ab0f7897fd
drop support for legacy 2a bcrypt variants as we do not support PHP before <= 5.3.7 any longer
2025-06-01 15:43:15 +01:00
b56d0082ff
token refactoring
2025-06-01 15:42:50 +01:00
ace5624508
change generate_password() to allow for repeated characaters, which probably provides more entropy.
2025-06-01 15:42:09 +01:00
06a2cda24b
this should be a better PFA_Cookie random token value
2025-06-01 15:41:30 +01:00
293e318200
remove unused/dead code
2025-06-01 15:39:56 +01:00
65db542ad2
php type hint and phpdoc changes
2025-06-01 15:39:03 +01:00
999bfcfc54
drop support for mysql_encrypt, given MySQL after 5.7 has dropped it and we had not wired it into the pacrypt() function anyway, try and improve docs in config.inc.php
2025-05-28 09:41:22 +01:00
798e8b269c
Topt app passwords fixes (WIP) ( #805 )
...
various improvements to the TOTP code see also: #802
2025-05-16 20:31:20 +01:00
759304ecb8
apparently these all need reformatting
2024-12-05 14:33:41 +00:00
c32f344b9d
formatting?
2024-05-31 19:27:12 +01:00
519c934ed3
Add minimal cron job to remove old vacation alias records - see https://github.com/postfixadmin/postfixadmin/issues/832
2024-05-31 19:25:53 +01:00
56dd787ce2
when going through password recovery, only wipe the recovery token after the user has updated their password
...
see https://github.com/postfixadmin/postfixadmin/issues/550
2024-05-17 22:02:01 +01:00
f01274ec94
try relaxing composer dependencies to allow php8.2 dev support, reformat so composer format passes
2024-04-22 21:02:01 +01:00
0876c368e4
feat: support Dovecot DIGEST-MD5 ( #816 )
...
Add support for dovecot DIGEST-MD5 auth (using : $CONF['pacrypt'] = 'dovecot:DIGEST-MD5')
This also changes the pacrypt() function to take an optional 3rd argument (username).
Thanks @bestlong
2024-04-12 09:57:19 +01:00
45557a6ed4
code formatting fix
2024-01-11 08:57:27 +00:00
eda637df1a
Merge branch 'master' into michaelkrieger-patch-1
2024-01-11 08:51:17 +00:00
39e378c783
improve type hinting
2023-12-27 16:17:55 +00:00
015d4ec9cd
reindent / reformat; add type hints for some of the app password stuff; try and make sure someone can only remove their own app password (see revokeAppPassword() )
2023-12-23 21:43:31 +00:00
4d17aa6ef9
manaul merge in of verdigado:master (see #753 ) (MFA/TOTP support)
2023-12-23 17:05:52 +00:00
2d540e1da7
give the language selector an id - see #736 - thanks @frzquerty
2023-06-23 21:11:09 +01:00
d99d1785b4
fix pacrypt() call - if we have passwords stored like $1$... they are PHP_CRYPT:MD5, and treating them as crypt does not work with dovecot
2023-03-09 21:59:35 +00:00
e53b5e8a58
Update functions.inc.php
...
$conf['encrypt'] = 'dovecot:CRAM-MD5'
never success !
function _pacrypt_dovecot() will be never used
See my propose to run with dovecot:CRYPT-METHOD
2023-02-20 19:44:13 +01:00
65aea00a1f
see https://github.com/postfixadmin/postfixadmin/issues/667 - re-use smtp_get_admin_email(), try and make sure there is a From: set in password recovery emails
2022-11-30 21:18:06 +00:00
3017ea3f3c
psalm fixes (drop safeserver() (not used), $_COOKIE always contains strings etc).
2022-10-12 20:52:49 +01:00
73106712e0
min_password_length might be integer, so do not be too strict with it
2022-09-27 19:56:28 +01:00
989a709ee5
see https://github.com/postfixadmin/postfixadmin/issues/647 - if configured for sha512.b64 but
...
we have a hash with a {MD5-CRYPT} prefix, support the MD5-CRYPT form to allow for migration.
2022-08-11 20:23:32 +01:00
7e514eb6f0
composer format thinks this should change
2022-08-11 20:23:15 +01:00
38549c48ad
composer format
2022-07-17 21:16:47 +01:00
a97771adfd
Automatic code style fixes
2022-07-15 11:29:55 +02:00
2d6ded2786
PSR2 -> PSR12 formatting
2022-06-28 13:46:11 +01:00
bed0300fae
fix tests (pacrypt/{md5raw} etc)
2022-06-23 22:18:16 +01:00
a349c75f53
rmeove var_dump
2022-06-06 20:37:23 +01:00
35486a2ca9
remove dead code
2022-06-06 20:35:53 +01:00
626bd43def
Add support for implicit TLS, replace "smtp_sendmail_tls" with "smtp_type"
...
For reference: https://datatracker.ietf.org/doc/html/rfc8314
Please note that this only applies to the "send email" feature.
In the future we should implement it for the "fetch email" one too.
2021-11-29 07:10:20 +01:00
e0c9939f88
use _pacrypt_php_crypt
2021-11-14 20:52:24 +00:00
57f9ed5ff3
see #556 - try this instead
2021-11-10 15:41:08 +00:00
540b32f1a0
probable fix for #556 - see if CONF[site_url] is a string before trying to use it
2021-11-10 09:42:26 +00:00
5a8f334b45
fix mysql connection string - see #553
2021-11-02 22:10:03 +00:00
3d231a54a2
Merge pull request #491 from postfixadmin/feature-improve-pacrypt
...
Feature - improve 'pacrypt' (reduce reliance on dovecot pw), add more hash algorithms
2021-10-26 19:02:45 +01:00
03ab100b4a
composer format
2021-10-12 19:53:54 +01:00
f8c8dcf520
see - https://github.com/postfixadmin/postfixadmin/issues/549 - use $CONF["database_port"] when connecting to MySQL
2021-10-12 19:51:57 +01:00
ac13219894
improve test coverage / compatability
2021-09-29 21:05:19 +01:00
f1b41e87fa
composer format
2021-09-29 18:34:54 +01:00
309b4a84aa
get legacy test case to pass
2021-09-29 18:32:46 +01:00
0b9b7db917
Merge remote-tracking branch 'origin/master' into feature-improve-pacrypt
2021-09-29 18:04:49 +01:00
0d08ac418a
see https://github.com/postfixadmin/postfixadmin/issues/547
2021-09-29 11:52:31 +01:00
6bb8bc6fa0
Revision to my previous suggestion
...
This grants "if port is defined" in the right context.
2021-09-01 00:04:54 +02:00
47b1eecdf6
Minor update: add port to mysql/mariadb
...
This change is needed be able to use $CONF['database_host'] (custom port) for mysql/mariadb
2021-08-31 10:32:41 +02:00
36593fafe7
remove extra semi-colon - thanks to @PF4Public / #524
2021-08-04 17:25:45 +01:00
25ac89f6a7
see https://github.com/postfixadmin/postfixadmin/issues/523 - improve randomness when creating the PFA_token field; reported by @michaellrowley via huntr.dev.
2021-08-04 17:00:55 +01:00