Changelog Provider

Information

Only the last few change-logs are available here for reference. Some older change-logs ( < V2.7.2 ) are currently only available in German.

Update 10. June 2015 V4.0.1

Patch release

• Fixed problems while reading regimails on-line using Microsoft Internet Explorer.
• Updated Apache cipher-suite
  • Making sure that RC4 encryption algorithm is never used any more for SSL/TLS connections - it was secure before but there have been very rare situations where it still was possible.
  • Disabling DHE_EXPORT from available cipher suites (Logjam attack).
• Added an additional "Downloads" link to the "my account" sub-menu (on users request).
• Fixed on-line reading dialogue. It displayed a long list of recipients in one long line instead of doing word-wrap.
• Fixed CSS to prevent some older web-browsers from displaying a big box around checkboxes (eg Opera).
• Fixed the CSS design of some pages during user registration and password reset.
• Fixed a problem for printing an on-line opened regimail (it only printed the visible part).
• Fixed some typos and bad translations.
• Added the appliance documentation PDF to the web-administration documents page.
• Fixed displaying the old regify slogan in the logo at /pay.php (logo at the bottom of the page).
• Fixed some small design and layout specific issues.

Update 19. May 2015 V4.0.0

In short

• Completely re-engineered user navigation and new default design.
  • Less clicks needed as main actions are reached by one click.
  • Not so common menu entries moved to sub menus.
  • The new layout scales fine to different screen resolutions including mobile screens (responsive design).
  • Enhanced and more customization options.
  • Additional "Account summary" page.
  • Self learning to provide you with the most likely dialogue page upon login.
• regibox integration.
• Writing regimails online is now end-to-end encrypted by using JavaScript to encrypt/decrypt locally in the users web-browser.
• regichat will offer default text templates. They can quickly get inserted to the chat window.
• If no regichat responsive is available, the customer will get informed that he should come back later.

Details

New features:

• Completely reworked user navigation and new default design.
• New scripting and customizing features (codeHeader.php and codeFooter.php).
• regibox integration.
• regichat now offering text templates.
• Enhanced regichat behaviour in case of no available chat responsive.
• Enhanced notification on new orders for administrators.
• Improved registration page design.
• Administration now also offers CSV import to invite users (optionally into a group).
• Updated downloads page (now providing setups from our central regify servers, added regibox client).
• Better advertising if user is using regify account without regimail professional.
• Administration is now offering a dialogue for (sub)provider menu flags (now usable with simple checkboxes).
• Extra regipay landing point (pay.php) allowing employees to easily read regipays without confusion by other functionality.
• New regibox related reports.

Internals:

• Updated user data page to be more responsive on errors (re-factored the whole page).
• Enhanced CSV import (group invitations) to accept more formats and auto-detect utf8 encoding.
• Fixed several spelling errors in all languages.
• All PDF documentation in admin pages is now using a unified layout.
• Enhanced Provider-SDK to also support new regibox features and complete regichat options.
• Provider management "maintenance mode" button is now making permanent entry in configuration.php (no automatic restore anymore).

Update 17. December 2014 V3.5.2

Patch release

• Fixed user-admin dialogue problem in French administration.
• Fixed some monitoring issue causing standard monitoring call to fail.
• Fixed problem that forced users to enter a phone number in user data dialogue if the provider does not use a SMS gateway.
• Fixed an issue regarding the e-mail template used for password reset (sometimes using main provider template instead of subprovider).
• Fixed a problem not displaying all countries and country-codes of countries with the same country-code (eg +1).
• Fixed an issue with invitation of additional regichat users during a running chat if the chat-interface is in French language.
• Updated some authentication related language sentences.
• Updated OS bash to be ShellShock proof (The regify provider was not vulnerable to ShellShock attacks because there is no CGI running).
• The appliance will no longer support SSLv3 to protect against SSLv3 issues (Poodle attack vector). This will cause IE6 to no longer work.

Update 28. August 2014 V3.5.1

Patch release

• Fixed a minor bug.

Update 30. July 2014 V3.5

In short

• New product regichat.
• New product regigate.
• Users can chose their own regify account password (optional).
• Groups can get defined as representatives.

Details

New features:

• Including new regify client V4.0.0 setups.
• Added regichat feature to the regify provider.
• Added regichat API and API-Token handling.
• Added regichat shopping pages.
• Added regigate features and interfaces to the regify provider including HA (high availability).
• Enhanced registration dialogue (more clear, more easy, reduced number of fields).
• Enhanced optical styles (more modern).
• Now supporting groups as representatives (max. 5 times).
• Bank data dialogues now supporting IBAN and BIC values (IBAN is validated).
• Password reset dialogue now allowing users to enter their own password (optionally, with strength check).
• Dialogues now displaying the country names respecting the users chosen language (previously, always English).
• Allow admins to send unlock-code directly from manual authentication dialogue.
• The captcha for password reset is now more easy to read.
• Added enhanced logging viewer for administrators (master role only).
• Updated administrators user management dialogue to encapsulate options to some popup.
• Enhanced mobile number dialogues with country code dropdown showing country name.
• Subprovider administrators now also allowed to export payment- and user-data (administration role based).

Internals:

• Now supporting PFS (Perfect Forward Secrecy) for https connections with most modern browsers (reaching A- rating at Qualys test site).
• Enhanced IDS (Intrusion Detection System) to be generally more tolerant about cookies.
• Various speed optimizations.
• Added automatic database replication test (sending e-mail in case of replication failure).
• Added various CSRF (Cross-Site-Request-Forgery) checks to secure the pages.
• Group handling dialogues now working for up to 1000 users (500 before).
• Make provider-SDK more tolerant about existing but deleted user entries e-mail addresses.
• Enhanced handling of clearing failures.
• Added disk size checking (free disk space) for standard monitoring call.
• SMS sender name is now made from the providers domain.
• SalesID value is taken over from users to newly invited users.
• SalesID can be pre-given with a special link to the registration page.
• Added extra "X-regifyMailAgent: regimail" header to regimails sent online.

Fixes:

• Fix: Fixed several typos in language sentences.
• Fix: Fixed wrong username length check in userdata edit dialogue.
• Fix: Enhanced daily job in case of more than 10'000 transactions a day (script timeout on slower machines).
• Fix: Fixed some IE8 related incompatibilities (internal network access only).
• Fix: Enhanced MIME encoding of attached files for e-mails sent by the regify provider.

Update 27. March 2014 V3.4.2

Patch release

• Enhanced registration GUI.
• Updated blackberry client to V1.8.3 (now supporting new cryptographic standards for upcoming systems).
• Changing date display for French language (better formatted).
• Various dialogue enhancements (password reset, registration, invitation).
• Enhanced IDS check to also ignore ShareThis and some Google tracking cookies.
• Making a user a regimail mass sender now automatically deactivates all notifier e-mail messages.
• Some admin dialogues now automatically offering respective PDF documentation for download.
• Ignore double entered users in shop dialogue (handled as one entry only).
• If shop is in manual process mode, the ordering process is more automated.
• Added phone number validation for password reset from the administration.
• Enhanced admins password reset dialogue (better descriptions and better SMS support).
• Captcha background is always solid now (no longer transparent, showing background images).
• Any IE7 compatibility is removed now. The regify provider will not work with IE6 or IE7 any more!
• regify changed his slogan and therefore the default logos have changed.
• Fix: Fixed some regibill validation problem with invalid PDF's and drag&drop upload.
• Fix: Fixed some XSS and CSRF attack vectors.
• Fix: Fixed some login problem in an edge case (client SDK related).
• Fix: Fixed IE8 switching to quirks-mode if provider is accesses from internal network.
• Fix: Fixed minor bug in provider if username contains ´ character in invitation function.
• Fix: Fixed a lot of typos and spelling errors.
• Fix: Fixed problems in changing mobile number dialogue of non SMS enabled providers.

Update 07. November 2013 V3.4.1

Bugfix release

• Enhanced some SMS dialogs (being more explaining).
• Enhanced IDS check to also ignore ShareThis tracking cookies.
• Fix: Fixed a CSS bug that caused the download link to jump up when the registration link is disabled.
• Fix: Fixed some registration bug where, in some special cases, an e-mail address is left in the database of the provider.
• Fix: Preventing some false "headers already sent" alerts in log.
• Fix: Problem with missing sender name in online created regimails.
• Fix: Fixed bug in Provider-SDK invitation resulting in missing Organisation name and AuthType information.
• Fix: Some error messages have not been logged to error-log.
• Fix: Fixed tab-order on registration page (order you step through the fields by using tab key).
• Fix: Fixed problem returning to productive state after some clearing failure.

Update 09. October 2013 V3.4

In short

• Complete revised and redesigned registration and password reset process and dialogs.
• Enhanced usage of SMS for security related processes and user communication.
• Completely revised login dialog (removed one tab and combined login and reading).
• Allowing drag&drop upload of files (online reading, writing).

Details

New features:

• Completely revised and redesigned registration and password reset process and dialogs.
• Included regify provided SMS gateway for easy SMS usage.
• Completely revised login dialog (removed one tab and combined login and reading).
• Allowing drag&drop upload of files (online reading, writing).
• Slow file uploads now showing an upload progress bar (online reading, online writing).
• Option to chose the sender address during online writing (if multiple e-mail addresses are given).
• Added export functions for userdata and invoicing data (both exporting XML or CSV).
• Users now can see how long the web session stays active (on upper right). If it turns inactive, logout is called automatically.
• Transaction history views (regimail, regibill, regipay) now all allowing search and multiple pages.
• Transaction history views (regimail, regibill, regipay) now all allowing PDF download.
• Showing MySQL replication info in provider management dialog (administration).
• Enhanced usage of SMS for security related processes and user communication.
• Password reset can forward the request to the users "real" provider (by using PLS).
• Provider statistics now using modern graphics and animation for displaying more values.
• Provider statistics now showing member growth instead members per month.
• Added ToDo feature to help administrators to keep their provider clean and updated.
• Setup wizard now also supporting proxy server.

Internals:

• Added support for special connectors allowing integration of archives or hybrid mail to the provider.
• Added "Mass Sender" type of user (now regimail professional, regimail private, regimail mass sender).
• Provider appliance does no longer need root CA certificates during certificate import.
• Provider appliance now supporting VLAN's and network interface bonding.
• Provider appliance runs its own DNS server.
• Now the provider appliance supports automatic backups to SMB shares.
• Provider appliance now offers complete diagnostics function to finish installation and help fix networking issues.
• Now it is possible to restrict SSH access to provider appliance to local subnet only.
• Supporting password reset by PLS request.
• Enhanced Provider-SDK functions and added some more status codes.
• Supporting quick connection check by client software.
• Provider-SDK function usernewpassword now supporting more parameters.

Fixes:

• Enhanced unicode capability for online writing and reading regimails.
• Removed length fixation of wizard field for clearing password.
• Limit number of coupon code days to max 365.
• Prevent some re-POST questions in FireFox and IE in provider customization dialog after an image was uploaded.
• Supporting more CSV file formats for group invitations.
• Fixed problems downloading XML reports in IE8.
• replaced deprecated <blink> tag by CSS animation.
• Added SAP single sign-on cookie exceptions to IDS (no longer triggering error).
• Fixed a lot of translation typos and errors.
• Check for updates in provider appliance also checks for multiple updates.
• Some security related enhancements.
• Some web configuration wizard settings have not been persistant if wizard was re-run.
• Provider-SDK function usergetsettings now correctly returning numeric 1/0 instead of true/false.

Update 26. April 2013 V3.3.3

Bugfix release

• Updated regify client setup to V3.10.0.1233.
• Updated regify client deployment documentation.
• Adding new regify protocol V2 support (needed for next versions of regibill and regipay desktop).
• Prevent second monthly report on multiple replicated systems.
• Fixed problem with visible HTML tags in PayPal shop pages and regibill transaction history.
• Fixed missing download link for RGF file if email sending on portal failed (online writing).
• Fixed resetting language to browser default in popup windows (eg Terms) on some webbrowsers.
• Fixed error message 'missing function getFrom()' in some loadbalancer environments.
• Fixed swapped displaying of regibill standard and premium counters on administration pages.

Update 11. January 2013 V3.3.2

Bugfix release

• Fixed problem while online reading if username contains umlaute (error 10 during reading).
• Fixed file permission problem if files are replicated over master-master replication (access denied during customization).
• Ensures that users are not getting deleted on local regify provider if clearing access is not possible.

Update 2. November 2012 V3.3.1

Bugfix release and some new features

• Enhanced "open regify-file" tab on login screen (more easy to understand and use).
• Enhanced file size checking for online reading.
• Added MacOS client download links on all download pages.
• Allow free entering of users title (administration interface).
• After account activation, the DOWNLOAD button now points to correct download location for your OS (Win, MacOS, iOS, Android).
• Prevent uploading files in maintenance mode (validate regibill, upload on login).
• Fixed Intrusion Detection System (IDS) problem while sending online with certain messages.
• Fixed upload problem with Chrome browser while validating regibill standard.
• Fixed some problem while online reading chinese encoded messages.
• Fixed tool tip text help for regibill and regipay transaction archive.
• Fixed some IE7 and IE8 JavaScript issues for validating regibill standard.
• Fixed displaying wrong number of transactions left if user was regimail private and previously had some extended transaction limit.
• Fixed problem preventing sub-provider admins from editing their customizing files.

Update 24. September 2012 V3.3

In short

• Download the regibill validation report as PDF document.
• Every subprovider gets his own payment and shop options (incl. PayPal).
• User login is possible with e-mail address instead of username, too.

Details

New features:

• Download the regibill validation report as PDF document.
• Login will be possible with e-mail address instead of username, too.
• Users are getting an email about successfull authentication, too.
• Support for PLS service (makes users initial client installation much more easy).
• Favicon will be customizable for each subprovider (png format, only for non IE browsers).
• Full customizing synchronisation in clustered setups.
• New maintenance dialog with new options in administration (DB synchronization, maintenance).
• All users having a sales-id field, too (free to enter anything).
• User administration allows moving users easily between subproviders.
• Administration gives now access to users internal bank account.
• Every subprovider gets his own payment and shop options (incl. PayPal).
• Enhanced customizing editor in administration (codemirror update).
• Individual report-code in free intervals for professional services.
• All regify premium texts are now fully translated to regimail standard and regimail professional.
• Internal optimizations on cryptography (faster).
• Unlock codes will be output in blocks of four (more easy to read and enter).
• Enhanced upload dialog for files (rgf files, regibill validation, online writing etc.)
• Updated software deployment documentation to new regify clients V3.9.
• The transaction history export as PDF now fully supports unicode characters for message subjects.

Internals:

• Overworked session handling allows user- and admin-session in the same browser at a time.
• Sessions are now timing out depending on last activity.
• Enhanced IE compatibility.
• Some english and french translation has been revised (better).
• Complete CSS styled bubble help (fully customizable now).
• Provider statistics no longer uses Google Charts API (administration).
• Enhanced framebuster framework regarding OWASP suggestions.
• Added ALLOWROAMING flag to enable/disable roaming participation for provider.
• Obligatory attachments now allowing .docx format.
• Setup packing using AppPack and signing of the setups is no longer needed for regify client 3.9 or higher.
• Changed regibill & regipay invoicing interval to weekly by default.
• Completely overworked logging mechanisms.
• Updated default mail_blacklist.txt (added some more spamming domains).
• Maximum authentication level of non-certified regify providers is limites to three.
• Enhanced regify client protocoll (getconfiguration and login functions).
• Fix: Changing admin roles no longer needs logout/login to work.
• Fix: Prevent users from deleting their account if they have an administration role.
• Fix: Fixed problems if user data contains single quotes in two dialogs.
• Fix: Fixed problem writing online regimails after user changed his username in same session.
• Fix: Fixed problem writing online regimails after auto-login from client.
• Fix: Fixed bad layouting if provider does not allow the Downloads option on login page.
• Fix: Added french translation for default footer content.
• Fix: Added french translation for default terms and conditions and default prices page.
• Fix: Fixed session error for printing passwords dialog.
• Fix: Fixed problem if subject of online written regimails starting with minus.
• Fix: Fixed ignoring two-step password method while sending external invitation.

Update 11. May 2012 V3.2.4

Bugfix release

• fixed problem signing executables using a proxy server.
• added PLS support (provider lookup service).
• added more debugging options to web-calls (cURL).
• fixed httpd autostart problem on appliance restart.
• updated appliance Apache and mod_ssl to CentOS release version httpd-2.2.15-15 and mod_ssl-2.2.15-15.

Update 01. March 2012 V3.2.3

Bugfix release

• fixing invitation calls using internal proxy.
• fixing missing re-send dialog for users authenticated using text messages (sms).
• fixing problems with PayPal accounts and adding more detailed PayPal information to order.
• fixed occasional problem receiving regify_default_message.html on systems with subproviders.

Update 20. December 2011 V3.2.1 (Public since 01. Feb. 2012)

In short:

• complete regibill and regipay integration.
• Support for regimail private feature.
• Re-send unlock-code by SMS initiated by the user itself.
• Automatically signs regify-client setups (signed files for download by users).

Details:

New features:

• Enhanced guidance for users who recently have authenticated.
• Enhanced setup-wizard (after installation).
• Enhanced customization dialog in administration.
  • allows editing of all customization files in administration portal (browser).
  • supports syntax highlighting for PHP, HTML, CSS and JavaScript.
  • allows management of customized images.
• Better recognizable membership-state icons.
• Enhanced CSS design and more elements that allow CSS style options.
• New subprovider option to force SSL URLS even if ONLY_HTTPS is false (Loadbalancer).
• If a group-admin resets passwords, they are now sent using SMS, too.

Internals:

• Updated handling of files in STYLE folder ('_' marks manipulated data, others remnain default).
• Added customization dialog to subprovider admin role.
• Better styled Download-page (with Operating-System icons).
• User-Administration shows users counters (regimail, regipay, regibill).
• Removed cookie usage for regify.php (affects only Client-SDK connections).
• Switched regifycmd to most recent version (incl. SDK).
• Enhanced Debug-Options for the portal.
• Removed GMTDIFFERENCE setting by replacing it with some automation (server timezone).
• Fix: Fixed bug with UTC-0 time in Identity-File.
• Fix: Fixed JavaScript bug in JS/jsDialogs.js that occured on IE only.
• Fix: Fixed problem while login with username containing + or &.
• Fix: Fixed IDS problems with false positives on online writing regify messages.
• Fix: Fixed e-mail line feed madness by adding optional MTA_ADDS_CRLF switch.
• Fix: Fixed some issues while online sending regimail messages on redundant systems.

Appliance:

• Added configuration of NTP server.
• Enhanced hints for SSL certificate import.
• Better "View Database Status" dialog.
• Enhanced handling of user-manipulated files in STYLE folder.
• Supports automatic updates with updates.regify.com.
• Fix: changing provider servername in SSL mode breaks apache config.
• Fix: After failure of SSL certificate import, the SSH session crashed.

Update 12. September 2011 V3.0.1

In short:

• regibill and regipay integration
• supporting french as additional language
• comprehensive SMS support (registering, invitations etc.)
• enhanced and more clear login dialog
• many dialogs have been enhanced (user and administration)
• extended CSS support for more customizing possibilities
• supporting the regify Android app (free of charge in Google Market)
• delivery of the new regify-Client V3.7
  • AddIn for Thunderbird supporting V4 to V7
  • enhanced Outlook AddIn (save unencrypted copy while sending)
  • better Proxy-Server support
  • answer directly using Lotus Notes (Windows)

Details:

new Features:

• System manages bank-account for every user including direct debit authority checkbox.
• System allows to manage regimail, regibill and regipay by transaction.
• new Provider-SDK function mailcheckassignment to check, if an e-mail account is allready assigned to the service.
• new provider-protocol function getconfiguration returns a json array containing provider templates and other information.
• Overworked login-dialog (includes regibill now).
• Writing invitations shows and ensures the maximum number of chars in free text.
• Main-menu graphically shows the account-type (standard/premium) using a special icon.
• AUTHTRANSMITURLGOODRESULT supports now RegularExpressions.
• optional function AuthTransNumberConvert() allows admins to prepare numbers before inserting to AUTHTRANSMITURL.
• regify provider now allows users to enter their mobile number and their international VAT code.
• Portal locks and highlights user-data fields that are not allowed to edit because of a valid authentication state.
• User choses his main-mailaddress from a dropdown-box now (reduces complexity for user).
• Register- and Invitation is now able to use SMS to send the password (AUTHTRANSMITURL needed).
• Added french as the third supported language (both portal and administration).
• Added PRINT option to "regibill standard" validation page.

Internal:

• Administration Login shows licence information (regify and external components).
• Configuration has been split into two files (new configuration_default.php).
• Monitoring now triggers a warning if there are mails stuck in the system (tblmailjobs).
• Switched sender and recipient auth-level check to clearing (keep old method for compatibility).
• Add "Protocol" parameter for regify-protocoll (to allow regibill and regipay).
• Client-Software update adds [SECURITY] and ProviderKey values automatically to customize.ini.
• While MySQL database update, absolutely all tables and varchar fields are getting converted to UTF8.
• Administration of Invoices shows no "Payed" button if the price is zero.
• Standard Buying-Dialog does not show price, if the price is zero.
• Overworked design of steps and some other small graphics.
• All Bubble-help functions now are encapsulated by a function (InsertBubbleHelp()).
• Some dialogs have been overworked to use tabs to get a more cleanup interface.
• Added automatic generation of REGIFY_TEMP.
• Added setting of session.save_path to configuration_default.php.
• some more elements are now using CSS class for display (changeable by provider).
• completely overworked file-handling in STYLE folders (_Filename for individual, others are defaults).
• added PhoneMobile and VATNumber field to users dialogs.
• the new phpAutoLogin.php allows fast and secure opening of pages from clients.
• Enhanced language handling in some routines (BubbleHelp etc.).
• Fix: fixed some optical issues in the default CSS file.
• Fix: raised the needed Auth-Level for the provider-sdk funtion UserAuthenticate().
• Fix: Fixed QuickSearch in Grpup-Administration (accidentally searched in html, too).
• Fix: Fixed Tab-Script on IE8 (only working in Compatibility Mode).
• Fix: Fixed missing OK value of Provider-SDK function maildelete.
• Fix: Fixed problem with managing administration roles in subprovider management.
• Fix: Fixed wrong SENDERSNEEDAUTHLEVEL assignment in UserSetSettings function.
• Fix: Fixed "headers allready sent" php error, if the administration console is opened using http:// only.
• Fix: Fixed problem with wrong language in "new password" mails (accidentally used the admins language instead of user language)
• Fix: Fixed wrong template encoding (utf-8 / 7bit) and a small Quoted Printable issue.

Update 01. March 2011 V2.8.0

In short:

• Better Internet-Explorer compatibility of portal- and administration-dialogs.
• Enhanced help- and shop-dialogs.
• Enhanced administration-dialogs.
• Improved security.
• Prepared for Linux compatibility.

Details:

new Features:

• Online-reader (webinterface) shows authentication-state using the same images than the regify-client.
• Better Internet-Explorer compatibility of portal- and administration-dialogs.
• Enhanced help-dialog now showing phone-numbers for support.
• Enhanced shop-dialog(s) now showing phone-number for invoicing support.
• Download pages are containing documentation download, too (currently only german).

Administration:

• Better displaying of admin-dialogs on small browser-windows.
• Main administration-menu shows information about stuck e-mails and allows fixing (re-send).
• Invoicing allows searching for all transactions of a person, in one click.
• The monthly status-mail now contains information about the number of premium-users that have registered in a given month. Additionally, this function shows the premium-state of these users after a year (only encoded in json encoded, machine-readable values).
• Unavailable administration-menu options are now greyed out for a better overview.
• User-management now shows inactivated users by default, too (yellow state and grey color).

Internal:

• Calculation of unlock-code is now customizable by the provider (type and length).
• Completely removed options to restart or relength reminder period of transactions.
• If phpMailJob.php recognizes a timeout (4 minutes), all available mails will increase the RETRYS column by 2. This avoids endless mails in case of a script error (if php canceles script).
• User-interface shows a warning image, if a user try's to use attachments greater than 5MB using the web-interface (send online by portal).
• Preloader-image for upload-information is now loaded directly on login page display.
• New option REGIFYDEFAULTIDENTITY to define the identity-file to use for online mailer.
• Possibility to use a java version of regifycmd. Upon this, a Linux version of the regify provider is possible now (this is the main reason to rise the minor build number to 8).
• Included Linux version of AppPack. This allows windows setup creation on Linux systems.
• Optimized some dialogs and language items to get a more provider-neutral context.
• The enforced document now include the hashcode to the filename. So it is impossible to download a document without knowing the document-id and his hashcode (prevent data-leakage).
• The online-viewer for regify-mails allows only non-critical tags to be displayed and filters script, iframe, object and other tags. The functionality of form- and input-tags still persist.
• Completely overworked the JavaScript handling and inclusions to reduce data traffic and site-speed.
• Renewed tooltip-help (new style and no need for a pre-defined div-container).
• Replaced all round ball icons with alpha-png versions (better displaying on different backgrounds).
• Replaced the step-images with png style blue button step-images.
• LastActivity flags is set for portal logins and direct invitations, too.
• The size of the download in both download-dialogs is now calculated and formated automatically.
• Fix: Fixed Provider-SDK problem with external invitations and invitiationer mailaddress as base64 encoded variable triggering ERROR 14.
• Fix: New members will not get a termination date at 23:59:59 but 00:00:00. As of this, now the first day counts as the first of the free days.
• Fix: Fixed some security issues on different locations.

Update 23. November 2010 V2.7.4

In short:

• "forgot password" link on login page.
• Showing telephone numbers for technical and billing support.
• SDK support GROUP-MASTER flag (allowing group access for GROUP-MASTERS).
• Enhanced invoice-handling.
• Mailaddresses and usernames may get a length of 100 chars now.

Details:

new Features:

• "forgot password" link on login page (shows information about how to get a new one).
• portal may show hotline phone-number for technical and billing support.

Administration:

• Users can get the GROUP-MASTER flag. It enables manipulation of all group-members using the provider-sdk.
• Managing and handling of invoices has been enhanced. You now can display open, payed and cancelled invoices in one dialog.
• Invoices can get filtered by user-id.
• New user-search dialog in Group-Data administration and admin-roles administration.
• Sub-Provider dialog is extended with support phone numbers.
• Better naming in the authentication-dialog enhances understandability of authentication-state.

Internal:

• Provider-SDK respects new GROUP-MASTER flag, too. This affects the following functions: GroupGet, GroupGetUsers, GroupAddUser, GroupRemoveUser, UserChange, UserGet, UserNewPassword, MailAdd, MailGet and MailDelete.
• The Settings-Dialog is now visible to premium- and standard-users (previously only to premium members).
• Extended the maximum length for usernames to 100 chars (former 45).
• Extended the maximum length for mailaddresses to 100 chars (former 45).
• regify.php returns real name and main mailaddress as login-result, too (affects only internal regify-protocol).
• Fix: fixed premium-membership calculation (only if standard mailcount has changed).
• Fix: fixed case sensitive search using oracle in different administration-dialogs.
• Fix: fixed ignoration of DEFAULTTWOSTEPPROCEDURE flag in phpInvite.php
• Fix: fixed IDS false positives on Google analytics (__utm?) and IBM SingleSignOn (LtpaToken) cookies.

Update 27. September 2010 V2.7.3

In short:

• better calculation of rest-time, if group-admin extends the group membership using shop.
• Administration allows grouping and ungrouping of users, too.
• Better compatibility of IDS with Google Analytics cookies and IBM LtpaToken.
• Portal supports optional HTTP proxy for external URL calls.
• SDK features now full transaction history access.
• SDK features now user authentication.

Details:

new Features:

• Special job to delete temporary user-data that is older than 10 Minutes (phpCleanUp.php). Please adapt Taskplaner or task_5min.cmd! This replaces the usage of delage32.exe (remove from task_daily.cmd).
• Invitation to foreign provider supports parameter [ia] (Invitationer Auth-Level) as placeholder for transmission of inviting-parameters to external provider.
• If a group-admin buys premium-membership for his group, and changes the max-account number, the system automatically compensates the rest-time together with the difference between the old number of accounts and the new one.
• Download-pages are showing the current regify-client version.

Administration:

• Administration allows grouping and ungrouping in user management dialog.
• Users with administrative privileges are not allowed to get deleted anymore.
• Administration prevents errors if an allready assigned address should get assigned to another user.
• Administration menu shows number of open authentication requests (blinks if > 0).
• Overworked administration-lists design (user styles for listfirst, listsecond)
• Fix: fixed a case-sensitivity problem with group user addition (only oracle)
• User-Administration shows number of hits.
• Administration-Dialog automatically switches to SSL url (in case it is only https:// and ONLY_HTTPS = TRUE).

Internal:

• IDS is adapted to work more tolerant on some special pages.
• Update PHPIDS from V0.6.3.1 to V0.6.4
• New Version of AppPack generates 48x48 regify icon using transparency for executable.
• EMERGENCYURL is only called if MAINTAINMODE is false (no SMS in manual maintenance-mode).
• Fix: Fixed wrong calculation of identity-hash (organisation has been missing).
• Support optional HTTP proxy for external URL calls (foreign provider invite, SMS calls etc.).
• QuickSearchField in Group-Administration (user-side) uses css-class now (additional class div.GroupQuickSearchField to regify.css).
• Added new functionality to register mailaddresses in clearing directly on activation. Currently, registration occurs automatically on first regify-usage. This may be to late and the provider now registers the address directly.
• SDK features now full transaction history access.
• SDK features now user authentication.
• phpLogin.php supports new hash-challenge login method for direct login (globe in client).
• Fix: fixed database insertion problem with message subjects longer than 100 chars (oracle).
• Fix: fixed problem with changing main mailaddress in user-administration (mailhash missing).
• Fix: fixed optical problems in PDF download of history with very long subjects.
• Fix: fixed a problem in SDK function userinvite, if the desired username is submitted, too.
• Fix: fixed a problem printing user-password in case of two step invitations.
• Final test and modifications for automatic update feature.

Update 02. July 2010 V2.7.2

new Features:

• PDF download of the complete transaction-history available.
• Complete rework of automatic update feature. In future the will be a ZIP file distributed, including all needed files and update_mysql.sql or update_oracle.sql. Now, this content is used for updating. Critical files will not get overwritten.
• Provider informs users and group-administrators about expiring premium-membership by e-mail. It is possible to define one or multiple intervalls to send such an expiration notification.
• Blacklist feature for invitations and registrations. The blacklist prevents registering of mailaddresses from such domains like trash-mail.com, spambog.ru, spamfree24.de and others.

Administration:

• User-Management shows a new column "group" that indicates the assigned group-id.
• Menu-Option "S" (downloads available) affects the download-link on the login-page, too.
• Removing a user from a group, and if that user has a longer premium-membership time as the assigned group, he will not get a standard-membership in that special case (only if SETPREMIUMANYTIME is FALSE).
• Fix: Viewer for phperror.log fixes wrong displaying of html tags (missing logout link).

Internal:

• new mail-template 20 (inform user about expiration of his premium-membership)
• Fix: fixed a settings-issue in connection to oracle databases.

Update 24. May 2010 V2.7.1

neue Features:

• Identity-Hash Verfahren implementiert (Clearing muss noch aktualisiert werden)
• Transaktions-History versteckt Doppel-Einträge, wenn der Kunde nicht die erweiterte Ansicht verwendet (vermindert Rückfragen)

Administration:

• Statistik zeigt die Grafiken nur noch über die letzten 24 Monate.
• Administration erlaubt nicht das hochsetzen des Transaktionslimits bei gruppierten Usern.
• Warnung, wenn Nutzerdaten von authentifizierten Nutzern verändert werden.
• Sicherheitsabfrage für "Authentifizierungsstatus zurücksetzen".

Internes:

• Neues User-Flag "I" für Benutzer, welche im SDK für eine Einladung einen speziellen User als Einlader angeben dürfen (benötigt also dafür keine Super-User Rechte).
• Gruppieren von Nutzern mit erhöhtem Transaktionslimit ist nicht mehr erlaubt.
• Authentifizierte Nutzer können Anschrift/Orga nicht mehr ändern.
• Mailjob löscht MailJob Lockdatei, wenn diese älter als 4 Minuten ist (Fallback).
• Fix: Fehler bei der Ausstellung von Identitätsdateien behoben (Angabe des AuthLevel fehlte).
• Fix: Fehler in der Anmeldeprozedur behoben (DATABASE: Error inserting with INSERT INTO tbluser SET USERTYPE=11...)

Update 30. April 2010 V2.7.0

neue Features:

• Unterstützung von Oracle als alternatives Datenbank-System zu MySQL.
• Benutzergruppen.
• Benutzergruppen mit eigener Gruppen-Administrator-Funktion.
• Intrusion Detection System PHPIDS wurde integriert (http://php-ids.org/)
• Einladungen können nun auch über Fremdprovider ausgesprochen werden.
• nicht innerhalb der Wiedervorlage geöffnete Transaktionen werden mit einem halben Punkt dargestellt (und grauem Text), wenn Sie im Anschluß doch geöffnet wurden.
• Das regify-Shopsystem ist nun in großen Teilen durch den Provider anpassbar. Die Unterstützung für eigene Shopsysteme und Anbindung weiterer Zahlungssysteme ist nun deutlich flexibler.
• Willkommensdialog nach Klick auf "Akzeptieren-Link" in den Mails ist neu gegliedert
  • bessere Ansprache
  • deutlichere Visualisierung zwischen lokaler Installation und Webnutzung
  • Korrektur von Aussagen zum Setup-Assistent (startet nicht mehr autom. nach Setup)
• Authentifizierungsdialog wurde überarbeitet und kann nun individuell angepasst werden
• Wenn ein authentifizierter Nutzer eine Einladung ausspricht, so kann (optional) der eingeladene Nutzer direkt eine Authentifizierung erhalten (Net Of Trust).
• Offene Bestellungen können nochmals eingesehen werden (und nochmals in den Shop weiterleiten).
• Stellvertreter-Dialog zeigt nun einen erklärenden Informationstext.

SDK:

• SDK Funktion <inviteuser> kennt nun neue Parameter „invitation comment“, „personal message“, „username“, „invitationer full name“ und „invitationer organisation name“
• Fünf neue SDK Funtionen für vollständige Gruppenverwaltung hinzugefügt
• Neue SDK Funktion für "neues Kennwort zusenden" hinzugefügt

Administration:

• Administration erfolgt nun aufgrund von Administrations-Rollen.
• Konfigurationsdialog für Administrations-Rollen hinzugefügt (je Sub-Provider)
• Administration für Benutzergruppen und Domainlisten hinzugefügt
• Administration für Authentifizierung hinzugefügt
• Subprovider-Konfiguration optisch aufgeräumt und in ausklappbare Bereiche unterteilt
• Subprovider-Konfiguration erhielt eine Sicherheitsabfrage für "Subprovider löschen"
• Benutzerverwaltung bietet jetzt auch Sortierung nach "letzte Aktivität"
• Benutzerverwaltung kann User jetzt auch zu "Super-Usern" machen (für Provider-SDK)
• Konfiguration für Fremdprovider-Einladung hinzugefügt (je Sub-Provider)
• Der Statistik-Dialog wurde überarbeitet (übersichtlicher)
• Rechnungsverwaltung zeigt nun mehr Details (kompletter Bestelltext anzeigbar)
• Suche in Benutzern und Gruppen erkennt numerische Eingabe und sucht dann nach UserID

Internes:

• SDK unterstützt ein deutlich erweitertes "userinvite" (viel mehr Angaben)
• Umfangreiche SDK Funtionen zur Gruppenverwaltung
• Provider erlauben die Angabe von externen Einladungen an Fremdprovider
• der Provider versucht nun, die Clearing-Verbindung für eine User-Session konstant auf einem VPN-Kanal zu halten. Das ist Voraussetzung für den neuen Clearing-Betrieb.
• update.php enthält eine Option um den MySQL Master-Master Replikationsbetrieb vorzubereiten
• Subprovider können nun über STYLE/_LanguageShop.php auch eigene Shop-Sprachtexte angeben
• Die Monitoring-Option "type=monitoring" gibt nun OK, WARNING oder ERROR zurück. So kann besser zwischen kritischen und unkritischen Provider-Zuständen unterschieden werden.
• Das Maintenance-Failover wurde überarbeitet und wirkt nun besser auch mit einem Ausfall des CryptoServer.
• Wenn der Provider aufgrund eines Totalausfalles beim Clearing oder CryptoServer in den Maintenance-Modus geht, dann kann man jetzt eine URL aufrufen lassen (zB SMS-Versand).
• Der monatliche Statusreport an regify kann nun optional zusätzlich in Klartext an eine weitere Mailadresse versendet werden (zB Provider selbst).
• Die zu verwendenden Passwortlängen lassen sich nun Providerweit in der configuration.php definieren. Sprachtexte für zweistufige Anmeldung passen sich automatisch an.
• Menüseite der Nutzer zeigt Premium-Laufzeiten > 10 Jahre als *unbegrenzt*
• Die Session-ID wird bei jeder relevanten Aktion im Portal neu generiert (mehr Sicherheit).
• Der Administrationsdialog besteht nun ebenfalls auf SSL, wenn ONLY_HTTPS = TRUE gesetzt wurde.
• Verzögerung nach Fehl-Logins auf eine Zufallszeit zwischen 1 und 5 Sekunden geändert um Bruteforce-Angriffe deutlich zu erschweren (mehr Sicherheit).
• Nutzer, welche sich in der Community-Version löschten, werden 30 Tage danach endgültig aus der Datenbank gelöscht (ohne manuelles zutun).
• Fehlerhafte Logins (zB Benutzername/Passwort falsch) verursachen eine Zeitverzögerung von ein bis fünf Sekunden (Zufall). Dadurch werden Bruteforce-Angriffe wirkungsvoll gebremst.
• Template 11 erhielt die Anrede des Benutzers
• Template 12 erhielt einen Datum/Zeit Platzhalter.
• Fix: Einladungsdialog hat den Haken für "zweistufiges Kennwortverfahren" bei Fehleingaben im Anschluss vergessen (musste nochmal geklickt werden). Behoben.
• Fix: Problem mit leeren regify Mails behoben (online erstellt), wenn man schnell hintereinander den Erstellen-Dialog öffnet (alte rgf wurde dann vor dem Versand gelöscht).
• Neu: Ablage der rgf-Dateien in extra Unterverzeichnissen.
• Fix: Einladungsdialog-Problem mit ; (semicolon) im Freitext behoben (wird durch : ersetzt)
• Fix: An vielen Stellen wurde die Unterstützung von Sonderzeichen verbessert.
• Fix: Registrierungsseite hat nun einen "Startseite"-Button um zurückzukehren.

CSS Aktualisierung:

• neu: tableUserChoice
• neu: input[type=button] und input[type=submit] bekommen "cursor: pointer;"
• neu: a und a.small erhalten "cursor: pointer;"
• neu: OkDialog
• neu: listsecond hat weissen Hintergrund
• verändert: BrownBox (padding-bottom)
• removed: tableBoxText
• removed: div.MembershipBox

configuration.php:

• neu: define('SETPREMIUMANYTIME', TRUE);
• neu: define('IDSPATH', "");
• neu: define('IDSTRESHOLD', TRUE);
• neu: define('EMERGENCYURL', "");
• neu: define('SHOPCURRENCY', "EUR");
• neu: define('CUSTOMSHOP', FALSE);
• neu: define('ORDERPAGEUSER', "");
• neu: define('ORDERPAGEADMIN', "");
• neu: define('USERPASSWORDLENGTH', 8);
• neu: define('USERPASSWORDLENGTHTWOSTEP', 12);
• neu: define('INVITATIONAUTHTOLEVEL', 0);
• neu: define('INVITATIONAUTHONLYSDK', TRUE);
• neu: define('AUTHTRANSMITURL', $url);
• neu: define('AUTHTRANSMITURLGOODRESULT', "100");
• neu: include_once("funcForm.php"); nach funcGadget.php
• neu: $AdminRoles[]
• entfernen: AUTHALLOWPERSON
• entfernen: DEFAULTAUTHENTICATIONSTYLE