Verify password page for users
This commit is contained in:
Lukas Reschke
Daniel Molkentin
parent
800fd5fd79
commit
d33bec09fe
2 changed files with 37 additions and 0 deletions
18
core/templates/verify.php
Normal file
18
core/templates/verify.php
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
<form method="post">
|
||||
<fieldset>
|
||||
<ul>
|
||||
<li class="errors">
|
||||
<?php echo $l->t('Security Warning!'); ?><br>
|
||||
<small><?php echo $l->t("Please verify your password. <br/>For security reasons you may be occasionally asked to enter your password again. "); ?></small>
|
||||
</li>
|
||||
</ul>
|
||||
<p class="infield">
|
||||
<input type="text" value="<?php echo $_['username']; ?>" disabled="disabled" />
|
||||
</p>
|
||||
<p class="infield">
|
||||
<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
|
||||
<input type="password" name="password" id="password" value="" required />
|
||||
</p>
|
||||
<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Verify' ); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
||||
19
lib/util.php
19
lib/util.php
|
|
@ -361,6 +361,7 @@ class OC_Util {
|
|||
public static function checkAdminUser() {
|
||||
// Check if we are a user
|
||||
self::checkLoggedIn();
|
||||
self::verifyUser();
|
||||
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
|
||||
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
|
||||
exit();
|
||||
|
|
@ -374,6 +375,7 @@ class OC_Util {
|
|||
public static function checkSubAdminUser() {
|
||||
// Check if we are a user
|
||||
self::checkLoggedIn();
|
||||
self::verifyUser();
|
||||
if(OC_Group::inGroup(OC_User::getUser(),'admin')) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -384,6 +386,23 @@ class OC_Util {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password in the last 15 minutes
|
||||
* If not, the user will be shown a password verification page
|
||||
*/
|
||||
public static function verifyUser() {
|
||||
// Check password to set session
|
||||
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
|
||||
$_SESSION['verifiedLogin']=time() + (15 * 60);
|
||||
}
|
||||
|
||||
// Check if the user verified his password in the last 15 minutes
|
||||
if($_SESSION['verifiedLogin'] < time() OR !isset($_SESSION['verifiedLogin'])) {
|
||||
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Redirect to the user default page
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in a new issue