The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
- add protected $searchfields = array(); - list of fields to search by
default, if just a search term is given. This will be done with
$search['_'], but that code is not implemented yet.
- add $this->msg['show_simple_search'] (true if $searchfields is non-empty)
list.tpl:
- display search input box and search overview only if $searchfields is
not empty
AliasdomainHandler:
- add 'alias_domain' and 'target_domain' to $searchfields
MailboxHandler:
- add 'username' to $searchfields
AliasHandler:
- add 'address' and 'goto' to $searchfields
This effectively means that the search input box is no longer displayed
in list.php for admin, domain and fetchmail listings.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1770 a1433add-5e2c-0410-b055-b7f2511e0802
- add $msg['confirm'] (confirmation message when attemping to delete an
item, displayed by list.php)
*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct: set "display in list" to 1 to allow searching for domain
with list.php (nevertheless, the domain won't be displayed because
it doesn't have a column label set)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1735 a1433add-5e2c-0410-b055-b7f2511e0802
fix logging - log the domain instead of $this->id
- add protected $domain (used for logging)
- add function domain_from_id()
- http://sourceforge.net/p/postfixadmin/bugs/317/
AliasHandler.php:
- add function domain_from_id()
MailboxHandler.php:
- add function domain_from_id()
- init(): use $this->domain instead of splitting $this-id again
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1684 a1433add-5e2c-0410-b055-b7f2511e0802
- move mailbox_postdeletion() to MailboxHandler
- move domain_postcreation() and domain_postdeletion() to
DomainHandler
- adopt those functions for usage inside the *Handler (replace
print with $this->errormsg etc.)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1579 a1433add-5e2c-0410-b055-b7f2511e0802
- add some _formatted_*() functions to get a more informative output
(currently only used in CLI)
MailboxHandler.php:
- add TODO for reading used quota from quota/quota2 table and adding
a formatted_quota() function
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1573 a1433add-5e2c-0410-b055-b7f2511e0802
- rewrite and simplify delete()
- also cleanup fetchmail, quota and quota2 tables
AliasHandler.php:
- update delete() to match the workflow in other classes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1562 a1433add-5e2c-0410-b055-b7f2511e0802
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class.
This caused a conflict because we have $CONF[transport] and
$PALANG[transport], and Config::read('transport') returned the $PALANG
text.
To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.
model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the
"too static" problem again.
- bool(): display and log an error message if a $CONF option does not
contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects
model/Lang.php:
- deleted
common.php:
- store $PALANG as $CONF[__LANG]
lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
and Config::lang_f()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
- create_mailbox_subfolders(), check_quota():
use class variables instead of parameters
- create_mailbox_subfolders(): remove check for empty $this-id - this can
never happen because it would fail much earlier in the class
- check_quota(), allowed_quota(), mailbox_post_script(),
create_mailbox_subfolders(): mark as protected
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1517 a1433add-5e2c-0410-b055-b7f2511e0802
- new function mailbox_post_script()
- result of merging mailbox_postcreation() and mailbox_postedit(),
replaces those two functions
- drop all parameters, read them from class variables instead
- store warn message in $this->errormsg[] instead of using print
- changed function calls to use mailbox_post_script()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1516 a1433add-5e2c-0410-b055-b7f2511e0802
- check_quota ()
- allowed_quota()
- mailbox_postcreation()
- mailbox_postedit()
- create_mailbox_subfolders()
The code was moved without any changes, except
- added leading whitespace
- removed "TODO: move to MailboxHandler" ;-)
MailboxHandler:
- change function calls for moved functions
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1515 a1433add-5e2c-0410-b055-b7f2511e0802
- make login() a non-static function
- login: use $this->db_table and $this->id_field instead of hardcoded names
users/login.php, xmlrpc.php:
- adopt to now non-static MailboxHandler->login()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1484 a1433add-5e2c-0410-b055-b7f2511e0802