Christian Boltz
fe5e256b6d
Merge pull request #79 from Ecodev/harden-password-reset
...
Harden password reset process
7 years ago
Sylvain Tissot
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin
8bb6000072
Merge pull request #60 from Vilican/master
...
Security fixes
7 years ago
David Goodwin
db06ac919c
Merge pull request #82 from evaryont/sqlite-v1837
...
Upgrade SQlite db to v1837
7 years ago
Colin Shea
f568309ef5
Upgrade SQlite db to v1837
...
Includes a TODO for v1836. Not sure if it's needed... Haven't ran into
any issues yet.
7 years ago
jowi
39dca79879
Add SQLite and PDO support
7 years ago
David Goodwin
c5136c408d
improve config file loading when installed from a debian package
7 years ago
jowi
ec2cc0041e
fix postgres dependency
7 years ago
Christian Boltz
ae56c2b700
Fix syntax error in viewlog.php
...
Reported in issue #74
7 years ago
David Goodwin
dd06aa75e0
attempt at fixing various .deb issues - link templates_c to /var/cache/postfixadmin; add postfixadmin-cli to deb and symlink into /usr/bin
7 years ago
David Goodwin
252d42dcc0
fix perms (executable)
7 years ago
David Goodwin
5c2e3d1e00
possible changes for deb package to include postfixadmin-cli in /usr/bin
7 years ago
David Goodwin
6258cc669d
update quilt patches
7 years ago
David Goodwin
2fc36e82ad
see #74 - fix undefined $CONF[page_size]
7 years ago
David Goodwin
4b999b3f6b
improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73
7 years ago
Matyáš Koc
3c95ec4a09
Add CSRF token
7 years ago
Matyáš Koc
9f30aa5ff4
Handle logout in a new way (user login)
7 years ago
Matyáš Koc
74c29f8a10
Handle logout in a new way (admin login)
7 years ago
David Goodwin
82e7bdfda3
fix surname typo
7 years ago
David Goodwin
9dbeb68f9a
add TODO
7 years ago
David Goodwin
2b04b72072
remove unnecessary nesting, reindent, make it print out what it might do before breaking stuff etc
7 years ago
David Goodwin
9b16645c0f
Merge pull request #70 from Seitanas/master
...
virtualmaildel.php with PHP mysqli extension.
7 years ago
Seitanas
72288b8402
Updated to use PHP mysqli extension.
7 years ago
David Goodwin
0b70b5c686
resync debian/control with debian stretch
7 years ago
jowi
dbe8475ed2
pgsql support (wip)
7 years ago
David Goodwin
9841c7c86b
bump file
7 years ago
David Goodwin
c476a61ec4
clear stat cache so the is_writeable() result will eventually change with subsequent page reloads if the user has actually fixed the dir
7 years ago
David Goodwin
14ec596cbf
bump Smarty to v1.3.31 (various fixes); add custom modifier.needle.php
7 years ago
David Goodwin
a40e99c8ed
renamed to INSTALL.md
7 years ago
Christian Boltz
2251c00fb8
disable password reset until it is secure
...
For some unknown reason, the insecure version of pull request 18 (which
uses easily guessable reset codes) was merged. This commit disables the
password reset until someone makes it secure.
See the comments in https://github.com/postfixadmin/postfixadmin/pull/18
for details.
7 years ago
David Goodwin
f3b2fe68f1
Merge pull request #18 from Ecodev/password-reset
...
#75 Enable users to reset their passwords
7 years ago
Sylvain Tissot
7a0b3b3750
Fix typo in french language file #18
7 years ago
Sylvain Tissot
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
7 years ago
David Goodwin
25f50f262d
update for https://github.com/postfixadmin/postfixadmin/issues/66
7 years ago
David Goodwin
1f63a9df89
update Install.txt -> Install.md
7 years ago
David Goodwin
da9f674611
better now?
7 years ago
David Goodwin
8d2223acfa
better now?
7 years ago
David Goodwin
6442c8aff4
better now?
7 years ago
David Goodwin
ba8a4ab659
better markup
7 years ago
David Goodwin
76f0387313
try this
7 years ago
David Goodwin
7f2ea1a20a
make github friendly, perhaps
7 years ago
David Goodwin
c3a4a6ed8d
remove some comments from the top of vacation.pl; add links to file(s); remove unnecessary index.php
7 years ago
David Goodwin
d98e83e624
Merge pull request #61 from tkempf/Email-Sender
...
Replace Deprecated Mail::Sender by Email::Sender
7 years ago
tkempf
066a22cb42
Added forgotten use Statement for MIME:EncWords
7 years ago
tkempf
f2d4e6dbcc
Subject with non ASCII-chars still needs to be encoded
7 years ago
tkempf
34474a20e5
set default value for $no_vacation_pattern
7 years ago
tkempf
4660d65679
Renamed $novacation_pattern to $no_vacation_pattern + codestyle changes
7 years ago
J0WI
33db684562
add Dockerfile
7 years ago
David Goodwin
466bd6834c
Merge pull request #63 from Callidior/viewlog-page_size
...
Fix unquoted string array index in viewlog.php
7 years ago
Björn Barz
3786ebc33e
Fixed unquoted string array index in viewlog.php
...
`$CONF[page_size]` was working, but throwing E_NOTICE, so I propose changing it to `$CONF['page_size']`.
7 years ago