71402e9051
comment
6 years ago
045a19ae33
re-format
6 years ago
7ed57a0cda
assume the db updates work if no exception was thrown
6 years ago
9024dddf46
move password_expiration code into the MailboxHandler.
6 years ago
df99e66b2d
try and stop "A non-numeric value encountered in ..."; see #239
6 years ago
28e687ff5b
sqlite does not support NOW(), use a string comparison
6 years ago
5bc85bec44
fix error message in Config::read_array(()
6 years ago
570972944d
Merge remote-tracking branch 'origin/master' into feature-try-pdo
6 years ago
5d47b85b9d
remove attribute that is in parent class
6 years ago
020343999a
Merge pull request #221 from SuperVirus/fetchmail_different_source_port
...
Allow different port for fetchmail
6 years ago
803e2342f8
fix psalm issues; reformat; rename new db functions
6 years ago
1176c9ce78
reformat; fix some transition bugs
6 years ago
ea33d9951a
try migrating to pdo
6 years ago
d78fb1fbbd
move to Shell
6 years ago
e5cacbec90
add missing attribute
6 years ago
4fcdba9cf4
run php-cs-fixer (code reforamt)
6 years ago
19cda31849
remove psalm warnings from code; fix password_expiry behaviour when enabled/disabled on MySQL
6 years ago
74002bbf57
psalm fixes
6 years ago
173d5775cd
psalm fixes
6 years ago
d35e66808b
Allow different port for fetchmail
6 years ago
69e234f668
Merge pull request #200 from doktoil-makresh/master
...
Support for password expiration, managed in PostFix Admin
6 years ago
afd418675c
pointless comment
6 years ago
77d1b6c2e7
rename sql fields to just have mailbox.password_expiry and domain.password_expiry
6 years ago
ce60b9fa59
Now password expiration is managed through Postfix Admin GUI
6 years ago
e786609aa9
Adding support for password expiration. Please read README.password_expiration for more details
6 years ago
76ee147375
phpdoc fix
7 years ago
ec085b668b
missing class property
7 years ago
9c0e1dd575
phpdoc fixes
7 years ago
c44e82cc2d
phpdoc fix
7 years ago
b48f99d4c6
reformat (phpcs)
7 years ago
94f05bf9e4
switch to store $config internally within an array
7 years ago
24ad5cc3d8
Set $reset_by_sms even if password reset is disabled
...
... to avoid an "undefined variable" warning
7 years ago
3f1866d041
display phone number field only if $CONF[sms_send_function] is set
...
Without a way to send a SMS, asking users for their mobile number is
pointless.
7 years ago
cdf3c9acb9
initStruct(): use multiopt for 'id' 'dont_write_to_db'
...
This also means we can drop the 0 for not_in_db because this is the
default.
7 years ago
d2588a4de2
Fix phpcs whitespace breakage in initStruct etc.
7 years ago
12c4a4f29e
move shells/shell.php to model/Shell.php
...
... and drop a few lines in postfixadmin-cli.php that became superfluous
by this move (thanks autoloader!)
7 years ago
500c847fe0
re-add lost comment
7 years ago
91c07c9eae
VacationHandler: re-enable and fix code in validate_new_id()
...
Note that vacation.php doesn't use this function yet, so it's not
surprising that users didn't notice the broken code.
7 years ago
4fb4d406ee
phpdoc; disable function init() - seems invalid
7 years ago
fef2591335
phpdoc fixes
7 years ago
cb34da4f46
phpcs reformat
7 years ago
152975d05c
move to use db_assoc() rather than db_array() (code assumes assoc. array)
7 years ago
5e1855632a
allow local aliases - see #134
7 years ago
15df6c1d7b
Reformat everything with PHP-Cs-Fixer
7 years ago
8fb67e6fbf
Fix broken table names caused by doubled table_by_key() calls
...
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
7 years ago
5f1ac12d72
use current time as default token_validity value
7 years ago
4670182d79
fix invalid value for token_validity
7 years ago
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
7 years ago
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
7 years ago
a366654757
Better use Config::Lang instead of global $PALANG
8 years ago
David Goodwin