Froxlor

Author	SHA1	Message	Date
Michael Kaufmann	0562d248b5	use same error message for invalid user and disabled password reset to not give away if a user exists Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2022-12-02 13:24:27 +01:00
Michael Kaufmann	4d454a3903	secure api-key generation, dns-record as well as ssl-certificate deletion, logo uploading, frame-inclusion and user/email enumeration via 'forgot password' Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2022-12-02 09:22:08 +01:00
Michael Kaufmann	3f10a4aded	fix still possible html injection Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2022-11-05 12:37:53 +01:00
Michael Kaufmann	1182453c18	fix possible code-injection when adding/editing admins/customers; dont output invalid email address in index on error message Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2022-10-27 14:06:00 +02:00
Michael Kaufmann	c97f5f1e29	updated README; sanitize script parameter in index.php; sanitize description fields of entities (thx to zerody for pointing these out) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2022-01-18 09:29:13 +01:00
Michael Kaufmann	7feddf0aec	generate unpredictable unique session ids Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2021-10-02 12:38:17 +02:00
Michael Kaufmann	319eec6124	fix session for 2fa enabled logins Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2021-08-27 13:17:05 +02:00
Michael Kaufmann	4b22470872	set php session security related settings (correctly in every case) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2021-08-25 16:21:33 +02:00
Michael Kaufmann	5a6343b47c	php8 compatibility, fixes #916 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2021-02-16 12:38:01 +01:00
Michael Kaufmann	26e43077c2	make customer firstname,name,company and customer-no available for all templates; fixes #808 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2020-02-29 08:16:55 +01:00
Michael Kaufmann	8294985588	require set password complexity for admins too when resetting password; display correct error message if password complexity is not satisfied Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2020-02-08 10:03:41 +01:00
Michael Kaufmann	e64e8cafa6	define logger constants in logger class Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-26 15:51:26 +01:00
Michael Kaufmann	7416a41a42	get rid of most of the checkstyle warnings Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-24 13:50:45 +01:00
Michael Kaufmann	4cd005051b	fixed last remaining function calls which are class-methods now Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-23 19:34:32 +01:00
Michael Kaufmann	0401e6971a	Revert "refactor global array" This reverts commit `c5a58e3f36`.	2018-12-22 08:15:31 +01:00
Michael Kaufmann	7e39a7bc60	Revert "refactor global array" This reverts commit `370ccbdb74`.	2018-12-22 08:15:31 +01:00
Michael Kaufmann	370ccbdb74	refactor global array Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 20:51:44 +01:00
Michael Kaufmann	c5a58e3f36	refactor global array Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 20:31:17 +01:00
Michael Kaufmann	7c68fa7bd0	fixed a few functions I've missed Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 19:16:49 +01:00
Michael Kaufmann	7563907df5	convert html-related functions Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 18:31:06 +01:00
Michael Kaufmann	1b090377ee	even more function to class conversion Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 17:41:22 +01:00
Michael Kaufmann	a819d81ef2	more function reducing and fixing Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 16:53:04 +01:00
Michael Kaufmann	0a28ef2af6	minor changes for unit-tests Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 16:32:44 +01:00
Michael Kaufmann	c0e89bbd05	refactor UI functions Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-21 11:22:03 +01:00
Michael Kaufmann	5888927239	get rid of more functions Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-20 12:38:18 +01:00
Michael Kaufmann	f263175802	more function reduction Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-20 09:57:00 +01:00
Michael Kaufmann	bed069f269	more function moving Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-20 08:33:32 +01:00
Michael Kaufmann	8c896d60d6	get rid of some more functions Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-20 07:43:40 +01:00
Michael Kaufmann	adc627ca4e	minor fixes to template engine for now Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-19 20:38:29 +01:00
Michael Kaufmann	26510f0745	removing more ticket-stuff; update all unit-tests Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-19 19:42:50 +01:00
Michael Kaufmann	8e84a4ff44	correct use of Database use Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-19 16:57:03 +01:00
Michael Kaufmann	6329042d40	use namespaces in modules Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-18 13:45:05 +01:00
Michael Kaufmann	db36d57683	fix an issue where the isemaildomain flag for a main-domain can be set to false when edited by customer Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-12-08 12:46:17 +01:00
Michael Kaufmann	69495b94af	add 2FA mechanism, fixes #547 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2018-11-30 13:45:17 +01:00
Michael Kaufmann (d00p)	421c29c491	remove each() keyword as it is deprecated as of php-7.2, fixes #479 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2017-10-31 13:03:06 +01:00
Jiří Zapletal	970a119f23	fix non-persistent XSS due inproper content escaping	2016-06-03 16:20:34 +02:00
Michael Kaufmann (d00p)	7c8dbd370f	forgot to check for dbupdates in index.php Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2016-03-07 13:55:14 +01:00
Bernhard Sirlinger	6ddbb10b5a	Fix #1585 Redirect to admin_customers.php	2016-02-23 16:28:58 +01:00
Michael Kaufmann (d00p)	da4ec3e1b5	avoid rand() if possible as it is not generating cryptographically secure values, thx to Hanno for putting some effort into this Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2016-01-28 08:27:15 +01:00
Stefan Weil	fe5ab0d8da	Fix typos found by codespell Fix also a grammar issue. Signed-off-by: Stefan Weil <sw@weilnetz.de>	2015-11-13 07:56:12 +01:00
Michael Kaufmann (d00p)	be387ccf35	show whether a customer is deavtivated after successful login rather then nothing at all Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2015-02-08 16:07:24 +01:00
Michael Kaufmann (d00p)	99bed23b95	another md5() leftover Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2015-02-01 13:12:24 +01:00
Michael Kaufmann (d00p)	36c7527b2a	add function to validate different password-hashes and update them to the currently set hash if login successfull and hash differs, set default hash to SHA256, fixes #1289 - add custom-notes field to admin/customer, fixes #1471 - set version to 0.9.33-rc2 for upcoming second release-candidate Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2015-01-28 13:24:36 +01:00
Michael Kaufmann (d00p)	bfa9478649	password-reset fix Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2014-12-19 14:11:17 +01:00
Marco Vogt (vogti)	6bfa95f8a8	Import default subject/body for e-mails templates; fixes #496 Signed-off-by: Marco Vogt (vogti) <mail@mdvogt.de> Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2014-12-12 19:26:06 +01:00
Michael Kaufmann (d00p)	f5f7bc449a	use recent Content-Security-Policy values and header for all browser, secure script/query-string to redirect to after login if given Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2014-11-04 13:01:42 +01:00
Michael Kaufmann (d00p)	a7a971f444	secure password-reset form against possible header-modification, thx to Hendrik Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2014-06-29 11:25:31 +02:00
Michael Kaufmann (d00p)	d6fdf887ce	don't add session-id to external redirects, thx to Sephi Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2014-02-19 11:08:43 +01:00
Roman Schmerold (BNoiZe)	7fc3ac587a	Redirect to last URL after relogin when session timed out, fixes #443 Signed-off-by: Roman Schmerold (BNoiZe) <bnoize@froxlor.org>	2014-01-05 22:35:26 +01:00
Roman Schmerold (BNoiZe)	34b4aaa828	Fixed https not used in passwort reset links, fixes #1344 Signed-off-by: Roman Schmerold (BNoiZe) <bnoize@froxlor.org>	2013-12-29 15:24:42 +01:00

1 2

85 Commits