Merge branch 'master' of git.kde.org:owncloud

core/css/styles.css

@@ -68,7 +68,7 @@ input[type="submit"].highlight{ background:#ffc100; border:1px solid #db0; text-
 #login form fieldset { background:0; border:0; margin-bottom:2em; padding:0; }
 #login form fieldset legend { font-weight:bold; }
 #login form label { position:absolute; margin:.8em .8em; font-size:1.5em; color:#666; }
-#login form label#directorylabel { display:block; margin:.95em 0 .8em -5.5em; }
+#login #dbhostlabel, #login #dbtableprefixlabel, #login #directorylabel { display:block; margin:.95em 0 .8em -7em; }
 #login form input[type="checkbox"]+label { position:relative; margin:0; font-size:1em; text-shadow:#fff 0 1px 0; }
 #login form ul.errors { background:#fed7d7; border:1px solid #f00; list-style-indent:inside; margin:0 0 4em 0; padding:1em 1em 1em 5em; }
 

core/templates/installation.php

@@ -74,8 +74,8 @@
 	<a id='showAdvanced'><strong><?php echo $l->t( 'Advanced' ); ?> ▾</strong></a>
 
 	<fieldset id='datadirField'>
-		<input type="text" name="dbhost" id="dbhost" value="<?php print OC_Helper::init_var('dbhost', 'localhost'); ?>" placeholder="<?php echo $l->t( 'Host' ); ?>" />
-		<input type="text" name="dbtableprefix" id="dbtableprefix" value="<?php print OC_Helper::init_var('dbtableprefix', 'oc_'); ?>" placeholder="<?php echo $l->t( 'Table prefix' ); ?>" />
+		<label id="dbhostlabel" for="dbhost"><?php echo $l->t( 'Database host' ); ?></label><input type="text" name="dbhost" id="dbhost" value="<?php print OC_Helper::init_var('dbhost', 'localhost'); ?>" placeholder="<?php echo $l->t( 'Database host' ); ?>" />
+		<label id="dbtableprefixlabel" for="dbtableprefix"><?php echo $l->t( 'Table prefix' ); ?></label><input type="text" name="dbtableprefix" id="dbtableprefix" value="<?php print OC_Helper::init_var('dbtableprefix', 'oc_'); ?>" placeholder="<?php echo $l->t( 'Table prefix' ); ?>" />
 
 		<label id="directorylabel" for="directory"><?php echo $l->t( 'Data folder' ); ?></label><input type="text" name="directory" id="directory" value="<?php print OC_Helper::init_var('directory', $_['directory']); ?>" placeholder="<?php echo $l->t( 'Data folder' ); ?>" />
 	</fieldset>

core/templates/login.php

@@ -1,17 +1,17 @@
 <form action="index.php" method="post">
 	<fieldset>
 		<?php if($_['error']): ?>
-			<?php echo $l->t( 'Login failed!' ); ?>
+			<a href="index.php?lostpassword"><?php echo $l->t('Lost your password?'); ?></a>
+		<?php endif; ?>
+		<?php if(empty($_["username"])): ?>
+			<input type="text" name="user" id="user" placeholder="Username" value="" autocomplete="off" required autofocus />
+			<input type="password" name="password" id="password" placeholder="Password" value="" required />
+			<input type="checkbox" name="remember_login" id="remember_login" /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
+		<?php else: ?>
+		      <input type="text" name="user" id="user" placeholder="Username" value="<?php echo $_['username']; ?>" autocomplete="off" required >
+		      <input type="password" name="password" id="password" placeholder="Password" value="" required autofocus />
+		      <input type="checkbox" name="remember_login" id="remember_login" checked /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
 		<?php endif; ?>
-		<?php if(empty($_["username"])){?>
-		<input type="text" name="user" id="user" placeholder="Username" value="" autocomplete="off" required autofocus />
-		<input type="password" name="password" id="password" placeholder="Password" value="" required />
-		<input type="checkbox" name="remember_login" id="remember_login" /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
-		<?php }else{ ?>
-		<input type="text" name="user" id="user" placeholder="Username" value="<?php echo $_['username']; ?>" autocomplete="off" required >
-		<input type="password" name="password" id="password" placeholder="Password" value="" required autofocus />
-		<input type="checkbox" name="remember_login" id="remember_login" checked /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
-		<?php } ?>
 		<input type="submit" id="submit" value="Log in" />
 	</fieldset>
 </form>

core/templates/lostpassword.php

@@ -0,0 +1,14 @@
+<form action="index.php?lostpassword" method="post">
+	<fieldset>
+		<?php echo $l->t('You will receive a link to reset your password via Email.'); ?>
+		<?php if ($_['requested']): ?>
+			<?php echo $l->t('Requested'); ?>
+		<?php else: ?>
+			<?php if ($_['error']): ?>
+				<?php echo $l->t('Login failed!'); ?>
+			<?php endif; ?>
+			<input type="text" name="user" id="user" placeholder="<?php echo $l->t('Username or Email'); ?>" value="" autocomplete="off" required autofocus />
+			<input type="submit" id="submit" value="<?php echo $l->t('Request reset'); ?>" />
+		<?php endif; ?>
+	</fieldset>
+</form>

core/templates/resetpassword.php

@@ -0,0 +1,10 @@
+<form action="<?php echo "index.php?".$_SERVER['QUERY_STRING']; ?>" method="post">
+	<fieldset>
+		<?php if($_['success']): ?>
+			<?php echo $l->t('Your password was successfully reset'); ?>
+		<?php else: ?>
+			<input type="password" name="password" id="password" placeholder="<?php echo $l->t('New password'); ?>" value="" required />
+			<input type="submit" id="submit" value="<?php echo $l->t('Reset password'); ?>" />
+		<?php endif; ?>
+	</fieldset>
+</form>

files/index.php

@@ -47,8 +47,14 @@ $files = array();
 foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
 	$i["date"] = OC_Util::formatDate($i["mtime"] );
 	if($i['type']=='file'){
-		$i['extention']=substr($i['name'],strrpos($i['name'],'.'));
-		$i['basename']=substr($i['name'],0,strrpos($i['name'],'.'));
+		$fileinfo=pathinfo($i['name']);
+		$i['basename']=$fileinfo['filename'];
+		if (!empty($fileinfo['extension'])) {
+			$i['extention']='.' . $fileinfo['extension'];
+		}
+		else {
+			$i['extention']='';
+		}
 	}
 	if($i['directory']=='/'){
 		$i['directory']='';

index.php

@@ -60,7 +60,7 @@ elseif(OC_User::isLoggedIn()) {
 }
 
 // Someone wants to log in :
-elseif(isset($_POST["user"])) {
+elseif(isset($_POST["user"]) && isset($_POST['password'])) {
 	OC_App::loadApps();
 	if(OC_User::login($_POST["user"], $_POST["password"])) {
 		header("Location: ".$WEBROOT.'/'.OC_Appconfig::getValue("core", "defaultpage", "files/index.php"));
@@ -81,6 +81,38 @@ elseif(isset($_POST["user"])) {
 	}
 }
 
+// Someone lost their password:
+elseif(isset($_GET['lostpassword'])) {
+	OC_App::loadApps();
+	if (isset($_POST['user'])) {
+		if (OC_User::userExists($_POST['user'])) {
+			$token = sha1($_POST['user']+uniqId());
+			OC_Preferences::setValue($_POST['user'], "owncloud", "lostpassword", $token);
+			// TODO send email with link+token
+			OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => true));
+		} else {
+			OC_Template::printGuestPage("", "lostpassword", array("error" => true, "requested" => false));
+		}
+	} else {
+		OC_Template::printGuestPage("", "lostpassword", array("error" => false, "requested" => false));
+	}
+}
+
+// Someone wants to reset their password:
+elseif(isset($_GET['resetpassword']) && isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], "owncloud", "lostpassword") === $_GET['token']) {
+	OC_App::loadApps();
+	if (isset($_POST['password'])) {
+		if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
+			OC_Preferences::deleteKey($_GET['user'], "owncloud", "lostpassword");
+			OC_Template::printGuestPage("", "resetpassword", array("success" => true));
+		} else {
+			OC_Template::printGuestPage("", "resetpassword", array("success" => false));
+		}
+	} else {
+		OC_Template::printGuestPage("", "resetpassword", array("success" => false));
+	}
+}
+
 // For all others cases, we display the guest page :
 else {
 	OC_App::loadApps();

lib/files.php

@@ -143,7 +143,7 @@ class OC_Files {
 			header("HTTP/1.0 403 Forbidden");
 			die('403 Forbidden');
 		}
-		ob_end_clean();
+		@ob_end_clean();
 		if($zip){
 			readfile($filename);
 			unlink($filename);

lib/setup.php

@@ -284,8 +284,10 @@ class OC_Setup {
 		$content.= "Options -Indexes\n";
 		@file_put_contents($SERVERROOT.'/.htaccess', $content); //supress errors in case we don't have permissions for it
 
-		$content = "deny from all";
+		$content = "deny from all\n";
+		$content.= "IndexIgnore *";
 		file_put_contents(OC_Config::getValue('datadirectory', $SERVERROOT.'/data').'/.htaccess', $content);
+		file_put_contents(OC_Config::getValue('datadirectory', $SERVERROOT.'/data').'/index.html', '');
 	}
 }
 

settings/ajax/changepassword.php

@@ -6,15 +6,15 @@ require_once('../../lib/base.php');
 // We send json data
 header( "Content-Type: application/jsonrequest" );
 
+$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
+$password = $_POST["password"];
+
 // Check if we are a user
-if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
+if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' )&& $username!=OC_User::getUser())) {
 	echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" )));
 	exit();
 }
 
-$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
-$password = $_POST["password"];
-
 // Return Success story
 if( OC_User::setPassword( $username, $password )){
 	echo json_encode( array( "status" => "success", "data" => array( "username" => $username )));