nextcloud/core/templates/login.php

<?php /** @var $l OC_L10N */ ?>
<?php
vendor_script('jsTimezoneDetect/jstz');
script('core', [
	'visitortimezone',
	'lostpassword',
	'login'
]);
?>

<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post" name="login" action="<?php p(OC::$WEBROOT) ?>/">
	<fieldset>
	<?php if (!empty($_['redirect_url'])) {
		print_unescaped('<input type="hidden" name="redirect_url" value="' . \OCP\Util::sanitizeHTML($_['redirect_url']) . '">');
	} ?>
		<?php if (isset($_['apacheauthfailed']) && ($_['apacheauthfailed'])): ?>
			<div class="warning">
				<?php p($l->t('Server side authentication failed!')); ?><br>
				<small><?php p($l->t('Please contact your administrator.')); ?></small>
			</div>
		<?php endif; ?>
		<?php foreach($_['messages'] as $message): ?>
			<div class="warning">
				<?php p($message); ?><br>
			</div>
		<?php endforeach; ?>
		<?php if (isset($_['internalexception']) && ($_['internalexception'])): ?>
			<div class="warning">
				<?php p($l->t('An internal error occurred.')); ?><br>
				<small><?php p($l->t('Please try again or contact your administrator.')); ?></small>
			</div>
		<?php endif; ?>
		<div id="message" class="hidden">
			<img class="float-spinner" alt=""
				src="<?php p(image_path('core', 'loading-dark.gif'));?>">
			<span id="messageText"></span>
			<!-- the following div ensures that the spinner is always inside the #message div -->
			<div style="clear: both;"></div>
		</div>
		<p class="grouptop">
			<input type="text" name="user" id="user"
				placeholder="<?php p($l->t('Username or email')); ?>"
				value="<?php p($_['loginName']); ?>"
				<?php p($_['user_autofocus'] ? 'autofocus' : ''); ?>
				autocomplete="on" autocapitalize="off" autocorrect="off" required>
			<label for="user" class="infield"><?php p($l->t('Username or email')); ?></label>
		</p>

		<p class="groupbottom">
			<input type="password" name="password" id="password" value=""
				placeholder="<?php p($l->t('Password')); ?>"
				<?php p($_['user_autofocus'] ? '' : 'autofocus'); ?>
				autocomplete="on" autocapitalize="off" autocorrect="off" required>
			<label for="password" class="infield"><?php p($l->t('Password')); ?></label>
			<input type="submit" id="submit" class="login primary icon-confirm svg" title="<?php p($l->t('Log in')); ?>" value="" disabled="disabled"/>
		</p>

		<?php if (!empty($_['invalidpassword']) && !empty($_['canResetPassword'])) { ?>
		<a id="lost-password" class="warning" href="">
			<?php p($l->t('Wrong password. Reset it?')); ?>
		</a>
		<?php } else if (!empty($_['invalidpassword'])) { ?>
			<p class="warning">
				<?php p($l->t('Wrong password.')); ?>
			</p>
		<?php } ?>
		<?php if ($_['rememberLoginAllowed'] === true) : ?>
		<div class="remember-login-container">
			<?php if ($_['rememberLoginState'] === 0) { ?>
			<input type="checkbox" name="remember_login" value="1" id="remember_login" class="checkbox checkbox--white">
			<?php } else { ?>
			<input type="checkbox" name="remember_login" value="1" id="remember_login" class="checkbox checkbox--white" checked="checked">
			<?php } ?>
			<label for="remember_login"><?php p($l->t('Stay logged in')); ?></label>
		</div>
		<?php endif; ?>
		<input type="hidden" name="timezone-offset" id="timezone-offset"/>
		<input type="hidden" name="timezone" id="timezone"/>
		<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">
	</fieldset>
</form>
<?php if (!empty($_['alt_login'])) { ?>
<form id="alternative-logins">
	<fieldset>
		<legend><?php p($l->t('Alternative Logins')) ?></legend>
		<ul>
			<?php foreach($_['alt_login'] as $login): ?>
				<li><a class="button" href="<?php print_unescaped($login['href']); ?>" ><?php p($login['name']); ?></a></li>
			<?php endforeach; ?>
		</ul>
	</fieldset>
</form>
<?php }
Add CSRF check on login and logout This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it. 2014-05-04 15:56:21 +04:00			`<?php /** @var $l OC_L10N */ ?>`
use script instead of \OCP\Util methods 2014-12-10 18:18:18 +03:00			`<?php`
			`vendor_script('jsTimezoneDetect/jstz');`
			`script('core', [`
			`'visitortimezone',`
show feedback spinner for log in process 2015-08-27 22:02:00 +03:00			`'lostpassword',`
			`'login'`
use script instead of \OCP\Util methods 2014-12-10 18:18:18 +03:00			`]);`
			`?>`
Add CSRF check on login and logout This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it. 2014-05-04 15:56:21 +04:00
IE 8: fix appeareance of checkboxes on login and files pages 2012-03-29 20:16:41 +04:00			`<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->`
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is. 2016-04-11 13:08:00 +03:00			`<form method="post" name="login" action="<?php p(OC::$WEBROOT) ?>/">`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`<fieldset>`
			`<?php if (!empty($_['redirect_url'])) {`
Use \OCP\Util::sanitizeHTML instead of \OC_Util::sanitizeHTML 2015-12-08 10:28:15 +03:00			`print_unescaped('<input type="hidden" name="redirect_url" value="' . \OCP\Util::sanitizeHTML($_['redirect_url']) . '">');`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`} ?>`
adding warning about failed apache module auth 2013-10-02 03:02:46 +04:00			`<?php if (isset($_['apacheauthfailed']) && ($_['apacheauthfailed'])): ?>`
			`<div class="warning">`
			`<?php p($l->t('Server side authentication failed!')); ?><br>`
			`<small><?php p($l->t('Please contact your administrator.')); ?></small>`
			`</div>`
			`<?php endif; ?>`
Allow custom error messages for the login page 2015-01-22 16:13:02 +03:00			`<?php foreach($_['messages'] as $message): ?>`
			`<div class="warning">`
			`<?php p($message); ?><br>`
			`</div>`
			`<?php endforeach; ?>`
do not disclose information, show generic error on login page Conflicts: core/templates/login.php lib/base.php 2015-03-31 15:56:02 +03:00			`<?php if (isset($_['internalexception']) && ($_['internalexception'])): ?>`
			`<div class="warning">`
core: Fix typos (found by codespell) Signed-off-by: Stefan Weil <sw@weilnetz.de> 2016-04-04 11:57:17 +03:00			`<?php p($l->t('An internal error occurred.')); ?><br>`
do not disclose information, show generic error on login page Conflicts: core/templates/login.php lib/base.php 2015-03-31 15:56:02 +03:00			`<small><?php p($l->t('Please try again or contact your administrator.')); ?></small>`
			`</div>`
			`<?php endif; ?>`
Changed a p element by a div A p element cannot contain a div element (here `<div style="clear: both;"></div>`). It should be change by a div element to fits standards. 2015-06-08 16:22:52 +03:00			`<div id="message" class="hidden">`
add missing alt attribute to spinner 2014-11-06 14:09:48 +03:00			`<img class="float-spinner" alt=""`
Use proper shortcut methods in templates 2016-04-06 11:18:56 +03:00			`src="<?php p(image_path('core', 'loading-dark.gif'));?>">`
add spinner to the template so that it can be loaded in time 2013-11-28 01:36:47 +04:00			`<span id="messageText"></span>`
Fix resize issue for trash button in chrome and overflowing spinner in .update class fixes #6108 2013-11-29 00:36:43 +04:00			`<!-- the following div ensures that the spinner is always inside the #message div -->`
			`<div style="clear: both;"></div>`
Changed a p element by a div A p element cannot contain a div element (here `<div style="clear: both;"></div>`). It should be change by a div element to fits standards. 2015-06-08 16:22:52 +03:00			`</div>`
first step of infield label removal, fix login screen 2014-05-06 14:07:53 +04:00			`<p class="grouptop">`
			`<input type="text" name="user" id="user"`
Allow login by email address 2016-05-02 15:51:01 +03:00			`placeholder="<?php p($l->t('Username or email')); ?>"`
Rename `username` to `loginName` UID and login name are two different things. 2016-04-15 20:02:19 +03:00			`value="<?php p($_['loginName']); ?>"`
first step of infield label removal, fix login screen 2014-05-06 14:07:53 +04:00			`<?php p($_['user_autofocus'] ? 'autofocus' : ''); ?>`
addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed 2015-03-18 01:57:23 +03:00			`autocomplete="on" autocapitalize="off" autocorrect="off" required>`
Allow login by email address 2016-05-02 15:51:01 +03:00			`<label for="user" class="infield"><?php p($l->t('Username or email')); ?></label>`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`</p>`
setting the timezone is now part of the login process and true part of the core. 2012-12-20 14:10:45 +04:00
first step of infield label removal, fix login screen 2014-05-06 14:07:53 +04:00			`<p class="groupbottom">`
			`<input type="password" name="password" id="password" value=""`
			`placeholder="<?php p($l->t('Password')); ?>"`
			`<?php p($_['user_autofocus'] ? '' : 'autofocus'); ?>`
addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed 2015-03-18 01:57:23 +03:00			`autocomplete="on" autocapitalize="off" autocorrect="off" required>`
[core] From echo to p 2013-02-28 01:55:39 +04:00			`<label for="password" class="infield"><?php p($l->t('Password')); ?></label>`
Fix login arrow in login page 2015-09-29 18:13:10 +03:00			`<input type="submit" id="submit" class="login primary icon-confirm svg" title="<?php p($l->t('Log in')); ?>" value="" disabled="disabled"/>`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`</p>`
move password warning more relevant below password field, un-nest log in warning 2013-04-17 19:16:15 +04:00
Remove password reset when the user can not change the password 2015-12-07 17:14:19 +03:00			`<?php if (!empty($_['invalidpassword']) && !empty($_['canResetPassword'])) { ?>`
Basics 2014-03-25 02:38:11 +04:00			`<a id="lost-password" class="warning" href="">`
more understandable 'Wrong password' feedback 2015-08-12 19:43:09 +03:00			`<?php p($l->t('Wrong password. Reset it?')); ?>`
move password warning more relevant below password field, un-nest log in warning 2013-04-17 19:16:15 +04:00			`</a>`
Remove password reset when the user can not change the password 2015-12-07 17:14:19 +03:00			`<?php } else if (!empty($_['invalidpassword'])) { ?>`
			`<p class="warning">`
			`<?php p($l->t('Wrong password.')); ?>`
			`</p>`
			`<?php } ?>`
introduce OC_Util::rememberLoginAllowed() 2013-09-24 20:01:34 +04:00			`<?php if ($_['rememberLoginAllowed'] === true) : ?>`
move log in button into fields and use icon instead of text 2015-08-26 20:00:42 +03:00			`<div class="remember-login-container">`
refactoring code 2016-02-10 17:28:14 +03:00			`<?php if ($_['rememberLoginState'] === 0) { ?>`
fix login 2015-09-25 00:54:07 +03:00			`<input type="checkbox" name="remember_login" value="1" id="remember_login" class="checkbox checkbox--white">`
Remember previous state of remember login checkbox fixes #22205 2016-02-10 14:37:38 +03:00			`<?php } else { ?>`
refactoring code 2016-02-10 17:28:14 +03:00			`<input type="checkbox" name="remember_login" value="1" id="remember_login" class="checkbox checkbox--white" checked="checked">`
Remember previous state of remember login checkbox fixes #22205 2016-02-10 14:37:38 +03:00			`<?php } ?>`
refactoring code 2016-02-10 17:28:14 +03:00			`<label for="remember_login"><?php p($l->t('Stay logged in')); ?></label>`
move log in button into fields and use icon instead of text 2015-08-26 20:00:42 +03:00			`</div>`
don't remember login if the encrypion app is enabled because the user needs to log-in again in order to decrypt his private key with his password 2013-09-24 15:08:55 +04:00			`<?php endif; ?>`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`<input type="hidden" name="timezone-offset" id="timezone-offset"/>`
send browsers timezone back tp the server on login 2014-09-22 16:01:45 +04:00			`<input type="hidden" name="timezone" id="timezone"/>`
addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed 2015-03-18 01:57:23 +03:00			`<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`</fieldset>`
optimized CSS, fixed login header 2011-08-08 19:57:45 +04:00			`</form>`
add support for apps to register alternative login methods below the standard login a list of icons/button will be displayed 2013-01-29 20:28:08 +04:00			`<?php if (!empty($_['alt_login'])) { ?>`
move inline style to CSS file, fix details 2013-02-06 18:15:20 +04:00			`<form id="alternative-logins">`
add support for apps to register alternative login methods below the standard login a list of icons/button will be displayed 2013-01-29 20:28:08 +04:00			`<fieldset>`
[core] From echo to p 2013-02-28 01:55:39 +04:00			`<legend><?php p($l->t('Alternative Logins')) ?></legend>`
add support for apps to register alternative login methods below the standard login a list of icons/button will be displayed 2013-01-29 20:28:08 +04:00			`<ul>`
fix shorttag issue mentioned in #1357 2013-02-06 21:19:26 +04:00			`<?php foreach($_['alt_login'] as $login): ?>`
[core] From echo to p 2013-02-28 01:55:39 +04:00			`<li><a class="button" href="<?php print_unescaped($login['href']); ?>" ><?php p($login['name']); ?></a></li>`
fix shorttag issue mentioned in #1357 2013-02-06 21:19:26 +04:00			`<?php endforeach; ?>`
add support for apps to register alternative login methods below the standard login a list of icons/button will be displayed 2013-01-29 20:28:08 +04:00			`</ul>`
			`</fieldset>`
			`</form>`
use script instead of \OCP\Util methods 2014-12-10 18:18:18 +03:00			`<?php }`