The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
The previous commit changed vacation_notificatoin.notified,
alias_domain.alias_domain and alias_domain.target_domain to latin1, but
did this only in their original upgrade function.
upgrade_1836_mysql() also applies this change to existing databases.
(It's unlikely that these fields are not latin1 - creating them as utf8
or utf8mb4 would break at the index length, but better safe than sorry ;-)
When trying to create a new database with utf8mb4 as default charset,
upgrade.php fails at various places because of too long indexes.
- no longer run upgrade_1_mysql, upgrade_2_mysql and upgrade_3_mysql
which all affect updates from pre-2.1 database layout
- add {LATIN1} to vacation_notificatoin.notified,
alias_domain.alias_domain and alias_domain.target_domain
Thanks to martinx who reported this on IRC and helped to debug it.
Doing it in two steps fails, see comment by Gabor 'Morc' KORMOS on
https://sourceforge.net/p/postfixadmin/bugs/5/
Note: This is an exception from the "never change an existing
upgrade_*() function" rule because
a) the result doesn't change for people where it worked and
b) it will continue here anyway for people who had upgrade problems
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1881 a1433add-5e2c-0410-b055-b7f2511e0802
- add check_db_version() to functions.inc.php
- add $min_db_version (needs to be updated at least before the release)
- call check_db_version in login.php, users/login.php and CLI - they'll
error out if the database layout is outdated
- change setup.php to use check_db_version()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1853 a1433add-5e2c-0410-b055-b7f2511e0802
- split upgrade_1763() into mysql and pgsql versions because pgsql
doesn't support SUBSTRING_INDEX
(reported by darix on IRC)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1786 a1433add-5e2c-0410-b055-b7f2511e0802
- upgrade_1762: add 'domain', 'active', 'created' and 'modified' fields
to fetchmail table (used by FetchmailHandler)
- upgrade_1763: fill fetchmail.domain based on mailbox
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1763 a1433add-5e2c-0410-b055-b7f2511e0802
- change {BOOLEAN} to include "default false"
- revert the r1626 changes in upgrade_1283
(BTW: "by default, every admin is a superadmin" is not a good idea ;-)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1632 a1433add-5e2c-0410-b055-b7f2511e0802
restrict reply type to a list of options ($CONF[vacation_choice_of_reply]),
remove input field for custom interval
config.inc.php:
- change $CONF['vacation_choice_of_reply'] to [seconds] => [$PALANG label]
(note: reply to every mail is commented by default because it can be
annoying. Admins will have to explicitely add/enable it in their config.)
- remove $CONF[vacation_replytype_default]
- update comment about dovecot:* for $CONF[encrypt]
*.lang:
- add texts for reply types
VacationHandler.php:
- remove reply_type at various places
- set_away(): remove reply_type from list of function parameters
templates/vacation.tpl:
- update reply type dropdown for the changed $CONF['vacation_choice_of_reply']
- remove the input fields for custom reply delay
vacation.php:
- restrict reply type to a list of options ($CONF[vacation_choice_of_reply])
- if vacation is disabled, but old values are stored in the database,
change the activeFrom and activeUntil date to today to avoid users
have to scroll through the calendar a lot
xmlrpc.php:
- update set_away() call to match the removed parameter
upgrade.php:
- comment out upgrade_1345_mysql() which created the reply_type and
interval_time fields in the vacation table in mysql
- add upgrade_1610() to add the vacation.interval_time field
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1610 a1433add-5e2c-0410-b055-b7f2511e0802
- change {BIGINT} to include "NOT NULL DEFAULT 0"
- add {INT} (not used anywhere yet)
- upgrade_729:
- quota2 table: change "{BIGINT} NOT NULL DEFAULT 0" to "{BIGINT}" to
match the above change
- note: quota table created with old versions of upgrade.php will not
have explicit "NOT NULL DEFAULT 0" for the "current" field
(shouldn't hurt)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1605 a1433add-5e2c-0410-b055-b7f2511e0802
ADDITIONS/fetchmail.pl
- add sslcertck, sslcertpath and sslfingerprint to fetchmail config
- some whitespace fixes
fetchmail.php
- add sslcertck, sslcertpath, sslfingerprint fields
(sslcertpath and sslfingerprint require $CONF[fetchmail_extra_options]
because they don't have input validation)
languages/*.lang
- add new texts needed for the added fields
templates/fetchmail.tpl:
- add the new fields
- also add extra_options and mda fields - they were not displayed yet
upgrade.php
- fix _db_add_field() to call _db_field_exists() with correct table name
- upgrade_1519(): add sslcertck, sslcertpath, sslfingerprint fields to the
fetchmail table
Most parts of this commit are based on the work of Lars Engelhard
(modified files sent on the mailinglist 2013-07-30)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1519 a1433add-5e2c-0410-b055-b7f2511e0802
- _pgsql_field_exists(), _mysql_field_exists():
Those functions are always called with the expanded table name - don't
expand it twice. (The better solution would be to change all calling
code to provide non-expanded tablenames, but that's more work.)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1391 a1433add-5e2c-0410-b055-b7f2511e0802
- add \n after "Upgrading database" lines - that makes the output readable
if setup.php is called in a console instead a webbrowser
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1345 a1433add-5e2c-0410-b055-b7f2511e0802
- upgrade_1284(): migrate the ALL domain to the superadmin column
Note: The ALL domain is not (yet) deleted to stay backwards-compatible
for now (will be done in a later upgrade function)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1284 a1433add-5e2c-0410-b055-b7f2511e0802
- upgrade_1283(): add a "superadmin" column to the admin table
This is the first step to get rid of the "ALL" dummy domain.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1283 a1433add-5e2c-0410-b055-b7f2511e0802
- add index on (domain,timestamp) in log table to make viewlog faster
_add_index():
- fix handling of multi-column aliases in MySQL
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1050 a1433add-5e2c-0410-b055-b7f2511e0802
*fixed VacationHandler.php
*changed edit-vacation to us VacationHandler
*added todopoint to upgrade.php
*fixed problem in AliasHandler
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@981 a1433add-5e2c-0410-b055-b7f2511e0802
- MySQL only allows one column with DEFAULT CURRENT_TIMESTAMP per table
-> introduce {DATE} with DEFAULT 2000-01-01 as workaround
-> GingerDog, please check if the PostgreSQL variant of {DATE} is valid
- disable upgrade_727_mysql because
- function number is too small for upgrades from 2.3.x
- MySQL only
- it creates some tables PostfixAdmin doesn't use
- new function upgrade_946 to add activefrom/activeuntil fields to the
vacation table (previously done in upgrade_727_mysql)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@946 a1433add-5e2c-0410-b055-b7f2511e0802
- fix _pgsql_field_exists and _mysql_field_exists to work with
non-default table names
- new function _db_field_exists as database-independent wrapper for
_*_field_exists
- new function _db_add_field to add a field to a table
- new function printdebug for debug output (grey text)
- define {DATECURRENT} for timestamp fields (avoids lots of duplication)
-> @GingerDog: please check if the PostgreSQL statement is correct!
- upgrade_945: add a 'modified' column to the vacation table
- various small changes (whitespace, comments, TODO notes etc.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@945 a1433add-5e2c-0410-b055-b7f2511e0802
- function upgrade_1_mysql(): change default charset of vacation table to
latin1. Otherwise table creation breaks with MySQL 6.
Fields that need to be utf-8 are changed to utf-8 later anyways.
(Found by mechno on #postfixadmin)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@790 a1433add-5e2c-0410-b055-b7f2511e0802
upgrade.php
- create quota and quota2 table (upgrade_729)
- create the triggers required by dovecot (upgrade_730_pgsql)
list-virtual.php
- updated to work with both quota tables
Patch by Varren Volz, https://sourceforge.net/tracker/?func=detail&aid=2867629&group_id=191583&atid=937966
- changed query for 1.1 quota table to
WHERE [...] AND ( $table_quota.path='quota/storage' OR $table_quota.path IS NULL )
This fixes https://sourceforge.net/tracker/?func=detail&aid=2794247&group_id=191583&atid=937964
(users not shown when initial email is not sent)
config.inc.php, functions.php
- new config option $CONF['new_quota_table'] (YES means dovecot 1.2 format)
- set variables for new quota2 table
DOCUMENTS/DOVECOT.txt
- added note that quota table is automatically created
- added note about different quota tables for dovecot 1.0/1.1 and >= 1.2
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@730 a1433add-5e2c-0410-b055-b7f2511e0802
er1cs