mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

print a warning if a user wants to reset his password and encryption is enabled

This commit is contained in:
Björn Schießle 2013-06-05 18:38:39 +02:00
parent 036732c249
commit 58fd76607b
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/lostpassword/controller.php
View File

@ -8,8 +8,11 @@
class OC_Core_LostPassword_Controller {
protected static function displayLostPasswordPage($error, $requested) {
$encrypted = OC_App::isEnabled('files_encryption');
OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
array('error' => $error, 'requested' => $requested));
array('error' => $error,
'requested' => $requested,
'encrypted' => $encrypted));
}
protected static function displayResetPasswordPage($success, $args) {
@ -29,7 +32,14 @@ class OC_Core_LostPassword_Controller {
}
public static function sendEmail($args) {
if (OC_User::userExists($_POST['user'])) {
if(isset($_POST['noEncryption']) || isset($_POST['continue'])) {
$continue = true;
} else {
$continue = false;
}
if (OC_User::userExists($_POST['user']) && $continue) {
$token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
hash('sha256', $token)); // Hash the token again to prevent timing attacks

8
core/lostpassword/templates/lostpassword.php
View File

@ -17,6 +17,14 @@
<input type="text" name="user" id="user" placeholder="" value="" autocomplete="off" required autofocus />
<label for="user" class="infield"><?php print_unescaped($l->t( 'Username' )); ?></label>
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
<?php if ($_['encrypted']): ?>
<br /><br />
<?php print_unescaped($l->t('Your files seems to be encrypted. If you didn\'t have enabled the recovery key there will be no way to get your data back once the password was resetted. If you are not sure what to do, please contact your administrator first before continue. Do you really want to continue?')); ?><br />
<input type="checkbox" name="continue" value="Yes" />
<?php print_unescaped($l->t('Yes, I really want to reset my password now')); ?><br/><br/>
<?php else: ?>
<input type="checkbox" name="noEncryption" value="Yes" checked />
<?php endif; ?>
</p>
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request reset')); ?>" />
</fieldset>