Commit Graph

298 Commits (1dfb03ea327a8f9876ad8a5f5fa68a6faee0847b)

Author SHA1 Message Date
David Goodwin 0b66cd6bd2 Do not try to db_escape() an SQL field. 7 years ago
David Goodwin 4e9d166765 use db_assoc() rather than db_array() as we're depending on an assoc array afterall. 7 years ago
David Goodwin 45a1073b97 change to use foreach($a as $k => $v) { ... } 7 years ago
David Goodwin 8ac94394cb improve phpdoc 7 years ago
David Goodwin e2b1233269 Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...) 7 years ago
David Goodwin 5e1855632a allow local aliases - see #134 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
David Goodwin a320b67508 possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL) 7 years ago
Christian Boltz 977f335a0f
Fix quoting in table_by_key()
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
7 years ago
er1cs 7b8626ca81
Update functions.inc.php
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works.  FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
7 years ago
Lee Clemens ebbd9025e4 Add support for MySQL connections over SSL 7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 4b999b3f6b improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73 7 years ago
Sylvain Tissot 9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 7 years ago
Christian Boltz be5fafa9fb
changelog update etc. for 3.1 release 8 years ago
Christian Boltz 64f1593818
revert "support unicode domain names - see #47"
Unicode support is a much bigger can of worms (see the discussion in #47),
and having just a little part of unicode support in is a bad idea.

You can of course use the xn--whatever notation for unicode domains ;-)
8 years ago
David Goodwin a09a3fa3b0 support unicode domain names - see #47 8 years ago
Christian Boltz 88bd9bfd19
drop $db_conn parameter from escape_string()
Connection caching is now done in db_connect() which is a much better
place.

This reverts most of c253ef7dbd
8 years ago
Christian Schrötter 846dcb756c
Remove unnecessary code 8 years ago
Christian Schrötter e28f3f5959
Fix for mysqli_connect() 8 years ago
Christian Schrötter 2dea9fadd4
Remove whitespace 8 years ago
David Goodwin c253ef7dbd allow escape_string() to take a db connection as a parameter; should improve performance when there are a large number of things to escape 8 years ago
Christian Boltz 28703935b3 3.0.2 release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1894 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 16e1407621 db_where_clause(): allow NULL and NOTNULL searchmodes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1878 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz bbec3e9f0e pacrypt(): allow switching between dovecot:* password schemes
Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.

This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.

Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 6eda18fcde prepare PostfixAdmin 3.0 release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1861 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 2a6247a6d9 db_connect(): drop unused variable $succes(s)
One of the variable names had a typo [1], and since those variables are
unused, the best way is to drop them.

[1] reported by tfarina, https://github.com/postfixadmin/postfixadmin/issues/15


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1858 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 13cdd50d0a Add checks to login.php and cli to ensure database layout is up to date
- add check_db_version() to functions.inc.php
- add $min_db_version (needs to be updated at least before the release)
- call check_db_version in login.php, users/login.php and CLI - they'll
  error out if the database layout is outdated
- change setup.php to use check_db_version()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1853 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz a00e8a811d functions.inc.php:
- check_domain(): someone had the great idea to allow punicode
  even in TLDs, so we better allow it.
  https://sourceforge.net/p/postfixadmin/feature-requests/93/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1839 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz a0151bd5a1 functions.inc.php:
- pacrypt(): don't stripslashes($pw) because this breaks passwords with
  backslashes. This stripslashes() existed since forever, but probably
  became harmful with all the rewrites in the last years.
  https://sourceforge.net/p/postfixadmin/bugs/349/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1838 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 9335232024 functions.inc.php:
- fix db_quota_text() for postgresql (concat() vs. ||)
  https://sourceforge.net/p/postfixadmin/bugs/370/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1834 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
David Goodwin d3ca74af0d merge github pull request into svn manually - 3e62d3975a - adding configurable smtp helo (CONF["smtp_client"])
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1832 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz b261db86c7 Merge pull request #9 from phyrog/master
Add sqlite backend option (thank you @phyrog for doing this)

(imported from github)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1824 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 129a65b8c5 functions.inc.php:
- gen_show_status(): escape mail addresses in query.
  Fixes https://sourceforge.net/p/postfixadmin/bugs/356/
  (mostly - the edit/delete/... links in list-virtual are double-escaped)
  In theory this could allow SQL injection, in practise the mail address
  regex limits this issue to a DOS (creating a mail address with ' caused
  an invalid query that broke list-virtual)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 9636fe9de3 3.0 beta3 (= 2.93) release - update $version and changelog
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1799 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 5307cfe48a functions.inc.php check_domain():
Measure time needed for the nameserver queries, and error_log a warning
if the queries need more than 2 seconds in total.

Inspired by a question from t-ask on IRC, who suffered from a slow
nameserver and had some "fun" to debug it ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1790 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3a72203de4 AliasHandler:
- initStruct(): replace (wrong) 'editable' with '_can_edit' and '_can_delete'
- read_from_db_postprocess(): disable _can_edit and _can_delete for
  default aliases if special_alias_control is off and not superadmin

list.tpl:
- use $item._can_edit instead of $check_alias_owner

list-virtual.php:
- drop $check_alias_owner variable and check_alias_owner() call
  (replaced by the code added in AliasHandler)
- drop unused $sql_domain

functions.inc.php:
- delete no longer used check_alias_owner() function



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1774 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc598d0f3f PFAHandler:
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 5605561ca8 functions.inc.php:
- better formatting in db_quota_text() and db_quota_percent() results
  (for example, infinity sign instead of / 0 for unlimited)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1744 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 13f1a28b6e PFAHandler:
- read_from_db(), getList(): 
  - add $searchmode parameter (_before_ $limit and $offset!) to be able to 
    use query different query modes, not only "="
  - add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
  to avoid information leaks by using search parameters
  (filter is only applied if $condition is an array!)

functions.inc.php: 
- db_where_clause():
  - add $additional_raw_where parameter for additional query parameters
  - add $searchmode parameter to be able to use query different
    query modes, not only "=" (see $allowed_operators)
  - check for allowed operators in $searchmode
  - split query into WHERE and HAVING (if a parameter has
    $struct[select] set, HAVING is used)

list-virtual.php:
- adopt getList() call to the new syntax

AliasHandler:
- adopt getList() definition and call to the new syntax

 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 786a7d665e functions.inc.php:
- pacol():
  - add $linkto parameter (if list mode should link to something)
  - replace $not_in_db with $multiopt - the remaining parameters can
    now be specified as associated array (backwards-compatible)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1719 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 9093a946b4 functions.inc.php:
- add functions db_quota_text() and db_quota_percent() to generate
  queries for used quota ("x/y" and percentage)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1712 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz e8b0198512 2.92 (aka 3.0 beta2) release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1706 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz d3964f600e functions.inc.php
- db_get_boolean: error_log invalid values


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1672 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 0b116c1605 version 2.91 aka 3.0 beta1
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1670 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 8e04104b20 functions.inc.php:
- db_log():
  - replace $action_list with $LANG["pViewlog_action_$action"]
  - drop unused $table_log variable


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1658 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
David Goodwin b3074644ff alias can contain a ' - as in email.o'connor - need to therefore escape this...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1639 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz e7fe6e16ef functions.inc.php:
- check_domains(): raise TLD limit to 13 chars - even if I seriously
  doubt someone wants to use such a long TLD ;-)
  ( https://sourceforge.net/p/postfixadmin/bugs/310/ again)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1637 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 9bcc57cd88 functions.inc.php
- check_domain(): update regex for new, longer TLDs like .photography
  https://sourceforge.net/p/postfixadmin/bugs/310/
 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1635 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 252ae047d5 various files:
- get rid of global $table_* variables, use table_by_key() instead



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1601 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 57f4ad0b75 functions.inc.php pacrypt():
- for 'system' encryption, use full hashed password as salt 
  https://sourceforge.net/p/postfixadmin/bugs/2/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1595 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 1a35cccf5e list-virtual.php:
- remember domain and page browser offset in $_SESSION
  (fixes 50% of http://sourceforge.net/p/postfixadmin/bugs/298/ )
- various cleanups

functions.inc.php:
- add safesession() (like safeget(), but for $_SESSION)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1593 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz c349420210 functions.inc.php
- db_query(): do not print out the failed query, error_log() it instead
  to avoid information leaks.
- update SF forum URL


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1592 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 20d1ffcafc functions.inc.php:
- new function db_pgsql() to replace lots of
  "if ($CONF[database_type] == 'pgsql')) checks
- delete unused function boolconf()

several files:
- use db_pgsql() instead of checking $CONF[database_type]



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1582 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 2bf5df92ea functions.inc.php, DomainHandler, MailboxHandler:
- move mailbox_postdeletion() to MailboxHandler
- move domain_postcreation() and domain_postdeletion() to
  DomainHandler
- adopt those functions for usage inside the *Handler (replace
  print with $this->errormsg etc.)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1579 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 6e2e132bac remove "postfixadmin.com" in comments in lots of files
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1558 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz d900835997 functions.inc.php:
- pacrypt(): fix dovecot:* to work with "old" passwords that don't have 
  the {method} prefix


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1554 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz b137e774f6 functions.inc.php:
- check_language(): remove things like ";q=0.8" before checking if 
  a language exists


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1547 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 4d9a338eb2 After hunting an "undefined index transport" error in list-domain, I
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class. 

This caused a conflict because we have $CONF[transport] and 
$PALANG[transport], and Config::read('transport') returned the $PALANG 
text.

To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.


model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the 
  "too static" problem again.
- bool(): display and log an error message if a $CONF option does not
  contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects

model/Lang.php:
- deleted

common.php:
- store $PALANG as $CONF[__LANG]

lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
  and Config::lang_f()




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz f2c2b554ac model/PFAHandler.php:
- getList: change return value to be always true (even if the database 
  result is an empty array), and die() if the database result is not an 
  array.
  This avoids some if blocks in various files to implement a fallback
  to array() on empty results.

functions.inc.php:
- list_admins(): simplify after the *Handler->getList() change
- get_domain_properties(): change a forgotten $handler->return to 
  $handler->result() (follow-up for r1534)

list-domain, list-virtual.php:
- simplify after the *Handler->getList() change



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1535 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 43f2591d93 functions.inc.php:
- smtp_get_admin_email(), domain_postcreation(), domain_postdeletion(): 
  use Config::read instead of $CONF
- smtp_get_response(): whitespace fixes



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1532 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz f444de402b functions.inc.php:
- pacrypt(), dovecot:* method:
  - allow "." in dovecot method (to allow a suffix like ".b64")
  - blacklist SCRAM-SHA-1 (needs -u)
  - check against list of non-salted methods to be backward compatible
    with dovecot < 2.1 again
  Thanks to Szilagyi Jozsef <szjozsef AT yahoo DOT com> for providing
  the list of non-salted methods etc.

functions.inc.php, scripts/postfixadmin-cli.php:
- drop unused global variables $table_admin and $table_alias_domain



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1529 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 5d4240ce52 functions.inc.php:
- pacrypt: digest-md5 hashes include the username - until someone 
  implements it, let's declare it as unsupported and error out


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1525 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 0d6f9ff99f functions.inc.php:
- pacrypt(): some small changes after Szilagyi Jozsef's patch:
  - comment out unused $crypt_method
  - change $dovecotpw default to "doveadm pw" (unrelated to the patch)
  - set $dovepasstest to "-t $pw_db" instead of having two similar
    command lines, and also shellescapearg() $pw_db
  - use "if (empty($dovepasstest))" instead of "if (empty($pw_db))"



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1524 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 161d387485 - pacrypt(): add support for dovecot *-CRYPT passwords
doveadmin pw now has an option "-t $hash" which allows to verify 
  salted passwords (added in dovecot 2.1 AFAIK)
  Also, the {METHOD} part is no longer removed.

  Patch by Szilagyi Jozsef <szjozsef [at] yahoo.com> - thanks!

  (The schemes which requires also the username -u option is still not supported)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1523 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz c2ccffb76c functions.inc.php:
- mailbox_postdeletion(): use Config::read instead of global $CONF


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1522 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 73a793433e moved the following functions from functions.inc.php to MailboxHandler.php:
- check_quota ()
- allowed_quota()
- mailbox_postcreation()
- mailbox_postedit()
- create_mailbox_subfolders()

The code was moved without any changes, except
- added leading whitespace
- removed "TODO: move to MailboxHandler" ;-)


MailboxHandler:
- change function calls for moved functions


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1515 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz ecc84a1486 functions.inc.php:
check_quota()
  mailbox_postcreation()
  mailbox_postedit()
  create_mailbox_subfolders()
  - use Config::read() / Config::bool() instead of $CONF
  - update comment header
  - some minor changes to make the code better readable



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1514 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 414c05e678 functions.inc.php:
- db_where_clause(): wrap condition in "(...)"


model/PFAHandler.php:
- read_from_db(): wrap condition in "(...)"


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1493 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz a07b822906 functions.inc.php:
- remove unused functions:
  - authentication_is_admin()
  - authentication_is_user()
  - check_string()
  - admin_exist()
  - domain_exist()
- add various TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1482 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 79403ad709 functions.inc.php:
- delete unused function get_mailbox_properties()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1481 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 2cbbac134f functions.inc.php:
- replace boolconf() calls with Config::bool()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1474 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 71200c1049 functions.inc.php:
- check_email: mention the invalid mail address in errormessage
  (needs text change)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1470 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz b15319c21a functions.inc.php, model/Config.php:
- move boolconf() to Config::bool()
  boolconf() will stay for backwards compability, but new code
  should use Config::bool()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1467 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 66ab8fb290 functions.inc.php:
- db_log(): allow delete_admin action


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1455 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 9c92eef2ff functions.inc.php:
- remove some unused "global $CONF"
- replace some $CONF usage with Config::read() or boolconf()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1453 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 70978e09a4 functions.inc.php:
- check_domain(), check_email(): 
  use Lang::read and Config::read instead of global variables 
  (global variables, at least $PALANG, don't seem to work with CLI)
- boolconf(): 
  - use Config::read instead of global $CONF
  - drop isset() check - doesn't make sense when using Config::read


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1452 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 871bcbbe2f functions.inc.php:
- check_domain(), check_email(): instead of calling flash_error(),
  return string with error message - or empty string if everything is ok

model/AdminHandler.php, model/AliasHandler.php,
model/DomainHandler.php, model/MailboxHandler.php,
sendmail.php, users/edit-alias.php:
- adopt to changed check_domain() and check_email() return value


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1451 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 68390b0201 functions.inc.php
- allowed_quota: if $CONF[quota] == NO, just return 0 (unlimited)

list-virtual.php:
- only eval_size($limit['maxquota']) if $CONF[quota] == YES
  ($limit['maxquota'] is not set if $CONF[quota] == NO)

Both issues (which caused PHP warnings) were found by TigerP on IRC


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1445 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 74deef8221 functions.inc.php:
- validate_password(): use Config::read and Lang::read instead of 
  $CONF and $PALANG


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1439 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz b4823b9e04 Finally replace create-mailbox.php with edit.php?table=mailbox :-)
configs/menu.conf:
- change url_create_mailbox to edit.php?table=mailbox

templates/list-virtual.tpl:
- replace hardcoded create-mailbox.php with {#url_create_mailbox#}

functions.inc.php:
- delete functions that are now part of MailboxHandler:
  - check_mailbox()
  - multiply_quota()
- add some TODO notes

config.inc.php:
- rewrite a comment that referenced create-mailbox.php

create-mailbox.php:
- delete - no longer needed


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1433 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 8d2e570c03 functions.inc.php:
- _flash_string(): move return outside the foreach so that multiple
  messages can be displayed


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1430 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 7a7403aa76 functions.inc.php:
- check_quota(): first check if enforcing quotas is disabled via $CONF[quota]


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1413 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz ae61ee180f functions.inc.php:
- check_owner(): with AdminHandler, we can get 2 results (ALL + a domain).
  Relax the check to accept this case.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1399 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 17911b75d2 functions.inc.php:
- pacrypt(): no longer escape_string() the result. This fixes
  https://sourceforge.net/tracker/index.php?func=detail&aid=3094804&group_id=191583&atid=937964

create-mailbox.php, password.php:
- escape_string() the pacrypt() result

login.php:
- simplify code to require one query less (this also removes the need 
  to escape_string() the password)

I also checked the other files using pacrypt() - they don't need 
escaping or already do it.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1397 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 57b28f1ae2 config.inc.php:
- remove the (now superfluous) $CONF['postfix_admin_url'] config option

debian/patches/db_credentials:
- remove the section that sets $CONF['postfix_admin_url']

functions.inc.php - authentication_require_role():
- also remove $CONF['postfix_admin_url'] from comments
- remove the './' part from the redirect

Combined with the previous two commits, this fixes
https://sourceforge.net/tracker/?func=detail&aid=3039042&group_id=191583&atid=937964


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1396 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 40011a1a98 functions.inc.php:
- authentication_require_role(): no longer use $CONF['postfix_admin_url']
  https://sourceforge.net/tracker/?func=detail&aid=3039042&group_id=191583&atid=937964


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1394 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz a6a3483569 Some things are easier than you might think...
functions.inc.php:
- create_page_browser(): Fix count() query for pgsql. Fixes
  https://sourceforge.net/tracker/?func=detail&aid=3292648&group_id=191583&atid=937964
- surprise: the query to actually generate the pagebrowser already works 
  with pgsql :-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1392 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz a211a95c39 functions.inc.php:
- check_email(): don't trim() mail address to avoid that aliases
  starting with a space are allowed. This fixes
  https://sourceforge.net/tracker/?func=detail&aid=3066059&group_id=191583&atid=937964


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1390 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 954b18c169 functions.inc.php
- create_page_browser(): revert r1387 and...
- db_query(): ...replace it with the correct fix ;-) (avoid mysqli 
  reconnects)

The problem was that db_query() used is_resource() to check if we
already have a database connection, but a mysqli connection is an
object, not a resource.
This resulted in a new database connection for each query. Therefore
mysqli "forgot" the value of SET @row before executing the following
SELECT query (which used a new mysqli connection).

The fix is to also check with is_object() to avoid mysqli reconnects.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1388 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 182c67e1cd functions.inc.php:
- create_page_browser(): include MOD(idx.row, $page_size) in outer SELECT.
  This is needed on some MySQL setups which otherwise return an empty set.

Thanks to f-dens_ on IRC for helping to debug it.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1387 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 102cb4ed50 functions.inc.php:
- change list_admins() to use AdminHandler (code from list-admin.php)
  Note: this changes the return value format to include all details, 
  not only the usernames. Use array_keys(list_admins()) if you need
  the previous return format.
 
list-admin.php:
- replace code with a list_admins() call

list-domain.php:
- adopt to new list_admins() return value



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1386 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz b3cdbfe88a functions.inc.php:
- _flash_string(): also accept an array of messages, not only a string
- comment updates for _flash_info() and flash_error() to reflect this change


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1378 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz a9f252baea functions.inc.php:
- delete unused function db_boolean_to_int()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1377 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 3b920fc442 functions.inc.php:
- remove_from_array() was accidently wrapped by 
  if (!function_exists('hex2bin'))


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1369 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 31b94156c4 functions.inc.php:
- delete leftover comment from (long time deleted) function create_admin()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1368 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz b0277b6c03 functions.inc.php
- new function remove_from_array()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1343 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 4e5bd47183 functions.inc.php:
- pacrypt(): escape_string() $salt for mysql_encrypt to be on the safe side


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1332 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 19b9535e43 functions.inc.php:
- PHP around 5.3.8 includes hex2bin as native function - http://php.net/hex2bin
  therefore we have to wrap our function (which fortunately gives the same
  results) with function_exists().
  Reported by MadOtis on #postfixadmin



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1328 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
David Goodwin cb640c87c1 fix sql injection in pacrypt() when mysql_crypt is in use; see previous commits etc esp in the 2.3 branch
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1327 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago