Commit Graph

94 Commits (531a52e05323055a36474639b0a53e87bba52f74)

Author SHA1 Message Date
David Goodwin 3303f25bcc add some php 7+ array type hints. 5 years ago
David Goodwin 48e236ffc0 use hash_equals for login - see: https://github.com/postfixadmin/postfixadmin/issues/58 5 years ago
David Goodwin 1ad184641d php7.4 / psalm fixes 5 years ago
David Goodwin bcae218cbb composer format time 5 years ago
David Goodwin 87824ef970 psalm fixes/workarounds; require PHP 5.6+ 5 years ago
David Goodwin 4aa3110712 phpdoc/psalm fixes 5 years ago
David Goodwin 80418e6412 try and avoid hitting : https://github.com/postfixadmin/postfixadmin/issues/51 5 years ago
David Goodwin 71402e9051 comment 6 years ago
David Goodwin 045a19ae33 re-format 6 years ago
David Goodwin 7ed57a0cda assume the db updates work if no exception was thrown 6 years ago
David Goodwin 28e687ff5b sqlite does not support NOW(), use a string comparison 6 years ago
David Goodwin 803e2342f8 fix psalm issues; reformat; rename new db functions 6 years ago
David Goodwin 1176c9ce78 reformat; fix some transition bugs 6 years ago
David Goodwin ea33d9951a try migrating to pdo 6 years ago
David Goodwin 4fcdba9cf4 run php-cs-fixer (code reforamt) 6 years ago
David Goodwin 74002bbf57 psalm fixes 6 years ago
David Goodwin 173d5775cd psalm fixes 6 years ago
David Goodwin ec085b668b missing class property 7 years ago
Christian Boltz d2588a4de2
Fix phpcs whitespace breakage in initStruct etc. 7 years ago
Christian Boltz 500c847fe0
re-add lost comment 7 years ago
David Goodwin fef2591335 phpdoc fixes 7 years ago
David Goodwin cb34da4f46 phpcs reformat 7 years ago
David Goodwin 152975d05c move to use db_assoc() rather than db_array() (code assumes assoc. array) 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
Christian Boltz 8fb67e6fbf
Fix broken table names caused by doubled table_by_key() calls
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 2f2db5949a fix date formatting in non-english languages, thanks to uz@musoftware.de
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1884 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 386f37dfdb Don't decode b64p (base64-encoded password) fields.
This is not supported in MySQL < 5.6.
Besides that, we don't display the content of b64p fields anywhere, so
the easiest way is not to decode it.

Note: Currently, the only user of b64p is FetchmailHandler.

Fixes https://sourceforge.net/p/postfixadmin/bugs/357/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1847 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz b261db86c7 Merge pull request #9 from phyrog/master
Add sqlite backend option (thank you @phyrog for doing this)

(imported from github)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1824 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz adc038e218 list.tpl:
- add support for list_header (like ":: Alias" in list-virtual)

PFAHandler:
- add empty default for $msg['list_header']


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1776 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 35fad174f7 smarty.inc.php:
- assign(): additionally provide the unsanitized values as RAW_$key

PFAHandler.php:
- document 'html' field type (used for raw html), including a big warning

list.tpl:
- add handling to display raw html fields

This is a preparation to use the status markers with list.tpl without
introducing too big changes.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1775 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 8043515fdf migrate search input field to use search[_], and use list.tpl for alias domains
User-visible changes:
- alias domain list can be downloaded as CSV
- no more search highlighting for alias domains

list-virtual.php:
- expect $search to be an array
- change alias domain handling to use list.php instead of
  list-virtual_alias_domain.tpl, and move some logic from the template
  to list-virtual.php. (The template file is kept as list.tpl wrapper.)
- adopt mailbox and alias search to $search[_]
- adopt pagebrowser to $search[_]

list-virtual_alias_domain.tpl:
- replace custom output generation with {include 'list.php'} and some
  variable assignments

PFAHandler.php:
- add $this->id_field to $this->msg (avoids another smarty template
  variable)

configs/menu.conf:
- change input name to search[_]

list-virtual_alias.tpl, list-virtual_mailbox.tpl:
- adopt to $search[_] by setting $search in a backwards-compatible way

list.tpl:
- add special handling for aliasdomain.target_domain linking



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1773 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc598d0f3f PFAHandler:
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 4ce0a57e83 PFAHandler:
- add protected $searchfields = array(); - list of fields to search by
  default, if just a search term is given. This will be done with
  $search['_'], but that code is not implemented yet.
- add $this->msg['show_simple_search'] (true if $searchfields is non-empty)

list.tpl:
- display search input box and search overview only if $searchfields is
  not empty

AliasdomainHandler:
- add 'alias_domain' and 'target_domain' to $searchfields

MailboxHandler:
- add 'username' to $searchfields

AliasHandler:
- add 'address' and 'goto' to $searchfields

This effectively means that the search input box is no longer displayed
in list.php for admin, domain and fetchmail listings.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1770 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 6e5c8f8054 add 'can_create' flag
PFAHandler:
- add $msg['can_create'] (true by default)

DomainHandler:
- set $msg['can_create'] based on is_superadmin

list.tpl:
- display 'create' button only if $msg['can_create'] is true

Note: This is only an optical improvement, not a permission check.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1769 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3f451371e3 PFAHandler:
- set(): if errormsg is set for a field, assume it's invalid (even if
  the validator functions did not (or forgot to) return False)

In theory this should never happen, but it's a nice safety net against
programming errors in validator functions that don't have an explicit
    return False;


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1768 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 313270c00a PFAHandler.php:
- add getPagebrowser() (returns an array of pagebrowser keys)

AliasHandler.php:
- change getList() to work with empty $condition
- add getPagebrowser() to filter out mailboxes

list-virtual.php:
- replace $alias_pagebrowser_query and the create_page_browser() call
  with $handler->getPagebrowser()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1757 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 28fe7042e8 PFAHandler.php:
- split off build_select_query() from read_from_db() as preparation for
  using build_select_query() to generate the pagebrowser query



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1756 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz eb7e40cf94 PFAHandler, editform.tpl:
- add support for 'b64p' fields (passwords stored base64-encoded)
  as preparation to migrate fetchmail.php to FetchmailHandler


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1750 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc2b157d59 *Handler:
- add $msg['confirm'] (confirmation message when attemping to delete an
  item, displayed by list.php)

*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 13f1a28b6e PFAHandler:
- read_from_db(), getList(): 
  - add $searchmode parameter (_before_ $limit and $offset!) to be able to 
    use query different query modes, not only "="
  - add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
  to avoid information leaks by using search parameters
  (filter is only applied if $condition is an array!)

functions.inc.php: 
- db_where_clause():
  - add $additional_raw_where parameter for additional query parameters
  - add $searchmode parameter to be able to use query different
    query modes, not only "=" (see $allowed_operators)
  - check for allowed operators in $searchmode
  - split query into WHERE and HAVING (if a parameter has
    $struct[select] set, HAVING is used)

list-virtual.php:
- adopt getList() call to the new syntax

AliasHandler:
- adopt getList() definition and call to the new syntax

 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz b76511628d PFAHandler:
- add $this->order_by to allow ordering by any field(s)
  (defaults to $this->id_field)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1730 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 6bfe6706ba PFAHandler:
- add $this->label_field and $this->label (defaults to $this->id_field 
  and $this->id) to allow nicer messages
- use $this->label in various messages



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1729 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz ca76b0fb6e PFAHandler:
- add getMsg() function (needed by list.php)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1728 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz e39d13aa52 PFAHandler:
Add $can_edit and $can_delete flags. This makes it possible to make 
some, but not all items non-editable or non-deletable (based on a 
database column/query or read_from_db_postprocess())

- add $can_edit and $can_delete
- after initStruct, check if $struct contains _can_edit and _can_delete.
  If not, fill with default values (allowed)
- init(): set $this->can_edit and $this->can_delete (only in view/edit mode)
- set(): abort if !$this->can_edit



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1716 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3fe75c117d PFAHandler:
- add handling of users (non-admins), including permission checks



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1715 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 72d9d42601 PFAHandler:
- add protected $is_superadmin = 1;
  will be set to 0 if $admin_username is set and is not a superadmin



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1714 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz f07281cdc1 PFAHandler:
- automatically skip quot, vnum and vtxt fields in store()
  (as if dont_write_to_db == 1)
- document new field types vtxt and quot and mark field types that will
  never be stored in db



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1713 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 647aa39218 PFAHandler:
- add validation for "enma" field type - list of options, must be given
  in column "options" as associative array (value => displayed value)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1711 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz d9e30fb41b Add CliScheme.php:
- displays the database scheme (for usage in upgrade.php)

PFAHandler:
- add "Scheme" to the list of available tasks

postfixadmin-cli.php:
- add "scheme" to help

This is the first patch of a series sponsored by 
    Bund der Deutschen Landjugend (german rural youth)
	http://bdl.landjugend.info/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1710 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago