Damien Martins
e786609aa9
Adding support for password expiration. Please read README.password_expiration for more details
6 years ago
David Goodwin
563b8c7636
phpdoc fixes (psalm)
7 years ago
David Goodwin
318ac048d5
psalm fixes
7 years ago
Aleksi Kinnunen
2df4348f09
Typo fix
7 years ago
Aleksi Kinnunen
48c19a1cbd
Combine encrypt CONF-keys
...
Went through the old PR #25 , updated the encrypt rounds/cost setting to be in the encrypt -configuration key as per suggestion from @cboltz
7 years ago
Aleksi Kinnunen
c1b5e66e27
Add missing global
...
... you should never edit with the GitHub web GUI, lazy me.
7 years ago
Aleksi Kinnunen
b676e8337f
Allow empty $CONF['encrypt_difficulty'] for defaults
7 years ago
Aleksi Kinnunen
9c2161a549
Added support for password generation cost/rounds
...
$CONF["php_crypt_difficulty"], only for php_crypt:BLOWFISH, php_crypt:SHA256 and php_crypt:SHA512
7 years ago
David Goodwin
3754381f0e
Merge pull request #175 from racerxdl/master
...
'row' is a reserved word in MySQL 8.0
7 years ago
Lucas Teske
11f9680963
'row' is a reserved word in MySQL 8.0
7 years ago
Christian Boltz
2eb5a7ed60
simplify function_exists() checks for random_int()
...
It's easier to define a compat function than to have function_exists()
checks all over the code.
7 years ago
David Goodwin
b4849b8431
bump minimum db version
7 years ago
David Goodwin
4c6bcdbc39
update version
7 years ago
David Goodwin
5b7f4cda48
add phpdoc comments, default php_crypt hash to use SHA512 rather than MD5
7 years ago
David Goodwin
7282928e6d
update generate_password() to allow length to be specified; update test
7 years ago
Christian Boltz
a3feba7c73
change default for php_crypt to SHA512
...
(+ a few whitespace changes)
7 years ago
David Goodwin
b48f99d4c6
reformat (phpcs)
7 years ago
David Goodwin
e7f9d536d9
change default salt method with php_crypt
7 years ago
David Goodwin
f543c7d403
use random_int() if available
7 years ago
David Goodwin
7c0cb82be8
use random_int if it is available
7 years ago
snuggeman
11f0ceb615
added php_crypt scheme
7 years ago
David Goodwin
9a07772626
remove commented out echo
7 years ago
Christian Boltz
30c61e81b3
better comment for pacol() parameter
7 years ago
Lucas Teske
50ac4c7597
Fixed "Incorrect integer value: 'Array' for column" error in updates.
7 years ago
David Goodwin
d57aa46eb5
remove explode()
7 years ago
David Goodwin
2a1d8daeba
remove unused variables
7 years ago
David Goodwin
b79ad2ae28
composer format ...
7 years ago
David Goodwin
6446f3f6cc
split up pacrypt() into different functions; add some minimal test coverage
7 years ago
David Goodwin
6ed1527497
fix phpdoc
7 years ago
David Goodwin
cb34da4f46
phpcs reformat
7 years ago
David Goodwin
43a2493876
remove unused code.
7 years ago
David Goodwin
4dec9cd24e
refactor (reduce nesting)
7 years ago
David Goodwin
d088651fd6
Drop db_commit(), db_rollback(), db_begin() functions (unused).
7 years ago
David Goodwin
0b66cd6bd2
Do not try to db_escape() an SQL field.
7 years ago
David Goodwin
4e9d166765
use db_assoc() rather than db_array() as we're depending on an assoc array afterall.
7 years ago
David Goodwin
45a1073b97
change to use foreach($a as $k => $v) { ... }
7 years ago
David Goodwin
8ac94394cb
improve phpdoc
7 years ago
David Goodwin
e2b1233269
Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...)
7 years ago
David Goodwin
5e1855632a
allow local aliases - see #134
7 years ago
Adrien Crivelli
15df6c1d7b
Reformat everything with PHP-Cs-Fixer
7 years ago
David Goodwin
a320b67508
possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL)
7 years ago
Christian Boltz
977f335a0f
Fix quoting in table_by_key()
...
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
7 years ago
er1cs
7b8626ca81
Update functions.inc.php
...
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works. FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
7 years ago
Lee Clemens
ebbd9025e4
Add support for MySQL connections over SSL
7 years ago
Sylvain Tissot
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
David Goodwin
4b999b3f6b
improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73
7 years ago
Sylvain Tissot
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
7 years ago
Christian Boltz
be5fafa9fb
changelog update etc. for 3.1 release
8 years ago
Christian Boltz
64f1593818
revert "support unicode domain names - see #47"
...
Unicode support is a much bigger can of worms (see the discussion in #47 ),
and having just a little part of unicode support in is a bad idea.
You can of course use the xn--whatever notation for unicode domains ;-)
8 years ago
David Goodwin
a09a3fa3b0
support unicode domain names - see #47
8 years ago