Changelog Provider
Contents
- 1 Information
- 2 Update 08. June 2014 V4.0.1
- 3 Update 19. May 2015 V4.0.0
- 4 Update 17. December 2014 V3.5.2
- 5 Update 28. August 2014 V3.5.1
- 6 Update 30. July 2014 V3.5
- 7 Update 27. March 2014 V3.4.2
- 8 Update 07. November 2013 V3.4.1
- 9 Update 09. October 2013 V3.4
- 10 Update 26. April 2013 V3.3.3
- 11 Update 11. January 2013 V3.3.2
- 12 Update 2. November 2012 V3.3.1
- 13 Update 24. September 2012 V3.3
- 14 Update 11. May 2012 V3.2.4
- 15 Update 01. March 2012 V3.2.3
- 16 Update 20. December 2011 V3.2.1 (Public since 01. Feb. 2012)
- 17 Update 12. September 2011 V3.0.1
- 18 Update 01. March 2011 V2.8.0
- 19 Update 23. November 2010 V2.7.4
- 20 Update 27. September 2010 V2.7.3
- 21 Update 02. July 2010 V2.7.2
- 22 Update 24. May 2010 V2.7.1
- 23 Update 30. April 2010 V2.7.0
Information
Only the last few change-logs are available here for reference. Some older change-logs ( < V2.7.2 ) are currently only available in German.
Update 08. June 2014 V4.0.1
Patch release
- Fixed problems while reading regimails on-line using Microsoft Internet Explorer.
- Updated Apache cipher-suite
- Making sure that RC4 encryption algorithm is never used any more for SSL/TLS connections - it was secure before but there have been very rare situations where it still was possible.
- Disabling DHE_EXPORT from available cipher suites (Logjam attack).
- Added an additional "Downloads" link to the "my account" sub-menu (on users request).
- Fixed on-line reading dialogue. It displayed a long list of recipients in one long line instead of doing word-wrap.
- Fixed CSS to prevent some older web-browsers from displaying a big box around checkboxes (eg Opera).
- Fixed the CSS design of some pages during user registration and password reset.
- Fixed a problem for printing an on-line opened regimail (it only printed the visible part).
- Fixed some typos and bad translations.
- Added the appliance documentation PDF to the web-administration documents page.
- Fixed displaying the old regify slogan in the logo at /pay.php (logo at the bottom of the page).
- Fixed some small design and layout specific issues.
Update 19. May 2015 V4.0.0
In short
- Completely re-engineered user navigation and new default design.
- Less clicks needed as main actions are reached by one click.
- Not so common menu entries moved to sub menus.
- The new layout scales fine to different screen resolutions including mobile screens (responsive design).
- Enhanced and more customization options.
- Additional "Account summary" page.
- Self learning to provide you with the most likely dialogue page upon login.
- regibox integration.
- Writing regimails online is now end-to-end encrypted by using JavaScript to encrypt/decrypt locally in the users web-browser.
- regichat will offer default text templates. They can quickly get inserted to the chat window.
- If no regichat responsive is available, the customer will get informed that he should come back later.
Details
New features:
- Completely reworked user navigation and new default design.
- New scripting and customizing features (codeHeader.php and codeFooter.php).
- regibox integration.
- regichat now offering text templates.
- Enhanced regichat behaviour in case of no available chat responsive.
- Enhanced notification on new orders for administrators.
- Improved registration page design.
- Administration now also offers CSV import to invite users (optionally into a group).
- Updated downloads page (now providing setups from our central regify servers, added regibox client).
- Better advertising if user is using regify account without regimail professional.
- Administration is now offering a dialogue for (sub)provider menu flags (now usable with simple checkboxes).
- Extra regipay landing point (pay.php) allowing employees to easily read regipays without confusion by other functionality.
- New regibox related reports.
Internals:
- Updated user data page to be more responsive on errors (re-factored the whole page).
- Enhanced CSV import (group invitations) to accept more formats and auto-detect utf8 encoding.
- Fixed several spelling errors in all languages.
- All PDF documentation in admin pages is now using a unified layout.
- Enhanced Provider-SDK to also support new regibox features and complete regichat options.
- Provider management "maintenance mode" button is now making permanent entry in configuration.php (no automatic restore anymore).
Update 17. December 2014 V3.5.2
Patch release
- Fixed user-admin dialogue problem in French administration.
- Fixed some monitoring issue causing standard monitoring call to fail.
- Fixed problem that forced users to enter a phone number in user data dialogue if the provider does not use a SMS gateway.
- Fixed an issue regarding the e-mail template used for password reset (sometimes using main provider template instead of subprovider).
- Fixed a problem not displaying all countries and country-codes of countries with the same country-code (eg +1).
- Fixed an issue with invitation of additional regichat users during a running chat if the chat-interface is in French language.
- Updated some authentication related language sentences.
- Updated OS bash to be ShellShock proof (The regify provider was not vulnerable to ShellShock attacks because there is no CGI running).
- The appliance will no longer support SSLv3 to protect against SSLv3 issues (Poodle attack vector). This will cause IE6 to no longer work.
Update 28. August 2014 V3.5.1
Patch release
- Fixed a minor bug.
Update 30. July 2014 V3.5
In short
- New product regichat.
- New product regigate.
- Users can chose their own regify account password (optional).
- Groups can get defined as representatives.
Details
New features:
- Including new regify client V4.0.0 setups.
- Added regichat feature to the regify provider.
- Added regichat API and API-Token handling.
- Added regichat shopping pages.
- Added regigate features and interfaces to the regify provider including HA (high availability).
- Enhanced registration dialogue (more clear, more easy, reduced number of fields).
- Enhanced optical styles (more modern).
- Now supporting groups as representatives (max. 5 times).
- Bank data dialogues now supporting IBAN and BIC values (IBAN is validated).
- Password reset dialogue now allowing users to enter their own password (optionally, with strength check).
- Dialogues now displaying the country names respecting the users chosen language (previously, always English).
- Allow admins to send unlock-code directly from manual authentication dialogue.
- The captcha for password reset is now more easy to read.
- Added enhanced logging viewer for administrators (master role only).
- Updated administrators user management dialogue to encapsulate options to some popup.
- Enhanced mobile number dialogues with country code dropdown showing country name.
- Subprovider administrators now also allowed to export payment- and user-data (administration role based).
Internals:
- Now supporting PFS (Perfect Forward Secrecy) for https connections with most modern browsers (reaching A- rating at Qualys test site).
- Enhanced IDS (Intrusion Detection System) to be generally more tolerant about cookies.
- Various speed optimizations.
- Added automatic database replication test (sending e-mail in case of replication failure).
- Added various CSRF (Cross-Site-Request-Forgery) checks to secure the pages.
- Group handling dialogues now working for up to 1000 users (500 before).
- Make provider-SDK more tolerant about existing but deleted user entries e-mail addresses.
- Enhanced handling of clearing failures.
- Added disk size checking (free disk space) for standard monitoring call.
- SMS sender name is now made from the providers domain.
- SalesID value is taken over from users to newly invited users.
- SalesID can be pre-given with a special link to the registration page.
- Added extra "X-regifyMailAgent: regimail" header to regimails sent online.
Fixes:
- Fix: Fixed several typos in language sentences.
- Fix: Fixed wrong username length check in userdata edit dialogue.
- Fix: Enhanced daily job in case of more than 10'000 transactions a day (script timeout on slower machines).
- Fix: Fixed some IE8 related incompatibilities (internal network access only).
- Fix: Enhanced MIME encoding of attached files for e-mails sent by the regify provider.
Update 27. March 2014 V3.4.2
Patch release
- Enhanced registration GUI.
- Updated blackberry client to V1.8.3 (now supporting new cryptographic standards for upcoming systems).
- Changing date display for French language (better formatted).
- Various dialogue enhancements (password reset, registration, invitation).
- Enhanced IDS check to also ignore ShareThis and some Google tracking cookies.
- Making a user a regimail mass sender now automatically deactivates all notifier e-mail messages.
- Some admin dialogues now automatically offering respective PDF documentation for download.
- Ignore double entered users in shop dialogue (handled as one entry only).
- If shop is in manual process mode, the ordering process is more automated.
- Added phone number validation for password reset from the administration.
- Enhanced admins password reset dialogue (better descriptions and better SMS support).
- Captcha background is always solid now (no longer transparent, showing background images).
- Any IE7 compatibility is removed now. The regify provider will not work with IE6 or IE7 any more!
- regify changed his slogan and therefore the default logos have changed.
- Fix: Fixed some regibill validation problem with invalid PDF's and drag&drop upload.
- Fix: Fixed some XSS and CSRF attack vectors.
- Fix: Fixed some login problem in an edge case (client SDK related).
- Fix: Fixed IE8 switching to quirks-mode if provider is accesses from internal network.
- Fix: Fixed minor bug in provider if username contains ´ character in invitation function.
- Fix: Fixed a lot of typos and spelling errors.
- Fix: Fixed problems in changing mobile number dialogue of non SMS enabled providers.
Update 07. November 2013 V3.4.1
Bugfix release
- Enhanced some SMS dialogs (being more explaining).
- Enhanced IDS check to also ignore ShareThis tracking cookies.
- Fix: Fixed a CSS bug that caused the download link to jump up when the registration link is disabled.
- Fix: Fixed some registration bug where, in some special cases, an e-mail address is left in the database of the provider.
- Fix: Preventing some false "headers already sent" alerts in log.
- Fix: Problem with missing sender name in online created regimails.
- Fix: Fixed bug in Provider-SDK invitation resulting in missing Organisation name and AuthType information.
- Fix: Some error messages have not been logged to error-log.
- Fix: Fixed tab-order on registration page (order you step through the fields by using tab key).
- Fix: Fixed problem returning to productive state after some clearing failure.
Update 09. October 2013 V3.4
In short
- Complete revised and redesigned registration and password reset process and dialogs.
- Enhanced usage of SMS for security related processes and user communication.
- Completely revised login dialog (removed one tab and combined login and reading).
- Allowing drag&drop upload of files (online reading, writing).
Details
New features:
- Completely revised and redesigned registration and password reset process and dialogs.
- Included regify provided SMS gateway for easy SMS usage.
- Completely revised login dialog (removed one tab and combined login and reading).
- Allowing drag&drop upload of files (online reading, writing).
- Slow file uploads now showing an upload progress bar (online reading, online writing).
- Option to chose the sender address during online writing (if multiple e-mail addresses are given).
- Added export functions for userdata and invoicing data (both exporting XML or CSV).
- Users now can see how long the web session stays active (on upper right). If it turns inactive, logout is called automatically.
- Transaction history views (regimail, regibill, regipay) now all allowing search and multiple pages.
- Transaction history views (regimail, regibill, regipay) now all allowing PDF download.
- Showing MySQL replication info in provider management dialog (administration).
- Enhanced usage of SMS for security related processes and user communication.
- Password reset can forward the request to the users "real" provider (by using PLS).
- Provider statistics now using modern graphics and animation for displaying more values.
- Provider statistics now showing member growth instead members per month.
- Added ToDo feature to help administrators to keep their provider clean and updated.
- Setup wizard now also supporting proxy server.
Internals:
- Added support for special connectors allowing integration of archives or hybrid mail to the provider.
- Added "Mass Sender" type of user (now regimail professional, regimail private, regimail mass sender).
- Provider appliance does no longer need root CA certificates during certificate import.
- Provider appliance now supporting VLAN's and network interface bonding.
- Provider appliance runs its own DNS server.
- Now the provider appliance supports automatic backups to SMB shares.
- Provider appliance now offers complete diagnostics function to finish installation and help fix networking issues.
- Now it is possible to restrict SSH access to provider appliance to local subnet only.
- Supporting password reset by PLS request.
- Enhanced Provider-SDK functions and added some more status codes.
- Supporting quick connection check by client software.
- Provider-SDK function usernewpassword now supporting more parameters.
Fixes:
- Enhanced unicode capability for online writing and reading regimails.
- Removed length fixation of wizard field for clearing password.
- Limit number of coupon code days to max 365.
- Prevent some re-POST questions in FireFox and IE in provider customization dialog after an image was uploaded.
- Supporting more CSV file formats for group invitations.
- Fixed problems downloading XML reports in IE8.
- replaced deprecated <blink> tag by CSS animation.
- Added SAP single sign-on cookie exceptions to IDS (no longer triggering error).
- Fixed a lot of translation typos and errors.
- Check for updates in provider appliance also checks for multiple updates.
- Some security related enhancements.
- Some web configuration wizard settings have not been persistant if wizard was re-run.
- Provider-SDK function usergetsettings now correctly returning numeric 1/0 instead of true/false.
Update 26. April 2013 V3.3.3
Bugfix release
- Updated regify client setup to V3.10.0.1233.
- Updated regify client deployment documentation.
- Adding new regify protocol V2 support (needed for next versions of regibill and regipay desktop).
- Prevent second monthly report on multiple replicated systems.
- Fixed problem with visible HTML tags in PayPal shop pages and regibill transaction history.
- Fixed missing download link for RGF file if email sending on portal failed (online writing).
- Fixed resetting language to browser default in popup windows (eg Terms) on some webbrowsers.
- Fixed error message 'missing function getFrom()' in some loadbalancer environments.
- Fixed swapped displaying of regibill standard and premium counters on administration pages.
Update 11. January 2013 V3.3.2
Bugfix release
- Fixed problem while online reading if username contains umlaute (error 10 during reading).
- Fixed file permission problem if files are replicated over master-master replication (access denied during customization).
- Ensures that users are not getting deleted on local regify provider if clearing access is not possible.
Update 2. November 2012 V3.3.1
Bugfix release and some new features
- Enhanced "open regify-file" tab on login screen (more easy to understand and use).
- Enhanced file size checking for online reading.
- Added MacOS client download links on all download pages.
- Allow free entering of users title (administration interface).
- After account activation, the DOWNLOAD button now points to correct download location for your OS (Win, MacOS, iOS, Android).
- Prevent uploading files in maintenance mode (validate regibill, upload on login).
- Fixed Intrusion Detection System (IDS) problem while sending online with certain messages.
- Fixed upload problem with Chrome browser while validating regibill standard.
- Fixed some problem while online reading chinese encoded messages.
- Fixed tool tip text help for regibill and regipay transaction archive.
- Fixed some IE7 and IE8 JavaScript issues for validating regibill standard.
- Fixed displaying wrong number of transactions left if user was regimail private and previously had some extended transaction limit.
- Fixed problem preventing sub-provider admins from editing their customizing files.
Update 24. September 2012 V3.3
In short
- Download the regibill validation report as PDF document.
- Every subprovider gets his own payment and shop options (incl. PayPal).
- User login is possible with e-mail address instead of username, too.
Details
New features:
- Download the regibill validation report as PDF document.
- Login will be possible with e-mail address instead of username, too.
- Users are getting an email about successfull authentication, too.
- Support for PLS service (makes users initial client installation much more easy).
- Favicon will be customizable for each subprovider (png format, only for non IE browsers).
- Full customizing synchronisation in clustered setups.
- New maintenance dialog with new options in administration (DB synchronization, maintenance).
- All users having a sales-id field, too (free to enter anything).
- User administration allows moving users easily between subproviders.
- Administration gives now access to users internal bank account.
- Every subprovider gets his own payment and shop options (incl. PayPal).
- Enhanced customizing editor in administration (codemirror update).
- Individual report-code in free intervals for professional services.
- All regify premium texts are now fully translated to regimail standard and regimail professional.
- Internal optimizations on cryptography (faster).
- Unlock codes will be output in blocks of four (more easy to read and enter).
- Enhanced upload dialog for files (rgf files, regibill validation, online writing etc.)
- Updated software deployment documentation to new regify clients V3.9.
- The transaction history export as PDF now fully supports unicode characters for message subjects.
Internals:
- Overworked session handling allows user- and admin-session in the same browser at a time.
- Sessions are now timing out depending on last activity.
- Enhanced IE compatibility.
- Some english and french translation has been revised (better).
- Complete CSS styled bubble help (fully customizable now).
- Provider statistics no longer uses Google Charts API (administration).
- Enhanced framebuster framework regarding OWASP suggestions.
- Added ALLOWROAMING flag to enable/disable roaming participation for provider.
- Obligatory attachments now allowing .docx format.
- Setup packing using AppPack and signing of the setups is no longer needed for regify client 3.9 or higher.
- Changed regibill & regipay invoicing interval to weekly by default.
- Completely overworked logging mechanisms.
- Updated default mail_blacklist.txt (added some more spamming domains).
- Maximum authentication level of non-certified regify providers is limites to three.
- Enhanced regify client protocoll (getconfiguration and login functions).
- Fix: Changing admin roles no longer needs logout/login to work.
- Fix: Prevent users from deleting their account if they have an administration role.
- Fix: Fixed problems if user data contains single quotes in two dialogs.
- Fix: Fixed problem writing online regimails after user changed his username in same session.
- Fix: Fixed problem writing online regimails after auto-login from client.
- Fix: Fixed bad layouting if provider does not allow the Downloads option on login page.
- Fix: Added french translation for default footer content.
- Fix: Added french translation for default terms and conditions and default prices page.
- Fix: Fixed session error for printing passwords dialog.
- Fix: Fixed problem if subject of online written regimails starting with minus.
- Fix: Fixed ignoring two-step password method while sending external invitation.
Update 11. May 2012 V3.2.4
Bugfix release
- fixed problem signing executables using a proxy server.
- added PLS support (provider lookup service).
- added more debugging options to web-calls (cURL).
- fixed httpd autostart problem on appliance restart.
- updated appliance Apache and mod_ssl to CentOS release version httpd-2.2.15-15 and mod_ssl-2.2.15-15.
Update 01. March 2012 V3.2.3
Bugfix release
- fixing invitation calls using internal proxy.
- fixing missing re-send dialog for users authenticated using text messages (sms).
- fixing problems with PayPal accounts and adding more detailed PayPal information to order.
- fixed occasional problem receiving regify_default_message.html on systems with subproviders.
Update 20. December 2011 V3.2.1 (Public since 01. Feb. 2012)
In short:
- complete regibill and regipay integration.
- Support for regimail private feature.
- Re-send unlock-code by SMS initiated by the user itself.
- Automatically signs regify-client setups (signed files for download by users).
Details:
New features:
- Enhanced guidance for users who recently have authenticated.
- Enhanced setup-wizard (after installation).
- Enhanced customization dialog in administration.
- allows editing of all customization files in administration portal (browser).
- supports syntax highlighting for PHP, HTML, CSS and JavaScript.
- allows management of customized images.
- Better recognizable membership-state icons.
- Enhanced CSS design and more elements that allow CSS style options.
- New subprovider option to force SSL URLS even if ONLY_HTTPS is false (Loadbalancer).
- If a group-admin resets passwords, they are now sent using SMS, too.
Internals:
- Updated handling of files in STYLE folder ('_' marks manipulated data, others remnain default).
- Added customization dialog to subprovider admin role.
- Better styled Download-page (with Operating-System icons).
- User-Administration shows users counters (regimail, regipay, regibill).
- Removed cookie usage for regify.php (affects only Client-SDK connections).
- Switched regifycmd to most recent version (incl. SDK).
- Enhanced Debug-Options for the portal.
- Removed GMTDIFFERENCE setting by replacing it with some automation (server timezone).
- Fix: Fixed bug with UTC-0 time in Identity-File.
- Fix: Fixed JavaScript bug in JS/jsDialogs.js that occured on IE only.
- Fix: Fixed problem while login with username containing + or &.
- Fix: Fixed IDS problems with false positives on online writing regify messages.
- Fix: Fixed e-mail line feed madness by adding optional MTA_ADDS_CRLF switch.
- Fix: Fixed some issues while online sending regimail messages on redundant systems.
Appliance:
- Added configuration of NTP server.
- Enhanced hints for SSL certificate import.
- Better "View Database Status" dialog.
- Enhanced handling of user-manipulated files in STYLE folder.
- Supports automatic updates with updates.regify.com.
- Fix: changing provider servername in SSL mode breaks apache config.
- Fix: After failure of SSL certificate import, the SSH session crashed.
Update 12. September 2011 V3.0.1
In short:
- regibill and regipay integration
- supporting french as additional language
- comprehensive SMS support (registering, invitations etc.)
- enhanced and more clear login dialog
- many dialogs have been enhanced (user and administration)
- extended CSS support for more customizing possibilities
- supporting the regify Android app (free of charge in Google Market)
- delivery of the new regify-Client V3.7
- AddIn for Thunderbird supporting V4 to V7
- enhanced Outlook AddIn (save unencrypted copy while sending)
- better Proxy-Server support
- answer directly using Lotus Notes (Windows)
Details:
new Features:
- System manages bank-account for every user including direct debit authority checkbox.
- System allows to manage regimail, regibill and regipay by transaction.
- new Provider-SDK function mailcheckassignment to check, if an e-mail account is allready assigned to the service.
- new provider-protocol function getconfiguration returns a json array containing provider templates and other information.
- Overworked login-dialog (includes regibill now).
- Writing invitations shows and ensures the maximum number of chars in free text.
- Main-menu graphically shows the account-type (standard/premium) using a special icon.
- AUTHTRANSMITURLGOODRESULT supports now RegularExpressions.
- optional function AuthTransNumberConvert() allows admins to prepare numbers before inserting to AUTHTRANSMITURL.
- regify provider now allows users to enter their mobile number and their international VAT code.
- Portal locks and highlights user-data fields that are not allowed to edit because of a valid authentication state.
- User choses his main-mailaddress from a dropdown-box now (reduces complexity for user).
- Register- and Invitation is now able to use SMS to send the password (AUTHTRANSMITURL needed).
- Added french as the third supported language (both portal and administration).
- Added PRINT option to "regibill standard" validation page.
Internal:
- Administration Login shows licence information (regify and external components).
- Configuration has been split into two files (new configuration_default.php).
- Monitoring now triggers a warning if there are mails stuck in the system (tblmailjobs).
- Switched sender and recipient auth-level check to clearing (keep old method for compatibility).
- Add "Protocol" parameter for regify-protocoll (to allow regibill and regipay).
- Client-Software update adds [SECURITY] and ProviderKey values automatically to customize.ini.
- While MySQL database update, absolutely all tables and varchar fields are getting converted to UTF8.
- Administration of Invoices shows no "Payed" button if the price is zero.
- Standard Buying-Dialog does not show price, if the price is zero.
- Overworked design of steps and some other small graphics.
- All Bubble-help functions now are encapsulated by a function (InsertBubbleHelp()).
- Some dialogs have been overworked to use tabs to get a more cleanup interface.
- Added automatic generation of REGIFY_TEMP.
- Added setting of session.save_path to configuration_default.php.
- some more elements are now using CSS class for display (changeable by provider).
- completely overworked file-handling in STYLE folders (_Filename for individual, others are defaults).
- added PhoneMobile and VATNumber field to users dialogs.
- the new phpAutoLogin.php allows fast and secure opening of pages from clients.
- Enhanced language handling in some routines (BubbleHelp etc.).
- Fix: fixed some optical issues in the default CSS file.
- Fix: raised the needed Auth-Level for the provider-sdk funtion UserAuthenticate().
- Fix: Fixed QuickSearch in Grpup-Administration (accidentally searched in html, too).
- Fix: Fixed Tab-Script on IE8 (only working in Compatibility Mode).
- Fix: Fixed missing OK value of Provider-SDK function maildelete.
- Fix: Fixed problem with managing administration roles in subprovider management.
- Fix: Fixed wrong SENDERSNEEDAUTHLEVEL assignment in UserSetSettings function.
- Fix: Fixed "headers allready sent" php error, if the administration console is opened using http:// only.
- Fix: Fixed problem with wrong language in "new password" mails (accidentally used the admins language instead of user language)
- Fix: Fixed wrong template encoding (utf-8 / 7bit) and a small Quoted Printable issue.
Update 01. March 2011 V2.8.0
In short:
- Better Internet-Explorer compatibility of portal- and administration-dialogs.
- Enhanced help- and shop-dialogs.
- Enhanced administration-dialogs.
- Improved security.
- Prepared for Linux compatibility.
Details:
new Features:
- Online-reader (webinterface) shows authentication-state using the same images than the regify-client.
- Better Internet-Explorer compatibility of portal- and administration-dialogs.
- Enhanced help-dialog now showing phone-numbers for support.
- Enhanced shop-dialog(s) now showing phone-number for invoicing support.
- Download pages are containing documentation download, too (currently only german).
Administration:
- Better displaying of admin-dialogs on small browser-windows.
- Main administration-menu shows information about stuck e-mails and allows fixing (re-send).
- Invoicing allows searching for all transactions of a person, in one click.
- The monthly status-mail now contains information about the number of premium-users that have registered in a given month. Additionally, this function shows the premium-state of these users after a year (only encoded in json encoded, machine-readable values).
- Unavailable administration-menu options are now greyed out for a better overview.
- User-management now shows inactivated users by default, too (yellow state and grey color).
Internal:
- Calculation of unlock-code is now customizable by the provider (type and length).
- Completely removed options to restart or relength reminder period of transactions.
- If phpMailJob.php recognizes a timeout (4 minutes), all available mails will increase the RETRYS column by 2. This avoids endless mails in case of a script error (if php canceles script).
- User-interface shows a warning image, if a user try's to use attachments greater than 5MB using the web-interface (send online by portal).
- Preloader-image for upload-information is now loaded directly on login page display.
- New option REGIFYDEFAULTIDENTITY to define the identity-file to use for online mailer.
- Possibility to use a java version of regifycmd. Upon this, a Linux version of the regify provider is possible now (this is the main reason to rise the minor build number to 8).
- Included Linux version of AppPack. This allows windows setup creation on Linux systems.
- Optimized some dialogs and language items to get a more provider-neutral context.
- The enforced document now include the hashcode to the filename. So it is impossible to download a document without knowing the document-id and his hashcode (prevent data-leakage).
- The online-viewer for regify-mails allows only non-critical tags to be displayed and filters script, iframe, object and other tags. The functionality of form- and input-tags still persist.
- Completely overworked the JavaScript handling and inclusions to reduce data traffic and site-speed.
- Renewed tooltip-help (new style and no need for a pre-defined div-container).
- Replaced all round ball icons with alpha-png versions (better displaying on different backgrounds).
- Replaced the step-images with png style blue button step-images.
- LastActivity flags is set for portal logins and direct invitations, too.
- The size of the download in both download-dialogs is now calculated and formated automatically.
- Fix: Fixed Provider-SDK problem with external invitations and invitiationer mailaddress as base64 encoded variable triggering ERROR 14.
- Fix: New members will not get a termination date at 23:59:59 but 00:00:00. As of this, now the first day counts as the first of the free days.
- Fix: Fixed some security issues on different locations.
Update 23. November 2010 V2.7.4
In short:
- "forgot password" link on login page.
- Showing telephone numbers for technical and billing support.
- SDK support GROUP-MASTER flag (allowing group access for GROUP-MASTERS).
- Enhanced invoice-handling.
- Mailaddresses and usernames may get a length of 100 chars now.
Details:
new Features:
- "forgot password" link on login page (shows information about how to get a new one).
- portal may show hotline phone-number for technical and billing support.
Administration:
- Users can get the GROUP-MASTER flag. It enables manipulation of all group-members using the provider-sdk.
- Managing and handling of invoices has been enhanced. You now can display open, payed and cancelled invoices in one dialog.
- Invoices can get filtered by user-id.
- New user-search dialog in Group-Data administration and admin-roles administration.
- Sub-Provider dialog is extended with support phone numbers.
- Better naming in the authentication-dialog enhances understandability of authentication-state.
Internal:
- Provider-SDK respects new GROUP-MASTER flag, too. This affects the following functions: GroupGet, GroupGetUsers, GroupAddUser, GroupRemoveUser, UserChange, UserGet, UserNewPassword, MailAdd, MailGet and MailDelete.
- The Settings-Dialog is now visible to premium- and standard-users (previously only to premium members).
- Extended the maximum length for usernames to 100 chars (former 45).
- Extended the maximum length for mailaddresses to 100 chars (former 45).
- regify.php returns real name and main mailaddress as login-result, too (affects only internal regify-protocol).
- Fix: fixed premium-membership calculation (only if standard mailcount has changed).
- Fix: fixed case sensitive search using oracle in different administration-dialogs.
- Fix: fixed ignoration of DEFAULTTWOSTEPPROCEDURE flag in phpInvite.php
- Fix: fixed IDS false positives on Google analytics (__utm?) and IBM SingleSignOn (LtpaToken) cookies.
Update 27. September 2010 V2.7.3
In short:
- better calculation of rest-time, if group-admin extends the group membership using shop.
- Administration allows grouping and ungrouping of users, too.
- Better compatibility of IDS with Google Analytics cookies and IBM LtpaToken.
- Portal supports optional HTTP proxy for external URL calls.
- SDK features now full transaction history access.
- SDK features now user authentication.
Details:
new Features:
- Special job to delete temporary user-data that is older than 10 Minutes (phpCleanUp.php). Please adapt Taskplaner or task_5min.cmd! This replaces the usage of delage32.exe (remove from task_daily.cmd).
- Invitation to foreign provider supports parameter [ia] (Invitationer Auth-Level) as placeholder for transmission of inviting-parameters to external provider.
- If a group-admin buys premium-membership for his group, and changes the max-account number, the system automatically compensates the rest-time together with the difference between the old number of accounts and the new one.
- Download-pages are showing the current regify-client version.
Administration:
- Administration allows grouping and ungrouping in user management dialog.
- Users with administrative privileges are not allowed to get deleted anymore.
- Administration prevents errors if an allready assigned address should get assigned to another user.
- Administration menu shows number of open authentication requests (blinks if > 0).
- Overworked administration-lists design (user styles for listfirst, listsecond)
- Fix: fixed a case-sensitivity problem with group user addition (only oracle)
- User-Administration shows number of hits.
- Administration-Dialog automatically switches to SSL url (in case it is only https:// and ONLY_HTTPS = TRUE).
Internal:
- IDS is adapted to work more tolerant on some special pages.
- Update PHPIDS from V0.6.3.1 to V0.6.4
- New Version of AppPack generates 48x48 regify icon using transparency for executable.
- EMERGENCYURL is only called if MAINTAINMODE is false (no SMS in manual maintenance-mode).
- Fix: Fixed wrong calculation of identity-hash (organisation has been missing).
- Support optional HTTP proxy for external URL calls (foreign provider invite, SMS calls etc.).
- QuickSearchField in Group-Administration (user-side) uses css-class now (additional class div.GroupQuickSearchField to regify.css).
- Added new functionality to register mailaddresses in clearing directly on activation. Currently, registration occurs automatically on first regify-usage. This may be to late and the provider now registers the address directly.
- SDK features now full transaction history access.
- SDK features now user authentication.
- phpLogin.php supports new hash-challenge login method for direct login (globe in client).
- Fix: fixed database insertion problem with message subjects longer than 100 chars (oracle).
- Fix: fixed problem with changing main mailaddress in user-administration (mailhash missing).
- Fix: fixed optical problems in PDF download of history with very long subjects.
- Fix: fixed a problem in SDK function userinvite, if the desired username is submitted, too.
- Fix: fixed a problem printing user-password in case of two step invitations.
- Final test and modifications for automatic update feature.
Update 02. July 2010 V2.7.2
new Features:
- PDF download of the complete transaction-history available.
- Complete rework of automatic update feature. In future the will be a ZIP file distributed, including all needed files and update_mysql.sql or update_oracle.sql. Now, this content is used for updating. Critical files will not get overwritten.
- Provider informs users and group-administrators about expiring premium-membership by e-mail. It is possible to define one or multiple intervalls to send such an expiration notification.
- Blacklist feature for invitations and registrations. The blacklist prevents registering of mailaddresses from such domains like trash-mail.com, spambog.ru, spamfree24.de and others.
Administration:
- User-Management shows a new column "group" that indicates the assigned group-id.
- Menu-Option "S" (downloads available) affects the download-link on the login-page, too.
- Removing a user from a group, and if that user has a longer premium-membership time as the assigned group, he will not get a standard-membership in that special case (only if SETPREMIUMANYTIME is FALSE).
- Fix: Viewer for phperror.log fixes wrong displaying of html tags (missing logout link).
Internal:
- new mail-template 20 (inform user about expiration of his premium-membership)
- Fix: fixed a settings-issue in connection to oracle databases.
Update 24. May 2010 V2.7.1
neue Features:
- Identity-Hash Verfahren implementiert (Clearing muss noch aktualisiert werden)
- Transaktions-History versteckt Doppel-Einträge, wenn der Kunde nicht die erweiterte Ansicht verwendet (vermindert Rückfragen)
Administration:
- Statistik zeigt die Grafiken nur noch über die letzten 24 Monate.
- Administration erlaubt nicht das hochsetzen des Transaktionslimits bei gruppierten Usern.
- Warnung, wenn Nutzerdaten von authentifizierten Nutzern verändert werden.
- Sicherheitsabfrage für "Authentifizierungsstatus zurücksetzen".
Internes:
- Neues User-Flag "I" für Benutzer, welche im SDK für eine Einladung einen speziellen User als Einlader angeben dürfen (benötigt also dafür keine Super-User Rechte).
- Gruppieren von Nutzern mit erhöhtem Transaktionslimit ist nicht mehr erlaubt.
- Authentifizierte Nutzer können Anschrift/Orga nicht mehr ändern.
- Mailjob löscht MailJob Lockdatei, wenn diese älter als 4 Minuten ist (Fallback).
- Fix: Fehler bei der Ausstellung von Identitätsdateien behoben (Angabe des AuthLevel fehlte).
- Fix: Fehler in der Anmeldeprozedur behoben (DATABASE: Error inserting with INSERT INTO tbluser SET USERTYPE=11...)
Update 30. April 2010 V2.7.0
neue Features:
- Unterstützung von Oracle als alternatives Datenbank-System zu MySQL.
- Benutzergruppen.
- Benutzergruppen mit eigener Gruppen-Administrator-Funktion.
- Intrusion Detection System PHPIDS wurde integriert (http://php-ids.org/)
- Einladungen können nun auch über Fremdprovider ausgesprochen werden.
- nicht innerhalb der Wiedervorlage geöffnete Transaktionen werden mit einem halben Punkt dargestellt (und grauem Text), wenn Sie im Anschluß doch geöffnet wurden.
- Das regify-Shopsystem ist nun in großen Teilen durch den Provider anpassbar. Die Unterstützung für eigene Shopsysteme und Anbindung weiterer Zahlungssysteme ist nun deutlich flexibler.
- Willkommensdialog nach Klick auf "Akzeptieren-Link" in den Mails ist neu gegliedert
- bessere Ansprache
- deutlichere Visualisierung zwischen lokaler Installation und Webnutzung
- Korrektur von Aussagen zum Setup-Assistent (startet nicht mehr autom. nach Setup)
- Authentifizierungsdialog wurde überarbeitet und kann nun individuell angepasst werden
- Wenn ein authentifizierter Nutzer eine Einladung ausspricht, so kann (optional) der eingeladene Nutzer direkt eine Authentifizierung erhalten (Net Of Trust).
- Offene Bestellungen können nochmals eingesehen werden (und nochmals in den Shop weiterleiten).
- Stellvertreter-Dialog zeigt nun einen erklärenden Informationstext.
SDK:
- SDK Funktion <inviteuser> kennt nun neue Parameter „invitation comment“, „personal message“, „username“, „invitationer full name“ und „invitationer organisation name“
- Fünf neue SDK Funtionen für vollständige Gruppenverwaltung hinzugefügt
- Neue SDK Funktion für "neues Kennwort zusenden" hinzugefügt
Administration:
- Administration erfolgt nun aufgrund von Administrations-Rollen.
- Konfigurationsdialog für Administrations-Rollen hinzugefügt (je Sub-Provider)
- Administration für Benutzergruppen und Domainlisten hinzugefügt
- Administration für Authentifizierung hinzugefügt
- Subprovider-Konfiguration optisch aufgeräumt und in ausklappbare Bereiche unterteilt
- Subprovider-Konfiguration erhielt eine Sicherheitsabfrage für "Subprovider löschen"
- Benutzerverwaltung bietet jetzt auch Sortierung nach "letzte Aktivität"
- Benutzerverwaltung kann User jetzt auch zu "Super-Usern" machen (für Provider-SDK)
- Konfiguration für Fremdprovider-Einladung hinzugefügt (je Sub-Provider)
- Der Statistik-Dialog wurde überarbeitet (übersichtlicher)
- Rechnungsverwaltung zeigt nun mehr Details (kompletter Bestelltext anzeigbar)
- Suche in Benutzern und Gruppen erkennt numerische Eingabe und sucht dann nach UserID
Internes:
- SDK unterstützt ein deutlich erweitertes "userinvite" (viel mehr Angaben)
- Umfangreiche SDK Funtionen zur Gruppenverwaltung
- Provider erlauben die Angabe von externen Einladungen an Fremdprovider
- der Provider versucht nun, die Clearing-Verbindung für eine User-Session konstant auf einem VPN-Kanal zu halten. Das ist Voraussetzung für den neuen Clearing-Betrieb.
- update.php enthält eine Option um den MySQL Master-Master Replikationsbetrieb vorzubereiten
- Subprovider können nun über STYLE/_LanguageShop.php auch eigene Shop-Sprachtexte angeben
- Die Monitoring-Option "type=monitoring" gibt nun OK, WARNING oder ERROR zurück. So kann besser zwischen kritischen und unkritischen Provider-Zuständen unterschieden werden.
- Das Maintenance-Failover wurde überarbeitet und wirkt nun besser auch mit einem Ausfall des CryptoServer.
- Wenn der Provider aufgrund eines Totalausfalles beim Clearing oder CryptoServer in den Maintenance-Modus geht, dann kann man jetzt eine URL aufrufen lassen (zB SMS-Versand).
- Der monatliche Statusreport an regify kann nun optional zusätzlich in Klartext an eine weitere Mailadresse versendet werden (zB Provider selbst).
- Die zu verwendenden Passwortlängen lassen sich nun Providerweit in der configuration.php definieren. Sprachtexte für zweistufige Anmeldung passen sich automatisch an.
- Menüseite der Nutzer zeigt Premium-Laufzeiten > 10 Jahre als *unbegrenzt*
- Die Session-ID wird bei jeder relevanten Aktion im Portal neu generiert (mehr Sicherheit).
- Der Administrationsdialog besteht nun ebenfalls auf SSL, wenn ONLY_HTTPS = TRUE gesetzt wurde.
- Verzögerung nach Fehl-Logins auf eine Zufallszeit zwischen 1 und 5 Sekunden geändert um Bruteforce-Angriffe deutlich zu erschweren (mehr Sicherheit).
- Nutzer, welche sich in der Community-Version löschten, werden 30 Tage danach endgültig aus der Datenbank gelöscht (ohne manuelles zutun).
- Fehlerhafte Logins (zB Benutzername/Passwort falsch) verursachen eine Zeitverzögerung von ein bis fünf Sekunden (Zufall). Dadurch werden Bruteforce-Angriffe wirkungsvoll gebremst.
- Template 11 erhielt die Anrede des Benutzers
- Template 12 erhielt einen Datum/Zeit Platzhalter.
- Fix: Einladungsdialog hat den Haken für "zweistufiges Kennwortverfahren" bei Fehleingaben im Anschluss vergessen (musste nochmal geklickt werden). Behoben.
- Fix: Problem mit leeren regify Mails behoben (online erstellt), wenn man schnell hintereinander den Erstellen-Dialog öffnet (alte rgf wurde dann vor dem Versand gelöscht).
- Neu: Ablage der rgf-Dateien in extra Unterverzeichnissen.
- Fix: Einladungsdialog-Problem mit ; (semicolon) im Freitext behoben (wird durch : ersetzt)
- Fix: An vielen Stellen wurde die Unterstützung von Sonderzeichen verbessert.
- Fix: Registrierungsseite hat nun einen "Startseite"-Button um zurückzukehren.
CSS Aktualisierung:
- neu: tableUserChoice
- neu: input[type=button] und input[type=submit] bekommen "cursor: pointer;"
- neu: a und a.small erhalten "cursor: pointer;"
- neu: OkDialog
- neu: listsecond hat weissen Hintergrund
- verändert: BrownBox (padding-bottom)
- removed: tableBoxText
- removed: div.MembershipBox
configuration.php:
- neu: define('SETPREMIUMANYTIME', TRUE);
- neu: define('IDSPATH', "");
- neu: define('IDSTRESHOLD', TRUE);
- neu: define('EMERGENCYURL', "");
- neu: define('SHOPCURRENCY', "EUR");
- neu: define('CUSTOMSHOP', FALSE);
- neu: define('ORDERPAGEUSER', "");
- neu: define('ORDERPAGEADMIN', "");
- neu: define('USERPASSWORDLENGTH', 8);
- neu: define('USERPASSWORDLENGTHTWOSTEP', 12);
- neu: define('INVITATIONAUTHTOLEVEL', 0);
- neu: define('INVITATIONAUTHONLYSDK', TRUE);
- neu: define('AUTHTRANSMITURL', $url);
- neu: define('AUTHTRANSMITURLGOODRESULT', "100");
- neu: include_once("funcForm.php"); nach funcGadget.php
- neu: $AdminRoles[]
- entfernen: AUTHALLOWPERSON
- entfernen: DEFAULTAUTHENTICATIONSTYLE