The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
The MySQL database layout includes a 'cache' column for historical
reasons, the PostgreSQL database never did.
r1883 removed the 'cache' column from VacationHandler to unbreak
PostgreSQL, and at the same time broke MySQL in strict mode.
This patch re-adds the 'cache' column only for MySQL to fix this
regression.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1890 a1433add-5e2c-0410-b055-b7f2511e0802
set_is_mailbox_extrafrom() restricts the domain list to the domain that
needs to be checked (in normal list-virtual listing one domain), and is
then used to restore the default extrafrom.
This improves the performance for most usecases even for superadmins.
Note: Search mode might still be slow because by default it searches in
all domains available to the admin.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1882 a1433add-5e2c-0410-b055-b7f2511e0802
AliasHandler:
- initStruct(): handle __mailbox_username as separate field (needed to
make it searchable)
- split off a condition_ignore_mailboxes() function (used in getList()
and getPagebrowser()) to add '__mailbox_username IS NULL' to the search
condition array. Also, make sure $condition can be an array (preferred)
or a string with a raw query
list-virtual.php:
- hand over a search array instead of a raw query
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1879 a1433add-5e2c-0410-b055-b7f2511e0802
This improves performance on setups with lots of mailboxes.
Well, except for superadmins because restricting to "all domains"
doesn't really help ;-)
Thanks to gygy for reporting this on IRC, and for testing the patch.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1877 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct(): in 'aliases_quot' and '_aliases_quot_percent', use
coalesce(__mailbox_count,0) - without, we always get _0_ aliases if
a domain doesn't have mailboxes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1783 a1433add-5e2c-0410-b055-b7f2511e0802
list-virtual.php:
- use list.tpl for aliases
- move show_gen_status handling for aliases to AliasHandler
AliasHandler:
- initStruct():
- add 'status' column (hidden by default)
- hide 'created'
- move 'active' after 'modified' to match old list-virtual.php layout
- initMsg: add list_header
- webformConfig(): if $CONF[show_status], set display_in_list for
'status' column. Also set a (whitespace) label to make sure it's
displayed
- db_read_from_db_postprocess(): if 'status' column is requested, call
gen_show_status() for each row
list-virtual.tpl
- remove alias table header and create alias button (which should have
been in list-virtual_alias.tpl)
list-virtual_alias.tpl:
- replace code to generate the alias table with {include 'list.tpl'}
(and some variable assignments)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1777 a1433add-5e2c-0410-b055-b7f2511e0802
- add support for list_header (like ":: Alias" in list-virtual)
PFAHandler:
- add empty default for $msg['list_header']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1776 a1433add-5e2c-0410-b055-b7f2511e0802
- assign(): additionally provide the unsanitized values as RAW_$key
PFAHandler.php:
- document 'html' field type (used for raw html), including a big warning
list.tpl:
- add handling to display raw html fields
This is a preparation to use the status markers with list.tpl without
introducing too big changes.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1775 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct(): replace (wrong) 'editable' with '_can_edit' and '_can_delete'
- read_from_db_postprocess(): disable _can_edit and _can_delete for
default aliases if special_alias_control is off and not superadmin
list.tpl:
- use $item._can_edit instead of $check_alias_owner
list-virtual.php:
- drop $check_alias_owner variable and check_alias_owner() call
(replaced by the code added in AliasHandler)
- drop unused $sql_domain
functions.inc.php:
- delete no longer used check_alias_owner() function
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1774 a1433add-5e2c-0410-b055-b7f2511e0802
User-visible changes:
- alias domain list can be downloaded as CSV
- no more search highlighting for alias domains
list-virtual.php:
- expect $search to be an array
- change alias domain handling to use list.php instead of
list-virtual_alias_domain.tpl, and move some logic from the template
to list-virtual.php. (The template file is kept as list.tpl wrapper.)
- adopt mailbox and alias search to $search[_]
- adopt pagebrowser to $search[_]
list-virtual_alias_domain.tpl:
- replace custom output generation with {include 'list.php'} and some
variable assignments
PFAHandler.php:
- add $this->id_field to $this->msg (avoids another smarty template
variable)
configs/menu.conf:
- change input name to search[_]
list-virtual_alias.tpl, list-virtual_mailbox.tpl:
- adopt to $search[_] by setting $search in a backwards-compatible way
list.tpl:
- add special handling for aliasdomain.target_domain linking
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1773 a1433add-5e2c-0410-b055-b7f2511e0802
- build_select_query(): add support for $search['_'] (searching if one
of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters
functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
only error out if $additional_raw_where is also empty
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct(): Adjust columns to match list-virtual.php layout:
- make 'alias_domain' a link
- move 'active' after 'modified'
- don't display 'created'
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1771 a1433add-5e2c-0410-b055-b7f2511e0802
- add protected $searchfields = array(); - list of fields to search by
default, if just a search term is given. This will be done with
$search['_'], but that code is not implemented yet.
- add $this->msg['show_simple_search'] (true if $searchfields is non-empty)
list.tpl:
- display search input box and search overview only if $searchfields is
not empty
AliasdomainHandler:
- add 'alias_domain' and 'target_domain' to $searchfields
MailboxHandler:
- add 'username' to $searchfields
AliasHandler:
- add 'address' and 'goto' to $searchfields
This effectively means that the search input box is no longer displayed
in list.php for admin, domain and fetchmail listings.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1770 a1433add-5e2c-0410-b055-b7f2511e0802
PFAHandler:
- add $msg['can_create'] (true by default)
DomainHandler:
- set $msg['can_create'] based on is_superadmin
list.tpl:
- display 'create' button only if $msg['can_create'] is true
Note: This is only an optical improvement, not a permission check.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1769 a1433add-5e2c-0410-b055-b7f2511e0802
- set(): if errormsg is set for a field, assume it's invalid (even if
the validator functions did not (or forgot to) return False)
In theory this should never happen, but it's a nice safety net against
programming errors in validator functions that don't have an explicit
return False;
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1768 a1433add-5e2c-0410-b055-b7f2511e0802
- uses list.php and edit.php instead of the fetchmail-specific template
- replaces fetchmail.php and its template
config.inc.php:
- add $CONF['fetchmail_struct_hook']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1762 a1433add-5e2c-0410-b055-b7f2511e0802
- add getPagebrowser() (returns an array of pagebrowser keys)
AliasHandler.php:
- change getList() to work with empty $condition
- add getPagebrowser() to filter out mailboxes
list-virtual.php:
- replace $alias_pagebrowser_query and the create_page_browser() call
with $handler->getPagebrowser()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1757 a1433add-5e2c-0410-b055-b7f2511e0802
- split off build_select_query() from read_from_db() as preparation for
using build_select_query() to generate the pagebrowser query
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1756 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct():
- don't display domain_quota if $CONF[quota] == NO or $CONF[domain_quota] is NO
- drop 'total_quota' column which seems to be unused (and had a non-existing label)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1755 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct():
- link username to domain list
- hide superadmin, domain list and created columns in list view
- add label to domain_count to make it visible in list view
- read_from_db_postprocess(): if user is a superadmin, replace domain
count with "superadmin"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1753 a1433add-5e2c-0410-b055-b7f2511e0802
- add support for 'b64p' fields (passwords stored base64-encoded)
as preparation to migrate fetchmail.php to FetchmailHandler
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1750 a1433add-5e2c-0410-b055-b7f2511e0802
- add $msg['confirm'] (confirmation message when attemping to delete an
item, displayed by list.php)
*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct():
- add optical quota indicators for aliases, mailboxes, domain quota
- some adjustments to get nice output with list.php (mostly following
list-domain.php)
- webformConfig(): switch listview to list.php
configs/menu.conf, templates/adminlistadmin.tpl:
- switch list-domain.php to list.php?table=domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1745 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct: set "display in list" to 1 to allow searching for domain
with list.php (nevertheless, the domain won't be displayed because
it doesn't have a column label set)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1735 a1433add-5e2c-0410-b055-b7f2511e0802
- read_from_db(), getList():
- add $searchmode parameter (_before_ $limit and $offset!) to be able to
use query different query modes, not only "="
- add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
to avoid information leaks by using search parameters
(filter is only applied if $condition is an array!)
functions.inc.php:
- db_where_clause():
- add $additional_raw_where parameter for additional query parameters
- add $searchmode parameter to be able to use query different
query modes, not only "=" (see $allowed_operators)
- check for allowed operators in $searchmode
- split query into WHERE and HAVING (if a parameter has
$struct[select] set, HAVING is used)
list-virtual.php:
- adopt getList() call to the new syntax
AliasHandler:
- adopt getList() definition and call to the new syntax
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802