Commit Graph

30 Commits (9aba43ee4894f86383dd3c2cae08f14d2e9956cb)

Author SHA1 Message Date
Christian Boltz 52a7df2b3a Add CSRF protection for POST requests
Add the CSRF token to all forms, and validate it when those forms are
submitted.

https://sourceforge.net/p/postfixadmin/bugs/372/



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1842 a1433add-5e2c-0410-b055-b7f2511e0802
9 years ago
Christian Boltz 619a419611 users/password.php:
- include the username in messages containing %s


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1662 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 6e2e132bac remove "postfixadmin.com" in comments in lots of files
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1558 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago
Christian Boltz 3b7606b654 users/password.php:
- update to use non-static MailboxHandler->login()


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1492 a1433add-5e2c-0410-b055-b7f2511e0802
12 years ago
Christian Boltz 89ffcbf25f smarty.inc.php:
- replace (last) usage of $CONF['postfix_admin_url'] with $rel_path
  (relative path to CSS etc., set to '../' in users/*)

users/*.php:
- set $rel_path to '../'

https://sourceforge.net/tracker/?func=detail&aid=3039042&group_id=191583&atid=937964


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1395 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 56a8d1c52f MailboxHandler:
- start rewrite based on PFAHandler
- add initStruct(), initMsg(), webformConfig(), validate_new_id(), 
  create_allowed()
- drop old __construct() and view()
- replace $this->username with $this->id
- replace check of old password in change_pw() with $this->login 
 
users/password.php:
- adopt to *Handler syntax

scripts/shells/mailbox.php:
- adopt to *Handler view() syntax
- add TODO - maildir column isn't displayed
  
xmlrpc.php:
- adopt to *Handler syntax

Note: as usual, the changes in xmlrpc.php are untested ;-)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1360 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz 69b3df10e4 config.inc.php
- new config option $CONF['password_validation'] - array with regular
  expressions to check if a password is valid/good enough.
  The default configuration enforces:
  - minimum length 5 characters/digits/whatever
  - at least 2 characters
  - at least 2 digits
- removed $CONF['min_password_length'] - it's now handled in /.{5}/ in
  $CONF['password_validation']

functions.inc.php
- new function validate_password to check a given password against
  $CONF['password_validation']
- generate_password: generated password is always 8 chars long
  (instead of $CONF['min_password_length'])

edit-admin.php, users/password.php, edit-mailbox.php, setup.php:
- use validate_password instead of $CONF['min_password_length']

This implements
https://sourceforge.net/tracker/?func=detail&aid=1785513&group_id=191583&atid=937967


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1192 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz e38ba1f7cf users/password.php, edit-admin.php, edit-mailbox.php, *.lang:
- rename $PALANG['pPasswordTooShort'] to $PALANG['password_too_short']

*.lang:
- add $PALANG['password_no_characters'] and $PALANG['password_no_digits']
  (will be used by my next commit)



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1191 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago
Christian Boltz ab636c92e5 Merge password.tpl and users_password.tpl
users/password.php:
- use SESSID_USERNAME instead of USERID_USERNAME to match the smarty
  variable name in the password module for admins
- switch to 'password' template
 
templates/password.tpl:
- display "exit" button if logged in as user
- change form name to something more useful

templates/users_password.tpl:
- deleted


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1140 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
Christian Boltz ceb24297c7 users/edit-alias.php, users/password.php, users/vacation.php, users/login.php:
- replaced tMessage with flash_error() / flash_info()

users/vacation.php:
- set today as default date if vacation start/end date are empty

users/edit-alias.php:
- removed now superfluous code to join multiple tMessage texts with <br>
- removed a </font> that was appended to $PALANG['pEdit_alias_goto_text_error2']

This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF),
https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1085 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
Christian Boltz b89b94cf83 Renamed UserHandler to MailboxHandler to make clear it's about mailboxes
(as discussed with GingerDog on IRC yesterday).
Also renamed user to mailbox in the CLI.

- renamed model/UserHandler.php to MailboxHandler.php
- renamed scripts/shells/user.php to mailbox.php
- replaced UserHandler / user with MailboxHandler / mailbox in various files

- unrelated cleanup: deleted obsolete scripts/models-ext directory


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1019 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
Christian Boltz f8cd54a468 variables.inc.php:
- cleanup: move some vars to password.php and users/password.php
- drop $pPassword_admin_text - was always empty

password.php, users/password.php:
- init $pPassword_password_text and $pPassword_password_current_text
  (previously in variables.inc.php)

templates/password.tpl, templates/users_password.tpl:
- drop $pPassword_admin_text - was always empty

These changes should also fix some undefined variable warnings reported 
by makomi on IRC.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1004 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
Christian Boltz 9c5084af04 model/UserHandler.php: fix verifying old password in change_pw()
- if you want to verify the old password, you should compare it against 
  the OLD and not the NEW password ;-)
- fix database calls

In other words: changing the password in users/password.php works again ;-)

users/password.php:
- switch from obsolete change_pass() to change_pw()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@916 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
Christian Boltz 4c912f1da8 list-virtual.php:
- hand over $search to smarty templates

templates/list-virtual_alias.tpl, templates/list-virtual_alias_domain.tpl:
- add search result highlighting

templates/list-virtual_mailbox.tpl:
- add search result highlighting
- move output of "Mailbox" / "Forward only" outside the foreach loop
  (was displayed once per mailbox alias target)

css/default.css:
- add style for ".searchresult"



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@868 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago
Sebastian 9ddf15439f - fix some display errors after rev. 788, found and patch supplied by Jan-Kruis, thx.
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@791 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
Sebastian b1287d97e2 - big merge of Postfixadmin smarty into trunk
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@757 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago
David Goodwin 0fcfd2e5ab users/password.php: fix minor typo
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@679 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
David Goodwin e0aa21917a users/password.php: no need to escape strings - should be in the model layer - fix broken auth check
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@602 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
David Goodwin 25ad930215 password.php: fix use of UserHandler... - see http://pastebin.com/m159f0726
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@601 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
David Goodwin 53182c4922 refactoring of users (most app logic is now in /model)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@575 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
Christian Boltz 11c39af699 - added/fixed vim: lines to nearly all *.php files (exception: templates/*)
(ts=3 or ts=4 depending on the file content)
- several whitespace fixes
- (no code changes)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@566 a1433add-5e2c-0410-b055-b7f2511e0802
16 years ago
Christian Boltz 40045401d3 users/password.php:
- fixed syntax error
  https://sourceforge.net/tracker/index.php?func=detail&aid=1852533&group_id=191583&atid=937964
- use correct string for "password too short" message 
  (see r270 commit message)

en.lang:
- added usage comment on PALANG['pPasswordTooShort']


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@275 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
David Goodwin 595ee7d37a users/password.php: add password length checking (thought I had already committed this!) (cboltz: what is the right string to use in the error message?)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@270 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
David Goodwin 39953d029d rename templates to .php instead of .tpl
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@250 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
Christian Boltz 29b143bee9 users/password.php
- merged GET and POST code
- make cancel button working
- redirect to main page on success
- displaying success note with flash_info()

templates/users_password.tpl:
- rename cancel button to fCancel to make it work

users/vacation.php
- redirect to main page on success
- displaying success note with flash_info()
- merge GET and POST code


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@213 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
David Goodwin dc51d62e15 update license headers
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@107 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
David Goodwin 075d15b4b1 db_log patch from amsys - make db logging translatable
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@90 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
David Goodwin 377daa201d spelling tpyo fix (s/succes/success/)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@83 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
David Goodwin cf5b117aa5 admin/*, users/* - code refactoring
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@67 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago
Mischa Peters 85dc57beee Initial Import in SourceForge
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1 a1433add-5e2c-0410-b055-b7f2511e0802
18 years ago