Commit Graph

2047 Commits (01c8b14a44d211a7bb14f9f909c8187e12bc85c6)
 

Author SHA1 Message Date
Christian Boltz fe5e256b6d Merge pull request #79 from Ecodev/harden-password-reset
Harden password reset process
7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 8bb6000072 Merge pull request #60 from Vilican/master
Security fixes
7 years ago
David Goodwin db06ac919c Merge pull request #82 from evaryont/sqlite-v1837
Upgrade SQlite db to v1837
7 years ago
Colin Shea f568309ef5 Upgrade SQlite db to v1837
Includes a TODO for v1836. Not sure if it's needed... Haven't ran into
any issues yet.
7 years ago
jowi 39dca79879 Add SQLite and PDO support 7 years ago
David Goodwin c5136c408d improve config file loading when installed from a debian package 7 years ago
jowi ec2cc0041e fix postgres dependency 7 years ago
Christian Boltz ae56c2b700
Fix syntax error in viewlog.php
Reported in issue #74
7 years ago
David Goodwin dd06aa75e0 attempt at fixing various .deb issues - link templates_c to /var/cache/postfixadmin; add postfixadmin-cli to deb and symlink into /usr/bin 7 years ago
David Goodwin 252d42dcc0 fix perms (executable) 7 years ago
David Goodwin 5c2e3d1e00 possible changes for deb package to include postfixadmin-cli in /usr/bin 7 years ago
David Goodwin 6258cc669d update quilt patches 7 years ago
David Goodwin 2fc36e82ad see #74 - fix undefined $CONF[page_size] 7 years ago
David Goodwin 4b999b3f6b improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73 7 years ago
Matyáš Koc 3c95ec4a09 Add CSRF token 7 years ago
Matyáš Koc 9f30aa5ff4 Handle logout in a new way (user login) 7 years ago
Matyáš Koc 74c29f8a10 Handle logout in a new way (admin login) 7 years ago
David Goodwin 82e7bdfda3 fix surname typo 7 years ago
David Goodwin 9dbeb68f9a add TODO 7 years ago
David Goodwin 2b04b72072 remove unnecessary nesting, reindent, make it print out what it might do before breaking stuff etc 7 years ago
David Goodwin 9b16645c0f Merge pull request #70 from Seitanas/master
virtualmaildel.php with PHP mysqli extension.
7 years ago
Seitanas 72288b8402 Updated to use PHP mysqli extension. 7 years ago
David Goodwin 0b70b5c686 resync debian/control with debian stretch 7 years ago
jowi dbe8475ed2 pgsql support (wip) 7 years ago
David Goodwin 9841c7c86b bump file 7 years ago
David Goodwin c476a61ec4 clear stat cache so the is_writeable() result will eventually change with subsequent page reloads if the user has actually fixed the dir 7 years ago
David Goodwin 14ec596cbf bump Smarty to v1.3.31 (various fixes); add custom modifier.needle.php 7 years ago
David Goodwin a40e99c8ed renamed to INSTALL.md 7 years ago
Christian Boltz 2251c00fb8
disable password reset until it is secure
For some unknown reason, the insecure version of pull request 18 (which
uses easily guessable reset codes) was merged. This commit disables the
password reset until someone makes it secure.

See the comments in https://github.com/postfixadmin/postfixadmin/pull/18
for details.
7 years ago
David Goodwin f3b2fe68f1 Merge pull request #18 from Ecodev/password-reset
#75 Enable users to reset their passwords
7 years ago
Sylvain Tissot 7a0b3b3750 Fix typo in french language file #18 7 years ago
Sylvain Tissot 9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 7 years ago
David Goodwin 25f50f262d update for https://github.com/postfixadmin/postfixadmin/issues/66 7 years ago
David Goodwin 1f63a9df89 update Install.txt -> Install.md 7 years ago
David Goodwin da9f674611 better now? 7 years ago
David Goodwin 8d2223acfa better now? 7 years ago
David Goodwin 6442c8aff4 better now? 7 years ago
David Goodwin ba8a4ab659 better markup 7 years ago
David Goodwin 76f0387313 try this 7 years ago
David Goodwin 7f2ea1a20a make github friendly, perhaps 7 years ago
David Goodwin c3a4a6ed8d remove some comments from the top of vacation.pl; add links to file(s); remove unnecessary index.php 7 years ago
David Goodwin d98e83e624 Merge pull request #61 from tkempf/Email-Sender
Replace Deprecated Mail::Sender by Email::Sender
7 years ago
tkempf 066a22cb42 Added forgotten use Statement for MIME:EncWords 7 years ago
tkempf f2d4e6dbcc Subject with non ASCII-chars still needs to be encoded 7 years ago
tkempf 34474a20e5 set default value for $no_vacation_pattern 7 years ago
tkempf 4660d65679 Renamed $novacation_pattern to $no_vacation_pattern + codestyle changes 7 years ago
J0WI 33db684562 add Dockerfile 7 years ago
David Goodwin 466bd6834c Merge pull request #63 from Callidior/viewlog-page_size
Fix unquoted string array index in viewlog.php
7 years ago
Björn Barz 3786ebc33e Fixed unquoted string array index in viewlog.php
`$CONF[page_size]` was working, but throwing E_NOTICE, so I propose changing it to `$CONF['page_size']`.
7 years ago