- require token for CSRF protection, see
https://sourceforge.net/p/postfixadmin/bugs/269/
login.php, users/login.php:
- create token and store it in $_SESSION
templates/*:
- add token to all delete.php links
templates/list-virtual_alias_domain.tpl:
- change delete confirmation dialog to contain "from->target"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1564 a1433add-5e2c-0410-b055-b7f2511e0802
- use AdminHandler to find out if the logged in user is a superadmin
- add hint about config.local.php in "unconfigured" warning
- move some lines around to match users/login.php
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1543 a1433add-5e2c-0410-b055-b7f2511e0802
login.php, users/login.php:
- set logintype=admin/user smarty variable
- cleanup: move smarty assignments outside of GET/POST handling - it's
the same for both
users/login.php:
- do not pre-fill username on failed login
templates/login.tpl:
- merge in users_login.tpl
- add some {if} to handle the differences between admin and user login
templates/users_login.tpl:
- deleted
*.lang:
- mark pUsersLogin_username, pUsersLogin_password, pUsersLogin_language
and pUsersLogin_button as obsolete
- add some notes if pLogin_* and pUsersLogin differ
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1137 a1433add-5e2c-0410-b055-b7f2511e0802
- hand over $search to smarty templates
templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl:
- add search result highlighting
templates/list-virtual_mailbox.tpl:
- add search result highlighting
- move output of "Mailbox" / "Forward only" outside the foreach loop
(was displayed once per mailbox alias target)
css/default.css:
- add style for ".searchresult"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
- removed the $CONF['configured'] = 'I_know_the_risk_of_not_deleting_setup.php'
developer hack (no longer needed since setup.php requires a password)
- this also makes index.php redirecting to login.php again (the old check tested
for file_exists(setup.php)...)
common.php:
- removed a superfluous check for $CONF[setup_password] (see mailinglist for details)
config.inc.php:
- removed a small outdated comment
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@640 a1433add-5e2c-0410-b055-b7f2511e0802
- put '<span class="error_msg">' and '</span>' into login.php, not in *.lang
languages/*.lang:
- removed pLogin_username_incorrect and pLogin_password_incorrect texts
- added pLogin_failed to all translations (without the wrapping <span>)
- removed the <span> from pLogin_failed in en.lang and fi.lang
translation-update.sh:
- added "--remove string" option to remove texts from language files
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@550 a1433add-5e2c-0410-b055-b7f2511e0802
functions.inc.php:
- function check_language
- new optional parameter $use_post (needed by login.php)
- check for language cookie
- check for $_POST['lang']
- removed substr() call because it made pt-br translation unuseable
- new function language_selector
- returns a HTML dropdown language selector
- new function safecookie
- similar to safeget, but for cookies
templates/login.php, templates/users_login.php:
- display language selector dropdown
login.php, users/login.php:
- check for selected language
- set cookie if user selected non-default language
languages/language.php: (NEW FILE)
- list of supported languages
- language names taken from phpMyAdmin login form
common.php:
- include languages/language.php
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@280 a1433add-5e2c-0410-b055-b7f2511e0802
- moved admin-only scripts from admin/ to /
- removed all merged files ("require('../$file')") from admin/
- changed include paths - no more admin/superadmin switching needed
- admin_menu.tpl is also gone
- removed all menu.tpl / admin_menu.tpl switches - no more needed
- admin/index.php still exists and redirects to /
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@168 a1433add-5e2c-0410-b055-b7f2511e0802
Note: Developers can use
$CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php'
to avoid deletion of setup.php after every "svn up".
WARNING:
THIS ALLOWS NON-AUTHENTIFICATED USERS TO CREATE SUPERADMIN ACCOUNTS!
Use this setting only on development systems, where the database is not
used by postfix.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@137 a1433add-5e2c-0410-b055-b7f2511e0802