96a022747c
release 3.3.5 perhaps
5 years ago
97ae019e10
remove duplication; comment out the length_check password_verify rule as we already have /.{5}/
5 years ago
e15d9abe06
improve comment, fix return value in callable for password_verify.
5 years ago
dd6616bbb2
bump version number
5 years ago
a1025b4760
and trim string before length check
5 years ago
2acdcdbd75
see : https://github.com/postfixadmin/postfixadmin/issues/423 - change password length check behaviour
5 years ago
6d101b79e6
bump version numbers/changelog for 3.3.4
5 years ago
c6a8117e82
improve doc comment - see https://github.com/postfixadmin/postfixadmin/issues/423
5 years ago
41531b8bf2
3.3.3 release
5 years ago
728fc45d38
bump version number
5 years ago
7090b5af75
changes to pacrypt to support a prefix like {SHA265-CRYPT} on a hash - @see https://github.com/postfixadmin/postfixadmin/issues/344
6 years ago
cc23eba9dd
bump version number
5 years ago
2bf8e4af08
bump version number
5 years ago
d833f6bec8
bump version number
5 years ago
750838d7f7
psalm fixes; make safepost()/safeget() return strings
5 years ago
b8fa60bb8a
more type hints / psalm fixes
5 years ago
8abde0dc0b
move $version into $CONF / Config from functions.inc.php
5 years ago
6ad44679a7
change default theme to the bootstrap one
5 years ago
3b9d8f867e
merge sha512.b64 encrypt support - see https://github.com/postfixadmin/postfixadmin/issues/58
6 years ago
a4afebbe77
verify ssl certs when connecting to the db by default (we also do if this setting is not present)
6 years ago
212415db56
document better
6 years ago
3d0add075a
Add empty $CONF['database_socket'] to avoid warnings
... about reading an undefined config option
6 years ago
52e0d3e4b0
work around nano highlighting - see https://github.com/postfixadmin/postfixadmin/issues/320
6 years ago
87824ef970
psalm fixes/workarounds; require PHP 5.6+
6 years ago
13549cea0f
Favicon config and ru_lang:
1. Favicon configuration of the project:
a. Fixed incorrect link to favicon from the subfolder /users/
b. Added ability to set favicon via config
2. Completed translation of all string constants into Russian language.
6 years ago
758ccb9a19
add note in config for mailbox subdir creation requiring imap extension
7 years ago
a46245eecc
Add config option for TLS
7 years ago
600248e955
Add option to use smtp password when sending admin emails ( fixes #272 )
7 years ago
56395709f3
Make quota levels configurable
Signed-off-by: Sven Strickroth <email@cs-ware.de>
7 years ago
cdacb5697f
improve formatting of error message; remove use of db_array (to be removed).
7 years ago
20b1eb842e
fix sqlite display of password expired check for mailboxes
7 years ago
766c947190
fix case of $conf; improve comments
7 years ago
74002bbf57
psalm fixes
7 years ago
12ce418f79
No need to have password expiration value in config file
8 years ago
84533224ba
Adds colored indicators for password expired, account disabled and vacation enabled accounts
8 years ago
d809e0fbf7
Adds colored indicators for password expired, account disabled and vacation enabled accounts
8 years ago
72dddbc93b
Adds colored indicators for password expired, account disabled and vacation enabled accounts
8 years ago
e786609aa9
Adding support for password expiration. Please read README.password_expiration for more details
8 years ago
48c19a1cbd
Combine encrypt CONF-keys
Went through the old PR #25 , updated the encrypt rounds/cost setting to be in the encrypt -configuration key as per suggestion from @cboltz
8 years ago
7b16e8a1c2
Add info about php_crypt and encrypt_difficulty to sample config
8 years ago
fb3e968cfc
Bootstrap template integration
8 years ago
f7ba904800
see #171
8 years ago
7c38bdd871
add a big notice about using config.local.php
8 years ago
3f1866d041
display phone number field only if $CONF[sms_send_function] is set
Without a way to send a SMS, asking users for their mobile number is
pointless.
8 years ago
ebbd9025e4
Add support for MySQL connections over SSL
8 years ago
ffb84283c2
Harden password reset process
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
9 years ago
4b999b3f6b
improve mysqli connection settings - see https://github.com/postfixadmin/postfixadmin/issues/73
9 years ago
2251c00fb8
disable password reset until it is secure
For some unknown reason, the insecure version of pull request 18 (which
uses easily guessable reset codes) was merged. This commit disables the
password reset until someone makes it secure.
See the comments in https://github.com/postfixadmin/postfixadmin/pull/18
for details.
9 years ago
9c9ba64a7f
Allows a user or admin to reset his/her forgotten password with a code sent by email/SMS #18
9 years ago
f18f16c004
move $CONF['edit_alias'] next to $CONF['alias_control']
9 years ago
David Goodwin
Christian Boltz
gotty
Felix Ableitner
Sven Strickroth
David Goodwin
Damien Martins
Aleksi Kinnunen
root
Lee Clemens
Sylvain Tissot