Merge branch 'master' into movable_apps_2
This commit is contained in:
commit
993d655aad
|
@ -12,6 +12,7 @@
|
||||||
<p class="infield">
|
<p class="infield">
|
||||||
<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
|
<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
|
||||||
<input type="password" name="password" id="password" value="" required <?php echo !empty($_POST['user'])?'autofocus':''; ?> />
|
<input type="password" name="password" id="password" value="" required <?php echo !empty($_POST['user'])?'autofocus':''; ?> />
|
||||||
|
<input type="hidden" name="sectoken" id="sectoken" value="<?php echo($_['sectoken']); ?>" />
|
||||||
</p>
|
</p>
|
||||||
<input type="checkbox" name="remember_login" value="1" id="remember_login" /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
|
<input type="checkbox" name="remember_login" value="1" id="remember_login" /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
|
||||||
<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Log in' ); ?>" />
|
<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Log in' ); ?>" />
|
||||||
|
|
14
index.php
14
index.php
|
@ -63,10 +63,9 @@ elseif(OC_User::isLoggedIn()) {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// For all others cases, we display the guest page :
|
// For all others cases, we display the guest page :
|
||||||
else {
|
} else {
|
||||||
OC_App::loadApps();
|
OC_App::loadApps();
|
||||||
$error = false;
|
$error = false;
|
||||||
|
|
||||||
|
@ -84,10 +83,9 @@ else {
|
||||||
else {
|
else {
|
||||||
OC_User::unsetMagicInCookie();
|
OC_User::unsetMagicInCookie();
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Someone wants to log in :
|
// Someone wants to log in :
|
||||||
elseif(isset($_POST["user"]) && isset($_POST['password'])) {
|
} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
|
||||||
if(OC_User::login($_POST["user"], $_POST["password"])) {
|
if(OC_User::login($_POST["user"], $_POST["password"])) {
|
||||||
if(!empty($_POST["remember_login"])){
|
if(!empty($_POST["remember_login"])){
|
||||||
if(defined("DEBUG") && DEBUG) {
|
if(defined("DEBUG") && DEBUG) {
|
||||||
|
@ -104,9 +102,9 @@ else {
|
||||||
} else {
|
} else {
|
||||||
$error = true;
|
$error = true;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
|
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
|
||||||
elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
|
} elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
|
||||||
if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {
|
if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {
|
||||||
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
|
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
|
||||||
OC_User::unsetMagicInCookie();
|
OC_User::unsetMagicInCookie();
|
||||||
|
@ -115,5 +113,7 @@ else {
|
||||||
$error = true;
|
$error = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
OC_Template::printGuestPage('', 'login', array('error' => $error, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
|
$sectoken=rand(1000000,9999999);
|
||||||
|
$_SESSION['sectoken']=$sectoken;
|
||||||
|
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
|
||||||
}
|
}
|
||||||
|
|
10
lib/base.php
10
lib/base.php
|
@ -363,6 +363,16 @@ class OC{
|
||||||
self::checkInstalled();
|
self::checkInstalled();
|
||||||
self::checkSSL();
|
self::checkSSL();
|
||||||
|
|
||||||
|
// CSRF protection
|
||||||
|
if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
|
||||||
|
if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://';
|
||||||
|
$server=$protocol.$_SERVER['SERVER_NAME'];
|
||||||
|
if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
|
||||||
|
$url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php';
|
||||||
|
header("Location: $url");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
self::initSession();
|
self::initSession();
|
||||||
self::initTemplateEngine();
|
self::initTemplateEngine();
|
||||||
self::checkUpgrade();
|
self::checkUpgrade();
|
||||||
|
|
|
@ -253,6 +253,9 @@ class OC_Util {
|
||||||
} else {
|
} else {
|
||||||
$parameters["username"] = '';
|
$parameters["username"] = '';
|
||||||
}
|
}
|
||||||
|
$sectoken=rand(1000000,9999999);
|
||||||
|
$_SESSION['sectoken']=$sectoken;
|
||||||
|
$parameters["sectoken"] = $sectoken;
|
||||||
OC_Template::printGuestPage("", "login", $parameters);
|
OC_Template::printGuestPage("", "login", $parameters);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue