Commit Graph

41 Commits (938d71758a54f5bdd538930a6a23e6862130ce56)

Author SHA1 Message Date
Christian Boltz 24ad5cc3d8
Set $reset_by_sms even if password reset is disabled
... to avoid an "undefined variable" warning
7 years ago
Christian Boltz 3f1866d041
display phone number field only if $CONF[sms_send_function] is set
Without a way to send a SMS, asking users for their mobile number is
pointless.
7 years ago
Christian Boltz d2588a4de2
Fix phpcs whitespace breakage in initStruct etc. 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
houmingtao 5f1ac12d72 use current time as default token_validity value 7 years ago
root 4670182d79 fix invalid value for token_validity 7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
Sylvain Tissot 9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 7 years ago
Christian Boltz dd43f12e9b delete list-admin.php and its template, use list.php instead
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1754 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz add12b9fb4 AdminHandler.php:
- initStruct():
  - link username to domain list
  - hide superadmin, domain list and created columns in list view
  - add label to domain_count to make it visible in list view
- read_from_db_postprocess(): if user is a superadmin, replace domain
  count with "superadmin"



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1753 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz cc2b157d59 *Handler:
- add $msg['confirm'] (confirmation message when attemping to delete an
  item, displayed by list.php)

*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
10 years ago
Christian Boltz 79274dcedf AdminHandler:
- clear some TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1583 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 20d1ffcafc functions.inc.php:
- new function db_pgsql() to replace lots of
  "if ($CONF[database_type] == 'pgsql')) checks
- delete unused function boolconf()

several files:
- use db_pgsql() instead of checking $CONF[database_type]



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1582 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 60297e483c *.lang:
- rename pAdminCreate_admin_username_text to email_address
- rename pAdminEdit_admin_super_admin to super_admin

AdminHandler.php - initStruct(): 
- adopt to the renamed $PALANG texts
- remove some TODOs
- whitespace changes

setup.php, adminlistadmin.tpl:
- adopt to the renamed $PALANG texts


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1580 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 508d05e1ed AdminHandler.php, AdminpasswordHandler.php:
- initMsg(): better texts for error_already_exists and error_does_not_exist 

*.lang:
- rename pAdminCreate_admin_username_text_error2 to admin_already_exists
  and change the text
- add admin_does_not_exist



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1565 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 2f26624ceb DomainHandler.php, AdminHandler.php:
- implement delete()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1560 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 1b74926afb PFAHandler, *Handler:
- rename _field_$field() to _validate_$field() to make the function name
  more obvious
 


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1555 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 4d9a338eb2 After hunting an "undefined index transport" error in list-domain, I
found out that the 'Config' class is too static - it shares its static
data with the 'Lang' child class. 

This caused a conflict because we have $CONF[transport] and 
$PALANG[transport], and Config::read('transport') returned the $PALANG 
text.

To fix this, all texts are now stored as $CONF[__LANG].
I also dropped the 'Lang' class.


model/Config.php:
- mark the 'Config' class as final to ensure we don't trap into the 
  "too static" problem again.
- bool(): display and log an error message if a $CONF option does not
  contain YES or NO (that would have uncovered this bug much earlier)
- add lang() and lang_f() wrapper functions to get $PALANG texts
- remove unused $__cache and $__objects

model/Lang.php:
- deleted

common.php:
- store $PALANG as $CONF[__LANG]

lots of files:
- replace Lang::read() and Lang::read_f() calls with Config::lang()
  and Config::lang_f()




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1536 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 08c9b4e49f *.lang:
- renamed some $PALANG texts:
  - pOverview_button => go
  - pOverview_mailbox_name => name
  - pSendmail_admin => from
  - pAdminEdit_admin_username => admin
  - pEdit_alias_goto => to 
- deleted obsolete or duplicate $PALANG texts:
  - pOverview_alias_goto
  - pCreate_alias_goto
  - pEdit_alias_button
  - pEdit_mailbox_name
  - pEdit_mailbox_button
  - pViewlog_username
  - pViewlog_button
  - pAdminList_admin_username
  - pAdminList_virtual_button
  - pAdminList_virtual_alias_address
  - pAdminList_virtual_alias_goto
  - pAdminList_virtual_mailbox_name
  - pAdminEdit_domain_button
  - pAdminEdit_admin_button
  - pBroadcast_from
  - pBroadcast_send

model/*, setup.php, templates/*, users/edit-alias.php:
- update to use the renamed $PALANG texts


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1513 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 76f66ac8db *.lang:
- rename some $PALANG variables once more because smarty breaks when
  using "-"
  - add-alias => add_alias
  - add-alias-domain => add_alias_domain
  - add-mailbox => add_mailbox
  - email-address-already-exists => email_address_already_exists
  - change-password => change_password
  - password-again => password_again

model/*, setup.php, templates/*
- update to use the changed $PALANG variables


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1511 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 9c0004a431 *.lang:
- rename various $PALANG texts:
  - pMenu_create_alias => add-alias
  - pMenu_create_alias_domain => add-alias-domain
  - pMenu_create_mailbox => add-mailbox
  - pOverview_get_mailboxes => mailboxes
  - pPassword_button => change-password
  - pAdminList_domain_description => description
  - pAdminList_domain_aliases => aliases
  - pAdminEdit_domain_transport => transport
  - pAdminEdit_admin_password2 => password-again
- remove duplicate or unused $PALANG texts:
  - pOverview_alias_alias_count
  - pOverview_alias_mailbox_count
  - pOverview_get_aliases
  - pCreate_alias_domain_button
  - pCreate_alias_welcome
  - pCreate_alias_button
  - pCreate_mailbox_password2
  - pCreate_mailbox_quota_text_error
  - pCreate_mailbox_button
  - pAdminMenu_viewlog
  - pAdminMenu_create_alias
  - pAdminMenu_create_mailbox
  - pAdminList_domain_mailboxes
  - pAdminList_domain_transport
  - pAdminList_virtual_welcome
  - pAdminList_virtual_alias_alias_count
  - pAdminList_virtual_alias_mailbox_count
  - pAdminList_virtual_mailbox_username
  - pAdminList_virtual_mailbox_quota
  - pAdminEdit_domain_description
  - pAdminEdit_domain_aliases
  - pAdminEdit_domain_mailboxes
  - pAdminEdit_domain_mailboxes_text
  - pUsersMenu_password

model/*, seetup.php, templates/*
- use changed $PALANG texts


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1510 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 80591f97bc *.lang:
- add $PALANG['password'] to replace duplicate texts
  -$PALANG['pLogin_password']
  -$PALANG['pCreate_mailbox_password']
  -$PALANG['pAdminEdit_admin_password']
- set $PALANG['pFetchmail_field_src_password']= $PALANG['password']; 
  (needed until fetchmail is migrated into FetchmailHandler)

model/*, setup.php, templates/*:
- use $PALANG['password'] everywhere	  


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1504 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz a1646f84b6 *.lang:
- add $PALANG['active'] = 'Active' to replace various duplicates:
  -$PALANG['pOverview_alias_active']
  -$PALANG['pOverview_alias_domain_active']
  -$PALANG['pOverview_mailbox_active']
  -$PALANG['pCreate_alias_active']
  -$PALANG['pEdit_alias_active']
  -$PALANG['pCreate_mailbox_active']
  -$PALANG['pAdminList_admin_active']
  -$PALANG['pAdminList_domain_active']
  -$PALANG['pAdminList_virtual_mailbox_active']
  -$PALANG['pAdminEdit_domain_active']
  -$PALANG['pAdminEdit_admin_active']

model/*, templates/*:
- use $PALANG['active'] everywhere


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1503 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz bf0a5c02f4 *.lang:
- add $PALANG['domain'] = 'Domain'; which replaces duplicate texts:
  -$PALANG['pOverview_get_domain']
  -$PALANG['pViewlog_domain']
  -$PALANG['pAdminList_admin_domain']
  -$PALANG['pAdminList_domain_domain']
  -$PALANG['pAdminEdit_domain_domain']
  -$PALANG['pAdminCreate_admin_address']

model/*, templates/*:
- update to use $PALANG['domain']  


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1502 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz fcee414740 *.lang and various other files:
- rename $PALANG['pAdminList_domain_modified'] to $PALANG['last_modified']


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1500 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 9af5a5cc03 *Handler.php:
- set $db_table and $id_field in the class, not inside initStruct()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1483 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 61dfcb9192 AdminHandler.php:
- implement delete()   (untested!)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1456 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 871bcbbe2f functions.inc.php:
- check_domain(), check_email(): instead of calling flash_error(),
  return string with error message - or empty string if everything is ok

model/AdminHandler.php, model/AliasHandler.php,
model/DomainHandler.php, model/MailboxHandler.php,
sendmail.php, users/edit-alias.php:
- adopt to changed check_domain() and check_email() return value


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1451 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 227eca6faf PFAHandler.php:
- introduce public array $infomsg[] (for success messages)
- store(): write successmessage to $this->infomsg[]

edit.php:
- display $handler->infomsg instead of hardcoded success message

AdminHandler.php, AliasHandler.php, AliasdomainHandler.php,
DomainHandler.php, MailboxHandler.php:
- move successmsg from webformConfig() to initMsg()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1428 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz d17fb42cde AdminHandler.php:
- initStruct():
  - pgsql doesn't support group_concat, so we need a database-dependent
    query to list the domains :-/
  - change some "..." to '...' to make them pgsql-compatible


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1393 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 232cee9d5f PFAHandler:
- make PFAHandler an "abstract class"
- add functions that must be implemented by every *Handler class
  as abstract functions:
  - abstract protected function initStruct();
  - abstract protected function initMsg();
  - abstract public function webformConfig();
  - abstract protected function validate_new_id();
- lots of additional comments

AdminHandler, AliasdomainHandler, DomainHandler, MailboxHandler:
- remove comments that are now in PFAHandler


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1385 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz ca8c27ae93 AliasHandler.php:
- initStruct(): add 'editable' virtual field
- add various comments

AdminHandler.php:
- add some comments


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1382 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz b58d398cf2 AdminHandler:
- initStruct(): add explanation what "superadmin" means
  https://sourceforge.net/tracker/?func=detail&aid=1865123&group_id=191583&atid=937964


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1366 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 306c5a9688 PFAHandler:
- add function compare_password_fields() - compares if two fields contain
  the same password (based on _field_password2() from AdminHandler)
  and use pEdit_mailbox_password_text_error as error message because it
  doesn't contain "... or empty"

AdminHandler:
- replace _field_password2() with a call to $this->compare_password_fields()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1361 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz d39a802d00 AliasHandler now works with edit.php in many cases
(TODO: catchall handling, mailbox and vacation aliases)

AliasHandler.php
- drop unused $username
- set $domain_field
- initStruct():
  - use correct labels
  - set 'domain' field options to allowed domains
  - add (virtual) 'localpart' field
  - add comments for more virtual fields
- add webformConfig() (note: modifies $struct on $new - otherwise we 
  couldn't use the domain dropdown in the web interface)
- add mergeId to merge localpart and domain to address (called by 
  edit.php _before_ ->init)
- add validate_new_id() (doesn't work for catchall yet)
- add setmore() to 
  - fill 'domain' based on 'address'
  - convert $values[goto] from array to comma-separated string
- add read_from_db_postprocess to split goto to an array
  (TODO: handling of mailbox and vacation aliases)
- add _field_goto() validator
- add empty, commented dummy delete() that will replace the "old" 
  delete function one day
- make hasAliasRecord() private (only used internally)
- mark all "old" functions as obsolete

edit.php:
- add handling of txtl field (convert textarea to array)
- call $handler->mergeId if $id_field is editable, but not displayed 
  in form (usecase: merge localpart + domain to address)

editform.tpl:
- add handling of txtl fields (textarea, filled by array)

PFAHandler.php:
- add setmore() hook function - runs at the end of set()

AdminHandler.php:
- add a comment for 'txtl' (array of one line texts, like alias goto)




git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1311 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 18b8564b64 Make $struct in the *Handler classes customizeable
config.inc.php:
- add $CONF['*_struct_hook'] to modify $struct in the *Handler classes

PFAHandler.php:
- call $CONF['*_struct_hook'] hook

AdminHandler.php, AliasdomainHandler.php, DomainHandler.php:
- remove now outdated TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1303 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 6eb7e9f794 PFAHandler.php:
- encrypt passwords ("pass" fields) with pacrypt()

AdminHandler.php:
- update/remove various TODO notes


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1302 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz ee33647232 setup.php
- add rewritten function create_admin() (now using AdminHandler, 
  which means 25 instead of 80 lines)
- various follow-up changes to match the rewritten function create_admin()

functions.inc.php:
- delete function create_admin() - setup.php was the last file calling it
- honor POSTFIXADMIN_SETUP in authentification_get_username() to avoid
  a redirect to login.php after creating an admin with setup.php and to
  get "SETUP.PHP" for db_log()

model/AdminHandler.php:
- add TODO: implement generate_password


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1301 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 23c08bc02e PFAHandler.php:
- store unchecked input values given to set() in $this->RAWvalues before
  running the validation functions. This is needed to make comparing 
  password and password2 possible.
  (uppercase RAW intentional to make usage harder - hopefully hard enough
  to give everybody who wants to use it some time to think over secure
  programming when working with unchecked input ;-)

AdminHandler.php:
- compare password and password2

This commit means AdminHandler is complete :-)

(Note: db_log can't handle the admin-related log actions yet.)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1297 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 300f096025 AdminHandler.php:
- add empty no_domain_field() to disable default die() from PFAHandler
- $struct: 
  - changed 'superadmin' to normal bool field (+ TODO note)
  - changed 'password2' to be an alias of password in SELECT
  - init 'domains' default with array() and options with list_domains(),
- storemore():
  - implement storing domains in domain_admins table
  - implement storing ALL in domain_admins table for superadmins to 
    keep the database backwards-compatible with 2.3.x for now
- add read_from_db_postprocess() to convert the domains list to an array

This makes AdminHandler working with edit.php?table=admin
(Some fine-tuning at various places/files is still missing.)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1291 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 36e31b9e23 AdminHandler.php (new file):
- Handler for admins
- list mode works
- edit mode not implemented yet


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1281 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago