
- call check_db_version in login.php, users/login.php and CLI - they'll
error out if the database layout is outdated
- change setup.php to use check_db_version()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1853 a1433add-5e2c-0410-b055-b7f2511e0802
2016-05-22 19:58:54 +00:00
Christian Boltz
a00e8a811d
functions.inc.php:
...
- check_domain(): someone had the great idea to allow punicode
even in TLDs, so we better allow it.
https://sourceforge.net/p/postfixadmin/feature-requests/93/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1839 a1433add-5e2c-0410-b055-b7f2511e0802
2016-05-16 09:27:36 +00:00
Christian Boltz
a0151bd5a1
functions.inc.php:
...
- pacrypt(): don't stripslashes($pw) because this breaks passwords with
backslashes. This stripslashes() existed since forever, but probably
became harmful with all the rewrites in the last years.
https://sourceforge.net/p/postfixadmin/bugs/349/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1838 a1433add-5e2c-0410-b055-b7f2511e0802
2016-05-15 21:14:01 +00:00
Christian Boltz
9335232024
functions.inc.php:
...
- fix db_quota_text() for postgresql (concat() vs. ||)
https://sourceforge.net/p/postfixadmin/bugs/370/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1834 a1433add-5e2c-0410-b055-b7f2511e0802
2016-04-25 11:23:35 +00:00
David Goodwin
d3ca74af0d
merge github pull request into svn manually - 3e62d3975a
- adding configurable smtp helo (CONF["smtp_client"])
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1832 a1433add-5e2c-0410-b055-b7f2511e0802
2016-03-28 18:28:40 +00:00
Christian Boltz
b261db86c7
Merge pull request #9 from phyrog/master
...
Add sqlite backend option (thank you @phyrog for doing this)
(imported from github)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1824 a1433add-5e2c-0410-b055-b7f2511e0802
2016-02-04 22:30:06 +00:00
Christian Boltz
129a65b8c5
functions.inc.php:
...
- gen_show_status(): escape mail addresses in query.
Fixes https://sourceforge.net/p/postfixadmin/bugs/356/
(mostly - the edit/delete/... links in list-virtual are double-escaped)
In theory this could allow SQL injection, in practise the mail address
regex limits this issue to a DOS (creating a mail address with ' caused
an invalid query that broke list-virtual)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802
2015-10-02 17:45:16 +00:00
Christian Boltz
9636fe9de3
3.0 beta3 (= 2.93) release - update $version and changelog
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1799 a1433add-5e2c-0410-b055-b7f2511e0802
2015-09-26 10:39:05 +00:00
Christian Boltz
5307cfe48a
functions.inc.php check_domain():
...
Measure time needed for the nameserver queries, and error_log a warning
if the queries need more than 2 seconds in total.
Inspired by a question from t-ask on IRC, who suffered from a slow
nameserver and had some "fun" to debug it ;-)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1790 a1433add-5e2c-0410-b055-b7f2511e0802
2015-06-13 19:56:26 +00:00