I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works. FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
Unicode support is a much bigger can of worms (see the discussion in #47),
and having just a little part of unicode support in is a bad idea.
You can of course use the xn--whatever notation for unicode domains ;-)
Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.
This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.
Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
- add check_db_version() to functions.inc.php
- add $min_db_version (needs to be updated at least before the release)
- call check_db_version in login.php, users/login.php and CLI - they'll
error out if the database layout is outdated
- change setup.php to use check_db_version()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1853 a1433add-5e2c-0410-b055-b7f2511e0802
- gen_show_status(): escape mail addresses in query.
Fixes https://sourceforge.net/p/postfixadmin/bugs/356/
(mostly - the edit/delete/... links in list-virtual are double-escaped)
In theory this could allow SQL injection, in practise the mail address
regex limits this issue to a DOS (creating a mail address with ' caused
an invalid query that broke list-virtual)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802
Measure time needed for the nameserver queries, and error_log a warning
if the queries need more than 2 seconds in total.
Inspired by a question from t-ask on IRC, who suffered from a slow
nameserver and had some "fun" to debug it ;-)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1790 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct(): replace (wrong) 'editable' with '_can_edit' and '_can_delete'
- read_from_db_postprocess(): disable _can_edit and _can_delete for
default aliases if special_alias_control is off and not superadmin
list.tpl:
- use $item._can_edit instead of $check_alias_owner
list-virtual.php:
- drop $check_alias_owner variable and check_alias_owner() call
(replaced by the code added in AliasHandler)
- drop unused $sql_domain
functions.inc.php:
- delete no longer used check_alias_owner() function
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1774 a1433add-5e2c-0410-b055-b7f2511e0802
- build_select_query(): add support for $search['_'] (searching if one
of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters
functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
only error out if $additional_raw_where is also empty
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
- better formatting in db_quota_text() and db_quota_percent() results
(for example, infinity sign instead of / 0 for unlimited)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1744 a1433add-5e2c-0410-b055-b7f2511e0802
- read_from_db(), getList():
- add $searchmode parameter (_before_ $limit and $offset!) to be able to
use query different query modes, not only "="
- add a warning that $condition will be changed to array only in the future
- getList(): filter $condition for fields that are available to the user
to avoid information leaks by using search parameters
(filter is only applied if $condition is an array!)
functions.inc.php:
- db_where_clause():
- add $additional_raw_where parameter for additional query parameters
- add $searchmode parameter to be able to use query different
query modes, not only "=" (see $allowed_operators)
- check for allowed operators in $searchmode
- split query into WHERE and HAVING (if a parameter has
$struct[select] set, HAVING is used)
list-virtual.php:
- adopt getList() call to the new syntax
AliasHandler:
- adopt getList() definition and call to the new syntax
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1731 a1433add-5e2c-0410-b055-b7f2511e0802
- pacol():
- add $linkto parameter (if list mode should link to something)
- replace $not_in_db with $multiopt - the remaining parameters can
now be specified as associated array (backwards-compatible)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1719 a1433add-5e2c-0410-b055-b7f2511e0802
- add functions db_quota_text() and db_quota_percent() to generate
queries for used quota ("x/y" and percentage)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1712 a1433add-5e2c-0410-b055-b7f2511e0802
David Goodwin