Changelog Provider

From regify WIKI
Revision as of 14:03, 8 June 2015 by Regify (talk | contribs) (Added 4.0.1 information)
Jump to navigation Jump to search

Information

Only the last few change-logs are available here for reference. Some older change-logs ( < V2.7.2 ) are currently only available in German.

Update 08. June 2014 V4.0.1

Patch release

  • Fixed problems while reading regimails on-line using Microsoft Internet Explorer.
  • Updated Apache cipher-suite
    • Making sure that RC4 encryption algorithm is never used any more for SSL/TLS connections - it was secure before but there have been very rare situations where it still was possible.
    • Disabling DHE_EXPORT from available cipher suites (Logjam attack).
  • Added an additional "Downloads" link to the "my account" sub-menu (on users request).
  • Fixed on-line reading dialogue. It displayed a long list of recipients in one long line instead of doing word-wrap.
  • Fixed CSS to prevent some older web-browsers from displaying a big box around checkboxes (eg Opera).
  • Fixed the CSS design of some pages during user registration and password reset.
  • Fixed a problem for printing an on-line opened regimail (it only printed the visible part).
  • Fixed some typos and bad translations.
  • Added the appliance documentation PDF to the web-administration documents page.
  • Fixed displaying the old regify slogan in the logo at /pay.php (logo at the bottom of the page).
  • Fixed some small design and layout specific issues.

Update 19. May 2015 V4.0.0

In short

  • Completely re-engineered user navigation and new default design.
    • Less clicks needed as main actions are reached by one click.
    • Not so common menu entries moved to sub menus.
    • The new layout scales fine to different screen resolutions including mobile screens (responsive design).
    • Enhanced and more customization options.
    • Additional "Account summary" page.
    • Self learning to provide you with the most likely dialogue page upon login.
  • regibox integration.
  • Writing regimails online is now end-to-end encrypted by using JavaScript to encrypt/decrypt locally in the users web-browser.
  • regichat will offer default text templates. They can quickly get inserted to the chat window.
  • If no regichat responsive is available, the customer will get informed that he should come back later.

Details

New features:

  • Completely reworked user navigation and new default design.
  • New scripting and customizing features (codeHeader.php and codeFooter.php).
  • regibox integration.
  • regichat now offering text templates.
  • Enhanced regichat behaviour in case of no available chat responsive.
  • Enhanced notification on new orders for administrators.
  • Improved registration page design.
  • Administration now also offers CSV import to invite users (optionally into a group).
  • Updated downloads page (now providing setups from our central regify servers, added regibox client).
  • Better advertising if user is using regify account without regimail professional.
  • Administration is now offering a dialogue for (sub)provider menu flags (now usable with simple checkboxes).
  • Extra regipay landing point (pay.php) allowing employees to easily read regipays without confusion by other functionality.
  • New regibox related reports.

Internals:

  • Updated user data page to be more responsive on errors (re-factored the whole page).
  • Enhanced CSV import (group invitations) to accept more formats and auto-detect utf8 encoding.
  • Fixed several spelling errors in all languages.
  • All PDF documentation in admin pages is now using a unified layout.
  • Enhanced Provider-SDK to also support new regibox features and complete regichat options.
  • Provider management "maintenance mode" button is now making permanent entry in configuration.php (no automatic restore anymore).

Update 17. December 2014 V3.5.2

Patch release

  • Fixed user-admin dialogue problem in French administration.
  • Fixed some monitoring issue causing standard monitoring call to fail.
  • Fixed problem that forced users to enter a phone number in user data dialogue if the provider does not use a SMS gateway.
  • Fixed an issue regarding the e-mail template used for password reset (sometimes using main provider template instead of subprovider).
  • Fixed a problem not displaying all countries and country-codes of countries with the same country-code (eg +1).
  • Fixed an issue with invitation of additional regichat users during a running chat if the chat-interface is in French language.
  • Updated some authentication related language sentences.
  • Updated OS bash to be ShellShock proof (The regify provider was not vulnerable to ShellShock attacks because there is no CGI running).
  • The appliance will no longer support SSLv3 to protect against SSLv3 issues (Poodle attack vector). This will cause IE6 to no longer work.

Update 28. August 2014 V3.5.1

Patch release

  • Fixed a minor bug.

Update 30. July 2014 V3.5

In short

  • New product regichat.
  • New product regigate.
  • Users can chose their own regify account password (optional).
  • Groups can get defined as representatives.

Details

New features:

  • Including new regify client V4.0.0 setups.
  • Added regichat feature to the regify provider.
  • Added regichat API and API-Token handling.
  • Added regichat shopping pages.
  • Added regigate features and interfaces to the regify provider including HA (high availability).
  • Enhanced registration dialogue (more clear, more easy, reduced number of fields).
  • Enhanced optical styles (more modern).
  • Now supporting groups as representatives (max. 5 times).
  • Bank data dialogues now supporting IBAN and BIC values (IBAN is validated).
  • Password reset dialogue now allowing users to enter their own password (optionally, with strength check).
  • Dialogues now displaying the country names respecting the users chosen language (previously, always English).
  • Allow admins to send unlock-code directly from manual authentication dialogue.
  • The captcha for password reset is now more easy to read.
  • Added enhanced logging viewer for administrators (master role only).
  • Updated administrators user management dialogue to encapsulate options to some popup.
  • Enhanced mobile number dialogues with country code dropdown showing country name.
  • Subprovider administrators now also allowed to export payment- and user-data (administration role based).

Internals:

  • Now supporting PFS (Perfect Forward Secrecy) for https connections with most modern browsers (reaching A- rating at Qualys test site).
  • Enhanced IDS (Intrusion Detection System) to be generally more tolerant about cookies.
  • Various speed optimizations.
  • Added automatic database replication test (sending e-mail in case of replication failure).
  • Added various CSRF (Cross-Site-Request-Forgery) checks to secure the pages.
  • Group handling dialogues now working for up to 1000 users (500 before).
  • Make provider-SDK more tolerant about existing but deleted user entries e-mail addresses.
  • Enhanced handling of clearing failures.
  • Added disk size checking (free disk space) for standard monitoring call.
  • SMS sender name is now made from the providers domain.
  • SalesID value is taken over from users to newly invited users.
  • SalesID can be pre-given with a special link to the registration page.
  • Added extra "X-regifyMailAgent: regimail" header to regimails sent online.

Fixes:

  • Fix: Fixed several typos in language sentences.
  • Fix: Fixed wrong username length check in userdata edit dialogue.
  • Fix: Enhanced daily job in case of more than 10'000 transactions a day (script timeout on slower machines).
  • Fix: Fixed some IE8 related incompatibilities (internal network access only).
  • Fix: Enhanced MIME encoding of attached files for e-mails sent by the regify provider.

Update 27. March 2014 V3.4.2

Patch release

  • Enhanced registration GUI.
  • Updated blackberry client to V1.8.3 (now supporting new cryptographic standards for upcoming systems).
  • Changing date display for French language (better formatted).
  • Various dialogue enhancements (password reset, registration, invitation).
  • Enhanced IDS check to also ignore ShareThis and some Google tracking cookies.
  • Making a user a regimail mass sender now automatically deactivates all notifier e-mail messages.
  • Some admin dialogues now automatically offering respective PDF documentation for download.
  • Ignore double entered users in shop dialogue (handled as one entry only).
  • If shop is in manual process mode, the ordering process is more automated.
  • Added phone number validation for password reset from the administration.
  • Enhanced admins password reset dialogue (better descriptions and better SMS support).
  • Captcha background is always solid now (no longer transparent, showing background images).
  • Any IE7 compatibility is removed now. The regify provider will not work with IE6 or IE7 any more!
  • regify changed his slogan and therefore the default logos have changed.
  • Fix: Fixed some regibill validation problem with invalid PDF's and drag&drop upload.
  • Fix: Fixed some XSS and CSRF attack vectors.
  • Fix: Fixed some login problem in an edge case (client SDK related).
  • Fix: Fixed IE8 switching to quirks-mode if provider is accesses from internal network.
  • Fix: Fixed minor bug in provider if username contains ´ character in invitation function.
  • Fix: Fixed a lot of typos and spelling errors.
  • Fix: Fixed problems in changing mobile number dialogue of non SMS enabled providers.

Update 07. November 2013 V3.4.1

Bugfix release

  • Enhanced some SMS dialogs (being more explaining).
  • Enhanced IDS check to also ignore ShareThis tracking cookies.
  • Fix: Fixed a CSS bug that caused the download link to jump up when the registration link is disabled.
  • Fix: Fixed some registration bug where, in some special cases, an e-mail address is left in the database of the provider.
  • Fix: Preventing some false "headers already sent" alerts in log.
  • Fix: Problem with missing sender name in online created regimails.
  • Fix: Fixed bug in Provider-SDK invitation resulting in missing Organisation name and AuthType information.
  • Fix: Some error messages have not been logged to error-log.
  • Fix: Fixed tab-order on registration page (order you step through the fields by using tab key).
  • Fix: Fixed problem returning to productive state after some clearing failure.

Update 09. October 2013 V3.4

In short

  • Complete revised and redesigned registration and password reset process and dialogs.
  • Enhanced usage of SMS for security related processes and user communication.
  • Completely revised login dialog (removed one tab and combined login and reading).
  • Allowing drag&drop upload of files (online reading, writing).

Details

New features:

  • Completely revised and redesigned registration and password reset process and dialogs.
  • Included regify provided SMS gateway for easy SMS usage.
  • Completely revised login dialog (removed one tab and combined login and reading).
  • Allowing drag&drop upload of files (online reading, writing).
  • Slow file uploads now showing an upload progress bar (online reading, online writing).
  • Option to chose the sender address during online writing (if multiple e-mail addresses are given).
  • Added export functions for userdata and invoicing data (both exporting XML or CSV).
  • Users now can see how long the web session stays active (on upper right). If it turns inactive, logout is called automatically.
  • Transaction history views (regimail, regibill, regipay) now all allowing search and multiple pages.
  • Transaction history views (regimail, regibill, regipay) now all allowing PDF download.
  • Showing MySQL replication info in provider management dialog (administration).
  • Enhanced usage of SMS for security related processes and user communication.
  • Password reset can forward the request to the users "real" provider (by using PLS).
  • Provider statistics now using modern graphics and animation for displaying more values.
  • Provider statistics now showing member growth instead members per month.
  • Added ToDo feature to help administrators to keep their provider clean and updated.
  • Setup wizard now also supporting proxy server.

Internals:

  • Added support for special connectors allowing integration of archives or hybrid mail to the provider.
  • Added "Mass Sender" type of user (now regimail professional, regimail private, regimail mass sender).
  • Provider appliance does no longer need root CA certificates during certificate import.
  • Provider appliance now supporting VLAN's and network interface bonding.
  • Provider appliance runs its own DNS server.
  • Now the provider appliance supports automatic backups to SMB shares.
  • Provider appliance now offers complete diagnostics function to finish installation and help fix networking issues.
  • Now it is possible to restrict SSH access to provider appliance to local subnet only.
  • Supporting password reset by PLS request.
  • Enhanced Provider-SDK functions and added some more status codes.
  • Supporting quick connection check by client software.
  • Provider-SDK function usernewpassword now supporting more parameters.

Fixes:

  • Enhanced unicode capability for online writing and reading regimails.
  • Removed length fixation of wizard field for clearing password.
  • Limit number of coupon code days to max 365.
  • Prevent some re-POST questions in FireFox and IE in provider customization dialog after an image was uploaded.
  • Supporting more CSV file formats for group invitations.
  • Fixed problems downloading XML reports in IE8.
  • replaced deprecated <blink> tag by CSS animation.
  • Added SAP single sign-on cookie exceptions to IDS (no longer triggering error).
  • Fixed a lot of translation typos and errors.
  • Check for updates in provider appliance also checks for multiple updates.
  • Some security related enhancements.
  • Some web configuration wizard settings have not been persistant if wizard was re-run.
  • Provider-SDK function usergetsettings now correctly returning numeric 1/0 instead of true/false.

Update 26. April 2013 V3.3.3

Bugfix release

  • Updated regify client setup to V3.10.0.1233.
  • Updated regify client deployment documentation.
  • Adding new regify protocol V2 support (needed for next versions of regibill and regipay desktop).
  • Prevent second monthly report on multiple replicated systems.
  • Fixed problem with visible HTML tags in PayPal shop pages and regibill transaction history.
  • Fixed missing download link for RGF file if email sending on portal failed (online writing).
  • Fixed resetting language to browser default in popup windows (eg Terms) on some webbrowsers.
  • Fixed error message 'missing function getFrom()' in some loadbalancer environments.
  • Fixed swapped displaying of regibill standard and premium counters on administration pages.

Update 11. January 2013 V3.3.2

Bugfix release

  • Fixed problem while online reading if username contains umlaute (error 10 during reading).
  • Fixed file permission problem if files are replicated over master-master replication (access denied during customization).
  • Ensures that users are not getting deleted on local regify provider if clearing access is not possible.

Update 2. November 2012 V3.3.1

Bugfix release and some new features

  • Enhanced "open regify-file" tab on login screen (more easy to understand and use).
  • Enhanced file size checking for online reading.
  • Added MacOS client download links on all download pages.
  • Allow free entering of users title (administration interface).
  • After account activation, the DOWNLOAD button now points to correct download location for your OS (Win, MacOS, iOS, Android).
  • Prevent uploading files in maintenance mode (validate regibill, upload on login).
  • Fixed Intrusion Detection System (IDS) problem while sending online with certain messages.
  • Fixed upload problem with Chrome browser while validating regibill standard.
  • Fixed some problem while online reading chinese encoded messages.
  • Fixed tool tip text help for regibill and regipay transaction archive.
  • Fixed some IE7 and IE8 JavaScript issues for validating regibill standard.
  • Fixed displaying wrong number of transactions left if user was regimail private and previously had some extended transaction limit.
  • Fixed problem preventing sub-provider admins from editing their customizing files.

Update 24. September 2012 V3.3

In short

  • Download the regibill validation report as PDF document.
  • Every subprovider gets his own payment and shop options (incl. PayPal).
  • User login is possible with e-mail address instead of username, too.

Details

New features:

  • Download the regibill validation report as PDF document.
  • Login will be possible with e-mail address instead of username, too.
  • Users are getting an email about successfull authentication, too.
  • Support for PLS service (makes users initial client installation much more easy).
  • Favicon will be customizable for each subprovider (png format, only for non IE browsers).
  • Full customizing synchronisation in clustered setups.
  • New maintenance dialog with new options in administration (DB synchronization, maintenance).
  • All users having a sales-id field, too (free to enter anything).
  • User administration allows moving users easily between subproviders.
  • Administration gives now access to users internal bank account.
  • Every subprovider gets his own payment and shop options (incl. PayPal).
  • Enhanced customizing editor in administration (codemirror update).
  • Individual report-code in free intervals for professional services.
  • All regify premium texts are now fully translated to regimail standard and regimail professional.
  • Internal optimizations on cryptography (faster).
  • Unlock codes will be output in blocks of four (more easy to read and enter).
  • Enhanced upload dialog for files (rgf files, regibill validation, online writing etc.)
  • Updated software deployment documentation to new regify clients V3.9.
  • The transaction history export as PDF now fully supports unicode characters for message subjects.

Internals:

  • Overworked session handling allows user- and admin-session in the same browser at a time.
  • Sessions are now timing out depending on last activity.
  • Enhanced IE compatibility.
  • Some english and french translation has been revised (better).
  • Complete CSS styled bubble help (fully customizable now).
  • Provider statistics no longer uses Google Charts API (administration).
  • Enhanced framebuster framework regarding OWASP suggestions.
  • Added ALLOWROAMING flag to enable/disable roaming participation for provider.
  • Obligatory attachments now allowing .docx format.
  • Setup packing using AppPack and signing of the setups is no longer needed for regify client 3.9 or higher.
  • Changed regibill & regipay invoicing interval to weekly by default.
  • Completely overworked logging mechanisms.
  • Updated default mail_blacklist.txt (added some more spamming domains).
  • Maximum authentication level of non-certified regify providers is limites to three.
  • Enhanced regify client protocoll (getconfiguration and login functions).
  • Fix: Changing admin roles no longer needs logout/login to work.
  • Fix: Prevent users from deleting their account if they have an administration role.
  • Fix: Fixed problems if user data contains single quotes in two dialogs.
  • Fix: Fixed problem writing online regimails after user changed his username in same session.
  • Fix: Fixed problem writing online regimails after auto-login from client.
  • Fix: Fixed bad layouting if provider does not allow the Downloads option on login page.
  • Fix: Added french translation for default footer content.
  • Fix: Added french translation for default terms and conditions and default prices page.
  • Fix: Fixed session error for printing passwords dialog.
  • Fix: Fixed problem if subject of online written regimails starting with minus.
  • Fix: Fixed ignoring two-step password method while sending external invitation.

Update 11. May 2012 V3.2.4

Bugfix release

  • fixed problem signing executables using a proxy server.
  • added PLS support (provider lookup service).
  • added more debugging options to web-calls (cURL).
  • fixed httpd autostart problem on appliance restart.
  • updated appliance Apache and mod_ssl to CentOS release version httpd-2.2.15-15 and mod_ssl-2.2.15-15.

Update 01. March 2012 V3.2.3

Bugfix release

  • fixing invitation calls using internal proxy.
  • fixing missing re-send dialog for users authenticated using text messages (sms).
  • fixing problems with PayPal accounts and adding more detailed PayPal information to order.
  • fixed occasional problem receiving regify_default_message.html on systems with subproviders.

Update 20. December 2011 V3.2.1 (Public since 01. Feb. 2012)

In short:

  • complete regibill and regipay integration.
  • Support for regimail private feature.
  • Re-send unlock-code by SMS initiated by the user itself.
  • Automatically signs regify-client setups (signed files for download by users).

Details:

New features:

  • Enhanced guidance for users who recently have authenticated.
  • Enhanced setup-wizard (after installation).
  • Enhanced customization dialog in administration.
    • allows editing of all customization files in administration portal (browser).
    • supports syntax highlighting for PHP, HTML, CSS and JavaScript.
    • allows management of customized images.
  • Better recognizable membership-state icons.
  • Enhanced CSS design and more elements that allow CSS style options.
  • New subprovider option to force SSL URLS even if ONLY_HTTPS is false (Loadbalancer).
  • If a group-admin resets passwords, they are now sent using SMS, too.

Internals:

  • Updated handling of files in STYLE folder ('_' marks manipulated data, others remnain default).
  • Added customization dialog to subprovider admin role.
  • Better styled Download-page (with Operating-System icons).
  • User-Administration shows users counters (regimail, regipay, regibill).
  • Removed cookie usage for regify.php (affects only Client-SDK connections).
  • Switched regifycmd to most recent version (incl. SDK).
  • Enhanced Debug-Options for the portal.
  • Removed GMTDIFFERENCE setting by replacing it with some automation (server timezone).
  • Fix: Fixed bug with UTC-0 time in Identity-File.
  • Fix: Fixed JavaScript bug in JS/jsDialogs.js that occured on IE only.
  • Fix: Fixed problem while login with username containing + or &.
  • Fix: Fixed IDS problems with false positives on online writing regify messages.
  • Fix: Fixed e-mail line feed madness by adding optional MTA_ADDS_CRLF switch.
  • Fix: Fixed some issues while online sending regimail messages on redundant systems.

Appliance:

  • Added configuration of NTP server.
  • Enhanced hints for SSL certificate import.
  • Better "View Database Status" dialog.
  • Enhanced handling of user-manipulated files in STYLE folder.
  • Supports automatic updates with updates.regify.com.
  • Fix: changing provider servername in SSL mode breaks apache config.
  • Fix: After failure of SSL certificate import, the SSH session crashed.

Update 12. September 2011 V3.0.1

In short:

  • regibill and regipay integration
  • supporting french as additional language
  • comprehensive SMS support (registering, invitations etc.)
  • enhanced and more clear login dialog
  • many dialogs have been enhanced (user and administration)
  • extended CSS support for more customizing possibilities
  • supporting the regify Android app (free of charge in Google Market)
  • delivery of the new regify-Client V3.7
    • AddIn for Thunderbird supporting V4 to V7
    • enhanced Outlook AddIn (save unencrypted copy while sending)
    • better Proxy-Server support
    • answer directly using Lotus Notes (Windows)

Details:

new Features:

  • System manages bank-account for every user including direct debit authority checkbox.
  • System allows to manage regimail, regibill and regipay by transaction.
  • new Provider-SDK function mailcheckassignment to check, if an e-mail account is allready assigned to the service.
  • new provider-protocol function getconfiguration returns a json array containing provider templates and other information.
  • Overworked login-dialog (includes regibill now).
  • Writing invitations shows and ensures the maximum number of chars in free text.
  • Main-menu graphically shows the account-type (standard/premium) using a special icon.
  • AUTHTRANSMITURLGOODRESULT supports now RegularExpressions.
  • optional function AuthTransNumberConvert() allows admins to prepare numbers before inserting to AUTHTRANSMITURL.
  • regify provider now allows users to enter their mobile number and their international VAT code.
  • Portal locks and highlights user-data fields that are not allowed to edit because of a valid authentication state.
  • User choses his main-mailaddress from a dropdown-box now (reduces complexity for user).
  • Register- and Invitation is now able to use SMS to send the password (AUTHTRANSMITURL needed).
  • Added french as the third supported language (both portal and administration).
  • Added PRINT option to "regibill standard" validation page.

Internal:

  • Administration Login shows licence information (regify and external components).
  • Configuration has been split into two files (new configuration_default.php).
  • Monitoring now triggers a warning if there are mails stuck in the system (tblmailjobs).
  • Switched sender and recipient auth-level check to clearing (keep old method for compatibility).
  • Add "Protocol" parameter for regify-protocoll (to allow regibill and regipay).
  • Client-Software update adds [SECURITY] and ProviderKey values automatically to customize.ini.
  • While MySQL database update, absolutely all tables and varchar fields are getting converted to UTF8.
  • Administration of Invoices shows no "Payed" button if the price is zero.
  • Standard Buying-Dialog does not show price, if the price is zero.
  • Overworked design of steps and some other small graphics.
  • All Bubble-help functions now are encapsulated by a function (InsertBubbleHelp()).
  • Some dialogs have been overworked to use tabs to get a more cleanup interface.
  • Added automatic generation of REGIFY_TEMP.
  • Added setting of session.save_path to configuration_default.php.
  • some more elements are now using CSS class for display (changeable by provider).
  • completely overworked file-handling in STYLE folders (_Filename for individual, others are defaults).
  • added PhoneMobile and VATNumber field to users dialogs.
  • the new phpAutoLogin.php allows fast and secure opening of pages from clients.
  • Enhanced language handling in some routines (BubbleHelp etc.).
  • Fix: fixed some optical issues in the default CSS file.
  • Fix: raised the needed Auth-Level for the provider-sdk funtion UserAuthenticate().
  • Fix: Fixed QuickSearch in Grpup-Administration (accidentally searched in html, too).
  • Fix: Fixed Tab-Script on IE8 (only working in Compatibility Mode).
  • Fix: Fixed missing OK value of Provider-SDK function maildelete.
  • Fix: Fixed problem with managing administration roles in subprovider management.
  • Fix: Fixed wrong SENDERSNEEDAUTHLEVEL assignment in UserSetSettings function.
  • Fix: Fixed "headers allready sent" php error, if the administration console is opened using http:// only.
  • Fix: Fixed problem with wrong language in "new password" mails (accidentally used the admins language instead of user language)
  • Fix: Fixed wrong template encoding (utf-8 / 7bit) and a small Quoted Printable issue.

Update 01. March 2011 V2.8.0

In short:

  • Better Internet-Explorer compatibility of portal- and administration-dialogs.
  • Enhanced help- and shop-dialogs.
  • Enhanced administration-dialogs.
  • Improved security.
  • Prepared for Linux compatibility.

Details:

new Features:

  • Online-reader (webinterface) shows authentication-state using the same images than the regify-client.
  • Better Internet-Explorer compatibility of portal- and administration-dialogs.
  • Enhanced help-dialog now showing phone-numbers for support.
  • Enhanced shop-dialog(s) now showing phone-number for invoicing support.
  • Download pages are containing documentation download, too (currently only german).

Administration:

  • Better displaying of admin-dialogs on small browser-windows.
  • Main administration-menu shows information about stuck e-mails and allows fixing (re-send).
  • Invoicing allows searching for all transactions of a person, in one click.
  • The monthly status-mail now contains information about the number of premium-users that have registered in a given month. Additionally, this function shows the premium-state of these users after a year (only encoded in json encoded, machine-readable values).
  • Unavailable administration-menu options are now greyed out for a better overview.
  • User-management now shows inactivated users by default, too (yellow state and grey color).

Internal:

  • Calculation of unlock-code is now customizable by the provider (type and length).
  • Completely removed options to restart or relength reminder period of transactions.
  • If phpMailJob.php recognizes a timeout (4 minutes), all available mails will increase the RETRYS column by 2. This avoids endless mails in case of a script error (if php canceles script).
  • User-interface shows a warning image, if a user try's to use attachments greater than 5MB using the web-interface (send online by portal).
  • Preloader-image for upload-information is now loaded directly on login page display.
  • New option REGIFYDEFAULTIDENTITY to define the identity-file to use for online mailer.
  • Possibility to use a java version of regifycmd. Upon this, a Linux version of the regify provider is possible now (this is the main reason to rise the minor build number to 8).
  • Included Linux version of AppPack. This allows windows setup creation on Linux systems.
  • Optimized some dialogs and language items to get a more provider-neutral context.
  • The enforced document now include the hashcode to the filename. So it is impossible to download a document without knowing the document-id and his hashcode (prevent data-leakage).
  • The online-viewer for regify-mails allows only non-critical tags to be displayed and filters script, iframe, object and other tags. The functionality of form- and input-tags still persist.
  • Completely overworked the JavaScript handling and inclusions to reduce data traffic and site-speed.
  • Renewed tooltip-help (new style and no need for a pre-defined div-container).
  • Replaced all round ball icons with alpha-png versions (better displaying on different backgrounds).
  • Replaced the step-images with png style blue button step-images.
  • LastActivity flags is set for portal logins and direct invitations, too.
  • The size of the download in both download-dialogs is now calculated and formated automatically.
  • Fix: Fixed Provider-SDK problem with external invitations and invitiationer mailaddress as base64 encoded variable triggering ERROR 14.
  • Fix: New members will not get a termination date at 23:59:59 but 00:00:00. As of this, now the first day counts as the first of the free days.
  • Fix: Fixed some security issues on different locations.

Update 23. November 2010 V2.7.4

In short:

  • "forgot password" link on login page.
  • Showing telephone numbers for technical and billing support.
  • SDK support GROUP-MASTER flag (allowing group access for GROUP-MASTERS).
  • Enhanced invoice-handling.
  • Mailaddresses and usernames may get a length of 100 chars now.

Details:

new Features:

  • "forgot password" link on login page (shows information about how to get a new one).
  • portal may show hotline phone-number for technical and billing support.

Administration:

  • Users can get the GROUP-MASTER flag. It enables manipulation of all group-members using the provider-sdk.
  • Managing and handling of invoices has been enhanced. You now can display open, payed and cancelled invoices in one dialog.
  • Invoices can get filtered by user-id.
  • New user-search dialog in Group-Data administration and admin-roles administration.
  • Sub-Provider dialog is extended with support phone numbers.
  • Better naming in the authentication-dialog enhances understandability of authentication-state.

Internal:

  • Provider-SDK respects new GROUP-MASTER flag, too. This affects the following functions: GroupGet, GroupGetUsers, GroupAddUser, GroupRemoveUser, UserChange, UserGet, UserNewPassword, MailAdd, MailGet and MailDelete.
  • The Settings-Dialog is now visible to premium- and standard-users (previously only to premium members).
  • Extended the maximum length for usernames to 100 chars (former 45).
  • Extended the maximum length for mailaddresses to 100 chars (former 45).
  • regify.php returns real name and main mailaddress as login-result, too (affects only internal regify-protocol).
  • Fix: fixed premium-membership calculation (only if standard mailcount has changed).
  • Fix: fixed case sensitive search using oracle in different administration-dialogs.
  • Fix: fixed ignoration of DEFAULTTWOSTEPPROCEDURE flag in phpInvite.php
  • Fix: fixed IDS false positives on Google analytics (__utm?) and IBM SingleSignOn (LtpaToken) cookies.

Update 27. September 2010 V2.7.3

In short:

  • better calculation of rest-time, if group-admin extends the group membership using shop.
  • Administration allows grouping and ungrouping of users, too.
  • Better compatibility of IDS with Google Analytics cookies and IBM LtpaToken.
  • Portal supports optional HTTP proxy for external URL calls.
  • SDK features now full transaction history access.
  • SDK features now user authentication.

Details:

new Features:

  • Special job to delete temporary user-data that is older than 10 Minutes (phpCleanUp.php). Please adapt Taskplaner or task_5min.cmd! This replaces the usage of delage32.exe (remove from task_daily.cmd).
  • Invitation to foreign provider supports parameter [ia] (Invitationer Auth-Level) as placeholder for transmission of inviting-parameters to external provider.
  • If a group-admin buys premium-membership for his group, and changes the max-account number, the system automatically compensates the rest-time together with the difference between the old number of accounts and the new one.
  • Download-pages are showing the current regify-client version.

Administration:

  • Administration allows grouping and ungrouping in user management dialog.
  • Users with administrative privileges are not allowed to get deleted anymore.
  • Administration prevents errors if an allready assigned address should get assigned to another user.
  • Administration menu shows number of open authentication requests (blinks if > 0).
  • Overworked administration-lists design (user styles for listfirst, listsecond)
  • Fix: fixed a case-sensitivity problem with group user addition (only oracle)
  • User-Administration shows number of hits.
  • Administration-Dialog automatically switches to SSL url (in case it is only https:// and ONLY_HTTPS = TRUE).

Internal:

  • IDS is adapted to work more tolerant on some special pages.
  • Update PHPIDS from V0.6.3.1 to V0.6.4
  • New Version of AppPack generates 48x48 regify icon using transparency for executable.
  • EMERGENCYURL is only called if MAINTAINMODE is false (no SMS in manual maintenance-mode).
  • Fix: Fixed wrong calculation of identity-hash (organisation has been missing).
  • Support optional HTTP proxy for external URL calls (foreign provider invite, SMS calls etc.).
  • QuickSearchField in Group-Administration (user-side) uses css-class now (additional class div.GroupQuickSearchField to regify.css).
  • Added new functionality to register mailaddresses in clearing directly on activation. Currently, registration occurs automatically on first regify-usage. This may be to late and the provider now registers the address directly.
  • SDK features now full transaction history access.
  • SDK features now user authentication.
  • phpLogin.php supports new hash-challenge login method for direct login (globe in client).
  • Fix: fixed database insertion problem with message subjects longer than 100 chars (oracle).
  • Fix: fixed problem with changing main mailaddress in user-administration (mailhash missing).
  • Fix: fixed optical problems in PDF download of history with very long subjects.
  • Fix: fixed a problem in SDK function userinvite, if the desired username is submitted, too.
  • Fix: fixed a problem printing user-password in case of two step invitations.
  • Final test and modifications for automatic update feature.

Update 02. July 2010 V2.7.2

new Features:

  • PDF download of the complete transaction-history available.
  • Complete rework of automatic update feature. In future the will be a ZIP file distributed, including all needed files and update_mysql.sql or update_oracle.sql. Now, this content is used for updating. Critical files will not get overwritten.
  • Provider informs users and group-administrators about expiring premium-membership by e-mail. It is possible to define one or multiple intervalls to send such an expiration notification.
  • Blacklist feature for invitations and registrations. The blacklist prevents registering of mailaddresses from such domains like trash-mail.com, spambog.ru, spamfree24.de and others.

Administration:

  • User-Management shows a new column "group" that indicates the assigned group-id.
  • Menu-Option "S" (downloads available) affects the download-link on the login-page, too.
  • Removing a user from a group, and if that user has a longer premium-membership time as the assigned group, he will not get a standard-membership in that special case (only if SETPREMIUMANYTIME is FALSE).
  • Fix: Viewer for phperror.log fixes wrong displaying of html tags (missing logout link).

Internal:

  • new mail-template 20 (inform user about expiration of his premium-membership)
  • Fix: fixed a settings-issue in connection to oracle databases.

Update 24. May 2010 V2.7.1

neue Features:

  • Identity-Hash Verfahren implementiert (Clearing muss noch aktualisiert werden)
  • Transaktions-History versteckt Doppel-Einträge, wenn der Kunde nicht die erweiterte Ansicht verwendet (vermindert Rückfragen)

Administration:

  • Statistik zeigt die Grafiken nur noch über die letzten 24 Monate.
  • Administration erlaubt nicht das hochsetzen des Transaktionslimits bei gruppierten Usern.
  • Warnung, wenn Nutzerdaten von authentifizierten Nutzern verändert werden.
  • Sicherheitsabfrage für "Authentifizierungsstatus zurücksetzen".

Internes:

  • Neues User-Flag "I" für Benutzer, welche im SDK für eine Einladung einen speziellen User als Einlader angeben dürfen (benötigt also dafür keine Super-User Rechte).
  • Gruppieren von Nutzern mit erhöhtem Transaktionslimit ist nicht mehr erlaubt.
  • Authentifizierte Nutzer können Anschrift/Orga nicht mehr ändern.
  • Mailjob löscht MailJob Lockdatei, wenn diese älter als 4 Minuten ist (Fallback).
  • Fix: Fehler bei der Ausstellung von Identitätsdateien behoben (Angabe des AuthLevel fehlte).
  • Fix: Fehler in der Anmeldeprozedur behoben (DATABASE: Error inserting with INSERT INTO tbluser SET USERTYPE=11...)

Update 30. April 2010 V2.7.0

neue Features:

  • Unterstützung von Oracle als alternatives Datenbank-System zu MySQL.
  • Benutzergruppen.
  • Benutzergruppen mit eigener Gruppen-Administrator-Funktion.
  • Intrusion Detection System PHPIDS wurde integriert (http://php-ids.org/)
  • Einladungen können nun auch über Fremdprovider ausgesprochen werden.
  • nicht innerhalb der Wiedervorlage geöffnete Transaktionen werden mit einem halben Punkt dargestellt (und grauem Text), wenn Sie im Anschluß doch geöffnet wurden.
  • Das regify-Shopsystem ist nun in großen Teilen durch den Provider anpassbar. Die Unterstützung für eigene Shopsysteme und Anbindung weiterer Zahlungssysteme ist nun deutlich flexibler.
  • Willkommensdialog nach Klick auf "Akzeptieren-Link" in den Mails ist neu gegliedert
    • bessere Ansprache
    • deutlichere Visualisierung zwischen lokaler Installation und Webnutzung
    • Korrektur von Aussagen zum Setup-Assistent (startet nicht mehr autom. nach Setup)
  • Authentifizierungsdialog wurde überarbeitet und kann nun individuell angepasst werden
  • Wenn ein authentifizierter Nutzer eine Einladung ausspricht, so kann (optional) der eingeladene Nutzer direkt eine Authentifizierung erhalten (Net Of Trust).
  • Offene Bestellungen können nochmals eingesehen werden (und nochmals in den Shop weiterleiten).
  • Stellvertreter-Dialog zeigt nun einen erklärenden Informationstext.

SDK:

  • SDK Funktion <inviteuser> kennt nun neue Parameter „invitation comment“, „personal message“, „username“, „invitationer full name“ und „invitationer organisation name“
  • Fünf neue SDK Funtionen für vollständige Gruppenverwaltung hinzugefügt
  • Neue SDK Funktion für "neues Kennwort zusenden" hinzugefügt

Administration:

  • Administration erfolgt nun aufgrund von Administrations-Rollen.
  • Konfigurationsdialog für Administrations-Rollen hinzugefügt (je Sub-Provider)
  • Administration für Benutzergruppen und Domainlisten hinzugefügt
  • Administration für Authentifizierung hinzugefügt
  • Subprovider-Konfiguration optisch aufgeräumt und in ausklappbare Bereiche unterteilt
  • Subprovider-Konfiguration erhielt eine Sicherheitsabfrage für "Subprovider löschen"
  • Benutzerverwaltung bietet jetzt auch Sortierung nach "letzte Aktivität"
  • Benutzerverwaltung kann User jetzt auch zu "Super-Usern" machen (für Provider-SDK)
  • Konfiguration für Fremdprovider-Einladung hinzugefügt (je Sub-Provider)
  • Der Statistik-Dialog wurde überarbeitet (übersichtlicher)
  • Rechnungsverwaltung zeigt nun mehr Details (kompletter Bestelltext anzeigbar)
  • Suche in Benutzern und Gruppen erkennt numerische Eingabe und sucht dann nach UserID

Internes:

  • SDK unterstützt ein deutlich erweitertes "userinvite" (viel mehr Angaben)
  • Umfangreiche SDK Funtionen zur Gruppenverwaltung
  • Provider erlauben die Angabe von externen Einladungen an Fremdprovider
  • der Provider versucht nun, die Clearing-Verbindung für eine User-Session konstant auf einem VPN-Kanal zu halten. Das ist Voraussetzung für den neuen Clearing-Betrieb.
  • update.php enthält eine Option um den MySQL Master-Master Replikationsbetrieb vorzubereiten
  • Subprovider können nun über STYLE/_LanguageShop.php auch eigene Shop-Sprachtexte angeben
  • Die Monitoring-Option "type=monitoring" gibt nun OK, WARNING oder ERROR zurück. So kann besser zwischen kritischen und unkritischen Provider-Zuständen unterschieden werden.
  • Das Maintenance-Failover wurde überarbeitet und wirkt nun besser auch mit einem Ausfall des CryptoServer.
  • Wenn der Provider aufgrund eines Totalausfalles beim Clearing oder CryptoServer in den Maintenance-Modus geht, dann kann man jetzt eine URL aufrufen lassen (zB SMS-Versand).
  • Der monatliche Statusreport an regify kann nun optional zusätzlich in Klartext an eine weitere Mailadresse versendet werden (zB Provider selbst).
  • Die zu verwendenden Passwortlängen lassen sich nun Providerweit in der configuration.php definieren. Sprachtexte für zweistufige Anmeldung passen sich automatisch an.
  • Menüseite der Nutzer zeigt Premium-Laufzeiten > 10 Jahre als *unbegrenzt*
  • Die Session-ID wird bei jeder relevanten Aktion im Portal neu generiert (mehr Sicherheit).
  • Der Administrationsdialog besteht nun ebenfalls auf SSL, wenn ONLY_HTTPS = TRUE gesetzt wurde.
  • Verzögerung nach Fehl-Logins auf eine Zufallszeit zwischen 1 und 5 Sekunden geändert um Bruteforce-Angriffe deutlich zu erschweren (mehr Sicherheit).
  • Nutzer, welche sich in der Community-Version löschten, werden 30 Tage danach endgültig aus der Datenbank gelöscht (ohne manuelles zutun).
  • Fehlerhafte Logins (zB Benutzername/Passwort falsch) verursachen eine Zeitverzögerung von ein bis fünf Sekunden (Zufall). Dadurch werden Bruteforce-Angriffe wirkungsvoll gebremst.
  • Template 11 erhielt die Anrede des Benutzers
  • Template 12 erhielt einen Datum/Zeit Platzhalter.
  • Fix: Einladungsdialog hat den Haken für "zweistufiges Kennwortverfahren" bei Fehleingaben im Anschluss vergessen (musste nochmal geklickt werden). Behoben.
  • Fix: Problem mit leeren regify Mails behoben (online erstellt), wenn man schnell hintereinander den Erstellen-Dialog öffnet (alte rgf wurde dann vor dem Versand gelöscht).
  • Neu: Ablage der rgf-Dateien in extra Unterverzeichnissen.
  • Fix: Einladungsdialog-Problem mit ; (semicolon) im Freitext behoben (wird durch : ersetzt)
  • Fix: An vielen Stellen wurde die Unterstützung von Sonderzeichen verbessert.
  • Fix: Registrierungsseite hat nun einen "Startseite"-Button um zurückzukehren.

CSS Aktualisierung:

  • neu: tableUserChoice
  • neu: input[type=button] und input[type=submit] bekommen "cursor: pointer;"
  • neu: a und a.small erhalten "cursor: pointer;"
  • neu: OkDialog
  • neu: listsecond hat weissen Hintergrund
  • verändert: BrownBox (padding-bottom)
  • removed: tableBoxText
  • removed: div.MembershipBox

configuration.php:

  • neu: define('SETPREMIUMANYTIME', TRUE);
  • neu: define('IDSPATH', "");
  • neu: define('IDSTRESHOLD', TRUE);
  • neu: define('EMERGENCYURL', "");
  • neu: define('SHOPCURRENCY', "EUR");
  • neu: define('CUSTOMSHOP', FALSE);
  • neu: define('ORDERPAGEUSER', "");
  • neu: define('ORDERPAGEADMIN', "");
  • neu: define('USERPASSWORDLENGTH', 8);
  • neu: define('USERPASSWORDLENGTHTWOSTEP', 12);
  • neu: define('INVITATIONAUTHTOLEVEL', 0);
  • neu: define('INVITATIONAUTHONLYSDK', TRUE);
  • neu: define('AUTHTRANSMITURL', $url);
  • neu: define('AUTHTRANSMITURLGOODRESULT', "100");
  • neu: include_once("funcForm.php"); nach funcGadget.php
  • neu: $AdminRoles[]
  • entfernen: AUTHALLOWPERSON
  • entfernen: DEFAULTAUTHENTICATIONSTYLE