From 1c955606a18d885af9c0c936fe46e2bd11ee164f Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <GapczynskiM@gmail.com>
Date: Mon, 29 Aug 2011 14:37:18 -0400
Subject: [PATCH] Initial work on resetting forgotten passwords. It works, but
still need to email a token to allow reset
---
core/templates/lostpassword.php | 15 ++++++++++++++
core/templates/resetpassword.php | 10 ++++++++++
index.php | 34 +++++++++++++++++++++++++++++++-
3 files changed, 58 insertions(+), 1 deletion(-)
create mode 100644 core/templates/lostpassword.php
create mode 100644 core/templates/resetpassword.php
diff --git a/core/templates/lostpassword.php b/core/templates/lostpassword.php
new file mode 100644
index 00000000000..212ca8d2edb
--- /dev/null
+++ b/core/templates/lostpassword.php
@@ -0,0 +1,15 @@
+<form action="index.php?lostpassword" method="post">
+ <fieldset>
+ <?php echo $l->t('You will receive a link to reset your password via Email.'); ?>
+ <?php if ($_['requested']): ?>
+ <?php echo $l->t( 'Requested' ); ?>
+
+ <?php else: ?>
+ <?php if ($_['error']): ?>
+ <?php echo $l->t( 'Login failed!' ); ?>
+ <?php endif; ?>
+ <input type="text" name="user" id="user" placeholder="<?php echo $l->t('Username or Email'); ?>" value="" autocomplete="off" required autofocus />
+ <input type="submit" id="submit" value="<?php echo $l->t('Request reset'); ?>" />
+ <?php endif; ?>
+ </fieldset>
+</form>
\ No newline at end of file
diff --git a/core/templates/resetpassword.php b/core/templates/resetpassword.php
new file mode 100644
index 00000000000..3c7c46efe13
--- /dev/null
+++ b/core/templates/resetpassword.php
@@ -0,0 +1,10 @@
+<form action="<?php echo "index.php?".$_SERVER['QUERY_STRING'] ?>" method="post">
+ <fieldset>
+ <?php if($_['success']): ?>
+ <?php echo $l->t('Your password was successfully reset'); ?>
+ <?php else: ?>
+ <input type="password" name="password" id="password" placeholder="<?php echo $l->t('New password'); ?>" value="" required />
+ <input type="submit" id="submit" value="<?php echo $l->t('Reset password'); ?>" />
+ <?php endif; ?>
+ </fieldset>
+</form>
\ No newline at end of file
diff --git a/index.php b/index.php
index 4520f40107e..52a00465f22 100644
--- a/index.php
+++ b/index.php
@@ -60,7 +60,7 @@ elseif(OC_User::isLoggedIn()) {
}
// Someone wants to log in :
-elseif(isset($_POST["user"])) {
+elseif(isset($_POST["user"]) && isset($_POST['password'])) {
OC_App::loadApps();
if(OC_User::login($_POST["user"], $_POST["password"])) {
header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
@@ -81,6 +81,38 @@ elseif(isset($_POST["user"])) {
}
}
+// Someone lost their password:
+elseif(isset($_GET['lostpassword'])) {
+ OC_App::loadApps();
+ if (isset($_POST['user'])) {
+ if (OC_User::userExists($_POST['user'])) {
+ $token = sha1($_POST['user']+uniqId());
+ OC_Preferences::setValue($_POST['user'], "owncloud", "lostpassword", $token);
+ // TODO send email with link+token
+ OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => true));
+ } else {
+ OC_Template::printGuestPage("", "lostpassword", array("error" => true, "requested" => false));
+ }
+ } else {
+ OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => false));
+ }
+}
+
+// Someone wants to reset their password:
+elseif(isset($_GET['resetpassword']) && isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], "owncloud", "lostpassword") === $_GET['token']) {
+ OC_App::loadApps();
+ if (isset($_POST['password'])) {
+ if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
+ OC_Preferences::deleteKey($_GET['user'], "owncloud", "lostpassword");
+ OC_Template::printGuestPage("", "resetpassword", array("success" => true));
+ } else {
+ OC_Template::printGuestPage("", "resetpassword", array("success" => false));
+ }
+ } else {
+ OC_Template::printGuestPage("", "resetpassword", array("success" => false));
+ }
+}
+
// For all others cases, we display the guest page :
else {
OC_App::loadApps();
--
GitLab