Commit Graph

284 Commits (94fff02d396a2505d1046780d8a64613504c9a80)

Author SHA1 Message Date
David Goodwin 82f9db0535 composer format 5 years ago
David Goodwin 62eac78541 cope with password_validation not being in config 5 years ago
David Goodwin c65a99ce2d change row to r everywhere; see : https://sourceforge.net/p/postfixadmin/discussion/676076/thread/616c1d25/?limit=25#7da0 - hopefully removing "row" which might be a reserved keyword for some databases etc 5 years ago
David Goodwin fb671e6166 fix page browser test for sqlite; see #87 and #161
(not tests/CreatePageBrowserTest.php)
5 years ago
Christian Schrötter ce65c48238
Fix missing SSL at persistent MySQLi reconnect 6 years ago
David Goodwin 477ede0175 stop undefined index errors with show_vacation and show_disabled 6 years ago
David Goodwin d9326a1f38 remove show_expired code from 3.2 branch - see #235 6 years ago
David Goodwin 9d31639eef fix postgresql compatability - see #227 6 years ago
Luca 885bad949d Fix for MySQL 8
The keyword ROW became reserved in MySQL 8.0.2
https://dev.mysql.com/doc/refman/8.0/en/keywords.html#keywords-8-0-detailed-R
6 years ago
David Goodwin 96d64d9317 try and fix #30 - cope with timestamp and numeric field number comparison better for PostgreSQL. 6 years ago
David Goodwin 8196a063a5 add Date header into smtp_from(...) function - see #203 6 years ago
David Goodwin 3754381f0e
Merge pull request #175 from racerxdl/master
'row' is a reserved word in MySQL 8.0
7 years ago
Lucas Teske 11f9680963
'row' is a reserved word in MySQL 8.0 7 years ago
Christian Boltz 2eb5a7ed60
simplify function_exists() checks for random_int()
It's easier to define a compat function than to have function_exists()
checks all over the code.
7 years ago
David Goodwin b4849b8431 bump minimum db version 7 years ago
David Goodwin 4c6bcdbc39 update version 7 years ago
David Goodwin 5b7f4cda48 add phpdoc comments, default php_crypt hash to use SHA512 rather than MD5 7 years ago
David Goodwin 7282928e6d update generate_password() to allow length to be specified; update test 7 years ago
Christian Boltz a3feba7c73
change default for php_crypt to SHA512
(+ a few whitespace changes)
7 years ago
David Goodwin b48f99d4c6 reformat (phpcs) 7 years ago
David Goodwin e7f9d536d9 change default salt method with php_crypt 7 years ago
David Goodwin f543c7d403 use random_int() if available 7 years ago
David Goodwin 7c0cb82be8 use random_int if it is available 7 years ago
snuggeman 11f0ceb615 added php_crypt scheme 7 years ago
David Goodwin 9a07772626 remove commented out echo 7 years ago
Christian Boltz 30c61e81b3
better comment for pacol() parameter 7 years ago
Lucas Teske 50ac4c7597
Fixed "Incorrect integer value: 'Array' for column" error in updates. 7 years ago
David Goodwin d57aa46eb5 remove explode() 7 years ago
David Goodwin 2a1d8daeba remove unused variables 7 years ago
David Goodwin b79ad2ae28 composer format ... 7 years ago
David Goodwin 6446f3f6cc split up pacrypt() into different functions; add some minimal test coverage 7 years ago
David Goodwin 6ed1527497 fix phpdoc 7 years ago
David Goodwin cb34da4f46 phpcs reformat 7 years ago
David Goodwin 43a2493876 remove unused code. 7 years ago
David Goodwin 4dec9cd24e refactor (reduce nesting) 7 years ago
David Goodwin d088651fd6 Drop db_commit(), db_rollback(), db_begin() functions (unused). 7 years ago
David Goodwin 0b66cd6bd2 Do not try to db_escape() an SQL field. 7 years ago
David Goodwin 4e9d166765 use db_assoc() rather than db_array() as we're depending on an assoc array afterall. 7 years ago
David Goodwin 45a1073b97 change to use foreach($a as $k => $v) { ... } 7 years ago
David Goodwin 8ac94394cb improve phpdoc 7 years ago
David Goodwin e2b1233269 Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...) 7 years ago
David Goodwin 5e1855632a allow local aliases - see #134 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
David Goodwin a320b67508 possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL) 7 years ago
Christian Boltz 977f335a0f
Fix quoting in table_by_key()
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
7 years ago
er1cs 7b8626ca81
Update functions.inc.php
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works.  FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
7 years ago
Lee Clemens ebbd9025e4 Add support for MySQL connections over SSL 7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin 4b999b3f6b improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73 7 years ago
Sylvain Tissot 9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 7 years ago