mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
ffb84283c2
The improvements are: - Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config - Redirect user to main page after password change using relative URL - Don't leak info whether user exists or has recovery info defined - Throttle password reset requests to prevent brute force attacks - Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled - Make database upgrade code compatible with other databases types - Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once. |
||
---|---|---|
.. | ||
backupwarning.tpl | ||
broadcast-message.tpl | ||
editform.tpl | ||
flash_error.tpl | ||
footer.tpl | ||
header.php | ||
header.tpl | ||
index.tpl | ||
list-virtual_alias_domain.tpl | ||
list-virtual_alias.tpl | ||
list-virtual_mailbox.tpl | ||
list-virtual.tpl | ||
list.tpl | ||
login.tpl | ||
main.tpl | ||
menu.tpl | ||
message.tpl | ||
password-change.tpl | ||
password-recover.tpl | ||
password.tpl | ||
sendmail.tpl | ||
users_edit-alias.tpl | ||
users_main.tpl | ||
users_menu.tpl | ||
vacation.tpl | ||
viewlog.tpl |