Commit Graph

360 Commits (8f20c96278a694a7e0bb570f1d56c208105e5a14)

Author SHA1 Message Date
David Goodwin cef2ba5598 Merge remote-tracking branch 'origin/master' into feature-try-pdo 6 years ago
Luca e347b4677b
Fix for MySQL 8
The keyword ROW became reserved in MySQL 8.0.2
https://dev.mysql.com/doc/refman/8.0/en/keywords.html#keywords-8-0-detailed-R
6 years ago
David Goodwin 803e2342f8 fix psalm issues; reformat; rename new db functions 6 years ago
David Goodwin 1176c9ce78 reformat; fix some transition bugs 6 years ago
David Goodwin ea33d9951a try migrating to pdo 6 years ago
David Goodwin 8798a65a06 remove db_array() function (not in use); use Config::read_string(..) more 6 years ago
David Goodwin cdacb5697f improve formatting of error message; remove use of db_array (to be removed). 6 years ago
David Goodwin 2ea829eb7a fix postgresql compatability - see #227 6 years ago
David Goodwin b2e814967f try and get working under travis ... 6 years ago
David Goodwin 590c80f0bc add more unit tests; re-enable random_int warning in functions.inc.php for old php versions etc etc 6 years ago
David Goodwin e8acb609c2 reformat 6 years ago
David Goodwin 20b1eb842e fix sqlite display of password expired check for mailboxes 6 years ago
David Goodwin 1dfb03ea32 fix sqlite query for mailbox password_expiry 6 years ago
David Goodwin 4fcdba9cf4 run php-cs-fixer (code reforamt) 6 years ago
David Goodwin 19cda31849 remove psalm warnings from code; fix password_expiry behaviour when enabled/disabled on MySQL 6 years ago
David Goodwin 74002bbf57 psalm fixes 6 years ago
David Goodwin 7408a3b30a fix safepost doc 6 years ago
David Goodwin 69e234f668
Merge pull request #200 from doktoil-makresh/master
Support for password expiration, managed in PostFix Admin
6 years ago
David Goodwin 87472af5ba add Date header into smtp_from(...) function - see #203 6 years ago
David Goodwin b1795ab596 phpdoc 6 years ago
David Goodwin 1e158245d6 try and fix #30 - cope with timestamp and numeric field number comparison better for PostgreSQL. 6 years ago
David Goodwin a8b02cfc05 Default to default values 6 years ago
David Goodwin 77d1b6c2e7 rename sql fields to just have mailbox.password_expiry and domain.password_expiry 6 years ago
Damien Martins 8115d8d047 Reverting unexpected changes 6 years ago
Damien Martins 84533224ba Adds colored indicators for password expired, account disabled and vacation enabled accounts 6 years ago
Damien Martins b33d79125c Merge branch 'master' of github.com:doktoil-makresh/postfixadmin 6 years ago
Damien Martins d809e0fbf7 Adds colored indicators for password expired, account disabled and vacation enabled accounts 6 years ago
Damien Martins 72dddbc93b Adds colored indicators for password expired, account disabled and vacation enabled accounts 6 years ago
Damien Martins ce60b9fa59 Now password expiration is managed through Postfix Admin GUI 6 years ago
Damien Martins e786609aa9 Adding support for password expiration. Please read README.password_expiration for more details 6 years ago
David Goodwin 563b8c7636 phpdoc fixes (psalm) 7 years ago
David Goodwin 318ac048d5 psalm fixes 7 years ago
Aleksi Kinnunen 2df4348f09
Typo fix 7 years ago
Aleksi Kinnunen 48c19a1cbd
Combine encrypt CONF-keys
Went through the old PR #25, updated the encrypt rounds/cost setting to be in the encrypt -configuration key as per suggestion from @cboltz
7 years ago
Aleksi Kinnunen c1b5e66e27
Add missing global
... you should never edit with the GitHub web GUI, lazy me.
7 years ago
Aleksi Kinnunen b676e8337f
Allow empty $CONF['encrypt_difficulty'] for defaults 7 years ago
Aleksi Kinnunen 9c2161a549
Added support for password generation cost/rounds
$CONF["php_crypt_difficulty"], only for php_crypt:BLOWFISH, php_crypt:SHA256 and php_crypt:SHA512
7 years ago
David Goodwin 3754381f0e
Merge pull request #175 from racerxdl/master
'row' is a reserved word in MySQL 8.0
7 years ago
Lucas Teske 11f9680963
'row' is a reserved word in MySQL 8.0 7 years ago
Christian Boltz 2eb5a7ed60
simplify function_exists() checks for random_int()
It's easier to define a compat function than to have function_exists()
checks all over the code.
7 years ago
David Goodwin b4849b8431 bump minimum db version 7 years ago
David Goodwin 4c6bcdbc39 update version 7 years ago
David Goodwin 5b7f4cda48 add phpdoc comments, default php_crypt hash to use SHA512 rather than MD5 7 years ago
David Goodwin 7282928e6d update generate_password() to allow length to be specified; update test 7 years ago
Christian Boltz a3feba7c73
change default for php_crypt to SHA512
(+ a few whitespace changes)
7 years ago
David Goodwin b48f99d4c6 reformat (phpcs) 7 years ago
David Goodwin e7f9d536d9 change default salt method with php_crypt 7 years ago
David Goodwin f543c7d403 use random_int() if available 7 years ago
David Goodwin 7c0cb82be8 use random_int if it is available 7 years ago
snuggeman 11f0ceb615 added php_crypt scheme 7 years ago
David Goodwin 9a07772626 remove commented out echo 7 years ago
Christian Boltz 30c61e81b3
better comment for pacol() parameter 7 years ago
Lucas Teske 50ac4c7597
Fixed "Incorrect integer value: 'Array' for column" error in updates. 7 years ago
David Goodwin d57aa46eb5 remove explode() 7 years ago
David Goodwin 2a1d8daeba remove unused variables 7 years ago
David Goodwin b79ad2ae28 composer format ... 7 years ago
David Goodwin 6446f3f6cc split up pacrypt() into different functions; add some minimal test coverage 7 years ago
David Goodwin 6ed1527497 fix phpdoc 7 years ago
David Goodwin cb34da4f46 phpcs reformat 7 years ago
David Goodwin 43a2493876 remove unused code. 7 years ago
David Goodwin 4dec9cd24e refactor (reduce nesting) 7 years ago
David Goodwin d088651fd6 Drop db_commit(), db_rollback(), db_begin() functions (unused). 7 years ago
David Goodwin 0b66cd6bd2 Do not try to db_escape() an SQL field. 7 years ago
David Goodwin 4e9d166765 use db_assoc() rather than db_array() as we're depending on an assoc array afterall. 7 years ago
David Goodwin 45a1073b97 change to use foreach($a as $k => $v) { ... } 7 years ago
David Goodwin 8ac94394cb improve phpdoc 7 years ago
David Goodwin e2b1233269 Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...) 7 years ago
David Goodwin 5e1855632a allow local aliases - see #134 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
David Goodwin a320b67508 possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL) 7 years ago
Christian Boltz 977f335a0f
Fix quoting in table_by_key()
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
7 years ago
er1cs 7b8626ca81
Update functions.inc.php
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works.  FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
7 years ago
Lee Clemens ebbd9025e4 Add support for MySQL connections over SSL 7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 4b999b3f6b improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73 7 years ago
Sylvain Tissot 9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 7 years ago
Christian Boltz be5fafa9fb
changelog update etc. for 3.1 release 8 years ago
Christian Boltz 64f1593818
revert "support unicode domain names - see #47"
Unicode support is a much bigger can of worms (see the discussion in #47),
and having just a little part of unicode support in is a bad idea.

You can of course use the xn--whatever notation for unicode domains ;-)
8 years ago
David Goodwin a09a3fa3b0 support unicode domain names - see #47 8 years ago
Christian Boltz 88bd9bfd19
drop $db_conn parameter from escape_string()
Connection caching is now done in db_connect() which is a much better
place.

This reverts most of c253ef7dbd
8 years ago
Christian Schrötter 846dcb756c
Remove unnecessary code 8 years ago
Christian Schrötter e28f3f5959
Fix for mysqli_connect() 8 years ago
Christian Schrötter 2dea9fadd4
Remove whitespace 8 years ago
David Goodwin c253ef7dbd allow escape_string() to take a db connection as a parameter; should improve performance when there are a large number of things to escape 8 years ago
Christian Boltz 28703935b3 3.0.2 release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1894 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 16e1407621 db_where_clause(): allow NULL and NOTNULL searchmodes
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1878 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz bbec3e9f0e pacrypt(): allow switching between dovecot:* password schemes
Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.

This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.

Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 6eda18fcde prepare PostfixAdmin 3.0 release
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1861 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 2a6247a6d9 db_connect(): drop unused variable $succes(s)
One of the variable names had a typo [1], and since those variables are
unused, the best way is to drop them.

[1] reported by tfarina, https://github.com/postfixadmin/postfixadmin/issues/15


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1858 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
Christian Boltz 13cdd50d0a Add checks to login.php and cli to ensure database layout is up to date
- add check_db_version() to functions.inc.php
- add $min_db_version (needs to be updated at least before the release)
- call check_db_version in login.php, users/login.php and CLI - they'll
  error out if the database layout is outdated
- change setup.php to use check_db_version()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1853 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz a00e8a811d functions.inc.php:
- check_domain(): someone had the great idea to allow punicode
  even in TLDs, so we better allow it.
  https://sourceforge.net/p/postfixadmin/feature-requests/93/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1839 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz a0151bd5a1 functions.inc.php:
- pacrypt(): don't stripslashes($pw) because this breaks passwords with
  backslashes. This stripslashes() existed since forever, but probably
  became harmful with all the rewrites in the last years.
  https://sourceforge.net/p/postfixadmin/bugs/349/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1838 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 9335232024 functions.inc.php:
- fix db_quota_text() for postgresql (concat() vs. ||)
  https://sourceforge.net/p/postfixadmin/bugs/370/


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1834 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
David Goodwin d3ca74af0d merge github pull request into svn manually - 3e62d3975a - adding configurable smtp helo (CONF["smtp_client"])
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1832 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz b261db86c7 Merge pull request #9 from phyrog/master
Add sqlite backend option (thank you @phyrog for doing this)

(imported from github)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1824 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 129a65b8c5 functions.inc.php:
- gen_show_status(): escape mail addresses in query.
  Fixes https://sourceforge.net/p/postfixadmin/bugs/356/
  (mostly - the edit/delete/... links in list-virtual are double-escaped)
  In theory this could allow SQL injection, in practise the mail address
  regex limits this issue to a DOS (creating a mail address with ' caused
  an invalid query that broke list-virtual)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 9636fe9de3 3.0 beta3 (= 2.93) release - update $version and changelog
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1799 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 5307cfe48a functions.inc.php check_domain():
Measure time needed for the nameserver queries, and error_log a warning
if the queries need more than 2 seconds in total.

Inspired by a question from t-ask on IRC, who suffered from a slow
nameserver and had some "fun" to debug it ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1790 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 3a72203de4 AliasHandler:
- initStruct(): replace (wrong) 'editable' with '_can_edit' and '_can_delete'
- read_from_db_postprocess(): disable _can_edit and _can_delete for
  default aliases if special_alias_control is off and not superadmin

list.tpl:
- use $item._can_edit instead of $check_alias_owner

list-virtual.php:
- drop $check_alias_owner variable and check_alias_owner() call
  (replaced by the code added in AliasHandler)
- drop unused $sql_domain

functions.inc.php:
- delete no longer used check_alias_owner() function



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1774 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc598d0f3f PFAHandler:
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago