f48618d0e5
Merge remote-tracking branch 'origin/pr-235'
...
Fix #227 : Use stronger password hashes #235
2018-06-21 17:44:53 +02:00
8166ceb58f
Merge remote-tracking branch 'origin/pr-244'
...
Fix #245 : Files default to unwritable when permissions are changed in… #246
2018-06-21 17:44:17 +02:00
0217985655
Merge remote-tracking branch 'origin/pr-246'
...
https://github.com/AlternC/AlternC/pull/246
Fix #245 : Files default to unwritable when permissions are changed in… #246
2018-06-21 17:43:31 +02:00
0c6e56d146
Merge remote-tracking branch 'origin/pr-252'
2018-06-21 17:41:55 +02:00
c8d94d2a50
SSL massive backport
...
* Now we integrate all alternc-feature in native alternc
* Files are backported as waiting by alternc
* Some files was renammed or moved to follow alternc installation
process
2018-06-21 17:26:27 +02:00
4d8d2c1c39
some fixes
...
@media (max-width: is ugly, but well, better than nothing.
2018-06-21 10:25:41 +02:00
Kienan Stewart
ce80e3cdad
Fix #254 : Creating default domains for new members fails
...
A typo caused the check to see if domain delegation was allowed to
always fail.
2018-06-14 10:50:28 -04:00
Kienan Stewart
9c1e7cccd0
Get sub_domain_id and status from get instead of post in dom_substatus
...
The submission is done through links with get parameters (see dom_edit.php)
2018-06-12 21:11:14 -04:00
Kienan Stewart
83d03b8ee7
Fix #245 : Files default to unwritable when permissions are changed in the file browser
2018-06-08 15:10:26 -04:00
Kienan Stewart
f39e72d58a
Fixes #243 : Fix typo in domain_name variable
2018-06-08 14:32:01 -04:00
71ed8bf5f4
[fix] wrong field name in account creation in MySQL
2018-06-05 08:41:59 +02:00
Kienan Stewart
88f3457191
Use sha512 crypt to store ftp password hashes
2018-04-16 22:46:05 -04:00
Kienan Stewart
56cbd2f8b4
Move the sha512 crypt hash into it's own function
2018-04-16 22:35:41 -04:00
Kienan Stewart
294397e10f
Merge branch 'issue-227-dovecot_password' into issue-227-password_hashes
2018-04-16 22:27:19 -04:00
Kienan Stewart
00c1d55406
Generate SHA512-CRYPT hashes for e-mail addresses
2018-04-16 21:02:45 -04:00
Kienan Stewart
a609984d39
Fix invocations of password_hash()
2018-04-15 22:00:16 -04:00
Kienan Stewart
971e38778f
Update stored password hash on user login.
...
If an md5 hash is stored, a new hash will be calculated and stored.
2018-04-15 19:03:57 -04:00
Kienan Stewart
b5382bb13b
Replace _password_verify with password_verify
...
PHP's password_verify function does know how to recognize md5 hashes: a custom
check is not necessary.
2018-04-15 19:02:32 -04:00
Kienan Stewart
6084650181
Use PHP's built-in password hashing and verification for user accounts
2018-04-15 18:26:41 -04:00
f392ad11a0
[fix] cron rolling curl call INSIDE the loop :/
2018-02-28 10:39:55 +01:00
7d35b9cb59
fixing db_del bug, thanks @Petit42
2018-02-12 14:57:11 +01:00
9f57ebd4cf
New style.css based on bootstrap
...
All the style.css file replaced to look like bootstrap without any dependances.
2017-12-29 18:56:27 +01:00
32261e5871
Protected dir creation error messages are not helpful.
...
Current error messages that are shown and logged when a problem occurs
when creating htaccess and htpasswd files for a protected dir are really
not helpful.
The messages don't even mention which file caused the error.
Sometimes when the files can't be created, it's not because they're
already present, for example when there's a permission error.
Also we've already verified that they are absent with file_exists so
the current error message is not accurate at all!
To empower users, we need to give them more details about the error. For
that we want to show the error that the file creation logged itself.
Finally, we've already verified that the htacces file already exists, so
there's no point in using touch beforehand. We should just let fopen try
to create the file and report whatever went wrong if anything happens.
2017-12-29 11:56:03 -05:00
407d8b91da
Don't raise a blocking error
...
* With deprecate error class, it's only a warning, not a error.
Should solve #210
2017-11-19 15:09:04 +01:00
87a8fb0096
Type on code
...
Fix #206
2017-10-31 10:45:30 +01:00
4fd853c6ae
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere
2017-10-12 17:54:48 +02:00
90c7fd21c8
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere
2017-10-11 11:58:04 +02:00
4dcb60b4e7
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere
2017-10-09 20:56:03 +02:00
9a6ea8b5bf
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere
2017-10-08 19:53:03 +02:00
5b7622ce90
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere
2017-10-08 19:31:34 +02:00
f27d2173d6
[fix] the user parameters page should not fail on the first error
2017-10-08 16:05:29 +02:00
3729f92f77
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2017-10-08 15:14:40 +02:00
a990fca19f
[fix] the total db account should be OK in global quotas view
2017-10-08 15:14:31 +02:00
4ad4dbcc0c
[fix] fixing a php notice
2017-10-08 15:01:12 +02:00
527cac68f6
[fix] UPDATE of PO Translations, Fixes #45 + repos-to-tx.sh doing that automatically, + update from transifex
2017-10-08 14:51:51 +02:00
a2e6349998
[fix] removing useless echoes from m_bro
2017-10-07 20:07:26 +02:00
68563797af
[fix] the sql db creation page should redirect to the db info page
2017-10-07 19:30:50 +02:00
5ea5a8074b
[fix] locales / languages
2017-10-07 19:19:02 +02:00
08824b72db
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2017-10-07 19:08:23 +02:00
267d874a0d
fixing some language issues
2017-10-07 19:08:17 +02:00
4d4a55d424
[fix] the browser change permissions action should work
2017-10-07 19:05:01 +02:00
79c3058e61
[enh] proper style for sql bck and sql restaure, + remove ui issue with browseforfolder buttons
2017-10-07 18:45:08 +02:00
c4da8edf90
[fix] enhance the display of phpmyadmin SSO access : goes directly to the right database
2017-10-07 18:28:02 +02:00
08f5d9b15c
[fix] UX missing proper messages for mysql
2017-10-07 18:20:18 +02:00
94adbb1834
[fix] browser managing properly EMPTY actions (no file or folder selected when checking 'move', 'delete', 'permission', or 'rename' ...
2017-10-07 18:01:12 +02:00
8ba0fbf88c
[fix] error message not appearing in main.php (in case of CSRF failure)
2017-10-07 17:49:19 +02:00
80ec8fc748
[fix] the compatibility system of domaines_types was not working. Fixing that (null in SQL is awefully weird)
2017-10-07 17:27:03 +02:00
1c6191eabc
adding \n at the end of error message in logAlternC()
2017-10-07 16:48:56 +02:00
5d9fe41056
[fix] error message was incorrect when login failed, or csrf failed at login
2017-10-07 16:46:46 +02:00
941475b094
fixing an error message shown when browsing as a subadmin
2017-10-07 16:13:26 +02:00
7fcd2e359b
[fix] whois() doesn't work and prevent a legitimate install. We comment-out the 'non existing' scenario for now. See #195
2017-10-07 15:45:33 +02:00
985094a881
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2017-10-07 15:12:27 +02:00
ca6b1cf4d9
[enh] removing the unmaintained upnp package
2017-10-07 15:12:18 +02:00
cf949cf245
Forgot Heredoc syntax
...
In php no more required to use heredoc and done some linter headache
2017-10-07 12:19:43 +02:00
6e1a021ced
Linter Bugfixes
...
After #190 merge php linter check was missing
* Correct some typo code
2017-10-07 12:15:35 +02:00
ddeefbde63
From panel we must connect to phpmyadmin with sso credential
...
We profite to forgot also any phpmyadmin cookie session
2017-10-07 11:34:11 +02:00
bae2649740
[ENH] new translations from Transifex
2017-10-07 00:07:52 +02:00
7df788a0f0
[fix] translation update
2017-10-07 00:05:29 +02:00
c652b43b13
[fix] translation update to transifex
2017-10-06 23:54:21 +02:00
3de55aca37
[cosm] reindent, check language of comments, ensure /** phpdoc style comments, simplify file header (license only) etc.
2017-10-06 23:42:39 +02:00
6581c7d6c4
[doc] misc doc translation fr>en
2017-10-06 22:48:22 +02:00
cc64e7745f
[fix] not using debug_backtrace, please, [doc] doc to english
2017-10-06 19:34:50 +02:00
1f4ea5d132
no usage in admin/ of the panel. Useless anyway since is_it_my_mail() check it already
2017-10-06 19:12:00 +02:00
562b7e6013
[doc] english documentation in functions.php [fix] missing parameter passed to display_div_generate_password
2017-10-06 18:54:13 +02:00
6b61eff4b1
fixing ->error = 0 remapped to ->init_msgs();
2017-10-06 18:29:30 +02:00
d25486213e
[fix] uppercase by default for known has_msgs() calls
2017-10-06 18:12:41 +02:00
33f8e78885
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO
2017-10-06 18:04:36 +02:00
8c524bd80d
[fix] The Error class should exist, with deprecation warnings
...
Conflicts:
bureau/class/m_err.php
2017-10-06 17:54:01 +02:00
4d8ba24248
[fix] more explicit error message for CSRF
2017-10-06 16:53:50 +02:00
b777f982e5
[doc] switching comments to english for quenenni patches
2017-10-06 12:00:27 +02:00
b88b639b60
Merge branch 'feature-message' of https://github.com/AlternC/AlternC into feature-message
2017-09-12 14:50:14 +02:00
f6f5a15ded
le mdp des comptes mails étaient changés dans certains cas où il ne fallait pas
2017-09-12 14:49:33 +02:00
25379ec441
Merge branch 'stable-3.1' into feature-message
2017-09-06 18:44:38 +02:00
39947d4f1c
fixing the detection of conflicts in sub_domains
2017-09-06 18:43:40 +02:00
65f994f763
petit oubli de màj de $err -> $msg dans functions.php
2017-08-22 18:02:46 +02:00
7dce491b10
petite correction d'affichage de msgs
2017-08-21 17:50:57 +02:00
f92f92d34e
suppresion des textes 'à traduire' + corr de 2 bugs
2017-08-18 15:32:16 +02:00
5e0d4e8dc7
système de quota - quota Vs du.pl + affichage des quotas pour les utilisateurs
2017-08-17 21:32:21 +02:00
7d993ea51d
bug - n'acceptait pas un mdp vide quand on éditait un mail
2017-08-17 16:38:09 +02:00
956f6fc2c6
fonction generate_password dans alternc.js
2017-08-17 04:35:51 +02:00
6b7d5e7d90
le reste des fichiers & style.css
2017-08-17 03:32:18 +02:00
8479d79bde
classe quota & fichiers section admin associés
2017-08-16 19:46:53 +02:00
991b4b48e3
classe hta & fichiers section admin associés
2017-08-16 19:34:32 +02:00
6f30c8bac4
classe piwik & fichiers section admin associés
2017-08-16 18:29:25 +02:00
b4588c870a
classe browser (m_bro) & fichiers section admin associés
2017-08-16 02:44:54 +02:00
31d024c5a1
classe dom & fichiers section admin associés
2017-08-16 02:23:22 +02:00
8d5953f1c4
classe ftp + fichiers section admin associés
2017-08-15 20:05:02 +02:00
6c40d19bbd
classe mysql & fichiers section admin associés
2017-08-15 19:51:04 +02:00
b16c3ac69a
classe admin / fichiers section admin associés
2017-08-15 17:03:56 +02:00
0d5caada2f
class mail & roundcube + fichiers admins associés
2017-08-15 16:11:57 +02:00
ff154144e5
fonctions + local + db
2017-08-15 03:39:37 +02:00
2f830d7e4f
Modifs dans le classe membre et la section membre d'admin
2017-08-15 03:19:52 +02:00
a9cd6dc4af
Ajout de la classe messages qui remplace la classe error
2017-08-15 02:30:38 +02:00
71980d06a8
removing IP stability check in the panel: it's unenforceable as of 2017 :/ Fixes #173
2017-08-14 10:12:47 +02:00
41ad8b3632
fixing a branching issue in mail_doedit, fixes #164
2017-08-12 16:56:06 +02:00
be63ec7192
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2017-08-12 16:46:45 +02:00
8cc2007a44
not counting mailman box in quotas, fixes #170
2017-08-12 16:46:00 +02:00
798f7e7681
Merge pull request #179 from kent1D/patch-1
...
Error on isset for X_FORWARDED_PROTO
2017-08-12 16:42:40 +02:00
53eec68f08
removing defmx/defmx2 when we say 'don't host email here', fixes #175
2017-08-12 16:31:46 +02:00
c7226c9010
adding a maximum of 20 for the DEPTH of delete in the file browser (may cause havoc in unknown case found in farafina server)
2017-08-08 15:20:46 +02:00
5421c05aae
Error on isset for X_FORWARDED_PROTO
...
Should be `isset($_SERVER["HTTP_X_FORWARDED_PROTO"])` and not `!isset($_SERVER["HTTP_X_FORWARDED_PROTO"])`
Avoid a notice :
`PHP Notice: Undefined index: HTTP_X_FORWARDED_PROTO in /usr/share/alternc/panel/class/config.php on line 170`
2017-08-06 23:31:22 +02:00
f529ffd7fc
updating translations from transifex
2017-06-20 12:16:53 +02:00
46ab94707a
adding mandatory fields to the account creation form, Fixes #132
2017-06-18 18:51:11 +02:00
cd310b355a
adding mandatory fields to the account creation form, Fixes #132
2017-06-18 18:45:57 +02:00
957098327c
Merge pull request #146 from soul9/fix_pma_sso
...
latest security update of phpmyadmin (on wheezy) seems to have disabled the index.php, forcing the browser to go there directly
2017-06-07 15:15:07 +02:00
43bb39105b
Merge pull request #153 from fser/fser/uniform-log-entries
...
log entries for error and log both log IP address
2017-06-07 15:14:03 +02:00
ea4eea6145
adding a variable to ignore IP in sessions, currently broken it seems
2017-06-07 15:13:25 +02:00
6d72cc522b
adding x-forwarded-proto = https management to detet https too
2017-06-07 14:31:30 +02:00
e452219136
log entries for error and log both log IP address
2017-06-03 11:22:35 +02:00
611e41a31b
bug fix: set success class to alert-success insted of alert-error after successful mailbox parameters update
2017-02-07 10:20:33 +01:00
4a2d1dcbdf
bug fix undelete mail
2017-01-24 18:29:13 +01:00
20dab5677a
bug fixes variable $dom_id et non $domain_id
2017-01-24 17:52:29 +01:00
bec836f87b
latest security update of phpmyadmin seems to have disabled the indexes so we need to explicitely redirect to .../index.php
2017-01-20 17:41:52 +01:00
cb56e77093
m_dom now refuses cname on its apex
2016-11-04 12:00:24 +01:00
1dc41d5530
[fix] missing csrf on mail_manage_catchall.php
2016-10-27 16:32:49 +02:00
fc068bc938
[fix] invalid token at login time
2016-08-29 16:55:05 +02:00
4f3604e717
[FIX] #83 issue with FTP file with wrong rights.
2016-08-26 16:31:19 +02:00
1d9e478f2e
[FIX] Undefined variable: res at upgrade time
2016-08-26 15:51:01 +02:00
5ef516e0ba
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-08-09 16:44:34 +02:00
16bd8278a4
[fix] allow HTTPS on any panel (you'd better use letsencrypt then, but that's a valid choice. Fixes #106
2016-08-09 16:44:30 +02:00
42eac1173d
Merge pull request #107 from AlternC/albancrommer-patch-1
...
Update config.php to allow HTTPS on other VHOSTS
2016-08-09 16:43:37 +02:00
a35288b91e
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111
2016-08-09 16:40:11 +02:00
0c840f9f2e
bug fix: remove old references to unknown 'bw_web' quota values linking to not existing stats_show_per_month.php page and menu gadget
...
(anyone aiming to display custom menu gadget or size based quota could return in_menu=1 and type=size array values in hook_quota_get() function)
2016-07-15 18:40:29 +02:00
04c36baa77
Update config.php
...
See Issue #106
AlternC should allow HTTPS panel access for different host names
2016-07-13 12:19:33 +02:00
ade5c51f0f
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-07-12 15:54:30 +02:00
3ffa78aa5f
[fix] fixing db issue when creating a DB + post/request for SQLRESTORE
2016-07-12 15:54:21 +02:00
1b73dff3a5
bug fix: sub admin were proposed to install hosting_tld for new user, but the domain creation silently failed
2016-07-07 12:59:56 +02:00
e381692cbd
[fix] deleting a domain didn't work (post/request check)
2016-05-31 12:13:57 +02:00
9057254059
[i18n] updating translations
2016-05-26 18:38:16 +02:00
e806446945
[wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605
2016-05-26 18:32:17 +02:00
93ce8ffd0f
htmlentities in sql_getparams + check if db not found
2016-05-23 16:37:32 +02:00
aef4f58e8a
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly
2016-05-23 16:08:23 +02:00
d9d73d204c
fixing most GET/REQUEST to POST if needed
2016-05-23 15:03:13 +02:00
b205d6bf8a
[wip] CSRF check should work better now...
2016-05-23 13:59:16 +02:00
23a438de99
[wip] csrf check: moving the check to the right place: before authentication
2016-05-23 08:33:32 +02:00
aaa3d68697
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields
2016-05-23 08:27:58 +02:00
a956b38c00
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields
2016-05-22 20:14:26 +02:00
de5837750e
same random system everywhere : mt_rand()
2016-05-22 17:40:57 +02:00
6043e9c3d7
[wip] securing *all* forms through CSRF management (requires a new table)
2016-05-20 14:21:47 +02:00
d9bdfaf1ac
[wip] adding csrf form management, to be added everywhere
2016-05-19 17:04:49 +02:00
7b1e5bba94
[wip] m_mail LIMIT shall not be quoted
2016-05-18 18:41:27 +02:00
424b2a9ce7
[wip] more PDO fixes
2016-05-18 18:24:40 +02:00
b1ca1d88ae
fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database)
2016-05-18 18:00:04 +02:00
8392c1d84f
fixing quote + doms + roundcube & squirrelmail's quoting using PDO
2016-05-18 15:39:41 +02:00
b6eb1e668c
fixing get_remote_ip() quoting
2016-05-18 15:12:49 +02:00
06076b6fe0
moving https check down to AFTER hook/err initialization
2016-05-18 15:04:19 +02:00
4e558e5e7c
[wip] Passing mysql request params into array arguments for the query method (part 4)
2016-05-18 12:51:03 +02:00
61b07a257d
[wip] Passing mysql request params into array arguments for the query method (part 3)
2016-05-18 11:19:20 +02:00
86e7bfb6b8
Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu
2016-05-17 18:58:25 +02:00
3665aabc96
[wip] Passing mysql request params into array arguments for the query method (part 2)
2016-05-17 18:57:01 +02:00
Benjamin Sonntag
Kienan Stewart