460c624275
remove more references to sourceforge
4 months ago
0d5edbf099
move pacol() into PFAHandler class, I think it makes more sense for it to be there given the dependency between the two
4 months ago
066d6d10a8
bump db min version
4 months ago
ab0f7897fd
drop support for legacy 2a bcrypt variants as we do not support PHP before <= 5.3.7 any longer
5 months ago
b56d0082ff
token refactoring
5 months ago
ace5624508
change generate_password() to allow for repeated characaters, which probably provides more entropy.
5 months ago
06a2cda24b
this should be a better PFA_Cookie random token value
5 months ago
293e318200
remove unused/dead code
5 months ago
65db542ad2
php type hint and phpdoc changes
5 months ago
999bfcfc54
drop support for mysql_encrypt, given MySQL after 5.7 has dropped it and we had not wired it into the pacrypt() function anyway, try and improve docs in config.inc.php
5 months ago
798e8b269c
Topt app passwords fixes (WIP) ( #805 )
various improvements to the TOTP code see also: #802
6 months ago
759304ecb8
apparently these all need reformatting
11 months ago
c32f344b9d
formatting?
1 year ago
519c934ed3
Add minimal cron job to remove old vacation alias records - see https://github.com/postfixadmin/postfixadmin/issues/832
1 year ago
56dd787ce2
when going through password recovery, only wipe the recovery token after the user has updated their password
see https://github.com/postfixadmin/postfixadmin/issues/550
1 year ago
f01274ec94
try relaxing composer dependencies to allow php8.2 dev support, reformat so composer format passes
2 years ago
0876c368e4
feat: support Dovecot DIGEST-MD5 ( #816 )
Add support for dovecot DIGEST-MD5 auth (using : $CONF['pacrypt'] = 'dovecot:DIGEST-MD5')
This also changes the pacrypt() function to take an optional 3rd argument (username).
Thanks @bestlong
2 years ago
45557a6ed4
code formatting fix
2 years ago
39e378c783
improve type hinting
2 years ago
015d4ec9cd
reindent / reformat; add type hints for some of the app password stuff; try and make sure someone can only remove their own app password (see revokeAppPassword() )
2 years ago
4d17aa6ef9
manaul merge in of verdigado:master (see #753 ) (MFA/TOTP support)
2 years ago
2d540e1da7
give the language selector an id - see #736 - thanks @frzquerty
2 years ago
d99d1785b4
fix pacrypt() call - if we have passwords stored like $1$... they are PHP_CRYPT:MD5, and treating them as crypt does not work with dovecot
3 years ago
e53b5e8a58
Update functions.inc.php
$conf['encrypt'] = 'dovecot:CRAM-MD5'
never success !
function _pacrypt_dovecot() will be never used
See my propose to run with dovecot:CRYPT-METHOD
3 years ago
65aea00a1f
see https://github.com/postfixadmin/postfixadmin/issues/667 - re-use smtp_get_admin_email(), try and make sure there is a From: set in password recovery emails
3 years ago
3017ea3f3c
psalm fixes (drop safeserver() (not used), $_COOKIE always contains strings etc).
3 years ago
73106712e0
min_password_length might be integer, so do not be too strict with it
3 years ago
989a709ee5
see https://github.com/postfixadmin/postfixadmin/issues/647 - if configured for sha512.b64 but
we have a hash with a {MD5-CRYPT} prefix, support the MD5-CRYPT form to allow for migration.
3 years ago
7e514eb6f0
composer format thinks this should change
3 years ago
38549c48ad
composer format
3 years ago
a97771adfd
Automatic code style fixes
3 years ago
2d6ded2786
PSR2 -> PSR12 formatting
3 years ago
bed0300fae
fix tests (pacrypt/{md5raw} etc)
3 years ago
a349c75f53
rmeove var_dump
3 years ago
35486a2ca9
remove dead code
3 years ago
626bd43def
Add support for implicit TLS, replace "smtp_sendmail_tls" with "smtp_type"
For reference: https://datatracker.ietf.org/doc/html/rfc8314
Please note that this only applies to the "send email" feature.
In the future we should implement it for the "fetch email" one too.
4 years ago
e0c9939f88
use _pacrypt_php_crypt
4 years ago
57f9ed5ff3
see #556 - try this instead
4 years ago
540b32f1a0
probable fix for #556 - see if CONF[site_url] is a string before trying to use it
4 years ago
5a8f334b45
fix mysql connection string - see #553
4 years ago
03ab100b4a
composer format
4 years ago
f8c8dcf520
see - https://github.com/postfixadmin/postfixadmin/issues/549 - use $CONF["database_port"] when connecting to MySQL
4 years ago
ac13219894
improve test coverage / compatability
4 years ago
f1b41e87fa
composer format
4 years ago
309b4a84aa
get legacy test case to pass
4 years ago
0d08ac418a
see https://github.com/postfixadmin/postfixadmin/issues/547
4 years ago
6bb8bc6fa0
Revision to my previous suggestion
This grants "if port is defined" in the right context.
4 years ago
47b1eecdf6
Minor update: add port to mysql/mariadb
This change is needed be able to use $CONF['database_host'] (custom port) for mysql/mariadb
4 years ago
36593fafe7
remove extra semi-colon - thanks to @PF4Public / #524
4 years ago
25ac89f6a7
see https://github.com/postfixadmin/postfixadmin/issues/523 - improve randomness when creating the PFA_token field; reported by @michaellrowley via huntr.dev.
4 years ago
David Goodwin
Shao Yu-Lung (Allen)
Thomas GALLIOU
Adrien Crivelli
Davide Beatrici
Sethox