Commit Graph

319 Commits (ad858592f4e221a3bbd58efd6403bda98222f675)

Author SHA1 Message Date
David Goodwin 045a19ae33 re-format 6 years ago
David Goodwin 7ed57a0cda assume the db updates work if no exception was thrown 6 years ago
David Goodwin 9024dddf46 move password_expiration code into the MailboxHandler. 6 years ago
David Goodwin df99e66b2d try and stop "A non-numeric value encountered in ..."; see #239 6 years ago
David Goodwin 28e687ff5b sqlite does not support NOW(), use a string comparison 6 years ago
Christian Boltz 5bc85bec44
fix error message in Config::read_array(() 6 years ago
David Goodwin 570972944d Merge remote-tracking branch 'origin/master' into feature-try-pdo 6 years ago
David Goodwin 5d47b85b9d remove attribute that is in parent class 6 years ago
David Goodwin 020343999a
Merge pull request #221 from SuperVirus/fetchmail_different_source_port
Allow different port for fetchmail
6 years ago
David Goodwin 803e2342f8 fix psalm issues; reformat; rename new db functions 6 years ago
David Goodwin 1176c9ce78 reformat; fix some transition bugs 6 years ago
David Goodwin ea33d9951a try migrating to pdo 6 years ago
David Goodwin d78fb1fbbd move to Shell 6 years ago
David Goodwin e5cacbec90 add missing attribute 6 years ago
David Goodwin 4fcdba9cf4 run php-cs-fixer (code reforamt) 6 years ago
David Goodwin 19cda31849 remove psalm warnings from code; fix password_expiry behaviour when enabled/disabled on MySQL 6 years ago
David Goodwin 74002bbf57 psalm fixes 6 years ago
David Goodwin 173d5775cd psalm fixes 6 years ago
Christoph 'SuperVirus' Heitkamp d35e66808b Allow different port for fetchmail 6 years ago
David Goodwin 69e234f668
Merge pull request #200 from doktoil-makresh/master
Support for password expiration, managed in PostFix Admin
6 years ago
David Goodwin afd418675c pointless comment 6 years ago
David Goodwin 77d1b6c2e7 rename sql fields to just have mailbox.password_expiry and domain.password_expiry 6 years ago
Damien Martins ce60b9fa59 Now password expiration is managed through Postfix Admin GUI 6 years ago
Damien Martins e786609aa9 Adding support for password expiration. Please read README.password_expiration for more details 6 years ago
David Goodwin 76ee147375 phpdoc fix 7 years ago
David Goodwin ec085b668b missing class property 7 years ago
David Goodwin 9c0e1dd575 phpdoc fixes 7 years ago
David Goodwin c44e82cc2d phpdoc fix 7 years ago
David Goodwin b48f99d4c6 reformat (phpcs) 7 years ago
David Goodwin 94f05bf9e4 switch to store $config internally within an array 7 years ago
Christian Boltz 24ad5cc3d8
Set $reset_by_sms even if password reset is disabled
... to avoid an "undefined variable" warning
7 years ago
Christian Boltz 3f1866d041
display phone number field only if $CONF[sms_send_function] is set
Without a way to send a SMS, asking users for their mobile number is
pointless.
7 years ago
Christian Boltz cdf3c9acb9
initStruct(): use multiopt for 'id' 'dont_write_to_db'
This also means we can drop the 0 for not_in_db because this is the
default.
7 years ago
Christian Boltz d2588a4de2
Fix phpcs whitespace breakage in initStruct etc. 7 years ago
Christian Boltz 12c4a4f29e
move shells/shell.php to model/Shell.php
... and drop a few lines in postfixadmin-cli.php that became superfluous
by this move (thanks autoloader!)
7 years ago
Christian Boltz 500c847fe0
re-add lost comment 7 years ago
Christian Boltz 91c07c9eae
VacationHandler: re-enable and fix code in validate_new_id()
Note that vacation.php doesn't use this function yet, so it's not
surprising that users didn't notice the broken code.
7 years ago
David Goodwin 4fb4d406ee phpdoc; disable function init() - seems invalid 7 years ago
David Goodwin fef2591335 phpdoc fixes 7 years ago
David Goodwin cb34da4f46 phpcs reformat 7 years ago
David Goodwin 152975d05c move to use db_assoc() rather than db_array() (code assumes assoc. array) 7 years ago
David Goodwin 5e1855632a allow local aliases - see #134 7 years ago
Adrien Crivelli 15df6c1d7b
Reformat everything with PHP-Cs-Fixer 7 years ago
Christian Boltz 8fb67e6fbf
Fix broken table names caused by doubled table_by_key() calls
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
7 years ago
houmingtao 5f1ac12d72 use current time as default token_validity value 7 years ago
root 4670182d79 fix invalid value for token_validity 7 years ago
Sylvain Tissot ffb84283c2
Harden password reset process
The improvements are:

- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
Sylvain Tissot 9c9ba64a7f Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18 7 years ago
Christian Boltz a366654757
Better use Config::Lang instead of global $PALANG 8 years ago
David Goodwin 8508b8e119 global PALANG 8 years ago