- new config option $CONF['password_validation'] - array with regular
expressions to check if a password is valid/good enough.
The default configuration enforces:
- minimum length 5 characters/digits/whatever
- at least 2 characters
- at least 2 digits
- removed $CONF['min_password_length'] - it's now handled in /.{5}/ in
$CONF['password_validation']
functions.inc.php
- new function validate_password to check a given password against
$CONF['password_validation']
- generate_password: generated password is always 8 chars long
(instead of $CONF['min_password_length'])
edit-admin.php, users/password.php, edit-mailbox.php, setup.php:
- use validate_password instead of $CONF['min_password_length']
This implements
https://sourceforge.net/tracker/?func=detail&aid=1785513&group_id=191583&atid=937967
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1192 a1433add-5e2c-0410-b055-b7f2511e0802
functions.inc.php:
- create_admin(): use db_insert instead of INSERT queries
(this includes automatic escaping of all values)
create-admin.php:
- use safepost instead of isset($_POST[...])
- don't escape_string post values - it's done inside create_admin now
- remove superfluous emptying of empty $tDomains for GET
- allow htmlentities-escaping for pAdminCreate_admin_username_text
- some whitespace / linebreak changes
setup.php:
- load config.inc.php only once (loading it twice will break if custom
hook functions exist in config.*.php - "can't redefine function ...")
- use safepost instead of isset($_POST[...])
- don't escape_string post values - it's done inside create_admin now
- escape $tUsername with htmlentities() instead of escape_string
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1190 a1433add-5e2c-0410-b055-b7f2511e0802
- hand over $search to smarty templates
templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl:
- add search result highlighting
templates/list-virtual_mailbox.tpl:
- add search result highlighting
- move output of "Mailbox" / "Forward only" outside the foreach loop
(was displayed once per mailbox alias target)
css/default.css:
- add style for ".searchresult"
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
- added form to create setup password hash. It will be displayed if
a) no setup password is defined yet
b) the "lost password" link was clicked
- moved checks for empty and too short passwort into check_setup_password()
- added an optional $lostpw_mode parameter to check_setup_password() which
causes slightly different behaviour (enforces generation of new hash, even
if the password would match)
- changed check_password_setup() return value to array($error, $message)
- moved displaying $tMessage above the form - it is more useful there.
- removed "see config.inc.php" notice from password field in "create superadmin"
form - this hint doesn't help much with the hashed password ;-)
- TODO: The if statements to decide which form to display is quite difficult
(and will become unreadable in case we need another form ;-)
We should think about a better way to select the form to display...
(maybe flash_error / flash_info + redirect?)
upgrade.php:
- added missing <p> tag
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@648 a1433add-5e2c-0410-b055-b7f2511e0802
- setup_password is now checked against a hashed value instead of plain text
- setup.php will display the hash value of the entered password if it
doesn't match - copy&paste ready to include in config.inc.php.
No need to compute the password hash yourself ;-)
- see generate_setup_password_salt(), encrypt_setup_password() and
check_setup_password() for details how the password hashing works.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@629 a1433add-5e2c-0410-b055-b7f2511e0802
- remove "define('POSTFIXADMIN', 1)" and inclusion of en.lang - this is
already done by common.php (used since r616).
This fixes a "already defined" warning.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@623 a1433add-5e2c-0410-b055-b7f2511e0802
- added check for multibyte string extension (mb_encode_mimeheader)
- added note that Apache version check failure can be ignored if another
webserver is used
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@268 a1433add-5e2c-0410-b055-b7f2511e0802
- completely reworked HTML code in setup.php
- moved admin creation code from create_admin.php to functions.php,
function create_admin
- several related changes in functions.inc.php:
- use table_by_key() directly instead of the cached variables (which
are empty if config.inc.php was not read before functions.php)
- add an additional (optional) parameter $setup to db_connect, changed
many die(msg) calls to $error_message .= msg.
If $setup is given, the return value is array($link, $error_text)
instead of $link
- db_connect now checks for invalid $CONF['database_type']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@135 a1433add-5e2c-0410-b055-b7f2511e0802