From d33bec09fe1da810f0a7f60d9b6a61e513ce0b2f Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 15 Oct 2012 16:14:24 +0200
Subject: [PATCH] Verify password page for users

---
 core/templates/verify.php | 18 ++++++++++++++++++
 lib/util.php              | 19 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 core/templates/verify.php

diff --git a/core/templates/verify.php b/core/templates/verify.php
new file mode 100644
index 0000000000..7be0d69ed0
--- /dev/null
+++ b/core/templates/verify.php
@@ -0,0 +1,18 @@
+<form method="post">
+	<fieldset>
+		<ul>
+			<li class="errors">
+				<?php echo $l->t('Security Warning!'); ?><br>
+				<small><?php echo $l->t("Please verify your password. <br/>For security reasons you may be occasionally asked to enter your password again. "); ?></small>
+			</li>
+		</ul>
+		<p class="infield">
+			<input type="text"  value="<?php echo $_['username']; ?>" disabled="disabled" />
+		</p>
+		<p class="infield">
+			<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
+			<input type="password" name="password" id="password" value="" required />
+		</p>
+		<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Verify' ); ?>" />
+	</fieldset>
+</form>
diff --git a/lib/util.php b/lib/util.php
index 9a3bf16206..b92f97b037 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -361,6 +361,7 @@ class OC_Util {
 	public static function checkAdminUser() {
 		// Check if we are a user
 		self::checkLoggedIn();
+		self::verifyUser();
 		if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
 			header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
 			exit();
@@ -374,6 +375,7 @@ class OC_Util {
 	public static function checkSubAdminUser() {
 		// Check if we are a user
 		self::checkLoggedIn();
+		self::verifyUser();
 		if(OC_Group::inGroup(OC_User::getUser(),'admin')) {
 			return true;
 		}
@@ -384,6 +386,23 @@ class OC_Util {
 		return true;
 	}
 
+	/**
+	* Check if the user verified the login with his password in the last 15 minutes
+	* If not, the user will be shown a password verification page
+	*/
+	public static function verifyUser() {
+		// Check password to set session
+		if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
+			$_SESSION['verifiedLogin']=time() + (15 * 60);
+		}
+
+		// Check if the user verified his password in the last 15 minutes
+		if($_SESSION['verifiedLogin'] < time() OR !isset($_SESSION['verifiedLogin'])) {
+			OC_Template::printGuestPage("", "verify",  array('username' => OC_User::getUser()));
+			exit();
+		}
+	}
+
 	/**
 	* Redirect to the user default page
 	*/