disable password reset until it is secure

For some unknown reason, the insecure version of pull request 18 (which uses easily guessable reset codes) was merged. This commit disables the password reset until someone makes it secure. See the comments in https://github.com/postfixadmin/postfixadmin/pull/18 for details.
7 years ago · 2251c00fb8
parent f3b2fe68f1
commit 2251c00fb8
1 changed files with 2 additions and 2 deletions
--- a/config.inc.php
+++ b/config.inc.php
@ -582,9 +582,9 @@ $CONF['create_mailbox_subdirs_hostoptions'] = array();

 // Optional:
 // Allows a user to reset his forgotten password with a code sent by email/SMS
-$CONF['forgotten_user_password_reset'] = true;
+$CONF['forgotten_user_password_reset'] = false;  # INSECURE, DO NOT ENABLE! See https://github.com/postfixadmin/postfixadmin/pull/18 for details
 // Allows an admin to reset his forgotten password with a code sent by email/SMS
-$CONF['forgotten_admin_password_reset'] = true;
+$CONF['forgotten_admin_password_reset'] = false;  # INSECURE, DO NOT ENABLE! see https://github.com/postfixadmin/postfixadmin/pull/18 for details

 // Clickatell gateway to send SMS code for password reset
 // API type: HTTP