Commit Graph

2044 Commits (8d2a592aa9c214efa8321f6041737680be1ea335)
 

Author SHA1 Message Date
David Goodwin 3593d23c6f remove undefined variable _SERVER[REQUEST_METHOD] when running from the cli 7 years ago
David Goodwin 772a882c74
Merge pull request #124 from sitilge/master
Password reset  - fix invalid DB query (double backtick)
7 years ago
Martins Eglitis 97f0fa2c3d Fix invalid DB query (double backtick) 7 years ago
David Goodwin 938e7dcb7d
Merge pull request #122 from dryware-fr/patch-1
Typo correction
7 years ago
dryware-fr e4bfae260b
Typo correction
There was a typo in the script, rendering a TCP connection to MySQL or Postgres impossible.
7 years ago
Christian Boltz 75bcf3091b
Fix instructions for templates_c directory in UPGRADE.txt
Also add instructions for SELinux, and fix the version number describing
since when templates_c is used.

Fixes: https://github.com/postfixadmin/postfixadmin/issues/119
7 years ago
Christian Boltz 3bd7ef2b0a
adjust pgsql $row['v_active'] only if vacation is enabled
This avoids an "Undefined index" warning if vacation is disabled.

Fixes: https://github.com/postfixadmin/postfixadmin/issues/118
7 years ago
David Goodwin 9982783481
Merge pull request #117 from mzch/ja_fix
Remove '# XXX'
7 years ago
Koichi MATSUMOTO 70c839cbc6 Remove '# XXX'
Removed '# XXX' comments
7 years ago
David Goodwin a52eeaf020
Merge pull request #116 from mzch/ja_fix
Ja fix
7 years ago
Koichi MATSUMOTO 9aeec2147e Update ja.lang
Update ja.lang with the latest
7 years ago
Koichi MATSUMOTO 9b7cfdf807
Update ja.lang
in progress...
7 years ago
David Goodwin a320b67508 possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL) 7 years ago
Christian Boltz 977f335a0f
Fix quoting in table_by_key()
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
7 years ago
Christian Boltz d04c82fbcb
change default for vacation.activeuntil to 2038
When adding the activeuntil field during the upgrade, it got set to
2000-01-01 which is a bad idea for existing vacation entries - the new
vacation.pl will consider them as outdated.

Introduce a new {DATEFUTURE}, and set the default value for activeuntil
to 2038 (that's the limit in MySQL for 'timestamp' columns, we'll have to
switch to 'datetime' in 20 years ;-)

Note that sqlite doesn't support changing the field default, so sqlite
users will have to live with the wrong default.

Also note that this fix does not change existing vacation entries if you
already have the activeuntil column.

Reported by Christoph Lechleitner on the mailinglist
7 years ago
Christian Boltz ddb94e24ee
rename upgrade_1838_mysql() to upgrade_1839() to keep all databases in sync
better fix for https://github.com/postfixadmin/postfixadmin/issues/89
7 years ago
Christian Boltz 1c0cd61fff
Add texts for password recovery to all languages 7 years ago
Christian Boltz ab666b6b7f
Fix microtime() usage
By default, microtime() returns a string :-/ which unsurprisingly causes
a warning when doing math on it.
7 years ago
Christian Boltz 8fb67e6fbf
Fix broken table names caused by doubled table_by_key() calls
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
7 years ago
David Goodwin a27f80c01d
Merge pull request #113 from er1cs/patch-2
Update upgrade.php
7 years ago
David Goodwin 24b447f8e5
Merge pull request #112 from er1cs/patch-1
Update functions.inc.php
7 years ago
er1cs a4467a7e0b
Update upgrade.php 7 years ago
er1cs 7b8626ca81
Update functions.inc.php
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works.  FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
7 years ago
David Goodwin e478eb8b9f
Merge pull request #110 from Erwane/syslog-ident
#109 : syslog ident set to "vacation"
7 years ago
Breton Erwane 37d4279c52
syslog ident set to "vacation" 7 years ago
David Goodwin 43fb0bde77 log IP address for failed logins as well - see #105 7 years ago
Christian Boltz b06d25de8f
Merge pull request #108 from HLFH/master
favicon within images folder
7 years ago
HLFH 0972df8243 favicon within images folder 7 years ago
David Goodwin 768d29623e patch from https://github.com/bofh16/postfixadmin/blob/master/bg.lang.patch - thanks! 7 years ago
David Goodwin 7afb26fcc8 variables for docker 7 years ago
David Goodwin bdade520f4
Merge pull request #85 from julywind/master
fix invalid value for token_validity
7 years ago
houmingtao 5f1ac12d72 use current time as default token_validity value 7 years ago
David Goodwin 8bd435039b
Merge pull request #92 from leeclemens/feature-91/mysql-ssl
Add support for MySQL connections over SSL
7 years ago
Lee Clemens ebbd9025e4 Add support for MySQL connections over SSL 7 years ago
David Goodwin dbbc40b327 add example docker compose settings 7 years ago
David Goodwin ba47f2df2a update docker entrypoint - require db connection params; default to sqlite; revert to using upgrade.php as we do not need the setup.php checks 7 years ago
David Goodwin 72f32f0b3d
Merge pull request #90 from pbkwee/patch-1
singular correction.  Update en.lang
7 years ago
pbkwee f217524524
Update en.lang
"Your email address or password are not correct".  Message indicates one thing is wrong.  So use is not are.
7 years ago
David Goodwin 5720e73732 + cd docker 7 years ago
David Goodwin a77d08a92c initial Docker readme 7 years ago
David Goodwin 699267a915 fall back to sqlite for docker image 7 years ago
David Goodwin 356ca84144
Merge pull request #64 from J0WI/docker
[WIP] add Dockerfile
7 years ago
David Goodwin 0f09b8c176 _db_add_field() calls table_by_key - so avoid calling it twice ... 7 years ago
David Goodwin 17e347de7f Add id autoincrement field to log table; ought to fix #89 7 years ago
David Goodwin 90d3a0ded7 see #86 - remove unnecessary config user/group 7 years ago
David Goodwin 56e1215994 upgrade.php: output current/target version 7 years ago
root 4670182d79 fix invalid value for token_validity 7 years ago
Christian Boltz fe5e256b6d Merge pull request #79 from Ecodev/harden-password-reset
Harden password reset process
7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 8bb6000072 Merge pull request #60 from Vilican/master
Security fixes
7 years ago