The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
- add protected $searchfields = array(); - list of fields to search by
default, if just a search term is given. This will be done with
$search['_'], but that code is not implemented yet.
- add $this->msg['show_simple_search'] (true if $searchfields is non-empty)
list.tpl:
- display search input box and search overview only if $searchfields is
not empty
AliasdomainHandler:
- add 'alias_domain' and 'target_domain' to $searchfields
MailboxHandler:
- add 'username' to $searchfields
AliasHandler:
- add 'address' and 'goto' to $searchfields
This effectively means that the search input box is no longer displayed
in list.php for admin, domain and fetchmail listings.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1770 a1433add-5e2c-0410-b055-b7f2511e0802
- add $msg['confirm'] (confirmation message when attemping to delete an
item, displayed by list.php)
*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct: set "display in list" to 1 to allow searching for domain
with list.php (nevertheless, the domain won't be displayed because
it doesn't have a column label set)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1735 a1433add-5e2c-0410-b055-b7f2511e0802
fix logging - log the domain instead of $this->id
- add protected $domain (used for logging)
- add function domain_from_id()
- http://sourceforge.net/p/postfixadmin/bugs/317/
AliasHandler.php:
- add function domain_from_id()
MailboxHandler.php:
- add function domain_from_id()
- init(): use $this->domain instead of splitting $this-id again
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1684 a1433add-5e2c-0410-b055-b7f2511e0802
- move mailbox_postdeletion() to MailboxHandler
- move domain_postcreation() and domain_postdeletion() to
DomainHandler
- adopt those functions for usage inside the *Handler (replace
print with $this->errormsg etc.)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1579 a1433add-5e2c-0410-b055-b7f2511e0802
- add some _formatted_*() functions to get a more informative output
(currently only used in CLI)
MailboxHandler.php:
- add TODO for reading used quota from quota/quota2 table and adding
a formatted_quota() function
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1573 a1433add-5e2c-0410-b055-b7f2511e0802
- rewrite and simplify delete()
- also cleanup fetchmail, quota and quota2 tables
AliasHandler.php:
- update delete() to match the workflow in other classes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1562 a1433add-5e2c-0410-b055-b7f2511e0802
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class.
This caused a conflict because we have $CONF[transport] and
$PALANG[transport], and Config::read('transport') returned the $PALANG
text.
To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.
model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the
"too static" problem again.
- bool(): display and log an error message if a $CONF option does not
contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects
model/Lang.php:
- deleted
common.php:
- store $PALANG as $CONF[__LANG]
lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
and Config::lang_f()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
- create_mailbox_subfolders(), check_quota():
use class variables instead of parameters
- create_mailbox_subfolders(): remove check for empty $this-id - this can
never happen because it would fail much earlier in the class
- check_quota(), allowed_quota(), mailbox_post_script(),
create_mailbox_subfolders(): mark as protected
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1517 a1433add-5e2c-0410-b055-b7f2511e0802
- new function mailbox_post_script()
- result of merging mailbox_postcreation() and mailbox_postedit(),
replaces those two functions
- drop all parameters, read them from class variables instead
- store warn message in $this->errormsg[] instead of using print
- changed function calls to use mailbox_post_script()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1516 a1433add-5e2c-0410-b055-b7f2511e0802
- check_quota ()
- allowed_quota()
- mailbox_postcreation()
- mailbox_postedit()
- create_mailbox_subfolders()
The code was moved without any changes, except
- added leading whitespace
- removed "TODO: move to MailboxHandler" ;-)
MailboxHandler:
- change function calls for moved functions
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1515 a1433add-5e2c-0410-b055-b7f2511e0802
- make login() a non-static function
- login: use $this->db_table and $this->id_field instead of hardcoded names
users/login.php, xmlrpc.php:
- adopt to now non-static MailboxHandler->login()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1484 a1433add-5e2c-0410-b055-b7f2511e0802
some bugfixes:
- init(): let $domain always base on $this->id (also on $new)
- make mergeId dumber (by removing an error check). This can of course
result in an invalid mail address, but this is handled more gracefully
than an empty $this->id
- updateMaxquota(): use Lang::read_f instead of sprintf
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1469 a1433add-5e2c-0410-b055-b7f2511e0802
- validate_new_id(): store error message in
$this->errormsg[$this->id_field] instead of $this->errormsg[]
- beforestore(): use first array key instead of [0] to match the
change in validate_new_id()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1461 a1433add-5e2c-0410-b055-b7f2511e0802
- check_domain(), check_email(): instead of calling flash_error(),
return string with error message - or empty string if everything is ok
model/AdminHandler.php, model/AliasHandler.php,
model/DomainHandler.php, model/MailboxHandler.php,
sendmail.php, users/edit-alias.php:
- adopt to changed check_domain() and check_email() return value
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1451 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct(): add some comments
- add calledBy() and protected $called_by - calledBy() should be called if one
*Handler class calls another one (to avoid loops etc.)
AliasHandler.php:
- replace $called_by_MailboxHandler / MailboxAliasConfig() with $called_by
(code moved to PFAHandler->calledBy())
MailboxHandler.php:
- beforestore(): update alias active status on edit
(contains some whitespace changes - basically I removed "if ($this->new)"
around most parts of the code)
- use calledBy() instead of MailboxAliasConfig()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1449 a1433add-5e2c-0410-b055-b7f2511e0802
- _field_password(): return true if checks are successful
(without this, an empty password might have ended up in the database!)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1438 a1433add-5e2c-0410-b055-b7f2511e0802