From 1c955606a18d885af9c0c936fe46e2bd11ee164f Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Mon, 29 Aug 2011 14:37:18 -0400 Subject: [PATCH] Initial work on resetting forgotten passwords. It works, but still need to email a token to allow reset --- core/templates/lostpassword.php | 15 ++++++++++++++ core/templates/resetpassword.php | 10 ++++++++++ index.php | 34 +++++++++++++++++++++++++++++++- 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 core/templates/lostpassword.php create mode 100644 core/templates/resetpassword.php diff --git a/core/templates/lostpassword.php b/core/templates/lostpassword.php new file mode 100644 index 0000000000..212ca8d2ed --- /dev/null +++ b/core/templates/lostpassword.php @@ -0,0 +1,15 @@ +
+
+ t('You will receive a link to reset your password via Email.'); ?> + + t( 'Requested' ); ?> + + + + t( 'Login failed!' ); ?> + + + + +
+
\ No newline at end of file diff --git a/core/templates/resetpassword.php b/core/templates/resetpassword.php new file mode 100644 index 0000000000..3c7c46efe1 --- /dev/null +++ b/core/templates/resetpassword.php @@ -0,0 +1,10 @@ +
" method="post"> +
+ + t('Your password was successfully reset'); ?> + + + + +
+
\ No newline at end of file diff --git a/index.php b/index.php index 4520f40107..52a00465f2 100644 --- a/index.php +++ b/index.php @@ -60,7 +60,7 @@ elseif(OC_User::isLoggedIn()) { } // Someone wants to log in : -elseif(isset($_POST["user"])) { +elseif(isset($_POST["user"]) && isset($_POST['password'])) { OC_App::loadApps(); if(OC_User::login($_POST["user"], $_POST["password"])) { header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php")); @@ -81,6 +81,38 @@ elseif(isset($_POST["user"])) { } } +// Someone lost their password: +elseif(isset($_GET['lostpassword'])) { + OC_App::loadApps(); + if (isset($_POST['user'])) { + if (OC_User::userExists($_POST['user'])) { + $token = sha1($_POST['user']+uniqId()); + OC_Preferences::setValue($_POST['user'], "owncloud", "lostpassword", $token); + // TODO send email with link+token + OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => true)); + } else { + OC_Template::printGuestPage("", "lostpassword", array("error" => true, "requested" => false)); + } + } else { + OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => false)); + } +} + +// Someone wants to reset their password: +elseif(isset($_GET['resetpassword']) && isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], "owncloud", "lostpassword") === $_GET['token']) { + OC_App::loadApps(); + if (isset($_POST['password'])) { + if (OC_User::setPassword($_GET['user'], $_POST['password'])) { + OC_Preferences::deleteKey($_GET['user'], "owncloud", "lostpassword"); + OC_Template::printGuestPage("", "resetpassword", array("success" => true)); + } else { + OC_Template::printGuestPage("", "resetpassword", array("success" => false)); + } + } else { + OC_Template::printGuestPage("", "resetpassword", array("success" => false)); + } +} + // For all others cases, we display the guest page : else { OC_App::loadApps();