self-service-password

Web interface to change and reset password in an LDAP directory

GPL-3.0 License

Stars
1.1K
View Code on GitHub Visit Website View on X
Ecosystems: PHP
self-service-password - Version 1.5.4 Latest Release

Published by coudot 11 months ago

ℹ️ Self Service Password

LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

It works with any LDAP directory, including Active Directory.

📄 What's Changed

⚠️ A vulnerability was found by @piuppi (see #816), so upgrade is highly recommended!

Full Changelog: https://github.com/ltb-project/self-service-password/compare/v1.5.3...v1.5.4

👥 Main Team

  • @coudot (@worteks)

🤝 New Contributors

⬇️ Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password

self-service-password - Version 1.5.3

Published by coudot over 1 year ago

ℹ️ Self Service Password

LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

It works with any LDAP directory, including Active Directory.

📄 What's Changed

Full Changelog: https://github.com/ltb-project/self-service-password/compare/v1.5.2...v1.5.3

👥 Main Team

  • @coudot (@worteks)
  • @artlog (@worteks)

🤝 New Contributors

⬇️ Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password

self-service-password - Version 1.5.2

Published by coudot about 2 years ago

ℹ️ Self Service Password

LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

It works with any LDAP directory, including Active Directory.

📄 What's Changed

Full Changelog: https://github.com/ltb-project/self-service-password/compare/v1.5.1...v1.5.2

👥 Main Team

  • @coudot (@worteks)
  • @artlog (@worteks)

🤝 New Contributors

⬇️ Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password

self-service-password - Version 1.5.1

Published by coudot about 2 years ago

ℹ️ Self Service Password

LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

It works with any LDAP directory, including Active Directory.

📄 What's Changed

🤝 New Contributors

Full Changelog: https://github.com/ltb-project/self-service-password/compare/v1.5.0...v1.5.1

⬇️ Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password

self-service-password - Version 1.5.0

Published by coudot about 2 years ago

ℹ️ Self Service Password

LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

It works with any LDAP directory, including Active Directory.

📄 What's Changed

🤝 New Contributors

Full Changelog: https://github.com/ltb-project/self-service-password/compare/v1.4.5...v1.5.0

⬇️ Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password

self-service-password - Version 1.4.5

Published by coudot over 2 years ago

What's Changed

  • Latest version of 1.4.4 not working by @Max7641 in #670

Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

self-service-password - Version 1.4.4

Published by coudot over 2 years ago

What's Changed

Full changelog: https://github.com/ltb-project/self-service-password/issues?q=is%3Aclosed+milestone%3A1.4.4

Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

self-service-password - Version 1.4.3

Published by coudot over 3 years ago

Some bug fixes for version 1.4:

  • #516: Docker image does not have sendmail in it
  • #517: fix(mail): add sendmail to Docker image
  • #520: [Security:high] Reset by SMS can be used to change any account password
  • #521: If token was provided by SMS, check initial SMS code before changing password
  • #522: [Security:low] Dismiss captcha once it is used

⚠️ Some fixes concern security issues, please upgrade as soon as possible

Please read release notes from https://github.com/ltb-project/self-service-password/releases/tag/v1.4

self-service-password - Version 1.4.2

Published by coudot over 3 years ago

Some bug fixes for version 1.4:

  • #504: Cannot use docker get gregwar/captcha----use docker
  • #505: fix(captcha): missing gd library
  • #506: I have a little problem - I can't use SMS for the next step
  • #507: fix(reset)
  • #508: fix(undefined)
  • #511: Bump phpmailer/phpmailer from 6.3.0 to 6.4.1 in /lib

Please read release notes from https://github.com/ltb-project/self-service-password/releases/tag/v1.4

self-service-password - Version 1.4.1

Published by coudot over 3 years ago

Some bug fixes for version 1.4:

  • #501: Remove extra semicolon from setquestions template
  • #502: Remove alt text so empty logo doesn't show 'msg_title' twice

Please read release notes from https://github.com/ltb-project/self-service-password/releases/tag/v1.4

self-service-password - Version 1.4

Published by coudot over 3 years ago

✨ Self Service Password 1.4 ✨

This version introduces many important changes, including:

  • Usage of Smarty framework
  • Prehook
  • REST API
  • New password policy checks: forbidden words, forbidden LDAP fields
  • Multiple question/answers
  • Advanced LDAP features: password modify extended operation, password policy control
  • Official Docker image
  • Multi tenancy

Full changelog available here: https://github.com/ltb-project/self-service-password/milestone/7?closed=1

⬆️ Upgrade

Compatibility

Version 1.4 requires PHP 7. Advanced LDAP features require PHP 7.4.

Packages are only available for Debian stable, CentOS 7 and CentOS 8.

Webserver configuration

The document root is now in htdocs/ and this should be changed in the virtual host configuration.

Configuration needs also to be updated if you want to use REST API.

Captcha

Google reCaptcha was removed. A new built-in captcha is provided, enable it with:

$use_captcha = true;

⬇️ Download

Follow installation instructions to use APT/YUM repositories: https://self-service-password.readthedocs.io/en/latest/installation.html

Packages can also be downloaded from LDAP Tool Box site: https://ltb-project.org/download#self_service_password

🤝 Contributors

Thanks a lot to all contributors: https://github.com/ltb-project/self-service-password/graphs/contributors

self-service-password - v1.3

Published by coudot over 6 years ago

Changelog:

  • #182: Message incorrect when resetting using email but not supplying email (minor)
  • #187: Security assessment issues
  • #191: Minor changes to Spanish translation
  • #196: reduce info released in error messages
  • #197: Please wrap mail debug ouput in pre tags.
  • #198: Create ee.inc.php
  • #201: Added some translations
  • #202: include config.inc.local.php + warning
  • #204: Index includes .swp files and crashes sites with error 500
  • #206: Encrypt answers in directory
  • #209: Check ldap_bind return code instead of relying on ldap_errno
  • #210: SSH key change should not be permitted for expired or must change passwords
  • #211: Force string conversion of input values
  • #215: added support for pwned-passwords api v2
  • #217: take into account post-hook exit status

Download: https://ltb-project.org/download#self_service_password

Migration notes: https://ltb-project.org/documentation/self-service-password/1.3/migration

Thanks to community:

  • @BShadeWork
  • @trapangle
  • @lonoak
  • @r2evans
  • @danielewood
  • @tuudik
  • @tekvsakdan
  • @nqb
  • @bananitadolca
  • @413j0
  • @paulignari
  • @davidcoutadeur
  • @Abdoulsore

Core team:

  • @plewin
  • @coudot (@Worteks)
self-service-password - v1.2

Published by coudot almost 7 years ago

Changelog:

  • #149: Remove obsolete stripslashes_if_gpc_magic_quotes
  • #154: Translated the hungarian keys left in english.
  • #162: Resolve send token web page issue when E-Mail To: set from LDAP
  • #166: Opportunistic TLS problem
  • #174: Improved nl.lang.php
  • #175: reCAPTCHA not working on master
  • #176: Dutch translation update by AlbertPluton
  • #177: Fix "SSH Key required" message wrong color when ssh key is not submitted
  • #178: Fix pattern matching in reset by questions
  • #179: Revert Twig because of multiple regressions, work still needed, and lack of testing
self-service-password - v1.1

Published by coudot about 7 years ago

A lot of improvements and bugfixes:

  • #33: Posthook does not work with apostrophes
  • #38: Add Japanese translation
  • #40: Add missing variable $mail_wordwrap in config.inc.php
  • #41: Show all missing dependencies instead of one and fix color of message…
  • #42: Fix $mail_sendmailpath in config was ignored because of a typo
  • #43: Fix bad link in hungarian translation
  • #47: Allow for longer salts
  • #48: Corrections proposed to index.php and pages/* files
  • #49: Fix the usage of rand instead of mt_rand
  • #50: Use fixed width icons
  • #51: Apache configuration in RPM package
  • #54: Reset password layout
  • #55: shadowExpire in LDAP
  • #58: Escape shell args with escapeshellarg for posthook command (fixes #33)
  • #59: Weak entropy for password generation
  • #60: Encryption without authentication
  • #61: Greek translation
  • #63: German translation
  • #64: Mail from ldap
  • #65: Mail signature
  • #66: Get Mail from LDAP
  • #67: Mail signature
  • #68: Swedish translation
  • #73: Dependency check for function ldap_modify_batch()
  • #74: session token with nginx
  • #75: SHA512 in password encryption
  • #76: Fixing Czech translation
  • #77: Improved IT translation
  • #78: Allow sending SMS through web-based API instead of Email2SMS Gateway
  • #79: Improved ES translation
  • #81: Allow self service of sshPublicKey attribute in LDAP
  • #82: PHPMailer security update
  • #85: mcrypt is outdated
  • #87: Get Travis tests working again on PHP 7
  • #89: Erreurs de Français
  • #90: Update fr.inc.php
  • #91: Can email reset use AD user's FirstName, instead of login ID?
  • #92: Implements strong cryptography with defuse-crypto 2.0.3
  • #93: Add SHA512 password hashing
  • #94: Update phpmailer from v5.2.16 to v5.5.23
  • #95: Dependency check for function ldap_modify_batch()
  • #97: Add an easy way to override messages
  • #98: Bug in resetbytoken.php
  • #99: Force use of phpunit 5.7 if php >= 7.0 for travis testing
  • #100: Fixes for things pointed out after #81 was merged
  • #102: Fix for base64 encoded strings that contain '+'
  • #104: Fix invalid html in sendsms.php
  • #105: SSHKey update Insufficient access
  • #106: Update zh-CN translation
  • #107: Sanitize Mobile Number retrieved from LDAP
  • #111: "Email" name in menu is confusing
  • #115: Force specific language?
  • #116: Add possibility to force use of a specific set of languages
  • #117: SSHA-256 support for ldap user password
  • #118: Fix hhvm on travis, update travis config
  • #120: Fix debian packages/repository for debian stretch
  • #121: Add popovers to explain menu links (cf. issue #111)
  • #126: proxy support for ReCaptcha
  • #128: Reset token validation issue
  • #130: recaptcha uses file_get_contents to retrive data
  • #131: Allow override of reCAPTCHA request method (cf. issue #130)
  • #132: Fix travis builds for php 7.0 and 7.1
  • #138: sendtoken.php send http instead of https
  • #142: Move $debug config to the top of the file
  • #143: Warn when key phrase is not set
  • #144: Invalid Token error
  • #146: Output buffering to avoid failing session_start in PHP 7.1
  • #148: Change key feature never notifies
self-service-password - Version 1.0

Published by coudot about 8 years ago

Redesign of the application with bootstrap and a lot of fixes and new features:

  • #1: Use bootstrap CSS framework
  • #2: Typos in german language
  • #3: Czech language
  • #4: Case in-sensitive lookup e-mail address (When used with ldap/Windows AD)
  • #5: CRLF Issue when sending mail
  • #6: Hungarian translation
  • #7: Create tr.inc.php
  • #8: Add Ukrainian language support
  • #9: Full Spanish and Catalan translations
  • #10: Allow to define a custom reset URL
  • #11: Possibility to set a background image
  • #12: Add a menu
  • #13: NL language file addition (typos and duplicates removed)
  • #14: Update it.inc.php
  • #17: fix german translation of message nophpmbstring
  • #19: add prerequisite to readme
  • #20: Call to undefined function utf8_decode()
  • #21: Bad call to change_password in resetbytoken.php
  • #22: Remove dependency on php5 in Debian package
  • #23: SMS token always valid
  • #24: Reset by SMS token can be used to change another account password
  • #25: Update reCAPTCHA code
  • #26: request: facilitate by-email when SMTP auth is required
  • #28: Updated make_ad_password
  • #29: Use .conf extension for Apache configuration
  • #30: Added a constraint on the number of attempts + corrected reset_url
  • #31: request: disable password change?
  • #32: Password policy - same as login
  • #34: Handle LDAP bind extended error format incompatibility with Samba4
  • #35: All empty forms display a warning message
self-service-password - 0.9

Published by coudot about 8 years ago

0.9 version issued just before migration to github

Badges
Extracted from project README
CII Best Practices Build Status Documentation Status
Related Projects
php-login-minimal

An extremely minimal login / register script in pure PHP.

15 Dec 2013 607
codeigniter4-docker

🐳 PHP Docker Image for CodeIgniter4 development

13 Apr 2020 131
huge

Simple user-authentication solution, embedded into a small framework.

06 May 2012 2,139
ngSelfServicePassword

Self Service Password is a PHP application that allows users to change their password in an LDAP ...

29 Mar 2015 2
laconia

🏺 ‎ A minimalist MVC framework.

14 Mar 2018 362
passwordcockpit

Passwordcockpit is a simple, free, open source, self hosted, web based password manager for teams...

03 Dec 2018 112
Monitorr

"Monitorr” is a self-hosted PHP web app that monitors the status of local and remote network serv...

05 Sep 2017 647
covid-19-dsp-dashboard

This project is about developing a web interface for management of COVID-19 private declarations ...

07 May 2020 0
postfixadmin

PostfixAdmin - web based virtual user administration interface for Postfix mail servers

02 May 2014 1,046
tinyfilemanager

Single-file PHP file manager, browser and manage your files efficiently and easily with tinyfilem...

05 Jul 2017 4,443
passwords

A simple, yet feature rich password manager for Nextcloud

09 Sep 2017 209
filament-password-input

Enhanced password input component for filament.

17 Oct 2023 36