The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
- add support for list_header (like ":: Alias" in list-virtual)
PFAHandler:
- add empty default for $msg['list_header']
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1776 a1433add-5e2c-0410-b055-b7f2511e0802
- assign(): additionally provide the unsanitized values as RAW_$key
PFAHandler.php:
- document 'html' field type (used for raw html), including a big warning
list.tpl:
- add handling to display raw html fields
This is a preparation to use the status markers with list.tpl without
introducing too big changes.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1775 a1433add-5e2c-0410-b055-b7f2511e0802
User-visible changes:
- alias domain list can be downloaded as CSV
- no more search highlighting for alias domains
list-virtual.php:
- expect $search to be an array
- change alias domain handling to use list.php instead of
list-virtual_alias_domain.tpl, and move some logic from the template
to list-virtual.php. (The template file is kept as list.tpl wrapper.)
- adopt mailbox and alias search to $search[_]
- adopt pagebrowser to $search[_]
list-virtual_alias_domain.tpl:
- replace custom output generation with {include 'list.php'} and some
variable assignments
PFAHandler.php:
- add $this->id_field to $this->msg (avoids another smarty template
variable)
configs/menu.conf:
- change input name to search[_]
list-virtual_alias.tpl, list-virtual_mailbox.tpl:
- adopt to $search[_] by setting $search in a backwards-compatible way
list.tpl:
- add special handling for aliasdomain.target_domain linking
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1773 a1433add-5e2c-0410-b055-b7f2511e0802
- build_select_query(): add support for $search['_'] (searching if one
of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters
functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
only error out if $additional_raw_where is also empty
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
- add protected $searchfields = array(); - list of fields to search by
default, if just a search term is given. This will be done with
$search['_'], but that code is not implemented yet.
- add $this->msg['show_simple_search'] (true if $searchfields is non-empty)
list.tpl:
- display search input box and search overview only if $searchfields is
not empty
AliasdomainHandler:
- add 'alias_domain' and 'target_domain' to $searchfields
MailboxHandler:
- add 'username' to $searchfields
AliasHandler:
- add 'address' and 'goto' to $searchfields
This effectively means that the search input box is no longer displayed
in list.php for admin, domain and fetchmail listings.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1770 a1433add-5e2c-0410-b055-b7f2511e0802
PFAHandler:
- add $msg['can_create'] (true by default)
DomainHandler:
- set $msg['can_create'] based on is_superadmin
list.tpl:
- display 'create' button only if $msg['can_create'] is true
Note: This is only an optical improvement, not a permission check.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1769 a1433add-5e2c-0410-b055-b7f2511e0802
- set(): if errormsg is set for a field, assume it's invalid (even if
the validator functions did not (or forgot to) return False)
In theory this should never happen, but it's a nice safety net against
programming errors in validator functions that don't have an explicit
return False;
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1768 a1433add-5e2c-0410-b055-b7f2511e0802
- add getPagebrowser() (returns an array of pagebrowser keys)
AliasHandler.php:
- change getList() to work with empty $condition
- add getPagebrowser() to filter out mailboxes
list-virtual.php:
- replace $alias_pagebrowser_query and the create_page_browser() call
with $handler->getPagebrowser()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1757 a1433add-5e2c-0410-b055-b7f2511e0802
- split off build_select_query() from read_from_db() as preparation for
using build_select_query() to generate the pagebrowser query
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1756 a1433add-5e2c-0410-b055-b7f2511e0802
- add support for 'b64p' fields (passwords stored base64-encoded)
as preparation to migrate fetchmail.php to FetchmailHandler
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1750 a1433add-5e2c-0410-b055-b7f2511e0802
- add $msg['confirm'] (confirmation message when attemping to delete an
item, displayed by list.php)
*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
- read_from_db(), getList():
- add $searchmode parameter (_before_ $limit and $offset!) to be able to
use query different query modes, not only "="
- add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
to avoid information leaks by using search parameters
(filter is only applied if $condition is an array!)
functions.inc.php:
- db_where_clause():
- add $additional_raw_where parameter for additional query parameters
- add $searchmode parameter to be able to use query different
query modes, not only "=" (see $allowed_operators)
- check for allowed operators in $searchmode
- split query into WHERE and HAVING (if a parameter has
$struct[select] set, HAVING is used)
list-virtual.php:
- adopt getList() call to the new syntax
AliasHandler:
- adopt getList() definition and call to the new syntax
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802
- add $this->label_field and $this->label (defaults to $this->id_field
and $this->id) to allow nicer messages
- use $this->label in various messages
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1729 a1433add-5e2c-0410-b055-b7f2511e0802
Add $can_edit and $can_delete flags. This makes it possible to make
some, but not all items non-editable or non-deletable (based on a
database column/query or read_from_db_postprocess())
- add $can_edit and $can_delete
- after initStruct, check if $struct contains _can_edit and _can_delete.
If not, fill with default values (allowed)
- init(): set $this->can_edit and $this->can_delete (only in view/edit mode)
- set(): abort if !$this->can_edit
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1716 a1433add-5e2c-0410-b055-b7f2511e0802
- automatically skip quot, vnum and vtxt fields in store()
(as if dont_write_to_db == 1)
- document new field types vtxt and quot and mark field types that will
never be stored in db
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1713 a1433add-5e2c-0410-b055-b7f2511e0802
- add validation for "enma" field type - list of options, must be given
in column "options" as associative array (value => displayed value)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1711 a1433add-5e2c-0410-b055-b7f2511e0802
- displays the database scheme (for usage in upgrade.php)
PFAHandler:
- add "Scheme" to the list of available tasks
postfixadmin-cli.php:
- add "scheme" to help
This is the first patch of a series sponsored by
Bund der Deutschen Landjugend (german rural youth)
http://bdl.landjugend.info/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1710 a1433add-5e2c-0410-b055-b7f2511e0802
fix logging - log the domain instead of $this->id
- add protected $domain (used for logging)
- add function domain_from_id()
- http://sourceforge.net/p/postfixadmin/bugs/317/
AliasHandler.php:
- add function domain_from_id()
MailboxHandler.php:
- add function domain_from_id()
- init(): use $this->domain instead of splitting $this-id again
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1684 a1433add-5e2c-0410-b055-b7f2511e0802
- use prefill values from $_SESSION (if not provided in GET/POST)
- remember prefill values for next usage of the form
list-virtual.php
- set prefill values for edit.php
PFAHandler.php:
- let prefill() store the value in $struct if no prefill_$field()
function exists
This fixes the remaining parts of
http://sourceforge.net/p/postfixadmin/bugs/298/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1594 a1433add-5e2c-0410-b055-b7f2511e0802