Commit Graph

79 Commits (01c8b14a44d211a7bb14f9f909c8187e12bc85c6)

Author SHA1 Message Date
David Goodwin 74002bbf57 psalm fixes 6 years ago
David Goodwin 173d5775cd psalm fixes 6 years ago
David Goodwin ec085b668b missing class property 7 years ago
Christian Boltz d2588a4de2
Fix phpcs whitespace breakage in initStruct etc. 7 years ago
Christian Boltz 500c847fe0
re-add lost comment 7 years ago
David Goodwin fef2591335 phpdoc fixes 7 years ago
David Goodwin cb34da4f46 phpcs reformat 7 years ago
David Goodwin 152975d05c move to use db_assoc() rather than db_array() (code assumes assoc. array) 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
Christian Boltz 8fb67e6fbf
Fix broken table names caused by doubled table_by_key() calls
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 2f2db5949a fix date formatting in non-english languages, thanks to uz@musoftware.de
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1884 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 386f37dfdb Don't decode b64p (base64-encoded password) fields.
This is not supported in MySQL < 5.6.
Besides that, we don't display the content of b64p fields anywhere, so
the easiest way is not to decode it.

Note: Currently, the only user of b64p is FetchmailHandler.

Fixes https://sourceforge.net/p/postfixadmin/bugs/357/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1847 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz b261db86c7 Merge pull request #9 from phyrog/master
Add sqlite backend option (thank you @phyrog for doing this)

(imported from github)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1824 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz adc038e218 list.tpl:
- add support for list_header (like ":: Alias" in list-virtual)

PFAHandler:
- add empty default for $msg['list_header']


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1776 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 35fad174f7 smarty.inc.php:
- assign(): additionally provide the unsanitized values as RAW_$key

PFAHandler.php:
- document 'html' field type (used for raw html), including a big warning

list.tpl:
- add handling to display raw html fields

This is a preparation to use the status markers with list.tpl without
introducing too big changes.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1775 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 8043515fdf migrate search input field to use search[_], and use list.tpl for alias domains
User-visible changes:
- alias domain list can be downloaded as CSV
- no more search highlighting for alias domains

list-virtual.php:
- expect $search to be an array
- change alias domain handling to use list.php instead of
  list-virtual_alias_domain.tpl, and move some logic from the template
  to list-virtual.php. (The template file is kept as list.tpl wrapper.)
- adopt mailbox and alias search to $search[_]
- adopt pagebrowser to $search[_]

list-virtual_alias_domain.tpl:
- replace custom output generation with {include 'list.php'} and some
  variable assignments

PFAHandler.php:
- add $this->id_field to $this->msg (avoids another smarty template
  variable)

configs/menu.conf:
- change input name to search[_]

list-virtual_alias.tpl, list-virtual_mailbox.tpl:
- adopt to $search[_] by setting $search in a backwards-compatible way

list.tpl:
- add special handling for aliasdomain.target_domain linking



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1773 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc598d0f3f PFAHandler:
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 4ce0a57e83 PFAHandler:
- add protected $searchfields = array(); - list of fields to search by
  default, if just a search term is given. This will be done with
  $search['_'], but that code is not implemented yet.
- add $this->msg['show_simple_search'] (true if $searchfields is non-empty)

list.tpl:
- display search input box and search overview only if $searchfields is
  not empty

AliasdomainHandler:
- add 'alias_domain' and 'target_domain' to $searchfields

MailboxHandler:
- add 'username' to $searchfields

AliasHandler:
- add 'address' and 'goto' to $searchfields

This effectively means that the search input box is no longer displayed
in list.php for admin, domain and fetchmail listings.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1770 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 6e5c8f8054 add 'can_create' flag
PFAHandler:
- add $msg['can_create'] (true by default)

DomainHandler:
- set $msg['can_create'] based on is_superadmin

list.tpl:
- display 'create' button only if $msg['can_create'] is true

Note: This is only an optical improvement, not a permission check.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1769 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3f451371e3 PFAHandler:
- set(): if errormsg is set for a field, assume it's invalid (even if
  the validator functions did not (or forgot to) return False)

In theory this should never happen, but it's a nice safety net against
programming errors in validator functions that don't have an explicit
    return False;


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1768 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 313270c00a PFAHandler.php:
- add getPagebrowser() (returns an array of pagebrowser keys)

AliasHandler.php:
- change getList() to work with empty $condition
- add getPagebrowser() to filter out mailboxes

list-virtual.php:
- replace $alias_pagebrowser_query and the create_page_browser() call
  with $handler->getPagebrowser()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1757 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 28fe7042e8 PFAHandler.php:
- split off build_select_query() from read_from_db() as preparation for
  using build_select_query() to generate the pagebrowser query



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1756 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz eb7e40cf94 PFAHandler, editform.tpl:
- add support for 'b64p' fields (passwords stored base64-encoded)
  as preparation to migrate fetchmail.php to FetchmailHandler


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1750 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc2b157d59 *Handler:
- add $msg['confirm'] (confirmation message when attemping to delete an
  item, displayed by list.php)

*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 13f1a28b6e PFAHandler:
- read_from_db(), getList(): 
  - add $searchmode parameter (_before_ $limit and $offset!) to be able to 
    use query different query modes, not only "="
  - add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
  to avoid information leaks by using search parameters
  (filter is only applied if $condition is an array!)

functions.inc.php: 
- db_where_clause():
  - add $additional_raw_where parameter for additional query parameters
  - add $searchmode parameter to be able to use query different
    query modes, not only "=" (see $allowed_operators)
  - check for allowed operators in $searchmode
  - split query into WHERE and HAVING (if a parameter has
    $struct[select] set, HAVING is used)

list-virtual.php:
- adopt getList() call to the new syntax

AliasHandler:
- adopt getList() definition and call to the new syntax

 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz b76511628d PFAHandler:
- add $this->order_by to allow ordering by any field(s)
  (defaults to $this->id_field)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1730 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 6bfe6706ba PFAHandler:
- add $this->label_field and $this->label (defaults to $this->id_field 
  and $this->id) to allow nicer messages
- use $this->label in various messages



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1729 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz ca76b0fb6e PFAHandler:
- add getMsg() function (needed by list.php)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1728 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz e39d13aa52 PFAHandler:
Add $can_edit and $can_delete flags. This makes it possible to make 
some, but not all items non-editable or non-deletable (based on a 
database column/query or read_from_db_postprocess())

- add $can_edit and $can_delete
- after initStruct, check if $struct contains _can_edit and _can_delete.
  If not, fill with default values (allowed)
- init(): set $this->can_edit and $this->can_delete (only in view/edit mode)
- set(): abort if !$this->can_edit



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1716 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3fe75c117d PFAHandler:
- add handling of users (non-admins), including permission checks



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1715 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 72d9d42601 PFAHandler:
- add protected $is_superadmin = 1;
  will be set to 0 if $admin_username is set and is not a superadmin



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1714 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz f07281cdc1 PFAHandler:
- automatically skip quot, vnum and vtxt fields in store()
  (as if dont_write_to_db == 1)
- document new field types vtxt and quot and mark field types that will
  never be stored in db



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1713 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 647aa39218 PFAHandler:
- add validation for "enma" field type - list of options, must be given
  in column "options" as associative array (value => displayed value)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1711 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz d9e30fb41b Add CliScheme.php:
- displays the database scheme (for usage in upgrade.php)

PFAHandler:
- add "Scheme" to the list of available tasks

postfixadmin-cli.php:
- add "scheme" to help

This is the first patch of a series sponsored by 
    Bund der Deutschen Landjugend (german rural youth)
	http://bdl.landjugend.info/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1710 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz c5de88390e PFAHandler.php:
fix logging - log the domain instead of $this->id
- add protected $domain (used for logging)
- add function domain_from_id()
- http://sourceforge.net/p/postfixadmin/bugs/317/

AliasHandler.php:
- add function domain_from_id()

MailboxHandler.php:
- add function domain_from_id()
- init(): use $this->domain instead of splitting $this-id again



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1684 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz bafd2f1f58 edit.php:
- use prefill values from $_SESSION (if not provided in GET/POST)
- remember prefill values for next usage of the form

list-virtual.php
- set prefill values for edit.php

PFAHandler.php:
- let prefill() store the value in $struct if no prefill_$field()
  function exists

This fixes the remaining parts of
http://sourceforge.net/p/postfixadmin/bugs/298/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1594 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 53c28990ad PFAHandler:
- read_from_db(): convert $limit and $offset with (int) to make sure
  they contain a sane value


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1584 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 20d1ffcafc functions.inc.php:
- new function db_pgsql() to replace lots of
  "if ($CONF[database_type] == 'pgsql')) checks
- delete unused function boolconf()

several files:
- use db_pgsql() instead of checking $CONF[database_type]



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1582 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz c65e3293b6 Quite big CLI cleanup (and more)
model/CliHelp.php:
- new class, used for "postfixadmin-cli $module help"
- replaces the PostfixAdmin* classes in scripts/shells/*.php

model/PFAHandler.php
- add public $taskNames with the list of supported CLI commands

scripts/postfixadmin-cli.php - dispatch():
- directly set the classes to load instead of using shell->loadTasks()
- when "postfixadmin-cli $module" is called, display help instead of 
  error message about "invalid command ''"
- make it more readable by moving error checks to the beginning
  (replaces deeply nested if's with return statements)
- remove unused code parts

scripts/shells/*.php:
- remove PostfixAdmin* classes (obsoleted by CliHelp)
- remove $tasks (now in PFAHandler)
- delete alias.php and domain.php because nothing is left
- mailbox.php still contains PasswordTask

scripts/shells/shell.php:
- remove $taskNames (moved to PFAHandler)
- remove loadTasks() (integrated in postfixadmin-cli.php's dispatch())



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1575 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 49573da2d7 PFAHandler:
- make error messages in _inp_*() translateable
- make date format in SQL "translateable"

*.lang:
- add the texts needed for the changes listed above


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1556 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 1b74926afb PFAHandler, *Handler:
- rename _field_$field() to _validate_$field() to make the function name
  more obvious
 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1555 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz e96544e815 model/PFAHandler.php, setup.php:
- use Config::lang_f() for $this->msg['successmessage']

*.lang:
- add %s to all texts used for 'successmessage'


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1540 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 21aea632b7 model/PFAHandler.php:
- use Config::lang_f() for msg['store_error']

*.lang:
- add %s to all messages that are used as store_error


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1539 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 4d9a338eb2 After hunting an "undefined index transport" error in list-domain, I
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class. 

This caused a conflict because we have $CONF[transport] and 
$PALANG[transport], and Config::read('transport') returned the $PALANG 
text.

To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.


model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the 
  "too static" problem again.
- bool(): display and log an error message if a $CONF option does not
  contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects

model/Lang.php:
- deleted

common.php:
- store $PALANG as $CONF[__LANG]

lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
  and Config::lang_f()




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz f2c2b554ac model/PFAHandler.php:
- getList: change return value to be always true (even if the database 
  result is an empty array), and die() if the database result is not an 
  array.
  This avoids some if blocks in various files to implement a fallback
  to array() on empty results.

functions.inc.php:
- list_admins(): simplify after the *Handler->getList() change
- get_domain_properties(): change a forgotten $handler->return to 
  $handler->result() (follow-up for r1534)

list-domain, list-virtual.php:
- simplify after the *Handler->getList() change



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1535 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz bb7a3ff04d model/*Handler.php and various other files
- rename $this->return to $this->result


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1534 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz f38b10cd61 PFAHandler.php:
- set(): make "field $key is missing" translateable
- store(): call db_log() even if storemore() failed


MailboxHandler.php
- storemore(): use $this->infomsg instead of flash_info
 
*.lang
- add 'missing_field' = 'Field %s is missing';
- change reate_mailbox_result_success' and
  'pCreate_mailbox_result_succes_nosubfolders'
  to "The mailbox %s ..."

en.lang, nl.lang:
- remove unused texts 'pAdminList_domain_usercontrol',
  'pAdminCreate_domain_usercontrol', 'pAdminEdit_domain_usercontrol'


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1533 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 414c05e678 functions.inc.php:
- db_where_clause(): wrap condition in "(...)"


model/PFAHandler.php:
- read_from_db(): wrap condition in "(...)"


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1493 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz ce233789b9 PFAHandler.php:
- add $skip_empty_pass (default: true) - set to false to
  disable skipping empty password fields in edit mode
  (needed for "change password" form)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1490 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago