clones/Froxlor
1
0
Fork 0
mirror of https://github.com/Froxlor/Froxlor.git synced 2024-09-21 02:17:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,804 Commits 7 Branches 181 Tags 53 MiB
main
Commit Graph

117 Commits

Author SHA1 Message Date
Michael Kaufmann
05ca08c5c3
do not overwrite needed userinfo to avoid successful login when using email 2fa 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-08-30 16:26:55 +02:00
Michael Kaufmann
3367f6dbd8
add condition to the remember-me checkbox for updaters when the token-table does not exist yet 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-08-29 08:19:45 +02:00
Michael Kaufmann
19995f4345
fix typo in varchar length of selector field of new panel_2fa_tokens table, thx to Davidd 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-08-14 20:24:24 +02:00
Michael Kaufmann
5d2ce4ecfb
allow 60sec discrepancy for email based 2fa; fix dbms version compare issue when removing user; adjust pure-ftpd mysql.conf file permissions 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-08-12 18:37:38 +02:00
Michael Kaufmann
2dae780e0b
implement 2fa remember browser, fixes #1259 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-07-20 10:16:48 +02:00
Michael Kaufmann
d4a6c2cacc
fix issues in login when 'login with domain' is activated; improved php8.3 compatibity; updated ubuntu noble config-template for dovecot and proftpd 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-05-31 08:41:18 +02:00
Michael Kaufmann
c89d320957
use Request-wrapper-class for every access to superglobal 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-05-16 08:30:35 +02:00
Michael Kaufmann
7934684982
use Request-wrapper-class for every access to $_GET superglobal 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-05-09 16:03:46 +02:00
Michael Kaufmann
fce310049a
use Request-wrapper-class for every access to $_POST superglobal 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-05-09 15:48:23 +02:00
Michael Kaufmann
1b44ee2e06
Merge pull request from GHSA-x525-54hf-xr53 
* do not log unvalidated user-input to mysql-log (if enabled)

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

* clean log-text to only allow a subset of special characters

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

* clean log-text when selecting from database to avoid possible previously added malicious entries

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

---------

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-05-03 07:54:13 +02:00
Michael Kaufmann
f420551888
added configuration adjustment for prodtpd if renew-hook for lets encrypt is used; updater-compatibility if gui_access field is not present yet (froxlor <2.2); removed depercated gentoo config templates 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-01-14 09:40:33 +01:00
Michael Kaufmann
284def5832
add gui_access flag to admins and customers to allow/disallow login to the webui; fixes #1219 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2024-01-07 10:23:02 +01:00
Michael Kaufmann
00456a35e5
fix 2fa login when using email validation, thx to wysiwtf; adjusting row-format of larger tables 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-12-13 16:20:28 +01:00
Michael Kaufmann
d4a940b723
fix 2fa code verification if method==email altogether 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-11-08 11:50:33 +01:00
Michael Kaufmann
fcfd44f726 correctly redirect to last-page if session is timed out and remove passing script/qrystr url parameters 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-08-11 12:12:31 +02:00
Michael Kaufmann
94d9c3eedf
regenerate session-id after login / su-action 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-06-11 12:05:33 +02:00
Michael Kaufmann
bde19997ba Merge remote-tracking branch 'origin/main' into 2.1.x 2023-06-06 09:05:59 +02:00
Michael Kaufmann
9ddf24539e
remove hidden fields from login/passwd-reset; refs #1102 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-06-05 12:10:39 +02:00
Michael Kaufmann
233bf27afe
add Froxlor.generateLoginLink() API call to allow generation of one-time-login links for customers, thx to INWX for supporting and sponsoring this feature 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-05-24 16:02:07 +02:00
Michael Kaufmann
4642160724
add same loginfail restrictions for entering 2fa code as for user/pwd login 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2023-05-12 10:36:27 +02:00
Michael Kaufmann
89f73f571e
use same error message for invalid user and disabled password reset to not give away if a user exists 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-12-02 13:25:17 +01:00
Michael Kaufmann
78945768ec
add persistent db storage to goaccess-traffictool to have more data in the output index.html; add security questions when deleting certificates as we do for apikeys and dns-entries 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-11-06 10:11:40 +01:00
Michael Kaufmann
4fc50fba1f
avoid possible html injection via forgot-password-error-message 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-11-05 12:51:23 +01:00
Michael Kaufmann
afde51ecf6
email validation check input before display 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-10-27 14:14:16 +02:00
Michael Kaufmann
1704875cea
remove unnecessary language selection in login-form 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-10-16 15:28:30 +02:00
Michael Kaufmann
05634adc66
display which is the default password-hash; fix language selection on login 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-08-26 16:07:40 +02:00
Michael Kaufmann
94a19ee2b6
more minor fixes and code-cleaning 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-08-10 12:01:26 +02:00
Michael Kaufmann
a5115414a8
verify 2FA code once before storing secret and activation for login to be sure it works; fixes #1030 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-05-15 12:27:48 +02:00
envoyr
4f4c71d79b
major refactoring of almost all files 2022-04-28 20:48:00 +02:00
envoyr
69895943bd
update ui class and traffic stats 2022-03-18 12:53:34 +01:00
Michael Kaufmann
ba0d33392c
2fa template migration; fix menu-active-state; removed unused code from UI/HTML-class 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-03-18 11:41:07 +01:00
Michael Kaufmann
164b46ece3
get rid of session variable in URL 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-03-14 22:51:59 +01:00
envoyr
e057314795
update templates introduce request helper 2022-02-20 18:00:59 +01:00
envoyr
424a00b39e
update api and ajax handling and response 2022-02-20 11:38:08 +01:00
Michael Kaufmann
f930565d45
forgot-password function on login 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-02-16 21:08:25 +01:00
Michael Kaufmann
407a1daebf
first non-install template (login); mostly testing 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-02-15 20:37:27 +01:00
Michael Kaufmann
c97f5f1e29
updated README; sanitize script parameter in index.php; sanitize description fields of entities (thx to zerody for pointing these out) 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2022-01-18 09:29:13 +01:00
Michael Kaufmann
7feddf0aec
generate unpredictable unique session ids 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2021-10-02 12:38:17 +02:00
Michael Kaufmann
319eec6124
fix session for 2fa enabled logins 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2021-08-27 13:17:05 +02:00
Michael Kaufmann
4b22470872
set php session security related settings (correctly in every case) 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2021-08-25 16:21:33 +02:00
Michael Kaufmann
5a6343b47c
php8 compatibility, fixes #916 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2021-02-16 12:38:01 +01:00
Michael Kaufmann
26e43077c2
make customer firstname,name,company and customer-no available for all templates; fixes #808 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2020-02-29 08:16:55 +01:00
Michael Kaufmann
8294985588
require set password complexity for admins too when resetting password; display correct error message if password complexity is not satisfied 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2020-02-08 10:03:41 +01:00
Michael Kaufmann
e64e8cafa6
define logger constants in logger class 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2018-12-26 15:51:26 +01:00
Michael Kaufmann
7416a41a42
get rid of most of the checkstyle warnings 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2018-12-24 13:50:45 +01:00
Michael Kaufmann
4cd005051b
fixed last remaining function calls which are class-methods now 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2018-12-23 19:34:32 +01:00
Michael Kaufmann
0401e6971a
Revert "refactor global array" 
This reverts commit c5a58e3f36.
 2018-12-22 08:15:31 +01:00
Michael Kaufmann
7e39a7bc60
Revert "refactor global array" 
This reverts commit 370ccbdb74.
 2018-12-22 08:15:31 +01:00
Michael Kaufmann
370ccbdb74
refactor global array 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2018-12-21 20:51:44 +01:00
Michael Kaufmann
c5a58e3f36
refactor global array 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
 2018-12-21 20:31:17 +01:00