b48f99d4c6
reformat (phpcs)
6 years ago
e7f9d536d9
change default salt method with php_crypt
6 years ago
f543c7d403
use random_int() if available
6 years ago
7c0cb82be8
use random_int if it is available
6 years ago
11f0ceb615
added php_crypt scheme
6 years ago
9a07772626
remove commented out echo
6 years ago
30c61e81b3
better comment for pacol() parameter
6 years ago
50ac4c7597
Fixed "Incorrect integer value: 'Array' for column" error in updates.
6 years ago
d57aa46eb5
remove explode()
6 years ago
2a1d8daeba
remove unused variables
6 years ago
b79ad2ae28
composer format ...
6 years ago
6446f3f6cc
split up pacrypt() into different functions; add some minimal test coverage
6 years ago
6ed1527497
fix phpdoc
6 years ago
cb34da4f46
phpcs reformat
6 years ago
43a2493876
remove unused code.
6 years ago
4dec9cd24e
refactor (reduce nesting)
6 years ago
d088651fd6
Drop db_commit(), db_rollback(), db_begin() functions (unused).
6 years ago
0b66cd6bd2
Do not try to db_escape() an SQL field.
6 years ago
4e9d166765
use db_assoc() rather than db_array() as we're depending on an assoc array afterall.
6 years ago
45a1073b97
change to use foreach($a as $k => $v) { ... }
6 years ago
8ac94394cb
improve phpdoc
6 years ago
e2b1233269
Use filter_var($x, FILTER_VALIDATE_EMAIL) as an extra check if we can in check_email(...)
6 years ago
5e1855632a
allow local aliases - see #134
6 years ago
15df6c1d7b
Reformat everything with PHP-Cs-Fixer
6 years ago
a320b67508
possible fix for issue in #112 - PostgreSQL does not like backticks (only do them for MySQL)
7 years ago
977f335a0f
Fix quoting in table_by_key()
...
This fixes a regression introduced by
https://github.com/postfixadmin/postfixadmin/pull/112
which became only visible when using a $CONF['database_prefix']
7 years ago
7b8626ca81
Update functions.inc.php
...
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works. FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
7 years ago
ebbd9025e4
Add support for MySQL connections over SSL
7 years ago
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
4b999b3f6b
improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73
7 years ago
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
7 years ago
be5fafa9fb
changelog update etc. for 3.1 release
7 years ago
64f1593818
revert "support unicode domain names - see #47"
...
Unicode support is a much bigger can of worms (see the discussion in #47 ),
and having just a little part of unicode support in is a bad idea.
You can of course use the xn--whatever notation for unicode domains ;-)
7 years ago
a09a3fa3b0
support unicode domain names - see #47
7 years ago
88bd9bfd19
drop $db_conn parameter from escape_string()
...
Connection caching is now done in db_connect() which is a much better
place.
This reverts most of c253ef7dbd
7 years ago
846dcb756c
Remove unnecessary code
7 years ago
e28f3f5959
Fix for mysqli_connect()
7 years ago
2dea9fadd4
Remove whitespace
7 years ago
c253ef7dbd
allow escape_string() to take a db connection as a parameter; should improve performance when there are a large number of things to escape
7 years ago
28703935b3
3.0.2 release
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1894 a1433add-5e2c-0410-b055-b7f2511e0802
7 years ago
16e1407621
db_where_clause(): allow NULL and NOTNULL searchmodes
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1878 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
bbec3e9f0e
pacrypt(): allow switching between dovecot:* password schemes
...
Dovecot password hashes include a {SCHEME} prefix, so it's possible to
switch the scheme while still accepting passwords hashed using the
previous dovecot:* scheme.
This patch adds the code needed to find out the used hashing scheme
from the hash and ensures it gets used to validate the password.
Patch by Aaron Lindsay <aaron AT aclindsay com> (sent to the ML)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1875 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
6eda18fcde
prepare PostfixAdmin 3.0 release
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1861 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
2a6247a6d9
db_connect(): drop unused variable $succes(s)
...
One of the variable names had a typo [1], and since those variables are
unused, the best way is to drop them.
[1] reported by tfarina, https://github.com/postfixadmin/postfixadmin/issues/15
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1858 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
13cdd50d0a
Add checks to login.php and cli to ensure database layout is up to date
...
- add check_db_version() to functions.inc.php
- add $min_db_version (needs to be updated at least before the release)
- call check_db_version in login.php, users/login.php and CLI - they'll
error out if the database layout is outdated
- change setup.php to use check_db_version()
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1853 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
a00e8a811d
functions.inc.php:
...
- check_domain(): someone had the great idea to allow punicode
even in TLDs, so we better allow it.
https://sourceforge.net/p/postfixadmin/feature-requests/93/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1839 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
a0151bd5a1
functions.inc.php:
...
- pacrypt(): don't stripslashes($pw) because this breaks passwords with
backslashes. This stripslashes() existed since forever, but probably
became harmful with all the rewrites in the last years.
https://sourceforge.net/p/postfixadmin/bugs/349/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1838 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
9335232024
functions.inc.php:
...
- fix db_quota_text() for postgresql (concat() vs. ||)
https://sourceforge.net/p/postfixadmin/bugs/370/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1834 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
d3ca74af0d
merge github pull request into svn manually - 3e62d3975a - adding configurable smtp helo (CONF["smtp_client"])
...
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1832 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
b261db86c7
Merge pull request #9 from phyrog/master
...
Add sqlite backend option (thank you @phyrog for doing this)
(imported from github)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1824 a1433add-5e2c-0410-b055-b7f2511e0802
8 years ago
David Goodwin