ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2022-10-20T19:42:49Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6328Support PHP 8.X2022-10-20T19:42:49ZThomSupport PHP 8.XWe need to support PHP 8.X for the next Ubuntu release (22.04) - let's start gathering issues with the current code which we can look into. Please comment on this issue if you find a incompatibility.
ToDo:
- [x] `Function strftime() is ...We need to support PHP 8.X for the next Ubuntu release (22.04) - let's start gathering issues with the current code which we can look into. Please comment on this issue if you find a incompatibility.
ToDo:
- [x] `Function strftime() is deprecated in /usr/local/ispconfig/server/lib/classes/cron.inc.php` (https://www.howtoforge.com/community/threads/disable-deprecated-for-cron-on-debian10.88776/)
- [ ] `Uncaught Error: Call to undefined function mysqli_init() in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php:83` > `apt install php8.1-mysql` (need to add check for this to update script)
- [x] `stderr: thrown in /usr/local/ispconfig/interface/lib/classes/tpl.inc.php(1366) : eval()'d code on line 173`3.2.9Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5355Implement a more secure way to use exec, system and shell_exec2019-09-04T09:10:28ZMarius BurkardImplement a more secure way to use exec, system and shell_execUse a similar approach as we have with database queries (placeholders and argument list that automatically gets quoted).Use a similar approach as we have with database queries (placeholders and argument list that automatically gets quoted).3.1.15Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4561Add algorithm selection for DNSSEC2020-12-08T16:04:52ZBenAdd algorithm selection for DNSSECHello,
it's really nice that ISPConfig now has DNSSEC support. Thank you very much for that :+1:
Though currently algorithm 7 (RSASHA1-NSEC3-SHA1) is hardcoded for key generation. Since there are a lot registries that support newer DNS...Hello,
it's really nice that ISPConfig now has DNSSEC support. Thank you very much for that :+1:
Though currently algorithm 7 (RSASHA1-NSEC3-SHA1) is hardcoded for key generation. Since there are a lot registries that support newer DNSSEC algorithms (up to 14 or even 16) it would be really nice to have a config option in the interface to change this setting.
Thanks in advance
Ben
P.S. And of course because of "shattered" SHA 1 :wink:3.2Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3716Compatibilty ISPConfig 3.x with php 7.x [Change mysql_connect to PDO]2017-06-20T22:34:24ZIaina RandrianarivonyCompatibilty ISPConfig 3.x with php 7.x [Change mysql_connect to PDO]Hello,
In php 7, the function "mysql_connect" is removed.
- Change the all request "mysql_connect" to "PDO"
Thank you.
Best regards,Hello,
In php 7, the function "mysql_connect" is removed.
- Change the all request "mysql_connect" to "PDO"
Thank you.
Best regards,3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3450Set default password hashing algorithm to SHA5122020-12-13T12:06:42ZRudolf PinterSet default password hashing algorithm to SHA512If there is not a good reason to have MD5 as password hashing function it would be nice to set default password hashing algorithm to SHA512. It this is not possible make it at least possible to switch to it from config file.
I have a pa...If there is not a good reason to have MD5 as password hashing function it would be nice to set default password hashing algorithm to SHA512. It this is not possible make it at least possible to switch to it from config file.
I have a patch file which makes this possible. This sample is made with default number of rounds, but it's easy to add rounds parameter and make it much more secure.
1. Step - Update SQL tables client and sys_user:
ALTER TABLE `client` CHANGE `password` `password` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
ALTER TABLE `sys_user` CHANGE `passwort` `passwort` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '';
2. This patch is made for 3.0.5.4p5:
```patch
diff -rupNB ispconfig/interface/lib/classes/auth.inc.php ispconfig-sha512/interface/lib/classes/auth.inc.php
--- ispconfig/interface/lib/classes/auth.inc.php 2014-11-16 01:42:20.000000000 +0000
+++ ispconfig-sha512/interface/lib/classes/auth.inc.php 2015-01-03 21:20:48.060287269 +0000
@@ -163,9 +163,9 @@ class auth {
}
public function crypt_password($cleartext_password) {
- $salt="$1$";
+ $salt="$6$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
+ for ($n=0;$n<12;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
diff -rupNB ispconfig/interface/web/admin/users_edit.php ispconfig-sha512/interface/web/admin/users_edit.php
--- ispconfig/interface/web/admin/users_edit.php 2014-11-16 01:42:20.000000000 +0000
+++ ispconfig-sha512/interface/web/admin/users_edit.php 2015-01-03 21:20:57.223502200 +0000
@@ -113,9 +113,9 @@ class page_action extends tform_actions
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["passwort"]) && $this->dataRecord["passwort"] != '') {
$password = $app->db->quote($this->dataRecord["passwort"]);
- $salt="$1$";
+ $salt="$6$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
+ for ($n=0;$n<12;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
diff -rupNB ispconfig/interface/web/client/client_edit.php ispconfig-sha512/interface/web/client/client_edit.php
--- ispconfig/interface/web/client/client_edit.php 2014-11-16 01:42:20.000000000 +0000
+++ ispconfig-sha512/interface/web/client/client_edit.php 2015-01-03 21:21:06.224713334 +0000
@@ -402,9 +402,9 @@ class page_action extends tform_actions
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $app->db->quote($this->dataRecord["password"]);
- $salt="$1$";
+ $salt="$6$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
+ for ($n=0;$n<12;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
diff -rupNB ispconfig/interface/web/client/reseller_edit.php ispconfig-sha512/interface/web/client/reseller_edit.php
--- ispconfig/interface/web/client/reseller_edit.php 2014-11-16 01:42:20.000000000 +0000
+++ ispconfig-sha512/interface/web/client/reseller_edit.php 2015-01-03 21:21:21.999083346 +0000
@@ -219,9 +219,9 @@ class page_action extends tform_actions
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
- $salt="$1$";
+ $salt="$6$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
+ for ($n=0;$n<12;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
@@ -335,9 +335,9 @@ class page_action extends tform_actions
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $app->db->quote($this->dataRecord["password"]);
$client_id = $this->id;
- $salt="$1$";
+ $salt="$6$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
+ for ($n=0;$n<12;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
diff -rupNB ispconfig/interface/web/login/index.php ispconfig-sha512/interface/web/login/index.php
--- ispconfig/interface/web/login/index.php 2014-11-16 01:42:20.000000000 +0000
+++ ispconfig-sha512/interface/web/login/index.php 2015-01-03 22:10:53.058352035 +0000
@@ -165,7 +165,15 @@ class login_index {
$user = false;
if($mailuser) {
$saved_password = stripslashes($mailuser['password']);
- $salt = '$1$'.substr($saved_password, 3, 8).'$';
+// $salt = '$1$'.substr($saved_password, 3, 8).'$';
+ if(substr($saved_password, 0, 3) == '$1$') {
+ //* The password is crypt-md5 encrypted
+ $salt = '$1$'.substr($saved_password, 3, 8).'$';
+ } elseif(substr($saved_password, 0, 3) == '$6$') {
+ //* The password is crypt-sha512 encrypted
+ $salt = '$6$'.substr($saved_password, 3, 12).'$';
+ }
+
//* Check if mailuser password is correct
if(crypt(stripslashes($passwort), $salt) == $saved_password) {
//* we build a fake user here which has access to the mailuser module only and userid 0
@@ -203,6 +211,13 @@ class login_index {
} elseif(substr($saved_password, 0, 3) == '$5$') {
//* The password is crypt-sha256 encrypted
$salt = '$5$'.substr($saved_password, 3, 16).'$';
+// This is probably broken line. It should be: $salt = '$5$'.substr($saved_password, 3, 12).'$';
+ if(crypt(stripslashes($passwort), $salt) != $saved_password) {
+ $user = false;
+ }
+ } elseif(substr($saved_password, 0, 3) == '$6$') {
+ //* The password is crypt-sha512 encrypted
+ $salt = '$6$'.substr($saved_password, 3, 12).'$';
if(crypt(stripslashes($passwort), $salt) != $saved_password) {
$user = false;
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3419Add support for lets-encrypt SSL authority in ISPConfig2017-06-20T22:34:24ZTill BrehmAdd support for lets-encrypt SSL authority in ISPConfigAdd functions in ISPConfig to automatically get SSL certificates for websites from lets-encrypt.
https://letsencrypt.org/Add functions in ISPConfig to automatically get SSL certificates for websites from lets-encrypt.
https://letsencrypt.org/3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3378disable SSLv32017-06-20T22:34:24ZSven Herrmanndisable SSLv3SSLv3 is insecure.
See
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://heise.de/-2424122 (german)
It should be disabled in general or there should be at least an option to disable it.
workaround:
copy /usr/local/ispconf...SSLv3 is insecure.
See
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://heise.de/-2424122 (german)
It should be disabled in general or there should be at least an option to disable it.
workaround:
copy /usr/local/ispconfig/server/conf/nginx_vhost.conf.master to /usr/local/ispconfig/server/conf-custom and add
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
after the two lines starting with
ssl_certificate_key
Thanks for your great software,
Sven3.0.5.4p4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3351DKIM support2017-06-20T22:34:24ZEric DorrDKIM supportHi ISPConfig team,
could you please add DKIM (DomainKeys Identified Mail) support to ISPConfig ?
This would be great to make the world a bit more SPAM free.
For more informations please have a look at: http://www.dkim.org/
Re...Hi ISPConfig team,
could you please add DKIM (DomainKeys Identified Mail) support to ISPConfig ?
This would be great to make the world a bit more SPAM free.
For more informations please have a look at: http://www.dkim.org/
Regards,
Eric3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3124Multiserver setup - more default webservers for client2017-06-25T10:54:05ZJan KopeckyMultiserver setup - more default webservers for clientPlease add possibility of selecting more than one webserver for clients in multiserver setup.
http://bugtracker.ispconfig.org/index.php?do=details&task_id=3443&project=3Please add possibility of selecting more than one webserver for clients in multiserver setup.
http://bugtracker.ispconfig.org/index.php?do=details&task_id=3443&project=3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/2753Client data migration in multiserver enviorment2020-01-28T21:31:50ZWojtekClient data migration in multiserver enviormentit would be great if there was a function of the migration client with all data and settings between servers,
eg if one of the web server is under heavy load could move some of the websites to another server.
If you are working in a cl...it would be great if there was a function of the migration client with all data and settings between servers,
eg if one of the web server is under heavy load could move some of the websites to another server.
If you are working in a cluster environment it was to a great option.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/2685Domain in one Click2017-06-25T10:54:05ZGiuseppeDomain in one Clickwould be very useful to add a domain wizard that configures in just one click: domain (with the current support domain-module) and dns.would be very useful to add a domain wizard that configures in just one click: domain (with the current support domain-module) and dns.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1847App installer2017-06-25T10:54:05ZTill BrehmApp installerAdd a APP installer for applications like Joomla, Typo3, Wordpress etc.Add a APP installer for applications like Joomla, Typo3, Wordpress etc.3.0.5Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1845Extend Traffic quota system2017-06-25T10:54:05ZTill BrehmExtend Traffic quota system- Extend the traffoc quota system so that it can send warnings to the cliend and / or administrator.
- Sort traffic quota statistics by domain.
- Add a row at the end of the list which sums up all traffic of a column.
--------------...- Extend the traffoc quota system so that it can send warnings to the cliend and / or administrator.
- Sort traffic quota statistics by domain.
- Add a row at the end of the list which sums up all traffic of a column.
-------------------------------------------------------------------------------------------------------------------------------------
- This feature is sponsored by Hans-Jürgen Praschl, EDV& Datenservice, www.praschl.eu
-------------------------------------------------------------------------------------------------------------------------------------3.0.5Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1242I've found that there isn't any ftp harddisk limitation for the client, and t...2017-06-25T10:54:08ZlqlI've found that there isn't any ftp harddisk limitation for the client, and the client has too manyI've found that there isn't any ftp harddisk limitation for the client, and the client has too many permission!I've found that there isn't any ftp harddisk limitation for the client, and the client has too many permission!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1159disabling a whole client2018-02-22T08:30:28ZChrisdisabling a whole clientright now, it is not possible to disable a whole client (databases, sites, cronjobs, maildomains, forwarders, etc.).
as far as i can see, it is only possible to disable a single website.
for different reasons, the biggest one is ac...right now, it is not possible to disable a whole client (databases, sites, cronjobs, maildomains, forwarders, etc.).
as far as i can see, it is only possible to disable a single website.
for different reasons, the biggest one is accounting, such a funtion would be a great advantage.
cheers, chris3.0.5.4Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1089Support for "redirect" sieve filter action2017-06-25T10:54:08ZNikolai BochevSupport for "redirect" sieve filter actionWith sieve filters ( dovecot ) you can have a rule like this :
if true {
redirect "email@domain.com";
}
# Forward Keep Action
if true {
keep;
stop;
}
What this does is redirect any mail that comes to the mai...With sieve filters ( dovecot ) you can have a rule like this :
if true {
redirect "email@domain.com";
}
# Forward Keep Action
if true {
keep;
stop;
}
What this does is redirect any mail that comes to the mailbox using this filter to the address specified in the "redirect" directive. You can have the option to keep or don't keep the message in the inbox also ( the keep directive ). If you wish to not "keep" the rule gets shorter like this :
# Forwards
if true {
redirect "email@domain.com";
stop;
}
Why is this feature needed ? I want to be able to have mailboxes that forward emails to another email address ( or multiple email addresses ). Not like aliases. You can have multiple redirects like this :
if true {
redirect "email@domain.com";
redirect "email2@domain.com";
redirect "email3@domain2.local";
stop;
}
You could have a local email server ( like ms-exchange ) that you don't want to expose to internet and just want to receive mail for certain mail boxes for it's domain, but not all. And you want to keep an archive of emails on the ispconfig mail server. I think it's a must have/ciritcal functionality.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1088Support for python web applications2017-06-25T10:54:11ZNikolai BochevSupport for python web applicationsMake the option of allowing python powered sites ( django etc. ) through the user of mod_wsgi or mod_python .
Here's the relevant documentation :
mod_wsgi :
http://docs.djangoproject.com/en/1.2/howto/deployment/modwsgi/#howto-de...Make the option of allowing python powered sites ( django etc. ) through the user of mod_wsgi or mod_python .
Here's the relevant documentation :
mod_wsgi :
http://docs.djangoproject.com/en/1.2/howto/deployment/modwsgi/#howto-deployment-modwsgi
http://code.google.com/p/modwsgi/
mod_python :
http://docs.djangoproject.com/en/1.2/howto/deployment/modpython/#howto-deployment-modpythonhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1085Support for other programming languages2017-06-25T10:54:11ZAdam Hani SchakakiSupport for other programming languagesIt would be great, if support for other languages will be added.
The most popular are:
- CGI/Perl
- Ruby on Rails
- Python
- JavaIt would be great, if support for other languages will be added.
The most popular are:
- CGI/Perl
- Ruby on Rails
- Python
- Javahttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1005ispconfig expert configuration install error2017-06-25T10:54:11ZSigitasispconfig expert configuration install errorHello all.
I get one ISP web server but i whant change it to another server whit RAID5, but can`t connect to mysql with ispconfig expert configuration option for mysql data and option transformatio to new server. I get error: Unable t...Hello all.
I get one ISP web server but i whant change it to another server whit RAID5, but can`t connect to mysql with ispconfig expert configuration option for mysql data and option transformatio to new server. I get error: Unable to connect to mysql server
Please help me :(
Sigitashttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/907Allow host to relay2017-06-25T10:54:11ZkinaiAllow host to relayHi,
ISPConfig allow to configure most of postfix settings, but it not allow to add a host to relay without authentication (field mynetwork in main.cf).
Thanks,
KinaiHi,
ISPConfig allow to configure most of postfix settings, but it not allow to add a host to relay without authentication (field mynetwork in main.cf).
Thanks,
Kinai3.0.3