When adding the activeuntil field during the upgrade, it got set to
2000-01-01 which is a bad idea for existing vacation entries - the new
vacation.pl will consider them as outdated.
Introduce a new {DATEFUTURE}, and set the default value for activeuntil
to 2038 (that's the limit in MySQL for 'timestamp' columns, we'll have to
switch to 'datetime' in 20 years ;-)
Note that sqlite doesn't support changing the field default, so sqlite
users will have to live with the wrong default.
Also note that this fix does not change existing vacation entries if you
already have the activeuntil column.
Reported by Christoph Lechleitner on the mailinglist
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
I found that Mysql 8 don't like table names without `` in requests. So i make changes in function table_by_key in functions.inc.php and in upgrade.php . Now it works. FreeBSD 11.1 Apache/2.4.29 (FreeBSD) PHP/7.1.11 Mysql 8
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
David Goodwin