The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
For some unknown reason, the insecure version of pull request 18 (which
uses easily guessable reset codes) was merged. This commit disables the
password reset until someone makes it secure.
See the comments in https://github.com/postfixadmin/postfixadmin/pull/18
for details.
array('') means to include an empty item, and that results in an invalid
remote specification with a trailing "/"
Using an empty array() fixes this.
Reported by oftc_ftw on IRC.
* Make it possible by config option that non global admins can send
broadcast messages to their domains.
* Allow the sender to select the domains the broadcast message should be
delivered to
* Allow the sender to decide if the broadcast message should just be
delivered to mailboxes
- add more detailed notes about unsupported dovecot:* encryption types
(after hunting them down with r00t^2 on IRC)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1833 a1433add-5e2c-0410-b055-b7f2511e0802
- uses list.php and edit.php instead of the fetchmail-specific template
- replaces fetchmail.php and its template
config.inc.php:
- add $CONF['fetchmail_struct_hook']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1762 a1433add-5e2c-0410-b055-b7f2511e0802
- add note that $CONF[vacation_domain] can't be used for "normal" mails
model/DomainHandler.php:
- validate_new_id():
- error out when trying to add $CONF[vacation_domain]
- some whitespace fixes
- remove superfluous comment on initStruct()
*.lang:
- add 'domain_conflict_vacation_domain' error message
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1694 a1433add-5e2c-0410-b055-b7f2511e0802
restrict reply type to a list of options ($CONF[vacation_choice_of_reply]),
remove input field for custom interval
config.inc.php:
- change $CONF['vacation_choice_of_reply'] to [seconds] => [$PALANG label]
(note: reply to every mail is commented by default because it can be
annoying. Admins will have to explicitely add/enable it in their config.)
- remove $CONF[vacation_replytype_default]
- update comment about dovecot:* for $CONF[encrypt]
*.lang:
- add texts for reply types
VacationHandler.php:
- remove reply_type at various places
- set_away(): remove reply_type from list of function parameters
templates/vacation.tpl:
- update reply type dropdown for the changed $CONF['vacation_choice_of_reply']
- remove the input fields for custom reply delay
vacation.php:
- restrict reply type to a list of options ($CONF[vacation_choice_of_reply])
- if vacation is disabled, but old values are stored in the database,
change the activeFrom and activeUntil date to today to avoid users
have to scroll through the calendar a lot
xmlrpc.php:
- update set_away() call to match the removed parameter
upgrade.php:
- comment out upgrade_1345_mysql() which created the reply_type and
interval_time fields in the vacation table in mysql
- add upgrade_1610() to add the vacation.interval_time field
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1610 a1433add-5e2c-0410-b055-b7f2511e0802
- remove unused $CONF['usercontol'] which leaked in with an unrelated
patch in r1374
- fixed some typos in comments
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1551 a1433add-5e2c-0410-b055-b7f2511e0802
configs/menu.conf:
- change url_create_mailbox to edit.php?table=mailbox
templates/list-virtual.tpl:
- replace hardcoded create-mailbox.php with {#url_create_mailbox#}
functions.inc.php:
- delete functions that are now part of MailboxHandler:
- check_mailbox()
- multiply_quota()
- add some TODO notes
config.inc.php:
- rewrite a comment that referenced create-mailbox.php
create-mailbox.php:
- delete - no longer needed
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1433 a1433add-5e2c-0410-b055-b7f2511e0802
- new config option $CONF['password_validation'] - array with regular
expressions to check if a password is valid/good enough.
The default configuration enforces:
- minimum length 5 characters/digits/whatever
- at least 2 characters
- at least 2 digits
- removed $CONF['min_password_length'] - it's now handled in /.{5}/ in
$CONF['password_validation']
functions.inc.php
- new function validate_password to check a given password against
$CONF['password_validation']
- generate_password: generated password is always 8 chars long
(instead of $CONF['min_password_length'])
edit-admin.php, users/password.php, edit-mailbox.php, setup.php:
- use validate_password instead of $CONF['min_password_length']
This implements
https://sourceforge.net/tracker/?func=detail&aid=1785513&group_id=191583&atid=937967
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1192 a1433add-5e2c-0410-b055-b7f2511e0802