mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
ffb84283c2
The improvements are: - Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config - Redirect user to main page after password change using relative URL - Don't leak info whether user exists or has recovery info defined - Throttle password reset requests to prevent brute force attacks - Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled - Make database upgrade code compatible with other databases types - Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
48 lines
1.2 KiB
Smarty
48 lines
1.2 KiB
Smarty
<div id="login">
|
|
<form name="frmLogin" method="post" action="">
|
|
<input class="flat" type="hidden" name="token" value="{$smarty.session.PFA_token|escape:"url"}" />
|
|
<table id="login_table" cellspacing="10">
|
|
<tr>
|
|
<th colspan="2">
|
|
{if $logintype=='admin'}{$PALANG.pLogin_welcome}
|
|
{else}{$PALANG.pUsersLogin_welcome}
|
|
{/if}
|
|
</th>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.pLogin_username}:</label></td>
|
|
<td><input class="flat" type="text" name="fUsername" /></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.password}:</label></td>
|
|
<td><input class="flat" type="password" name="fPassword" />
|
|
{if $forgotten_password_reset}
|
|
<br/><a href="password-recover.php">{$PALANG.pUsersLogin_password_recover}</a>
|
|
{/if}
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.pLogin_language}:</label></td>
|
|
<td>{$language_selector}</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"> </td>
|
|
<td><input class="button" type="submit" name="submit" value="{$PALANG.pLogin_button}" /></td>
|
|
</tr>
|
|
{if $logintype == 'admin'}
|
|
<tr>
|
|
<td colspan="2"><a href="users/">{$PALANG.pLogin_login_users}</a></td>
|
|
</tr>
|
|
{/if}
|
|
</table>
|
|
</form>
|
|
{literal}
|
|
<script type="text/javascript">
|
|
<!--
|
|
document.frmLogin.fUsername.focus();
|
|
// -->
|
|
</script>
|
|
{/literal}
|
|
</div>
|
|
|