2012-10-17 15:24:49 +00:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
|
|
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
|
|
* later.
|
|
|
|
* See the COPYING-README file.
|
|
|
|
*/
|
2013-09-02 19:22:18 +00:00
|
|
|
namespace OC\Core\LostPassword;
|
2012-10-17 15:24:49 +00:00
|
|
|
|
2013-09-02 19:22:18 +00:00
|
|
|
class Controller {
|
2012-10-17 15:24:49 +00:00
|
|
|
protected static function displayLostPasswordPage($error, $requested) {
|
2013-09-02 19:22:18 +00:00
|
|
|
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
|
|
|
\OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
|
2013-06-05 16:38:39 +00:00
|
|
|
array('error' => $error,
|
|
|
|
'requested' => $requested,
|
2013-06-18 09:43:11 +00:00
|
|
|
'isEncrypted' => $isEncrypted));
|
2012-10-17 15:24:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
protected static function displayResetPasswordPage($success, $args) {
|
|
|
|
$route_args = array();
|
|
|
|
$route_args['token'] = $args['token'];
|
|
|
|
$route_args['user'] = $args['user'];
|
2013-09-02 19:22:18 +00:00
|
|
|
\OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
|
2012-10-27 15:45:09 +00:00
|
|
|
array('success' => $success, 'args' => $route_args));
|
2012-10-17 15:24:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
protected static function checkToken($user, $token) {
|
2013-09-02 19:22:18 +00:00
|
|
|
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
2012-10-17 15:24:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
public static function index($args) {
|
|
|
|
self::displayLostPasswordPage(false, false);
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function sendEmail($args) {
|
2013-06-05 16:38:39 +00:00
|
|
|
|
2013-09-02 19:22:18 +00:00
|
|
|
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
2013-06-18 09:43:11 +00:00
|
|
|
|
|
|
|
if(!$isEncrypted || isset($_POST['continue'])) {
|
2013-06-05 16:38:39 +00:00
|
|
|
$continue = true;
|
|
|
|
} else {
|
|
|
|
$continue = false;
|
|
|
|
}
|
|
|
|
|
2013-09-02 19:22:18 +00:00
|
|
|
if (\OC_User::userExists($_POST['user']) && $continue) {
|
2013-09-04 18:46:32 +00:00
|
|
|
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
|
2013-09-02 19:22:18 +00:00
|
|
|
\OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
|
2012-10-27 15:45:09 +00:00
|
|
|
hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
2013-09-02 19:22:18 +00:00
|
|
|
$email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
2012-10-17 15:24:49 +00:00
|
|
|
if (!empty($email)) {
|
2013-09-02 19:22:18 +00:00
|
|
|
$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
|
2012-10-27 15:45:09 +00:00
|
|
|
array('user' => $_POST['user'], 'token' => $token));
|
2013-09-02 19:22:18 +00:00
|
|
|
$link = \OC_Helper::makeURLAbsolute($link);
|
2012-10-17 15:24:49 +00:00
|
|
|
|
2013-09-02 19:22:18 +00:00
|
|
|
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
2012-10-17 15:24:49 +00:00
|
|
|
$tmpl->assign('link', $link, false);
|
|
|
|
$msg = $tmpl->fetchPage();
|
2013-09-02 19:22:18 +00:00
|
|
|
$l = \OC_L10N::get('core');
|
|
|
|
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
|
2013-02-20 20:14:55 +00:00
|
|
|
try {
|
2013-09-02 19:22:18 +00:00
|
|
|
$defaults = new \OC_Defaults();
|
|
|
|
\OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
|
2013-02-20 20:14:55 +00:00
|
|
|
} catch (Exception $e) {
|
2013-09-02 19:22:18 +00:00
|
|
|
\OC_Template::printErrorPage( 'A problem occurs during sending the e-mail please contact your administrator.');
|
2013-02-20 20:14:55 +00:00
|
|
|
}
|
2012-10-17 15:24:49 +00:00
|
|
|
self::displayLostPasswordPage(false, true);
|
|
|
|
} else {
|
|
|
|
self::displayLostPasswordPage(true, false);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
self::displayLostPasswordPage(true, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function reset($args) {
|
|
|
|
// Someone wants to reset their password:
|
|
|
|
if(self::checkToken($args['user'], $args['token'])) {
|
|
|
|
self::displayResetPasswordPage(false, $args);
|
|
|
|
} else {
|
|
|
|
// Someone lost their password
|
|
|
|
self::displayLostPasswordPage(false, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function resetPassword($args) {
|
|
|
|
if (self::checkToken($args['user'], $args['token'])) {
|
|
|
|
if (isset($_POST['password'])) {
|
2013-09-02 19:22:18 +00:00
|
|
|
if (\OC_User::setPassword($args['user'], $_POST['password'])) {
|
|
|
|
\OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
|
|
|
|
\OC_User::unsetMagicInCookie();
|
2012-10-17 15:24:49 +00:00
|
|
|
self::displayResetPasswordPage(true, $args);
|
|
|
|
} else {
|
|
|
|
self::displayResetPasswordPage(false, $args);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
self::reset($args);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// Someone lost their password
|
|
|
|
self::displayLostPasswordPage(false, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|